[fli4l] IPV6 Tunnel von HE

Jens Haberstroh jenshastroh at gmail.com
Mo Apr 11 12:49:33 CEST 2016


Guten Tag,

wohl schon seit 31.1.2014 ist die Benutzung des generellen
Account-Passwortes bei Tunneln. die danach erstellt wurden,
nicht mehr möglich. Man setzt auf einen Update-Key.

So ist es bei mir. So wie ich das sehe, unterstützt der fli4l
das aber nicht?

Hier mal die Informationen, die ich von HE erlangen konnte.

Tunnel Broker News:
Two-factor Authentication
[January 04, 2016]
We've made some adjustments to the two-factor implementation to now
include backup verification codes.

If you have two-factor enabled on your account, you should now see a
section under it labeled: "Backup codes"

"Show codes" will show you the currently available and unused backup
codes for your account.
"Reset codes" will generate a completely new set of ten backup codes for
your account.

Each of these codes may be used once.

These codes exist as a means of getting into your account if you've
misplaced or lost your phone with the authenticator application on it. 
You may use them anywhere an authentication code is expected.

As a side note, the iOS version of the HE Network Tools app will sync
HOTP/TOTP credentials in iCloud Keychain, if enabled, and therefore can
be an option if you tend to be prone to phone loss/damage/etc.

Update - 6 January 2015
[January 06, 2015]
We have added an additional regular tunnel-server in London.  It is now
live and available to choose when creating a tunnel. Again if you would
like your existing tunnel's IPv4 endpoint to use the new tunnel-server,
please delete your existing tunnel then pick the new location to create
your tunnel on.

*REMINDER* - Deleting your old tunnel means deallocating your IPv6
blocks, and you will be assigned NEW allocations based on the tunnel
server you pick.

If you have any problems and want to report them, please email
ipv6 at he.net to open a trouble ticket.

Update - 25 November 2014
[November 25, 2014]
We have added a regular tunnel-server in Phoenix, Arizona.  It is now
live and available to choose when creating a tunnel. Again if you would
like your existing tunnel's IPv4 endpoint to use the new tunnel-server,
please delete your existing tunnel then pick the new location to create
your tunnel on.

*REMINDER* - Deleting your old tunnel means deallocating your IPv6
blocks, and you will be assigned NEW allocations based on the tunnel
server you pick.

If you have any problems and want to report them, please email
ipv6 at he.net to open a trouble ticket.

Additional API utilities
[February 14, 2014]
An additional tool for reporting available tunnels is available for
application programmers/embedded systems folks.  This has actually been
around for a while, but not well documented.

 https://USERNAME:PASSWORD@tunnelbroker.net/tunnelInfo.php[?tid=TUNNELID]

This returns the configuration information in XML format.  One tunnel
block per tunnel if no ID specified, or one tunnel block for the
specified tunnel id.


<?xml version="1.0" encoding="UTF-8"?>
<tunnels>
 <tunnel id="TID">
  <description>DESCRIPTION</description> (as defined in the site)
  <serverv4>SERVER_IPv4</serverv4>
  <clientv4>CLIENT_IPv4</clientv4>
  <serverv6>SERVER_IPv6</serverv6>
  <clientv6>CLIENT_IPv6</clientv6>
  <routed64>ROUTED_64_PREFIX/64</routed64>
  <routed48>ROUTED_48_PREFIX/48</routed48> (exists if one assigned)
  <rdns1>DNS1</rdns1> (exists if assigned)
  <rdns2>DNS2</rdns2> (exists if assigned)
  <rdns3>DNS3</rdns3> (exists if assigned)
  <rdns4>DNS4</rdns4> (exists if assigned)
  <rdns5>DNS5</rdns5> (exists if assigned)
 </tunnel>
</tunnels>



Authentication updates
[January 31, 2014]
In order to improve account security, some changes have been made to how
tunnel endpoint updates are authenticated.

Tunnels made after this post now are configured with an "Update Key"
(under the "Advanced" tab on the tunnel information page), which is used
instead of the general account password when performing automated
updates via either the https://ipv4.tunnelbroker.net/ipv4_end.php or the
/nic/update (Dyn-alike) mechanisms.  Do not MD5() this value before
use.

When an "Update Key" exists, the account password will not work for
updates on that tunnel.  Existing tunnels can set an "Update Key" to
take advantage of this new mechanism.


LG Jens


Mehr Informationen über die Mailingliste Fli4L