Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  


Welcome to Hurricane Electric's forums!

Author Topic: Alternative to protocol 41 tunnelling  (Read 619 times)


  • Newbie
  • *
  • Posts: 7
Alternative to protocol 41 tunnelling
« on: September 03, 2020, 11:18:46 AM »

Does anyone know of any off the shelf tunneling solution which is more NAT friendly than proto-41? Open source would be the best since I want to run it on OpenBSD. Also, the solution doesn't have to be something that HE supports. One end of my proposed tunnel will be a virtual machine in a close to me and close to a tunnel server.

I have a standard proto 41 tunnel at my house and it works wonderfully. When I travel my choices are a lot more limited mainly due to IPv4 NAT. For me, traveling means being in a hotel, behind a NAT that only understands TCP and UDP, or being behind a mobile hotspot that would gladly DMZ my protocol 41 traffic but the mobile providers are all using carrier grade nat and none of the hotspots will route the associated /64.

I've found that I can work around these issues but everything is a compromise:

* I can get an IPv6 address by tethering to my phone but phones aren't the greatest routers;
* Since much of my traffic is ssh, I can setup a v4 bastion host but that means re-writing my ~/.ssh/config file

For me the best of all possible worlds would be a reasonable tunnel for from where I am. I don't mind bringing along my own infrastructure to do this. I've found that I can coax 100Mb/s out of a Raspberry pi running OpenBSD. This is far greater than the 10 ~ 30 Mb/s that I usually see on a hotel connection. Right now, I establish an IPSec VPN tunnel between that pi and my home firewall. Once that's done, routing a portion of my /48 is pretty simple. The downsides are that MTU problems are hard to diagnose with all that encapsulation. And if I'm far from home, East Coast, US, I'm paying a large latency penalty to route my traffic through the tunnelbroker servers here on the East coast.

Given that I'm already using a Raspberry Pi, an ideal solution would be UDP encapsulating my IPv6 traffic from the pi to a cloud based virtual machine somewhere physically close to my travel destination and then having that box configured with a proto-41 tunnel to HE through a nearby tunnelbroker site. I can imagine that this may work really well if I put the cloud server on a provider that uses HE for connectivity.


  • Full Member
  • ***
  • Posts: 113
Re: Alternative to protocol 41 tunnelling
« Reply #1 on: September 03, 2020, 03:47:38 PM »

Probably Wireguard-VPN is what you want.