Problem with 6in4 (pppoe / periodic disconnect)

Hi guys, I am using henet's tunnel and now I encounter a problem.
My ISP use pppoe and I have a dynamic IPv4 address. I use 6in4 to get a IPv6 address.
The problem is, My ISP will disconnect you and give you a new IPv4 address after you got connected for sometime (in case you use a IPv4 address for a long time) and after I cannot bring my 6in4 interface up. I have tried the loghead command but nothing shows up. If I use 'ifup henet' command to manually bring up the interface, it tells you that

        "up": false,
        "pending": false,
        "available": false,
        "autostart": true,
        "dynamic": false,
        "proto": "6in4",
        "data": {

        "errors": [
                        "subsystem": "interface",
                        "code": "NO_DEVICE"

At this time I have to modify something in the LUCI henet interface and save it then it will get connected.

And I have tried somthing else. If I close the henet interface before my wan interface refresh or manually reconnected and open henet interface after the wan interface get connected, then everything behaves normally.

I think maybe there is something wrong with 6in4 script, maybe it loses previous device when wan reconnected.

It's been a while since my ISP played those tricks on me (forced disconnect/ new IP exactly every 24h), but I understood the problem as this:

  • every 24h, the ISP forcefully and abruptly disconnects the running PPPoE session, without giving higher level sessions (such as the 6in4 tunnel) a chance to tear down their session gracefully
  • the ISP then allows reconnecting immediately (1-3 seconds at most), using a different IP
    • the 6in4 tunnel however hasn't noticed yet that its old session is gone and considers it still valid
      • as it isn't possible to use the same IPv6 prefix twice, the server rejects this new connection, until the old session times out (multiple dozens of seconds or a few minutes).
        • the 6in4 protocol handler now begins an endless loop, trying to reconnect before the server is feels ready again, this apparently triggers some DOS countermeasures on's side (blacklisting your IP/ credentials for a short while.
          You can't leave this loop of doom until you manually stop it from trying a (short) while).

The only way out I've found, was:

  • tearing down the 6in4 tunnel manually before the abrupt forced disconnect, thereby clearing the session
    • then 'voluntarily' reconnecting my ISP's PPPoE session just seconds before it would have been killed anyways
      • reconnecting the 6in4 tunnel with

In order to accomplish this, I used cron with a hysteresis of 1 h (and 50 seconds, to avoid fun with clock drift and daylight saving), with a crontab like this (wan6 was my 6in4 tunnel interface):

0 5 * * * [ $(ifstatus wan | jsonfilter -e '@.uptime') -lt 3650 ] || (ubus call network.interface.wan6 down;ubus call network.interface.wan down;sleep 1;ubus call network.interface.wan up;sleep 15;ubus call network.interface.wan6 up)
  • for me, 03:59:10 UTC to 05:00 UTC was a relatively convenient time for this 'voluntary' disconnect
  • 1h+50s = 3650s
  • I'm quite sure you can reduce the 15s sleep down to basically nothing; maybe you can even drop all sleeps
  • instead of ubus calls, you could call ifup/ ifdown as well
  • ifdown wan && ifup wan is basically equivalent to just ifup wan
1 Like

I also use HE's tunnel, and it works with my also dynamic IP address. I guess you need to link the tunnel to the WAN interface.

Add an "option tunlink..." line to the tunnel configuration section.

1 Like

Maybe you need to specify the username and password in the HE interface to automatically update your endpoint IP address?
I have static IP, so I am not using it. But I remember that before that I was using them.

1 Like

The OP has to be using the authentication somewhere.

I found that the credentials in the Interface config only worked once, upon interface up. I use HE's DDNS service to update, so I never solved that. I assume a cron reload of that interface (or call to the tunnel authentication server to change the endpoint IP) would also fix it.

Another option is to install and use a custom DDNS script to update with the tunnel check server, instead of their DDNS server.

This is my config:

config interface 'wan6'
	option proto '6in4'
	option tunlink 'wan'
	option peeraddr 'XXX.XXX.XXX.XXX'
	option tunnelid 'XXXXXX'
	option username 'XXXXXX'
	option password 'XXXXXX'
	option ip6prefix '2001:XXXX:XXXX::/48'
	option ip6addr '2001:XXXX:XXXX:XXXX::2'
	option mtu '1472'
	option peerdns '0'

1 Like