[AusNOG] Can't bring up 6in4 tunnel (IPv6) because public IP changing on Optus ADSL

Mark Andrews marka at isc.org
Tue Feb 2 13:45:32 EST 2016


In message <CAJ0TvNKQ3NqqkDi4a51TAw9tF7ABkwi0xOV+pBXLJ_bE2MtNfQ at mail.gmail.com>, Goran Aleksic writes:
> 
> Hi Mark and others
> 
> thanks for your helpful comments and recommendations.
> 
> I'll try to explain better. The issue here is that my public IP changes as
> soon as I attempt to establish the 6in4 tunnel.
> The worry is that my WAN IP change is triggered by the tunnel somehow.
> Before, my public IP wouldn't change for days.
> 
> If I get the dynamic IP update to work, I'm not addressing the actual cause
> of the problem, but soothing the symptoms.
> 
> In other words, being able to automatically update my public IP, it's just
> quicker reaction to the public IP re-assignment. Problem is to understand
> as to why it's happening at all?
> 
> Yes, it would be nice to be able to dynamically update the tunnel settings
> on HE end, but for proof of concept, I can manually change my public IP in
> both configs.
> Also, if I react to IP change quicker, maybe Optus systems will start
> racing with it (ping-pong) and may cause further problems...
> 
> Rebooting the modem/router, for instance, would trigger the public IP
> change.
> What else might?

Reboots shouldn't change IP addresses.  With any sane system you
get back the IP address you already had prior to the reboot.

I go months w/o IP changes on my cable modem and that includes hour
long power outages.  That said I configure things to handle address
changes.

> Cheers,
> 
> Goran
> 
> 
> 
> 
> On 2 February 2016 at 11:57, Mark Andrews <marka at isc.org> wrote:
> 
> >
> > And https://forums.he.net/index.php?topic=1994.0
> >
> > Mark Andrews writes:
> > >
> > > https://forums.he.net/index.php?topic=3153.0
> > >
> > > In message <CAJ0TvN+JKsqML4_=
> > bQD+HBR2GngBkse8kbP_sSAEDZSPG6WXpQ at mail.gmail.com>, Goran Aleksic writes:
> > > > --001a1140f54ed8af8f052abe277f
> > > > Content-Type: text/plain; charset=UTF-8
> > > >
> > > > Hi Mark,
> > > >
> > > > thanks for sharing that. If you could share relevant config as well,
> > that
> > > > would be great.
> > > >
> > > > Cheers,
> > > >
> > > > Goran
> > > >
> > > >
> > > > On 2 February 2016 at 09:57, Mark Andrews <marka at isc.org> wrote:
> > > >
> > > > >
> > > > > In message <CAFDgZgVft=
> > > > > pJTHhLzEn+AhQQFbUgEjup-5CHK4zqxrKysTyz0w at mail.gmail.com>, Tom Storey
> > > > > writes:
> > > > > > Is the PPP session dropping by any chance? I think I had something
> > > > > > like this a year or two ago and it turned out to be a buggy JunOS
> > > > > > version, I had to roll back to a previous version.
> > > > > >
> > > > > > I have successfully brought up a he.net tunnel with an SRX110, so
> > its
> > > > > > definitely possible and there should be no unexpected behaviour
> > when
> > > > > > everything is running fine.
> > > > >
> > > > > Additionally HE is setup to authenicate and reconfigure the tunnel
> > > > > using the observed IPv4 address so this will work through NAT from
> > > > > a DMZ host so you don't need to know know your public IPv4 address.
> > > > >
> > > > > I've configured HE tunnels to use RFC 1918 address locally and as
> > > > > long as the packets goes through the NAT both ways it works.
> > > > >
> > > > > Obviously it is better if you only reconfigure on a renumber event
> > > > > but you could just re-authenticate every 15 minutes from cron.
> > > > >
> > > > > Mark
> > > > >
> > > > > > On 1 February 2016 at 06:05, Goran Aleksic <
> > goran.aleksic at gmail.com>
> > > > > > wrote:
> > > > > > > HI all,
> > > > > > >
> > > > > > > I've got Optus ADSL and dynamic public IP.
> > > > > > > Needed 6-in-4 tunnel (IPv6 encapsulated into IPv4 tunnel), tried
> > using
> > > > > > > Hurricane Electric IPv6 provider, as I saw positive reviews.
