• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

AYIYA support for tunnelbroker?

Started by jilingshu, October 28, 2012, 02:43:46 AM

Previous topic - Next topic

jilingshu

hi all,
I'm behind a NAT now, and I found there is a solution can traversal NAT without reconfigure my NAT gateway to forward proto-41 and also support multiuser behind a same NAT.
Here's the description:
https://www.sixxs.net/tools/ayiya/

I want to know if tunnelbroker currently support AYIYA or plan to support it?
Thanks in advanced.

kcochran

We do not currently support it, and I'm not aware of any plans to do so in the near future.

kasperd

Quote from: jilingshu on October 28, 2012, 02:43:46 AMHere's the description:
https://www.sixxs.net/tools/ayiya/
Did you try to register with SixXS? AFAIK they are currently the only provider of AYIYA tunnels.

cholzhauer

Gogo6 has a tunnel that will punch through NAT too.

jilingshu

Quote from: kasperd on October 28, 2012, 09:09:47 AM
Quote from: jilingshu on October 28, 2012, 02:43:46 AMHere's the description:
https://www.sixxs.net/tools/ayiya/
Did you try to register with SixXS? AFAIK they are currently the only provider of AYIYA tunnels.
SIXXS is pretty arrogant, they refused my application without giving me any reasonable explanation.

jilingshu

Quote from: cholzhauer on October 28, 2012, 09:15:21 AM
Gogo6 has a tunnel that will punch through NAT too.
The latency of gogo6 is unacceptable (>1s)...... :-(

kasperd

Quote from: jilingshu on October 29, 2012, 01:44:14 AMSIXXS is pretty arrogant
I know.

Quote from: jilingshu on October 29, 2012, 01:44:14 AMthey refused my application without giving me any reasonable explanation.
That also happened to me. That's why I went with HE. Luckily it turned out that 6in4 worked quite well for me.

Quote from: jilingshu on October 29, 2012, 01:44:40 AMThe latency of gogo6 is unacceptable (>1s)
Such a high latency cannot be explained simply by the server being far from the client. I know of three ways to reach such a high latency

  • Buffer bloat
  • Satellite links
  • Suboptimal routing with packets crossing the same ocean multiple times

If none of the options mentioned so far will suit you, you are running out of free options. You should check this list on Wikipedia. Maybe one of the TSP providers is usable for you.

My next question is, where do you have this problem? If you can get a tunnel working to your primary site, and it is only a single mobile device (a laptop) which is frequently behind NAT. Then using Teredo on the laptop can actually work great. Just make sure you have a Teredo relay on your primary site.

If your primary site is behind an IPv4 NAT and does not have IPv6 connectivity, then you really should start looking for a serious Internet provider. If it is impossible to get a decent Internet connection, then you'll have to go with a slightly more expensive solution.

Rent a (virtual) host in a datacenter. The datacenter you choose must have native dual stack connectivity and have a decent latency (IPv4 between the datacenter and your primary site, as well as IPv6 between the datacenter and the backbone is what matters to you). On that rented host, you can setup your personal tunnel server using whatever protocol is best suited for you.

jilingshu

hi,
Thanks for your help!
My network environment is a bit strange...
WAN------ISP------(182.x.x.x)NAT-------My Router(10.x.x.x)------My Computers(192.168.1.0/24)

My router is using PPPoE to connect to my ISP. When connection is established, I got a private IP address of 10.x.x.x. However, I obtained a 182.x.x.x public IP address at the same time. My ISP set a NAT between my private IP and my public IP, it also attached a reflect ACL on it, which cause all inbound traffic are dropped silently.

kasperd

Quote from: jilingshu on October 29, 2012, 02:39:36 AMWAN------ISP------(182.x.x.x)NAT-------My Router(10.x.x.x)------My Computers(192.168.1.0/24)
That sketch is quite unclear. If you specified the IP on both sides of each hop on the path, it would be much clearer, what was going on. How many layers of NAT are involved?

jilingshu

C:\Users\Lingfeng>tracert -d 8.8.8.8

Tracing route to 8.8.8.8 over a maximum of 30 hops

  1    <1 ms    <1 ms    <1 ms  192.168.1.254                     (This is my router)
  2     *        *        *     Request timed out.                      (This is my PPPoE gateway)
  3     1 ms     2 ms     1 ms  202.98.114.150


root@Gateway:~# ifconfig
br-lan    Link encap:Ethernet  HWaddr 00:x:x:x:x:x
          inet addr:192.168.1.254  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: 2604:x:x:x::1/64 Scope:Global
          inet6 addr: fe80::214:d5ff:fe00:1640/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1648259 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1307607 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:199799564 (190.5 MiB)  TX bytes:290534737 (277.0 MiB)

eth0      Link encap:Ethernet  HWaddr 00:x:x:x:x:x
          inet6 addr: fe80::214:d5ff:fe00:163f/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1405571 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1571093 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:295861985 (282.1 MiB)  TX bytes:210188512 (200.4 MiB)
          Interrupt:16

eth1      Link encap:Ethernet  HWaddr x:x:x:x:x:x
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1629173 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1294555 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:220175436 (209.9 MiB)  TX bytes:273265318 (260.6 MiB)
          Interrupt:14

