• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Alternative to protocol 41 tunnelling

Started by cshilton, September 03, 2020, 11:18:46 AM

Previous topic - Next topic


Does anyone know of any off the shelf tunneling solution which is more NAT friendly than proto-41? Open source would be the best since I want to run it on OpenBSD. Also, the solution doesn't have to be something that HE supports. One end of my proposed tunnel will be a virtual machine in a close to me and close to a tunnel server.

I have a standard proto 41 tunnel at my house and it works wonderfully. When I travel my choices are a lot more limited mainly due to IPv4 NAT. For me, traveling means being in a hotel, behind a NAT that only understands TCP and UDP, or being behind a mobile hotspot that would gladly DMZ my protocol 41 traffic but the mobile providers are all using carrier grade nat and none of the hotspots will route the associated /64.

I've found that I can work around these issues but everything is a compromise:

* I can get an IPv6 address by tethering to my phone but phones aren't the greatest routers;
* Since much of my traffic is ssh, I can setup a v4 bastion host but that means re-writing my ~/.ssh/config file

For me the best of all possible worlds would be a reasonable tunnel for from where I am. I don't mind bringing along my own infrastructure to do this. I've found that I can coax 100Mb/s out of a Raspberry pi running OpenBSD. This is far greater than the 10 ~ 30 Mb/s that I usually see on a hotel connection. Right now, I establish an IPSec VPN tunnel between that pi and my home firewall. Once that's done, routing a portion of my HE.net /48 is pretty simple. The downsides are that MTU problems are hard to diagnose with all that encapsulation. And if I'm far from home, East Coast, US, I'm paying a large latency penalty to route my traffic through the tunnelbroker servers here on the East coast.

Given that I'm already using a Raspberry Pi, an ideal solution would be UDP encapsulating my IPv6 traffic from the pi to a cloud based virtual machine somewhere physically close to my travel destination and then having that box configured with a proto-41 tunnel to HE through a nearby tunnelbroker site. I can imagine that this may work really well if I put the cloud server on a provider that uses HE for connectivity.