Probably hopeless question about ipv6

Advanced feature discussion, beta programs and unsupported "Labs" features.
6 posts Page 1 of 1
by sidney » Fri Nov 24, 2023 11:07 am
Though still a Sonic customer, it is not for Internet connectivity - I am far away with the only available ISP one who uses CGNAT, which as far as I know makes it impossible to set up ipv6 tunneling with a service like Hurricane Electric.

I would like to be able to play with ipv6. Does anyone know if using the Sonic.net VPN (which I do have access to) would allow me to use the endpoint at Sonic as the endpoint for an ipv6 tunnel?

If the answer to that is no, which I expect is the case, does anyone know of any workarounds I might try?

My home network has the broadband modem connected as a bridge to a UniFi Dream Machine that provides wifi to all the machines in the house, in case that makes a difference.

Thanks,

Sidney
by sidney » Fri Nov 24, 2023 1:37 pm
Well, posting the question gave me the incentive to just try it. Went to the Hurricane Electric tunnelbroker.com site, created the tunnel using the ip address the VPN gave me, and followed the instructions to configure my Macbook to use it.

% ping6 2001:4860:4860::8888
PING6(56=40+8+8 bytes) 2001:5a8:601:9:5000::bafe --> 2001:4860:4860::8888
16 bytes from 2001:4860:4860::8888, icmp_seq=0 hlim=108 time=438.374 ms
16 bytes from 2001:4860:4860::8888, icmp_seq=1 hlim=108 time=354.179 ms
16 bytes from 2001:4860:4860::8888, icmp_seq=2 hlim=108 time=179.612 ms

So it does work, and it is good enough for the bit of playing with ipv6 network code that I want to do. I haven't kept track if the VPN hands out a different ip address each time I use it, but all that would require is logging in to Hurricane again and entering the new ip address.
by kgc » Mon Nov 27, 2023 10:40 am
Sidney, this probably works because you initiated the tunnel from your end which creates the state in the CGN gateway that allows for the return traffic to reach you. There's nothing wrong with that setup and you could help make sure it stays active with a v6 ping run out of cron.
Kelsey Cummings
System Architect, Sonic.net, Inc.
by sidney » Mon Nov 27, 2023 11:20 pm
Cool, this makes it easy to set up for testing and debugging the ipv6 tests in SpamAssassin, which is just the occasional use and doesn't have to stay active long.

While I have your attention I'll sneak in a quick tech support type question :)

What are the ip address ranges used as exit points for the Sonic VPN? I've been given ssh access to someone's test machine and they would prefer to limit access through their firewall to just the addresses I will use to come in. That includes the ip addresses from the VPN.

I found this forum post viewtopic.php?f=13&t=8871 from four years ago and relied on that based on how it made sense that it would be all the address with host names *.vpn.dynamic.sonic.net (184.23.188.0/22). But just now I connected to the vpn and got 192.184.199.143 which is 192-184-199-143.static.sonic.net. So what is a range I can tell them will safely include any I might get? It doesn't have to be exactly the narrowest range that would work, just something that will let me in and keep all the wild ssh seeking bots out.
by kgc » Tue Nov 28, 2023 11:36 am
Looks like it should currently be 192.184.188.0/22, 192.184.192.0/22 and 192.184.196.0/22.
Kelsey Cummings
System Architect, Sonic.net, Inc.
by sidney » Tue Nov 28, 2023 12:33 pm
Thanks so much
6 posts Page 1 of 1

Who is online

In total there is 1 user online :: 1 registered, 0 hidden and 0 guests (based on users active over the past 5 minutes)
Most users ever online was 999 on Mon May 10, 2021 1:02 am

Users browsing this forum: Amazon [Bot] and 0 guests