Print

[Napsterbater]

So I was investigating issue with cloudflare not being able to reach my origin servers via IPv6 of which I have a Hurricane Electric tunnel for. The response I got from IPv6@he.net was that it is now blocked for free tunnels.

When was this change made? And I get this is a free service but seems odd that only cloudflare is blocked and not hosting in general.

[broquea]

Months ago.

[cholzhauer]

This doesn't affect me, so I don't really care, but what's the reasoning behind it?

[Napsterbater]

This doesn't affect me, so I don't really care, but what's the reasoning behind it?

I'd like to know to ogcourse I am affected. But since they're not blocking hosting in general and only cloudflare if anything that increases the traffic since cloudflare cache anything or absorbs any DDOS's.

And again I do get it's a free service so I don't have too much to complain about but just curious.

[broquea]

We don't really discuss internal policy decisions.

[divad27182]

My main experience with cloudflare is when somebody usurped my projects DNS and put cloudflare in front of my machine.  This: compromised security, compromised performance, compromised security, and made me unable to SSH to my machine.  Cloudflare filled in dummy wildcard records based on an internet draft.  At one point, a DNS lookup on a name got an A record and a CNAME record (but a cache might have been involved).

We are no longer using cloudflare.

(I then tried Amazon's DNS.  They don't do SOA serial numbers.)

[JRMTL]

rec'd the same reply about cloudflare being blocked. Spent days with cloudflare support going over pcaps etc. It's a shame as cloudflare worked exceptionally well as a ipv4 to ipv6 proxy but I can't blame HE as I suspect someone was abusing CF/HE. FWIW last I checked alternate CF ports were still working whether by design or they were missed by HE

[Napsterbater]

FWIW last I checked alternate CF ports were still working whether by design or they were missed by HE

Until now/soon I bet.

[JRMTL]

lol. I thought about that before posting but honestly if HE did miss those ports I would prefer they close them rather than taking even more aggressive actions if CF proxies are causing them technical or legal issues.

**edit I actually mentioned the unblocked ports to HE on Nov 8th.

[Daniel15]

Just noticed the same thing when I tried to configure an IPv6 tunnel for a site that uses Cloudflare (unfortunately, I have some servers in data centers that still don't offer native IPv6!). It would be good to document this more clearly on the tunnelbroker site.

[jschv6]

I agree that this should definitely be communicated more transparently somewhere on the tunnelbroker site.

I thought about setting up a RiotIM server on a raspberry. Because port 443 on my IPv4 (dynamic) IP is already taken I planned to set it up using IPv6 only and use Cloudflare as IPv4->IPv6 proxy.

If I hadn't browsed this forum for a totally different reason I surely would also have spent quite some time debugging this setup.

I can assume why you did this and can a bit sympathize with that. But please make it transparent to all users!