> > > > > > > I got Juniper SRX 110 modem and have implemented configuration as
> > > > > > stated on
> > > > > > >
> > > > > >
> > > > >
> > http://forums.juniper.net/t5/SRX-Services-Gateway/HE-IPv6-tunnel-with-flow
> > > > > > -based-IPv6-in-10-4/td-p/69338/highlight/true/page/3
> > > > > > >
> > > > > > > Issue is  my public IP (on at-1/0/0.0 interface) keeps changing
> > every
> > > > > > time
> > > > > > > I attempt the tunnel.
> > > > > > > This is a twofold problem:
> > > > > > > 1. on Hurricane Electric page, you need to specify one endpoint
> > of the
> > > > > > > tunnel, i.e. your public IP
> > > > > > > 2. In configuration of ip-0/0/0.0 interface (tunnel interface) on
> > > > > > Juniper
> > > > > > > SRX, you need to specify your tunnel source IP (a public IP).
> > There
> > > > > > doesn't
> > > > > > > seem to be a trick like with Cisco, to use ip unnumbered and
> > imply IP
> > > > > > > address from your WAN interface...
> > > > > > >
> > > > > > > Why would an attempt to establish a IPv4 tunnel to another host
> > trigger
> > > > > > my
> > > > > > > public IP to be changed?
> > > > > > >
> > > > > > > I'm wondering if anyone has experienced the same or similar
> > issue?
> > > > > > >
> > > > > > > Thanks,
> > > > > > >
> > > > > > > Alex
> > > > > > >
> > > > > > > _______________________________________________
> > > > > > > AusNOG mailing list
> > > > > > > AusNOG at lists.ausnog.net
> > > > > > > http://lists.ausnog.net/mailman/listinfo/ausnog
> > > > > > >
> > > > > > _______________________________________________
> > > > > > AusNOG mailing list
> > > > > > AusNOG at lists.ausnog.net
> > > > > > http://lists.ausnog.net/mailman/listinfo/ausnog
> > > > >
> > > > > --
> > > > > Mark Andrews, ISC
> > > > > 1 Seymour St., Dundas Valley, NSW 2117, Australia
> > > > > PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org
> > > > >
> > > >
> > > > --001a1140f54ed8af8f052abe277f
> > > > Content-Type: text/html; charset=UTF-8
> > > > Content-Transfer-Encoding: quoted-printable
> > > >
> > > > <div dir=3D"ltr"><div><div><div><div><br></div>Hi
> > Mark,<br><br></div>thanks=
> > > >  for sharing that. If you could share relevant config as well, that
> > would b=
> > > > e great.<br><br></div>Cheers,<br><br></div>Goran<br><br></div><div
> > class=3D=
> > > > "gmail_extra"><br><div class=3D"gmail_quote">On 2 February 2016 at
> > 09:57, M=
> > > > ark Andrews <span dir=3D"ltr"><<a href=3D"mailto:marka at isc.org"
> > target=
> > > > =3D"_blank">marka at isc.org</a>></span> wrote:<br><blockquote
> > class=3D"gma=
> > > > il_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc
> > solid;padding-lef=
> > > > t:1ex"><span class=3D""><br>
> > > > In message <CAFDgZgVft=3D<a href=3D"mailto:
> > pJTHhLzEn%2BAhQQFbUgEjup-5CHK=
> > > > 4zqxrKysTyz0w at mail.gmail.com
> > ">pJTHhLzEn+AhQQFbUgEjup-5CHK4zqxrKysTyz0w at mail=
> > > > .gmail.com</a>>, Tom Storey writes:<br>
> > > > > Is the PPP session dropping by any chance? I think I had
> > something<br>
> > > > > like this a year or two ago and it turned out to be a buggy
> > JunOS<br>
> > > > > version, I had to roll back to a previous version.<br>
> > > > ><br>
> > > > > I have successfully brought up a <a href=3D"http://he.net"
> > rel=3D"nore=
> > > > ferrer" target=3D"_blank">he.net</a> tunnel with an SRX110, so its<br>
> > > > > definitely possible and there should be no unexpected behaviour
> > when<b=
> > > > r>
> > > > > everything is running fine.<br>
