Hi guys, I am using henet's tunnel and now I encounter a problem.
My ISP use pppoe and I have a dynamic IPv4 address. I use 6in4 to get a IPv6 address.
The problem is, My ISP will disconnect you and give you a new IPv4 address after you got connected for sometime (in case you use a IPv4 address for a long time) and after I cannot bring my 6in4 interface up. I have tried the loghead command but nothing shows up. If I use 'ifup henet' command to manually bring up the interface, it tells you that
At this time I have to modify something in the LUCI henet interface and save it then it will get connected.
And I have tried somthing else. If I close the henet interface before my wan interface refresh or manually reconnected and open henet interface after the wan interface get connected, then everything behaves normally.
I think maybe there is something wrong with 6in4 script, maybe it loses previous device when wan reconnected.
It's been a while since my ISP played those tricks on me (forced disconnect/ new IP exactly every 24h), but I understood the problem as this:
- every 24h, the ISP forcefully and abruptly disconnects the running PPPoE session, without giving higher level sessions (such as the 6in4 tunnel) a chance to tear down their session gracefully
- the ISP then allows reconnecting immediately (1-3 seconds at most), using a different IP
- the 6in4 tunnel however hasn't noticed yet that its old session is gone and considers it still valid
- as it isn't possible to use the same IPv6 prefix twice, the he.net server rejects this new connection, until the old session times out (multiple dozens of seconds or a few minutes).
- the 6in4 protocol handler now begins an endless loop, trying to reconnect before the server is feels ready again, this apparently triggers some DOS countermeasures on he.net's side (blacklisting your IP/ credentials for a short while.
You can't leave this loop of doom until you manually stop it from trying a (short) while).
The only way out I've found, was:
- tearing down the 6in4 tunnel manually before the abrupt forced disconnect, thereby clearing the session
- then 'voluntarily' reconnecting my ISP's PPPoE session just seconds before it would have been killed anyways
- reconnecting the 6in4 tunnel with he.net.
In order to accomplish this, I used cron with a hysteresis of 1 h (and 50 seconds, to avoid fun with clock drift and daylight saving), with a crontab like this (wan6 was my 6in4 tunnel interface):
0 5 * * * [ $(ifstatus wan | jsonfilter -e '@.uptime') -lt 3650 ] || (ubus call network.interface.wan6 down;ubus call network.interface.wan down;sleep 1;ubus call network.interface.wan up;sleep 15;ubus call network.interface.wan6 up)
- for me, 03:59:10 UTC to 05:00 UTC was a relatively convenient time for this 'voluntary' disconnect
- 1h+50s = 3650s
- I'm quite sure you can reduce the 15s sleep down to basically nothing; maybe you can even drop all sleeps
- instead of
ubus calls, you could call
ifdown as well
ifdown wan && ifup wan is basically equivalent to just
I also use HE's tunnel, and it works with my also dynamic IP address. I guess you need to link the tunnel to the WAN interface.
Add an "option tunlink..." line to the tunnel configuration section.
Maybe you need to specify the username and password in the HE interface to automatically update your endpoint IP address?
I have static IP, so I am not using it. But I remember that before that I was using them.
The OP has to be using the authentication somewhere.
I found that the credentials in the Interface config only worked once, upon interface up. I use HE's DDNS service to update, so I never solved that. I assume a cron reload of that interface (or call to the tunnel authentication server to change the endpoint IP) would also fix it.
Another option is to install and use a custom DDNS script to update with the tunnel check server, instead of their DDNS server.
This is my config:
config interface 'wan6'
option proto '6in4'
option tunlink 'wan'
option peeraddr 'XXX.XXX.XXX.XXX'
option tunnelid 'XXXXXX'
option username 'XXXXXX'
option password 'XXXXXX'
option ip6prefix '2001:XXXX:XXXX::/48'
option ip6addr '2001:XXXX:XXXX:XXXX::2'
option mtu '1472'
option peerdns '0'