Suddenly, trouble with HE Net tunnel IPv6 traffic

TasMot

IPv6

JKnott

@TasMot

My crystal ball in on the fritz again, so you'll have to provide some info.

TasMot

Dag nabbit, I hate when that happens. It would have been much easier on me if it was still working. (thanks for reminding me that I didn't go back and fill it in after I submitted without any details, my fuzzy brain couldn't figure out how to work the "tags" box).

So I've been using a Hurricane Electric IPv6 tunnel for the last 5 to 6 years. All of a sudden, my IPv6 traffic is being blocked and slowing down the response time on the entire network.
This is what is showing up on the dashboard:

This makes it look like traffic is getting out but is unable to return;

Again, this has been working for 5 to 6 years. I am in the process of trying to move to a newer 64bit box because the 32bit version is no longer being updated. In any case, the tunnel is established, as the graph shows, traffic is getting out, but not in. Since somebody will tell me to do this, here it is, checked:

What concerns me is that when it is unchecked, the rules look like this:

.

Then, when I check the box and save the rules look like this:

.

There are still two rules at the top that say to block all IPv6 traffic.

How do I get rid of them, they are not rules I put in. Thanks for any help.

Tom

Gertjan

It happens that one of these shows 'red' : https://tunnelbroker.net/status.php
Which means : down or heavy load.

TasMot

@Gertjan It shows down all the time now on my end, but the link you posted shows that it should be up. Tom

Gertjan

You checked https://forums.he.net/ ? Use this one if you suspect a problem with IPv6 from he.net, they are quiet reactive.

Can you ping / reach the Tunnel Endpoints Server IPv4 Address ?
Same thing for Tunnel Endpoints Server IPv6 Address ?

kiokoman

can you show us a screenshot of your rules?
can you ping your GIF ipv4 Remote Address ?
can the GIF ipv4 remote address ping you ?

Gertjan

@kiokoman said in Suddenly, trouble with HE Net tunnel IPv6 traffic:

can the GIF ipv4 remote address ping you ?

@TasMot To test this : connect to your tunnel.he.net settings. Wipe the (your WAN !) Client IPv4 Address - and re enter it.
If it's accepted, your WAN IP is replying to ping and accepted.

For myself, never had issues with this - my WAN - IP, and I'm using non static WAN IP's, so I use some DDNS solution proposed by pfSense to update it.

kiokoman

@TasMot did you solve the problem? i had the same problem yesterday after moving my pfsense to another machine, i spent hours to figure out what the problem was but i was unable to find anything, so i decided to go to bed and when i woke up the problem was gone by itself

TasMot

I have not gotten it solved yet. Life keeps getting in the way of working on this (it is a home system not a work system). So, I have not made any progress on it. I have rebooted several times and no-joy yet. Thanks, eventually, I will get a chance to supply some of the info requested in the other posts.

TasMot

OK, I thought it was because on the computer I was using I switched it to IPv4 only that things seemed to be working better. However; that wasn't it. I looked at the firewall again to try to decide on a course of action, and surprise, surprise it's working. I have no clue what changed. At this point, my only guess is something at he.net or verizon changed.

Thanks for all the help,
Tom

kiokoman

eh i wonder if he.net do some kind of check on the hardware used and it need time to sync after a change, mac address or fingerprint or something