> > > > <br>
> > > > </span>Additionally HE is setup to authenicate and reconfigure the
> > tunnel<b=
> > > > r>
> > > > using the observed IPv4 address so this will work through NAT from<br>
> > > > a DMZ host so you don't need to know know your public IPv4
> > address.<br>
> > > > <br>
> > > > I've configured HE tunnels to use RFC 1918 address locally and
> > as<br>
> > > > long as the packets goes through the NAT both ways it works.<br>
> > > > <br>
> > > > Obviously it is better if you only reconfigure on a renumber event<br>
> > > > but you could just re-authenticate every 15 minutes from cron.<br>
> > > > <br>
> > > > Mark<br>
> > > > <div class=3D"HOEnZb"><div class=3D"h5"><br>
> > > > > On 1 February 2016 at 06:05, Goran Aleksic <<a href=3D"mailto:
> > goran=
> > > > .aleksic at gmail.com">goran.aleksic at gmail.com</a>><br>
> > > > > wrote:<br>
> > > > > > HI all,<br>
> > > > > ><br>
> > > > > > I've got Optus ADSL and dynamic public IP.<br>
> > > > > > Needed 6-in-4 tunnel (IPv6 encapsulated into IPv4 tunnel),
> > tried =
> > > > using<br>
> > > > > > Hurricane Electric IPv6 provider, as I saw positive
> > reviews.<br>
> > > > > > I got Juniper SRX 110 modem and have implemented
> > configuration as=
> > > > <br>
> > > > > stated on<br>
> > > > > ><br>
> > > > > <a href=3D"
> > http://forums.juniper.net/t5/SRX-Services-Gateway/HE-IPv6-t=
> > > > unnel-with-flow" rel=3D"noreferrer" target=3D"_blank">
> > http://forums.juniper=
> > > > .net/t5/SRX-Services-Gateway/HE-IPv6-tunnel-with-flow</a><br>
> > > > > -based-IPv6-in-10-4/td-p/69338/highlight/true/page/3<br>
> > > > > ><br>
> > > > > > Issue is=C2=A0 my public IP (on at-1/0/0.0 interface) keeps
> > chang=
> > > > ing every<br>
> > > > > time<br>
> > > > > > I attempt the tunnel.<br>
> > > > > > This is a twofold problem:<br>
> > > > > > 1. on Hurricane Electric page, you need to specify one
> > endpoint o=
> > > > f the<br>
> > > > > > tunnel, i.e. your public IP<br>
> > > > > > 2. In configuration of ip-0/0/0.0 interface (tunnel
> > interface) on=
> > > > <br>
> > > > > Juniper<br>
> > > > > > SRX, you need to specify your tunnel source IP (a public
> > IP). The=
> > > > re<br>
> > > > > doesn't<br>
> > > > > > seem to be a trick like with Cisco, to use ip unnumbered and
> > impl=
> > > > y IP<br>
> > > > > > address from your WAN interface...<br>
> > > > > ><br>
> > > > > > Why would an attempt to establish a IPv4 tunnel to another
> > host t=
> > > > rigger<br>
> > > > > my<br>
> > > > > > public IP to be changed?<br>
> > > > > ><br>
> > > > > > I'm wondering if anyone has experienced the same or
> > similar i=
> > > > ssue?<br>
> > > > > ><br>
> > > > > > Thanks,<br>
> > > > > ><br>
> > > > > > Alex<br>
> > > > > ><br>
> > > > > > _______________________________________________<br>
> > > > > > AusNOG mailing list<br>
> > > > > > <a href=3D"mailto:AusNOG at lists.ausnog.net">
> > AusNOG at lists.ausnog.ne=
> > > > t</a><br>
> > > > > > <a href=3D"http://lists.ausnog.net/mailman/listinfo/ausnog"
> > rel=
> > > > =3D"noreferrer" target=3D"_blank">
> > http://lists.ausnog.net/mailman/listinfo/=
> > > > ausnog</a><br>
> > > > > ><br>
> > > > > _______________________________________________<br>
> > > > > AusNOG mailing list<br>
> > > > > <a href=3D"mailto:AusNOG at lists.ausnog.net">
> > AusNOG at lists.ausnog.net</a>=
> > > > <br>
> > > > > <a href=3D"http://lists.ausnog.net/mailman/listinfo/ausnog"
> > rel=3D"nor=
> > > > eferrer" target=3D"_blank">
