• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

IPv6 tunnel and GeoIP

Started by jelockwood, February 13, 2023, 12:57:21 PM

Previous topic - Next topic

jelockwood

I have an IPv6 tunnel provided by Hurricane and I use this in my Draytek router to provide this to my entire home network. This all works fine and all my devices consequently get full IPv6 connectivity despite my ISP like sadly the majority still being unwilling to provide native IPv6 support.

I have noticed that whilst my IPv4 address is correctly reported as being located in the UK and even reported to my district in London, that my IPv6 address is reported as being located in the US.

The implication is that as the IPv6 address range is 'owned' by Hurricane it is their location that is reported.

This is now becoming more and more of a hassle as more and more websites I use block me from UK access as they think that I am located in the US. (Note: this also indicates that more websites are using IPv6 which is a good thing.)

My account details on Hurricane do have my correct UK address but I could not see any settings for my tunnel that would allow labelling its location.

This is what https://tools.keycdn.com/geo reports my IPv6 location as. (See attached screen capture.)

Anyone from Hurricane able to advise how to update the GeoIP data for my tunnel?

Since my IPv4 address is attributed to my own location and not my ISP, it would seem based on this that it should also be possible to have a location for my IPv6 address that reflects my location rather than my ISP i.e. Hurricane.

kcochran

IPs don't carry location data on the network.  Anyone asserting where your IP is actually located is working from external sources and processes.  Each vendor asserting an IP's location tends to do it their own way, and without much influence from public databases, such as WHOIS.  Finding out which vendor any site uses is often an uphill struggle.  Finding where that vendor accepts corrections is another, and getting them to accept them can be as well.  Content providers especially can be an issue, as they try to ensure someone's not bypassing their regional locks by providing inaccurate data.

Each tunnel's allocations have only ever been used for that specific tunnel server (and records for their locations exist in rWHOIS), and as most of the larger tunnel servers have been in place for over a decade, it says something that they still have it wrong.

kamil445

Here you can check geolocation in most popular geolocation providers:

https://dnschecker.org/ip-location.php
https://www.iplocation.net/ip-lookup

also you can check if hurricane electric set correct geolocation to your routed /64 here

https://dnschecker.org/ipv6-whois-lookup.php

If you want correct geolocation in some geolocation providers like db-ip, ipapi, iplocation etc you can send them email and ask them to correct geolocation, here you have most popular geolocation providers with contact information (i found them on the web):

Google => https://support.google.com/websearch/workflow/9308722?hl=en
DB-IP.com => https://db-ip.com/__YOUR_IP__
MaxMind => https://support.maxmind.com/geoip-data-correction-request/
ipapi.co => https://ipapi.co/contact/
ip2location.com => support@ip2location.com
ipinfo.io => https://ipinfo.io/contact
ipgeolocation.io => https://ipgeolocation.io/contact.html
ipregistry.co => support@ipregistry.co
ipdata.co => https://ipdata.co/corrections.html
iphub.info => https://iphub.info/contact?ip=__YOUR_IP__&block=2
ipip.net => support@ipip.net
neustar => https://www.home.neustar/resources/tools/submit-to-global-ip-database
whoisxmlapi => service.desk@whoisxmlapi.com

For example, Facebook use geolocation based on ASN, ASN location for tunnelbroker from hurricanes is US, Freemont, so Facebook always will think, you are from US. BUT if you have Facebook app installed and enabled geolocation in you phone, facebook sometimes update IP location based on phone location.
For exmaple sometimes Facebook think i'm from US, but sometimes think i'm from Poland, sometimes this  change everyday :)

This method also works with Google.

Looks like hurricane 29.12.2022 changed rwhois information, and removed whois per tunnel network, for example before 29.12.2022 rwhois output show per network "network:ID;I:NET-2001:470:71:447::/64" with location inserted in tunnelbroker settings, but after 29.12.2022 rwhois output is only network:ID;I:NET-2001:470:71::/48" with location set to capitol city of Poland (Warsaw).

TriMoonTR

#3
I agree that HE should allow us to edit the LOC record associated with our tunnel in their DNS zone(s) that most likely get queried after a reverse lookup from the IP...
Preferably using both a GUI-MAP display and Text/manual input...
Well that's all for now, 3M 🖖

kcochran

Statistics indicate virtually no-one creates or consumes LOC.  An example, a few years back Cloudflare did a blog post about the LOC record, and noted of their entire DNS pool with millions of records, there were a total of 743 LOC records.

Considering geolocation providers don't use the existing readily available information, which by RIR policy has to be there in WHOIS/rWHOIS/etc., would be odd for them to check LOC which isn't required, and is also very rare to find.

Then there's the same issue with LOC on IPv6 reverse hostnames as exists with PTR.  Privacy extensions make those impractical for most cases, so they normally only get set for static addresses related to public services, such as an email server.

kendiman

the problem is becoming more and more acute with the transition to ipv6.
There is no solution =\

Ok, when you have to solve extra captchas because of ipv6 proving you're not a Bot =). And now I can get into block-list because of circumvention. Only after blocking I checked my tunnel with address in New York, moved to another city and changed my country to UKRAINE.
https://www.ip2location.io/ shows that all HE.NET addresses belong to Ukraine.


