Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Author Topic: Client Side Tunnel IPV6 Address  (Read 3782 times)

bimmerdriver

  • Newbie
  • *
  • Posts: 43
Client Side Tunnel IPV6 Address
« on: April 01, 2013, 09:21:44 AM »

I just updated the software on my router and now if I use what is my ipv6 address (or name your favorite website for checking your up address), it shows the client side tunnel address, not the address allocated out of my subnet. This makes no sense and I think it's a bug. Would someone please comment on this? Is there any valid reason for this to be a "feature" or is it a bug?
Logged

kasperd

  • Founder, Netiter ApS
  • Hero Member
  • *****
  • Posts: 955
Re: Client Side Tunnel IPV6 Address
« Reply #1 on: April 01, 2013, 10:07:23 AM »

It sounds like the router started doing NAT66. I don't know of any standard for NAT66, and enabling it by default would be a bug. It could also indicate a transparent proxy is running on the router, not something that should be enabled by default either. A transparent proxy would typically only apply to HTTP, so you'd see different behaviour when using other protocols.

You can for example use telnet ipv6.test-ipv6.com 79 to find your IPv6 address using the finger protocol. That will tell us, if it happens only on HTTP or on other protocols as well.

To give any more detailed answers, we'll need to see some packet dumps from both sides of the router.
« Last Edit: April 01, 2013, 10:22:22 AM by kasperd »
Logged

bimmerdriver

  • Newbie
  • *
  • Posts: 43
Re: Client Side Tunnel IPV6 Address
« Reply #2 on: April 01, 2013, 10:28:26 AM »

It sounds like the router started doing NAT66. I don't know of any standard for NAT66, and enabling it by default would be a bug. It could also indicate a transparent proxy is running on the router, not something that should be enabled by default either. A transparent proxy would typically only apply to HTTP, so you'd see different behaviour when using other protocols.

You can for example use telnet ipv6.test-ipv6.com 79 to find your IPv6 address using the finger protocol. That will tell us, if it happens only on HTTP or on other protocols as well.

To give any more detailed answers, we'll need to see some packet dumps from both sides of the router.
I used putty to try connecting. It reported that the connection was made from the client side tunnel address, so same thing as http. There are no settings in the router about NAT66, at least none that I can find.
Logged

bimmerdriver

  • Newbie
  • *
  • Posts: 43
Re: Client Side Tunnel IPV6 Address
« Reply #3 on: April 01, 2013, 10:42:08 AM »

It sounds like the router started doing NAT66. I don't know of any standard for NAT66, and enabling it by default would be a bug. It could also indicate a transparent proxy is running on the router, not something that should be enabled by default either. A transparent proxy would typically only apply to HTTP, so you'd see different behaviour when using other protocols.

You can for example use telnet ipv6.test-ipv6.com 79 to find your IPv6 address using the finger protocol. That will tell us, if it happens only on HTTP or on other protocols as well.

To give any more detailed answers, we'll need to see some packet dumps from both sides of the router.
BTW, thanks for the prompt reply to my question. You confirmed what I thought, which is that this is a bug, not a feature. Someone over on the utm forum is trying to convince me that this is a feature.
Logged

kasperd

  • Founder, Netiter ApS
  • Hero Member
  • *****
  • Posts: 955
Re: Client Side Tunnel IPV6 Address
« Reply #4 on: April 01, 2013, 11:51:47 AM »

Someone over on the utm forum is trying to convince me that this is a feature.
Stockholm syndrome.
Logged

bimmerdriver

  • Newbie
  • *
  • Posts: 43
Re: Client Side Tunnel IPV6 Address
« Reply #5 on: April 01, 2013, 11:55:29 AM »

Someone over on the utm forum is trying to convince me that this is a feature.
Stockholm syndrome.
Thanks. That really made me laugh!
Logged

arader

  • Newbie
  • *
  • Posts: 19
Re: Client Side Tunnel IPV6 Address
« Reply #6 on: April 05, 2013, 10:39:06 AM »

I had the same issue a while back (http://www.tunnelbroker.net/forums/index.php?topic=2702.0) and mine ended up being NAT66. I use an OpenBSD router and had an old config that didn't specify inet only when doing NAT, so it happily applied NAT rules to both IPv4 and IPv6 traffic.

Once I fixed the config, external sites happily report my machine's IP.
Logged