> > http://lists.ausnog.net/mailman/listinfo/ausnog<=
> > > > /a><br>
> > > > <br>
> > > > </div></div><span class=3D"HOEnZb"><font color=3D"#888888">--<br>
> > > > Mark Andrews, ISC<br>
> > > > 1 Seymour St., Dundas Valley, NSW 2117, Australia<br>
> > > > PHONE: <a href=3D"tel:%2B61%202%209871%204742"
> > value=3D"+61298714742">+61 2=
> > > >  9871 4742</a>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0
> > =C2=
> > > > =A0INTERNET: <a href=3D"mailto:marka at isc.org">marka at isc.org</a><br>
> > > > </font></span></blockquote></div><br></div>
> > > >
> > > > --001a1140f54ed8af8f052abe277f--
> > > --
> > > Mark Andrews, ISC
> > > 1 Seymour St., Dundas Valley, NSW 2117, Australia
> > > PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org
> > --
> > Mark Andrews, ISC
> > 1 Seymour St., Dundas Valley, NSW 2117, Australia
> > PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org
> >
> 
> --089e011842d006636a052abffc23
> Content-Type: text/html; charset=UTF-8
> Content-Transfer-Encoding: quoted-printable
> 
> <div dir=3D"ltr"><div>Hi Mark and others<br><br>thanks for your helpful com=
> ments and recommendations.<br><br></div><div>I'll try to explain better=
> . The issue here is that my public IP changes as soon as I attempt to estab=
> lish the 6in4 tunnel.<br></div><div>The worry is that my WAN IP change is t=
> riggered by the tunnel somehow. Before, my public IP wouldn't change fo=
> r days.<br><br>If I get the dynamic IP update to work, I'm not addressi=
> ng the actual cause of the problem, but soothing the symptoms.<br></div><di=
> v><br>In other words, being able to automatically update my public IP, it&#=
> 39;s just quicker reaction to the public IP re-assignment. Problem is to un=
> derstand=C2=A0 as to why it's happening at all?<br></div><div><br></div=
> ><div>Yes, it would be nice to be able to dynamically update the tunnel set=
> tings on HE end, but for proof of concept, I can manually change my public =
> IP in both configs.<br></div><div>Also, if I react to IP change quicker, ma=
> ybe Optus systems will start racing with it (ping-pong) and may cause furth=
> er problems...<br></div><div><br></div><div>Rebooting the modem/router, for=
>  instance, would trigger the public IP change.<br></div><div>What else migh=
> t?<br><br></div><div>Cheers,<br><br></div><div>Goran<br><br></div><div><br>=
> </div><div><br></div><div><div><div class=3D"gmail_extra"><br><div class=3D=
> "gmail_quote">On 2 February 2016 at 11:57, Mark Andrews <span dir=3D"ltr">&=
> lt;<a href=3D"mailto:marka at isc.org" target=3D"_blank">marka at isc.org</a>>=
> </span> wrote:<br><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px=
>  0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br>
> And <a href=3D"https://forums.he.net/index.php?topic=3D1994.0" rel=3D"noref=
> errer" target=3D"_blank">https://forums.he.net/index.php?topic=3D1994.0</a>=
> <br>
> <div class=3D""><div class=3D"h5"><br>
> Mark Andrews writes:<br>
> ><br>
> > <a href=3D"https://forums.he.net/index.php?topic=3D3153.0" rel=3D"nore=
> ferrer" target=3D"_blank">https://forums.he.net/index.php?topic=3D3153.0</a=
> ><br>
> ><br>
> > In message <CAJ0TvN+JKsqML4_=3D<a href=3D"mailto:bQD%2BHBR2GngBkse8=
> kbP_sSAEDZSPG6WXpQ at mail.gmail.com">bQD+HBR2GngBkse8kbP_sSAEDZSPG6WXpQ at mail.=
> gmail.com</a>>, Goran Aleksic writes:<br>
> > > --001a1140f54ed8af8f052abe277f<br>
> > > Content-Type: text/plain; charset=3DUTF-8<br>
> > ><br>
