1

I am trying to create regular tunnel on https://tunnelbroker.net. Public IP address of our institute is 14.139.196.2. On using this address as IPv4 endpoint address the message

"IP is not ICMP pingable. Please make sure ICMP is not blocked. If you are blocking ICMP, please allow 66.220.2.74 through your firewall."

is being displayed. On using

cat /proc/sys/net/ipv4/icmp_echo_ignore_all

I understood that ICMP ping is enabled on my system. What IPv4 Endpoint should I mention? Or How do I get around with the error?

Shridhar R Kulkarni
  • 111
  • 5
  • 1
    As per the error message, Is there a firewall at the perimeter of your network which blocks inbound ICMP echo requests? I certainly cannot ping 14.139.196.2 from where I am. – Mark Riddell Aug 22 '16 at 11:53
  • It sounds like you are trying to use 6in4 from behind a NAT. That is not how 6in4 is supposed to be used. It is completely pointless for HE to require your IP address to respond to echo requests. It is even more pointless to configure any device to not respond to echo requests. But even if you fixed both of those problems, there is no guarantee 6in4 will work for you while you are behind a NAT. The correct solution is to get a public IPv4 address for your tunnel endpoint. – kasperd Aug 22 '16 at 23:14
  • 2
    @kasperd Eh? I run a tunnelbroker.net 6in4 tunnel with the endpoint behind NAT. It works fine if you set it up correctly. But this user might not be in a position to do so. Rather, his institute's IT department should be providing IPv6 to the entire campus anyway. – Michael Hampton Aug 24 '16 at 01:52
  • @MichaelHampton If you have full control over the NAT, you can get it to work. But there are many ways it could break. For example I have seen it be unreliable due to the NAT only being configured to handle the traffic in one direction and relying on connection traffic in the other direction. And even when properly configured in both directions I have seen it break because of another device behind the NAT use protocol 41 and cause conflicting connection tracking entries. It can be useful for a testing environment, but I would not recommend it for any sort of production environment. – kasperd Aug 24 '16 at 07:06
  • @MichaelHampton So if you do not have enough IPv4 addresses to allocate one to your 6in4 endpoint, the best away to solve the problem is not to run your 6in4 endpoint behind a NAT, but rather to use native IPv6. – kasperd Aug 24 '16 at 07:10

1 Answers1

1

@sridhar: Never, ever put actual IP addresses on public forums. They are liable to be picked up by bots etc.a nd you could get Denial of Service attacks.

Now to your post: The error message is what it is. Your external gateway 14.139.196.x does not allow ICMP echo (ping to get in). Solution, ask them to open up ICMP. I am not sure you would have the clearance/privileges to do so.

Alternative ways to get IPv6:

  1. Ask your upstream ISP to give you an IPv6 block - in India, ERNET is also a possible source
  2. Buy a cheap KVM VPS somewhere, get an Hurricane Electric IPv6 block to it and then distribute that using OpenVPN.
SACHIN GARG
  • 11
  • 1