• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Tunnel down when no outgoing traffic for some time

Started by iip, June 27, 2009, 08:30:50 PM

Previous topic - Next topic

iip

My tunnel goes down (ipv6 net not reachable from the outside) if there was no outgoing traffic for some time.
Once I send one single ping to the outside all works again well.
Is it a problem or a feature?

kristiankrohn

Seems to be a common issue...

Quote from: kristiankrohn on May 20, 2009, 08:16:23 AM
My guess would be that you have a stateful firewall on your tunnel endpoint.

Make sure that you allow incoming protocol 41 connections from the HE tunnel endpoint on your IPv4 firewall.


iip

LOL ok thx will try that
sounds logical, now that you say it

snarked

Are you accepting pings (ICMP echo requests) to the TUNNEL IPv6 endpoint address from HE's IPv6 tunnel endpoint address?  These are necessary to keep the tunnel alive when there is no traffic on the routed /64 or /48.

My one routed /64 tunnel has been inactive for 9 months as I now have native IPv6 at the co-location facility I'm in.  However, my server responds to pings on the IPv6 tunnel endpoint address, so I've been able to keep the tunnel as a backup (which was suggested by my co-lo facility staff as native IPv6 is experimental and under test).  [Someday, I plan to transfer the tunnel to my network at home if I can ever get openwrt to work with a Linksys WRT55AG (it works with the WRT54G - the G-only version)].

Keeping an inactive tunnel is not a problem, per other posts from HE on the forums.  They even noticed at one point that I have the pings locked down at the firewall to just the tunnel-server source address.

iip

Yep I accepted ICMPv6 all the time on the IPv6 interface, since everyone says that is important with IPv6.
Now that I have a ACCEPT rule for the HE IPv4 tunnel endpoint before the 'state RELATED,ESTABLISHED' in ip(4)tables, all seems to work well.