> > > Hi Mark,<br>
> > ><br>
> > > thanks for sharing that. If you could share relevant config as we=
> ll, that<br>
> > > would be great.<br>
> > ><br>
> > > Cheers,<br>
> > ><br>
> > > Goran<br>
> > ><br>
> > ><br>
> > > On 2 February 2016 at 09:57, Mark Andrews <<a href=3D"mailto:m=
> arka at isc.org">marka at isc.org</a>> wrote:<br>
> > ><br>
> > > ><br>
> > > > In message <CAFDgZgVft=3D<br>
> > > > <a href=3D"mailto:pJTHhLzEn%2BAhQQFbUgEjup-5CHK4zqxrKysTyz0w=
> @mail.gmail.com">pJTHhLzEn+AhQQFbUgEjup-5CHK4zqxrKysTyz0w at mail.gmail.com</a=
> >>, Tom Storey<br>
> > > > writes:<br>
> > > > > Is the PPP session dropping by any chance? I think I ha=
> d something<br>
> > > > > like this a year or two ago and it turned out to be a b=
> uggy JunOS<br>
> > > > > version, I had to roll back to a previous version.<br>
> > > > ><br>
> > > > > I have successfully brought up a <a href=3D"http://he.n=
> et" rel=3D"noreferrer" target=3D"_blank">he.net</a> tunnel with an SRX110, =
> so its<br>
> > > > > definitely possible and there should be no unexpected b=
> ehaviour when<br>
> > > > > everything is running fine.<br>
> > > ><br>
> > > > Additionally HE is setup to authenicate and reconfigure the =
> tunnel<br>
> > > > using the observed IPv4 address so this will work through NA=
> T from<br>
> > > > a DMZ host so you don't need to know know your public IP=
> v4 address.<br>
> > > ><br>
> > > > I've configured HE tunnels to use RFC 1918 address local=
> ly and as<br>
> > > > long as the packets goes through the NAT both ways it works.=
> <br>
> > > ><br>
> > > > Obviously it is better if you only reconfigure on a renumber=
>  event<br>
> > > > but you could just re-authenticate every 15 minutes from cro=
> n.<br>
> > > ><br>
> > > > Mark<br>
> > > ><br>
> > > > > On 1 February 2016 at 06:05, Goran Aleksic <<a href=
> =3D"mailto:goran.aleksic at gmail.com">goran.aleksic at gmail.com</a>><br>
> > > > > wrote:<br>
> > > > > > HI all,<br>
> > > > > ><br>
> > > > > > I've got Optus ADSL and dynamic public IP.<br>
> > > > > > Needed 6-in-4 tunnel (IPv6 encapsulated into IPv4 =
> tunnel), tried using<br>
> > > > > > Hurricane Electric IPv6 provider, as I saw positiv=
> e reviews.<br>
> > > > > > I got Juniper SRX 110 modem and have implemented c=
> onfiguration as<br>
> > > > > stated on<br>
> > > > > ><br>
> > > > ><br>
> > > > <a href=3D"http://forums.juniper.net/t5/SRX-Services-Gateway=
> /HE-IPv6-tunnel-with-flow" rel=3D"noreferrer" target=3D"_blank">http://foru=
> ms.juniper.net/t5/SRX-Services-Gateway/HE-IPv6-tunnel-with-flow</a><br>
> > > > > -based-IPv6-in-10-4/td-p/69338/highlight/true/page/3<br=
> >
> > > > > ><br>
> > > > > > Issue is=C2=A0 my public IP (on at-1/0/0.0 interfa=
> ce) keeps changing every<br>
> > > > > time<br>
> > > > > > I attempt the tunnel.<br>
> > > > > > This is a twofold problem:<br>
> > > > > > 1. on Hurricane Electric page, you need to specify=
>  one endpoint of the<br>
> > > > > > tunnel, i.e. your public IP<br>
> > > > > > 2. In configuration of ip-0/0/0.0 interface (tunne=
> l interface) on<br>
> > > > > Juniper<br>
> > > > > > SRX, you need to specify your tunnel source IP (a =
> public IP). There<br>
> > > > > doesn't<br>
> > > > > > seem to be a trick like with Cisco, to use ip unnu=
> mbered and imply IP<br>
> > > > > > address from your WAN interface...<br>
> > > > > ><br>
> > > > > > Why would an attempt to establish a IPv4 tunnel to=
>  another host trigger<br>
> > > > > my<br>
