HE IPv6 TunnelBroker "This network is restricted" question
Can anybody [@yoursunny ] help clear this up ?
This issue came up recently.
@Ganonk said:
Hello my [provider], i have sent an email to tunnelbroker.net to get an ipv6 tunnel but unfortunately it was rejected on the grounds that the ip of my node already has native ipv6.is there a solution for me to implement ipv6 on my service?
This seems to be something new from HE tunnelbroker. I expect they are allowing tunnels to still exist with IPv6 enabled networks from IPv4 that have, or have had them in the past. Who know how long they will continue to allow this.
If this is HE tunnelbrokers new policy, that networks that announce IPv6 can not use tunnelbroker, this could be a problem.
I was looking around the HE.net forum and was not able to find a reference to an official policy change consistent with the response Ganonk received.
I did find this comment from Sept 2024,but that is not really consistent with what support said.
I think he.net is cracking down on using a VPS to forward proto 41 past Evil™ ISPs and routers that block it.
Can anybody point out any official statements on what TunnelBroker's policy on this is ?
Or help clarify what is going on.
EDIT: The network resulting in this error message is 104.234.60.0/23
Originated by AS46261
AS Name: QuickPacket, LLC
Comments
Sorry, how do you even get rejected?
I know some networks are blocked/restricted by HE, i.e, OVH.
Why did they even (have to) send an email to tunnelbroker.net - isn't it usually fully automated? So you would usually just create a new tunnel in their web interface - did that fail? Also, what happens if you create a tunnel with one IP address and then update the tunnel information to a new IP address?
My question as well smells like crap to me.
Free Hosting at YetiNode | MicroNode | Cryptid Security | URL Shortener | LaunchVPS | ExtraVM | Host-C | In the Node, or Out of the Loop?
My understanding is that Ganonk emailed tunnelbroker support because he was getting the "This network is restricted" message when trying to add an IPv6 tunnel to a VPS in Los Angeles.
I have seen this "This network is restricted" message before when attempting to add a HE IPv6 tunnel to a VPS at QuadraNet, so I can confirm that some restrictions do exist. My thought before was HE had some issue with Quadranet and that was the reason for the restriction. The situation described above in the OP by Ganonk is not related to a VM at Quadranet. Not sure what is going on and that is why I was asking. I don't want to be giving out bad advise.
EDIT: The network resulting in this error message is 104.234.60.0/23
If you have seen it before at a known network for abuse, misuse, etc... it would be my guess that they restrict based on IP Rep to combat it. If we had the IP used we could the check databases and see if it pops. If it does you have the answer if not then more investigation needed.
Free Hosting at YetiNode | MicroNode | Cryptid Security | URL Shortener | LaunchVPS | ExtraVM | Host-C | In the Node, or Out of the Loop?
Here's what I received from HE last year.
HE has been putting quite a number of restrictions for as long as I can remember
So this has nothing to do with restricting "IPv6 enabled networks" ?
Just the normal stuff about HE restricting what it considers abusive networks. IE: The QuadraNet example I stated previously.
I highly doubt, because I have tunnels running on IPv6-enabled networks.
Maxed out
Sounds about right, yeah.
many thanks for this thread
Let's suppose we have an existing server with an existing tunnel. We upgrade to a new server at the same prorivder, for which the provider gives us a new IPv4. We delete the existing tunnel in the TunnelBroker web control panel and then try to set up a new tunnel for our new server.
Oopsie!
While we were using our previous server and previous tunnel, a block was implemented!
The block doesn't prevent deletion of the existing tunnel, but it does prevent creation of a new tunnel!
So, PSA, just because you have existing tunnel service, please do not assume you can create another tunnel.
Support kindly explained that they do not have a mechanism for exempting individual IPs from the block.
I am very grateful for the excellent TunnelBroker.net service! I happily use it on several servers!
I hope everyone gets the servers they want!
You can change the endpoint IP for the existing tunnel, unless you want a different tunnel server POP.
No hostname left!
Thanks! I wasn't sure about that possibility, which I didn't think of until after I deleted the existing tunnel prematurely. Now that I know changing the endpoint works, I will try it that way next time.
I hope everyone gets the servers they want!
If HE catches this they may decide to ban you period at that point.
Free Hosting at YetiNode | MicroNode | Cryptid Security | URL Shortener | LaunchVPS | ExtraVM | Host-C | In the Node, or Out of the Loop?
Most of these restrictions (SMTP, IRC port filtering, etc.) are lifted for users who have completed their free IPv6 certification and reached the Sage level.
I will ask them first. They always have been nice to me. I would be really surprised if they have issues with anything I have done.
I hope everyone gets the servers they want!
Just to follow up on this Ganonk forwarded the email he received from support at Hurricane Electric Internet Services to me.
The response to his question about why he was receiving the "This network is restricted" message. It is quoted here.
LOL, that's weird.
I have an active tunnel running on a Clouvider VPS, and they also have IPv6.
https://bgp.he.net/AS62240
Best idea since things change quickly sometimes
Free Hosting at YetiNode | MicroNode | Cryptid Security | URL Shortener | LaunchVPS | ExtraVM | Host-C | In the Node, or Out of the Loop?
That is what I thought and was the reason I started the thread.
this point.
Hostsailor has native ipv6 and ipv4 from hostsailor can also create tunnel on HE.
apologize for my oot 🙏🏾
Because he's cursed.
… because they are incompetent and ignorant?
No hostname left!