2001:470:67:212:: - 64 subnet 2001:470:67:212:: -California -Fremont
"ip": "2001:0470:0067:0212:0000:0000:0000:0000",
    "country_code": "UA",
    "country_name": "Ukraine",
    "region_name": "Kyiv",
    "city_name": "Kiev",
    "latitude": "50.45466",
    "longitude": 30.5238,
    "zip_code": "38131",
    "time_zone": "+03:00",
    "asn": "6939",
    { "as": "Hurricane Electric LLC".

2001:470:68a1::: - 48 subnet - United Kingdom (GB) - England -London
"ip": "2001:0470:68a1:0000:0000:0000:0000:0000",
    "country_code": "UA",
    "country_name": "Ukraine",
    "region_name": "Kyiv",
    "city_name": "Kiev",
    "latitude": "50.45466",
    "longitude": 30.5238,
    "zip_code": "38131",
    "time_zone": "+03:00",
    "asn": "6939",
    { "as": "Hurricane Electric LLC".

Google and Youtube, as well as www.ip2location.io, detect the country Ukraine and change the language to Ukrainian.

only address 2001:470:: is correct
"ip": "2001:0470:0000:0000:0000:0000:0000:0000",
    "country_code": "US",
    "country_name": "United States of America",
    "region_name": "California",
    "city_name": "Milpitas",
    "latitude": 37.428298,
    "longitude": -121.906629,
    "zip_code": "95035",
    "time_zone": "-07:00",
    "asn": "6939",
 "as": "Hurricane Electric LLC"

MaZe

I happen to *know* that Google uses https://tunnelbroker.net/export/google as the source of it's geo feed.

What I cannot figure out is where HE gets that information from.

It does not appear to be configurable in the tunnelbroker UI that I can see.

It does not appear to be derived from the geo location of the ipv4 endpoint.

I have two tunnels.  One in California, US, one in Krakow, Poland.

The Krakow tunnel's /64 and /48 are both geolocated to US,US-CA per the above geo feed.
(In practice I use only the /48 as the /64 is DoS blocked and google search 403s)

The tunnel's IPv4 end point has been in Krakow for probably a year if not longer.
The tunnelserver itself is in Warsaw (Poland) too...

This misconfiguration results in Google thinking I'm in California, and that my time zone is Pacific,
which is super annoying...

MaZe

I think I lucked out and figured it out.

That geofeed URL (linked above) seems to report the User Account's Country

ie. what you configure at: https://tunnelbroker.net/account.php

for all your tunnels.

Basically this means you should have a separate account for each country
(or even state in the case of the US)

I think Google will pick ingest this feed roughly once a week.

MaZe

btw. Google won't recognize the following (which show up in the above geofeed) as valid country codes:

AC - Ascension Island -> should probably be GB
AN - Netherlands Antilles -> should probably be NL, or possibly one of BQ, CW, SX
AP - African Regional Industrial Property Organization ???  Asia Pacific ???
EU - European Union -> pick a specific country in the EU
OH - Ohio??? -> should be US,US-OH

My guesses based on https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2

bartgrefte

#9
Quote from: kamil445 on March 24, 2023, 01:36:25 AMFor example, Facebook use geolocation based on ASN, ASN location for tunnelbroker from hurricanes is US, Freemont, so Facebook always will think, you are from US. BUT if you have Facebook app installed and enabled geolocation in you phone, facebook sometimes update IP location based on phone location.
For exmaple sometimes Facebook think i'm from US, but sometimes think i'm from Poland, sometimes this  change everyday :)
Since Facebook and Instagram are from the same company, does the ASN location apply to Instagram as well? I've been getting banned regularly due to "suspicious activity", probably because my /48 ends up in the US while my IPv4 address ends up in the Netherlands. After objecting, my account keeps getting restored because no violations of terms/agreements were found.

Also, there's a Netflix like website ( www.videoland.com/nl ) that also is being a pain in the butt, it won't let me view content (for being outside allowed region) unless I disable IPv6. Tried contacting the customer service, all I got back was a checklist for basic connection problems.

MrC

Quote from: MaZe on July 19, 2023, 11:44:55 AMI think I lucked out and figured it out.

That geofeed URL (linked above) seems to report the User Account's Country

ie. what you configure at: https://tunnelbroker.net/account.php

for all your tunnels.

Basically this means you should have a separate account for each country
(or even state in the case of the US)

I think Google will pick ingest this feed roughly once a week.

Many thanks for the detective work on this :)

Now I need to work out why one of my two /64 tunnels is reported by https://www.ip2location.io/ as being in the UK (correct) while the other in Romania (incorrect). Same tunnel endpoint for both and both reported as UK in https://tunnelbroker.net/export/google. It could be that the Romania reporting could be because that tunnel is relatively new as I had to delete an older (2008) tunnel and create a new one due to endpoint congestion?