Cloudflare Blocked on Free Tunnels now?

Napsterbater · December 04, 2017, 03:18:34 PM

So I was investigating issue with cloudflare not being able to reach my origin servers via IPv6 of which I have a Hurricane Electric tunnel for. The response I got from IPv6@he.net was that it is now blocked for free tunnels.

When was this change made? And I get this is a free service but seems odd that only cloudflare is blocked and not hosting in general.

broquea · December 04, 2017, 05:24:35 PM

Months ago.

cholzhauer · December 04, 2017, 06:01:21 PM

This doesn't affect me, so I don't really care, but what's the reasoning behind it?

Napsterbater · December 05, 2017, 07:31:59 AM

Quote from: cholzhauer on December 04, 2017, 06:01:21 PM
This doesn't affect me, so I don't really care, but what's the reasoning behind it?

I'd like to know to ogcourse I am affected. But since they're not blocking hosting in general and only cloudflare if anything that increases the traffic since cloudflare cache anything or absorbs any DDOS's.

And again I do get it's a free service so I don't have too much to complain about but just curious.

broquea · December 05, 2017, 07:36:26 AM

We don't really discuss internal policy decisions.

divad27182 · December 06, 2017, 08:23:01 AM

My main experience with cloudflare is when somebody usurped my projects DNS and put cloudflare in front of my machine. This: compromised security, compromised performance, compromised security, and made me unable to SSH to my machine. Cloudflare filled in dummy wildcard records based on an internet draft. At one point, a DNS lookup on a name got an A record and a CNAME record (but a cache might have been involved).

We are no longer using cloudflare.

(I then tried Amazon's DNS. They don't do SOA serial numbers.)

JRMTL · December 06, 2017, 01:54:33 PM

rec'd the same reply about cloudflare being blocked. Spent days with cloudflare support going over pcaps etc. It's a shame as cloudflare worked exceptionally well as a ipv4 to ipv6 proxy but I can't blame HE as I suspect someone was abusing CF/HE. FWIW last I checked alternate CF ports were still working whether by design or they were missed by HE

Napsterbater · December 06, 2017, 02:55:31 PM

Quote from: JRMTL on December 06, 2017, 01:54:33 PMFWIW last I checked alternate CF ports were still working whether by design or they were missed by HE

Until now/soon I bet.

JRMTL · December 06, 2017, 03:18:50 PM

lol. I thought about that before posting but honestly if HE did miss those ports I would prefer they close them rather than taking even more aggressive actions if CF proxies are causing them technical or legal issues.

**edit I actually mentioned the unblocked ports to HE on Nov 8th.

Daniel15 · January 07, 2019, 10:21:53 AM

Just noticed the same thing when I tried to configure an IPv6 tunnel for a site that uses Cloudflare (unfortunately, I have some servers in data centers that still don't offer native IPv6!). It would be good to document this more clearly on the tunnelbroker site.

jschv6 · January 14, 2019, 11:15:05 AM

I agree that this should definitely be communicated more transparently somewhere on the tunnelbroker site.

I thought about setting up a RiotIM server on a raspberry. Because port 443 on my IPv4 (dynamic) IP is already taken I planned to set it up using IPv6 only and use Cloudflare as IPv4->IPv6 proxy.

If I hadn't browsed this forum for a totally different reason I surely would also have spent quite some time debugging this setup.

I can assume why you did this and can a bit sympathize with that. But please make it transparent to all users!

News:

Cloudflare Blocked on Free Tunnels now?