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:152 errors:0 dropped:0 overruns:0 frame:0
          TX packets:152 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:13029 (12.7 KiB)  TX bytes:13029 (12.7 KiB)

mon.wlan0 Link encap:UNSPEC  HWaddr 00-14-D5-00-16-41-00-00-00-00-00-00-00-00-00-00
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2262935 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:32
          RX bytes:530674345 (506.0 MiB)  TX bytes:0 (0.0 B)

pppoe-wan Link encap:Point-to-Point Protocol
          inet addr:10.104.24.16  P-t-P:10.104.0.1  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1
          RX packets:1119215 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1477050 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3
          RX bytes:242588636 (231.3 MiB)  TX bytes:174792162 (166.6 MiB)

sixxs.0   Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet6 addr: 2604:8800:100:1a3::2/64 Scope:Global
          inet6 addr: fe80::8800:100:1a3:2/64 Scope:Link
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1280  Metric:1
          RX packets:12433 errors:0 dropped:0 overruns:0 frame:0
          TX packets:14233 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500
          RX bytes:8671704 (8.2 MiB)  TX bytes:2788584 (2.6 MiB)

wlan0     Link encap:Ethernet  HWaddr 00:14:D5:00:16:41
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:20705 errors:0 dropped:0 overruns:0 frame:0
          TX packets:53134 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:32
          RX bytes:2935636 (2.7 MiB)  TX bytes:29623692 (28.2 MiB)

root@Gateway:~#
Here's the interface information on router

kasperd

That did give a better idea of how the network looks. But it looks like a CGN solution, thus it is not very likely, that you'll get something to work.

It is possible get protocol 41 through some NAT systems and not through others. To test if it is possible to get any protocol 41 packets through the NAT, you can first use some service, which can tell you what your IPv4 address is. Then try using 6to4 to ping another 6to4 address. You are welcome to ping mine on 2002:5634:7905:727a:6a61:4217:8b23:345.

Quote from: jilingshu on October 29, 2012, 05:33:45 AMsixxs.0   Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet6 addr: 2604:8800:100:1a3::2/64 Scope:Global
Where did that IPv6 address come from?

jilingshu

#11
Quote
That did give a better idea of how the network looks. But it looks like a CGN solution, thus it is not very likely, that you'll get something to work.
Yes, it somewhat like a CGN, but it has a significant feature is that every user are allocated a public IP address. I believe this is a silly idea but my ISP don't... they said this is good for security ???

Quote
To test if it is possible to get any protocol 41 packets through the NAT, you can first use some service, which can tell you what your IPv4 address is. Then try using 6to4 to ping another 6to4 address. You are welcome to ping mine on 2002:5634:7905:727a:6a61:4217:8b23:345.
Could you give me some more detailed information on how to do it? Thanks for that reflect ACL set on gateway, I have no way to create a HE.net tunnel.

Quote
Where did that IPv6 address come from?
That's a SixxS tunnel created by my friend and I tried it. It has a unacceptable packet loss rate.

kasperd

Quote from: jilingshu on October 29, 2012, 06:53:08 AM
Quote
To test if it is possible to get any protocol 41 packets through the NAT, you can first use some service, which can tell you what your IPv4 address is. Then try using 6to4 to ping another 6to4 address. You are welcome to ping mine on 2002:5634:7905:727a:6a61:4217:8b23:345.
Could you give me some more detailed information on how to do it?
It has been about four years since I last configured 6to4 on Linux. I don't remember how it was done. Nowadays when I am using 6to4, it is done through my own IPv6 stack. Anyway, for just testing between a single pair of 6to4 addresses, you can just use the sit driver:ifconfig sit0 up
ifconfig sit0 inet6 tunnel ::86.52.121.5
ifconfig sit1 up
ifconfig sit1 inet6 add 2002:xxxx:xxxx::1
route -A inet6 add 2002:5634:7905::/48 dev sit1
traceroute6 -In 2002:5634:7905:727a:6a61:4217:8b23:345
rmmod sit tunnel4
xxxx:xxxx must be replaced with the hexadecimal version of your own public IPv4 address (from the link I gave you above). Run a tcpdump on the physical interface while testing, so you can see which packets got send, and what was received.