Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Anyone else problems with he tunnel in chicago area

    Scheduled Pinned Locked Moved
    IPv6
    3
    8
    3.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • johnpozJ
      johnpoz LAYER 8 Global Moderator
      last edited by

      Was working this fine this morning, then bam went offline.  Not sure what happened, looks like my wan IP might of renewed.  But now can not get tunnel backup.  Can not ping the he tunnel ipv6 endpoint, but can ping its ipv4 address.

      My wan IP is the same, I have tried disabled and renable - very strange!  HE shows chicago tunnel server UP.

      try to ping the he endpoint ipv6 I get this
      ping6: UDP connect: No route to host

      edit: ok its back up.. but I had to change the mask to /64 vs the /128 that was in the gif interface and the local setting which matches up with the info from he tunnel details.

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.03 | Lab VMs 2.7.2, 24.03

      1 Reply Last reply Reply Quote 0
      • D
        databeestje
        last edited by

        I made more fixes on the tunnel with gateway front.

        Hopefully the gateway survives now.

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator
          last edited by

          so can go back to /128 vs the /64 that was given he tunnel states to use, but ipv6 writeup says use /128 – which was working, but this morning after it died I changed it back to /64 like he states and bam it was online again.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.03 | Lab VMs 2.7.2, 24.03

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            It should work fine on /64 now, just like he.net's settings state.

            After databeestje's latest fixes it works great when set that way. It really didn't need to be a /128 before but apparently due to the way the code was handling the interfaces/routes, that let it work. Now it works either way, but using the /64 is more intuitive since it matches up with he.net's settings.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • D
              databeestje
              last edited by

              Do note that best practices argues to use a smaller network on the interconnect network between you and the ISP.

              For example, it is commonly limited to a /120 which would be about 250 hosts, this reduces the impact of port scans and the neighbor table overflowing.

              So yes, eventhough they define it to be a /64, they set the link scope smaller to prevent such particular issues. This is similar in spirit as the ARP table overflow that was previously possible on IPv4, and still is.

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                I did have it at /128 and was working great, then this morning it went poof!  As soon as I changed it to /64 it was online.

                So should I leave it at /64 or can I change back to /128 will it work that way and stable, or could it go poof again?

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.03 | Lab VMs 2.7.2, 24.03

                1 Reply Last reply Reply Quote 0
                • D
                  databeestje
                  last edited by

                  Not really sure.

                  1 Reply Last reply Reply Quote 0
                  • jimpJ
                    jimp Rebel Alliance Developer Netgate
                    last edited by

                    It works fine on either /64 or /128 for me now. Make sure to sync up with the current code before changing anything.

                    Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                    Need help fast? Netgate Global Support!

                    Do not Chat/PM for help!

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post