[Sks-devel] ams.sks.heypete.com now available over IPv6

[Pete Stephenson]

Hi all,

My hosting company has been somewhat slow about turning up IPv6 at the
facility where my VPS is hosted, so I decided to setup a Hurricane
Electric IPv4-to-IPv6 tunnel for my server.

I'll add native IPv6 transport when my hosting company offers it and
will update my DNS records accordingly.

There were some tunnel-related firewall issues that caused intermittent
problems for a day or two[1], but everything seems to be working well now.

Kristian's pool crawler has noticed that the server is listening on IPv6
(which is good check that things are working) and I'm seeing IPv6 traffic.

If anyone runs into issues with the server, IPv6-related or not, please
let me know.

Cheers!
-Pete

[1] In particular, unless one allows the firewall to accept "protocol
41"[2] (IPv6-in-IPv4) packets from the remote tunnel server, things may
work for a while but after a short time IPv6 connections will start
timing out since the firewall is blocking new inbound connections from
the tunnel server. This is annoying to diagnose.

It can be solved using this UFW rule:
"sudo ufw allow proto ipv6 from $TUNNEL_SERVER_IPv4_ADDRESS"

or this iptables rule:
"-A INPUT -p ipv6 -s $TUNNEL_SERVER_IPv4_ADDRESS -j ACCEPT".

[2] See http://en.wikipedia.org/wiki/6in4

-- 
Pete Stephenson

signature.asc
Description: OpenPGP digital signature