> > > > > > public IP to be changed?<br>
> > > > > ><br>
> > > > > > I'm wondering if anyone has experienced the sa=
> me or similar issue?<br>
> > > > > ><br>
> > > > > > Thanks,<br>
> > > > > ><br>
> > > > > > Alex<br>
> > > > > ><br>
> > > > > > _______________________________________________<br=
> >
> > > > > > AusNOG mailing list<br>
> > > > > > <a href=3D"mailto:AusNOG at lists.ausnog.net">AusNOG@=
> lists.ausnog.net</a><br>
> > > > > > <a href=3D"http://lists.ausnog.net/mailman/listinf=
> o/ausnog" rel=3D"noreferrer" target=3D"_blank">http://lists.ausnog.net/mail=
> man/listinfo/ausnog</a><br>
> > > > > ><br>
> > > > > _______________________________________________<br>
> > > > > AusNOG mailing list<br>
> > > > > <a href=3D"mailto:AusNOG at lists.ausnog.net">AusNOG at lists=
> .ausnog.net</a><br>
> > > > > <a href=3D"http://lists.ausnog.net/mailman/listinfo/aus=
> nog" rel=3D"noreferrer" target=3D"_blank">http://lists.ausnog.net/mailman/l=
> istinfo/ausnog</a><br>
> > > ><br>
> > > > --<br>
> > > > Mark Andrews, ISC<br>
> > > > 1 Seymour St., Dundas Valley, NSW 2117, Australia<br>
> > > > PHONE: <a href=3D"tel:%2B61%202%209871%204742" value=3D"+612=
> 98714742">+61 2 9871 4742</a>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
> =A0 =C2=A0 =C2=A0INTERNET: <a href=3D"mailto:marka at isc.org">marka at isc.org</=
> a><br>
> > > ><br>
> > ><br>
> > > --001a1140f54ed8af8f052abe277f<br>
> > > Content-Type: text/html; charset=3DUTF-8<br>
> > > Content-Transfer-Encoding: quoted-printable<br>
> > ><br>
> > > <div dir=3D3D"ltr"><div><div><div&=
> gt;<div><br></div>Hi Mark,<br><br></div&gt=
> ;thanks=3D<br>
> > >=C2=A0 for sharing that. If you could share relevant config as wel=
> l, that would b=3D<br>
> > > e great.<br><br></div>Cheers,<br><br&g=
> t;</div>Goran<br><br></div><div class=3D3D=3D<br=
> >
> > > "gmail_extra"><br><div class=3D3D"gmai=
> l_quote">On 2 February 2016 at 09:57, M=3D<br>
> > > ark Andrews <span dir=3D3D"ltr">&lt;<a hre=
> f=3D3D"mailto:<a href=3D"mailto:marka at isc.org">marka at isc.org</a>"=
>  target=3D<br>
> > > =3D3D"_blank"><a href=3D"mailto:marka at isc.org">marka=
> @isc.org</a></a>&gt;</span> wrote:<br><blockquote =
> class=3D3D"gma=3D<br>
> > > il_quote" style=3D3D"margin:0 0 0 .8ex;border-left:1px =
> #ccc solid;padding-lef=3D<br>
> > > t:1ex"><span class=3D3D""><br><br>
> > > In message &lt;CAFDgZgVft=3D3D<a href=3D3D"mailto:<a =
> href=3D"mailto:pJTHhLzEn%252BAhQQFbUgEjup-5CHK">pJTHhLzEn%2BAhQQFbUgEjup-5C=
> HK</a>=3D<br>
> > > <a href=3D"mailto:4zqxrKysTyz0w at mail.gmail.com">4zqxrKysTyz0w at mai=
> l.gmail.com</a>">pJTHhLzEn+AhQQFbUgEjup-5CHK4zqxrKysTyz0w at mail=3D<b=
> r>
> > > .<a href=3D"http://gmail.com" rel=3D"noreferrer" target=3D"_blank=
> ">gmail.com</a></a>&gt;, Tom Storey writes:<br><br>
> > > &gt; Is the PPP session dropping by any chance? I think I had=
>  something<br><br>
> > > &gt; like this a year or two ago and it turned out to be a bu=
> ggy JunOS<br><br>
> > > &gt; version, I had to roll back to a previous version.<br=
> ><br>
> > > &gt;<br><br>
> > > &gt; I have successfully brought up a <a href=3D3D"<a=
>  href=3D"http://he.net" rel=3D"noreferrer" target=3D"_blank">http://he.net<=
> /a>" rel=3D3D"nore=3D<br>
> > > ferrer" target=3D3D"_blank"><a href=3D"http://h=
> e.net" rel=3D"noreferrer" target=3D"_blank">he.net</a></a> tunnel wit=
> h an SRX110, so its<br><br>
> > > &gt; definitely possible and there should be no unexpected be=
