[ale] ICMP error creating tunnel, was-Re: Domain Registrar

Michael H. Warfield mhw at WittsEnd.com
Sun Jan 23 14:26:51 EST 2011 

On Sun, 2011-01-23 at 06:11 -0500, Paul Cartwright wrote: 
> On 01/22/2011 10:16 PM, Michael H. Warfield wrote:
> > It also depends, somewhat, on HOW it handles prot 41 when you pass it
> > through.  Many consumer grade NAT's such as, off the shelf Linksys and
> > other wireless I've tested, work just fine, OOB.  Others you have to
> > enable prot 41 pass through.  Others manage to mangle it in a way that
> > it just doesn't work.  I personally thing they mangle the state tables
> > in such a way that they can't route it back but (because these are
> > closed source boxes) I have no way to confirm that.  Peter Beiringer and
> > I had a few discussions over this when we were talking about their ipv6
> > init stuff (that's used in Fedora and RedHat and others) and prohibiting
> > 6to4 and all.  Unfortunately, like most of the time you are dealing with
> > NAT44, it's a crap shoot.

> ok, so I installed a WRT54GL with DD-WRT on it. created an account at
> Hurricane Electric. Not sure if it is just me or my environment, but
> google/chrome made it impossible to hit the SUBMIT button to create a
> tunnel, I had to use Opera.. Chrome just sat there looking stupid. Opera
> at least started the process, BUT I got this back:

> Error: Your IPv4 endpoint is unreachable or unstable. Please make sure
> ICMP is not blocked. If you are blocking ICMP, please allow 66.220.2.74
> through your firewall.

> so, what do I do with DD-WRT to make this error go away?? I have a
> static IP on the modem, if that helps.

Ok...  You say a WRT54GL and you say "a static IP on the modem".  I see
a disconnect here.  What's the public id on the WRT54GL (which is NOT a
modem)?  If it's a private address from the modem, then you are behind a
NAT.  You can try and make that work (it might) if you can figure out
how to get the modem to map protocol 41 over to the router.  Problem I
see remaining though is that HE needs to ping that router, but it has
the address of your modem.  I can ping that address so it may really be
that HE can't contact your router on proto 41.  That's going to require
some sort of static mapping in your modem if you're doing NAT.  That's
why I said that the best option for people behind a NAT is to go with
Freenet6.  You might get this to work with HE (I did a long time ago but
it was a test config that wasn't worth keeping up) but you'll probably
spend a lot less effort going with Freenet6 on that one.

HAVE I SAID LATELY THAT NAT BLOWS GOATS?????

Regards,
Mike

> -- 
> Paul Cartwright
> Registered Linux user # 367800
> Registered Ubuntu User #12459
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
> 

-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
Url : http://mail.ale.org/pipermail/ale/attachments/20110123/ba2332ee/attachment.bin

More information about the Ale mailing list