> haviour when<b=3D<br>
> > > r><br>
> > > &gt; everything is running fine.<br><br>
> > > <br><br>
> > > </span>Additionally HE is setup to authenicate and reconfig=
> ure the tunnel<b=3D<br>
> > > r><br>
> > > using the observed IPv4 address so this will work through NAT fro=
> m<br><br>
> > > a DMZ host so you don&#39;t need to know know your public IPv=
> 4 address.<br><br>
> > > <br><br>
> > > I&#39;ve configured HE tunnels to use RFC 1918 address locall=
> y and as<br><br>
> > > long as the packets goes through the NAT both ways it works.<b=
> r><br>
> > > <br><br>
> > > Obviously it is better if you only reconfigure on a renumber even=
> t<br><br>
> > > but you could just re-authenticate every 15 minutes from cron.&lt=
> ;br><br>
> > > <br><br>
> > > Mark<br><br>
> > > <div class=3D3D"HOEnZb"><div class=3D3D"h=
> 5"><br><br>
> > > &gt; On 1 February 2016 at 06:05, Goran Aleksic &lt;<a=
>  href=3D3D"mailto:<a href=3D"mailto:goran">goran</a>=3D<br>
> > > .<a href=3D"mailto:aleksic at gmail.com">aleksic at gmail.com</a>"=
> ><a href=3D"mailto:goran.aleksic at gmail.com">goran.aleksic at gmail.com</a>&=
> lt;/a>&gt;<br><br>
> > > &gt; wrote:<br><br>
> > > &gt; &gt; HI all,<br><br>
> > > &gt; &gt;<br><br>
> > > &gt; &gt; I&#39;ve got Optus ADSL and dynamic public =
> IP.<br><br>
> > > &gt; &gt; Needed 6-in-4 tunnel (IPv6 encapsulated into IP=
> v4 tunnel), tried =3D<br>
> > > using<br><br>
> > > &gt; &gt; Hurricane Electric IPv6 provider, as I saw posi=
> tive reviews.<br><br>
> > > &gt; &gt; I got Juniper SRX 110 modem and have implemente=
> d configuration as=3D<br>
> > > <br><br>
> > > &gt; stated on<br><br>
> > > &gt; &gt;<br><br>
> > > &gt; <a href=3D3D"<a href=3D"http://forums.juniper.ne=
> t/t5/SRX-Services-Gateway/HE-IPv6-t=3D" rel=3D"noreferrer" target=3D"_blank=
> ">http://forums.juniper.net/t5/SRX-Services-Gateway/HE-IPv6-t=3D</a><br>
> > > unnel-with-flow" rel=3D3D"noreferrer" target=3D3D&=
> quot;_blank"><a href=3D"http://forums.juniper" rel=3D"noreferrer" t=
> arget=3D"_blank">http://forums.juniper</a>=3D<br>
> > > .net/t5/SRX-Services-Gateway/HE-IPv6-tunnel-with-flow</a>&l=
> t;br><br>
> > > &gt; -based-IPv6-in-10-4/td-p/69338/highlight/true/page/3<=
> br><br>
> > > &gt; &gt;<br><br>
> > > &gt; &gt; Issue is=3DC2=3DA0 my public IP (on at-1/0/0.0 =
> interface) keeps chang=3D<br>
> > > ing every<br><br>
> > > &gt; time<br><br>
> > > &gt; &gt; I attempt the tunnel.<br><br>
> > > &gt; &gt; This is a twofold problem:<br><br>
> > > &gt; &gt; 1. on Hurricane Electric page, you need to spec=
> ify one endpoint o=3D<br>
> > > f the<br><br>
> > > &gt; &gt; tunnel, i.e. your public IP<br><br>
> > > &gt; &gt; 2. In configuration of ip-0/0/0.0 interface (tu=
> nnel interface) on=3D<br>
> > > <br><br>
> > > &gt; Juniper<br><br>
> > > &gt; &gt; SRX, you need to specify your tunnel source IP =
> (a public IP). The=3D<br>
> > > re<br><br>
> > > &gt; doesn&#39;t<br><br>
> > > &gt; &gt; seem to be a trick like with Cisco, to use ip u=
> nnumbered and impl=3D<br>
> > > y IP<br><br>
> > > &gt; &gt; address from your WAN interface...<br><br=
> >
> > > &gt; &gt;<br><br>
> > > &gt; &gt; Why would an attempt to establish a IPv4 tunnel=
>  to another host t=3D<br>
> > > rigger<br><br>
> > > &gt; my<br><br>
> > > &gt; &gt; public IP to be changed?<br><br>
> > > &gt; &gt;<br><br>
> > > &gt; &gt; I&#39;m wondering if anyone has experienced=
>  the same or similar i=3D<br>
> > > ssue?<br><br>
> > > &gt; &gt;<br><br>
> > > &gt; &gt; Thanks,<br><br>
> > > &gt; &gt;<br><br>
> > > &gt; &gt; Alex<br><br>
> > > &gt; &gt;<br><br>
> > > &gt; &gt; _______________________________________________=
> <br><br>
> > > &gt; &gt; AusNOG mailing list<br><br>
> > > &gt; &gt; <a href=3D3D"mailto:<a href=3D"mailto:A=
> usNOG at lists.ausnog.net">AusNOG at lists.ausnog.net</a>"><a href=3D"mai=
> lto:AusNOG at lists.ausnog.ne">AusNOG at lists.ausnog.ne</a>=3D<br>
> > > t</a><br><br>
> > > &gt; &gt; <a href=3D3D"<a href=3D"http://lists.au=
> snog.net/mailman/listinfo/ausnog" rel=3D"noreferrer" target=3D"_blank">http=
> ://lists.ausnog.net/mailman/listinfo/ausnog</a>" rel=3D<br>
> > > =3D3D"noreferrer" target=3D3D"_blank"><a h=
> ref=3D"http://lists.ausnog.net/mailman/listinfo/=3D" rel=3D"noreferrer" tar=
> get=3D"_blank">http://lists.ausnog.net/mailman/listinfo/=3D</a><br>
> > > ausnog</a><br><br>
> > > &gt; &gt;<br><br>
> > > &gt; _______________________________________________<br&gt=
> ;<br>
> > > &gt; AusNOG mailing list<br><br>
> > > &gt; <a href=3D3D"mailto:<a href=3D"mailto:AusNOG at lis=
> ts.ausnog.net">AusNOG at lists.ausnog.net</a>"><a href=3D"mailto:AusNO=
> G at lists.ausnog.net">AusNOG at lists.ausnog.net</a></a>=3D<br>
> > > <br><br>
> > > &gt; <a href=3D3D"<a href=3D"http://lists.ausnog.net/=
> mailman/listinfo/ausnog" rel=3D"noreferrer" target=3D"_blank">http://lists.=
> ausnog.net/mailman/listinfo/ausnog</a>" rel=3D3D"nor=3D<br>
> > > eferrer" target=3D3D"_blank"><a href=3D"http://=
> lists.ausnog.net/mailman/listinfo/ausnog" rel=3D"noreferrer" target=3D"_bla=
> nk">http://lists.ausnog.net/mailman/listinfo/ausnog</a><=3D<br>
> > > /a><br><br>
> > > <br><br>
> > > </div></div><span class=3D3D"HOEnZb">=
> <font color=3D3D"#888888">--<br><br>
> > > Mark Andrews, ISC<br><br>
> > > 1 Seymour St., Dundas Valley, NSW 2117, Australia<br><br>
> > > PHONE: <a href=3D3D"tel:%2B61%202%209871%204742" val=
> ue=3D3D"+61298714742">+61 2=3D<br>
> > >=C2=A0 9871 4742</a>=3DC2=3DA0 =3DC2=3DA0 =3DC2=3DA0 =3DC2=
> =3DA0 =3DC2=3DA0 =3DC2=3DA0 =3DC2=3DA0 =3DC2=3DA0 =3DC2=3D<br>
> > > =3DA0INTERNET: <a href=3D3D"mailto:<a href=3D"mailto:mark=
> a at isc.org">marka at isc.org</a>"><a href=3D"mailto:marka at isc.org">mark=
> a at isc.org</a></a><br><br>
> > > </font></span></blockquote></div><br&g=
> t;</div><br>
> > ><br>
> > > --001a1140f54ed8af8f052abe277f--<br>
> > --<br>
> > Mark Andrews, ISC<br>
> > 1 Seymour St., Dundas Valley, NSW 2117, Australia<br>
> > PHONE: <a href=3D"tel:%2B61%202%209871%204742" value=3D"+61298714742">=
> +61 2 9871 4742</a>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
> =C2=A0INTERNET: <a href=3D"mailto:marka at isc.org">marka at isc.org</a><br>
> --<br>
> Mark Andrews, ISC<br>
> 1 Seymour St., Dundas Valley, NSW 2117, Australia<br>
> PHONE: <a href=3D"tel:%2B61%202%209871%204742" value=3D"+61298714742">+61 2=
>  9871 4742</a>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
> =A0INTERNET: <a href=3D"mailto:marka at isc.org">marka at isc.org</a><br>
> </div></div></blockquote></div><br></div></div></div></div>
> 
> --089e011842d006636a052abffc23--
> 
> --===============5822192169979312011==
> Content-Type: text/plain; charset="us-ascii"
> MIME-Version: 1.0
> Content-Transfer-Encoding: 7bit
> Content-Disposition: inline
> 
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
> 
> --===============5822192169979312011==--
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org


More information about the AusNOG mailing list