icmpv6 tunneling not working

[tryeverything91]

hello i have an ipv6-only vps i tried to icmpv6 tunneling but no success. can you help me please ? We really need this because of high censorship of our government .............................................. server: ./fraud-bridge -k 456852 -L ::1 -I -r /root/fraud-bridge/ -v ./outside.sh

client: sudo ./fraud-bridge -R 2001:41d0:***** -k 456852 -I -r /home/debian/Desktop/fraud-bridge -v sudo ./inside.sh

in client side in new terminal i ran : ssh -D [0.0.0.0]:1234 1.2.3.5 but no response and also when i try to connect to socks(127.0.0.1:1234) there is no connection while when i run this command i see something happens in both server and client sides : server : icmp <- 64 icmp -> 64 icmp -> 64 icmp -> 64 icmp -> 64 icmp <- 64 icmp -> 64 ... client: icmp -> 64 icmp -> 64 icmp -> 64 icmp -> 64 icmp -> 64 icmp -> 64 icmp -> 64 ... where did I get wrong? what should i do to fix this ? thank you so much and sorry for bad english

[stealth]

Ok, so I assume you tested to ping6 your vps before fraud-bridge setup (afterwards pings will be ignored) and it worked, so we can be sure there is no firewall rule in place in the cable modem or whatever that drops packets.

On the server side, you seem to bind to loopback via -L ::1. This is wrong. You can just do fraud-bridge -k 456852 -I -r /root/fraud-bridge/ -v or if you still want to bind to some address, you pick the same address that you chose on -R at client side. But after all, using -L on server is mostly not necessary.

Everything else should be correct. Note that you need to execute inside/outside script each time when you restarted fraud-bridge on either side because it needs to have the right tun interfaces assigned. When testing, make sure there are no other tunnels in place that could use tun1 device or use -d to override tunnel device name and edit inside/outside accordingly to reflect that (just in case your tunnel device isnt tun1)

[tryeverything91]

wow thanks it worked thanks for response is there any way to improve stability icmp tunnel ? or is there any way to use mux (multiplexer) for ping tunnel ?

[tryeverything91]

edit: now i found the problem. when im using mobile network data as my client network i cant icmp tunnel but when im using my wifi (cable data) its ok and i can do icmpv6 tunneling with mobile data log is like👇: (and i even cannot ssh to 1.2.3.5 (same as first comment)) icmp -> 0 icmp <- 0 icmp -> 0 icmp -> 0 icmp <- 64 icmp -> 64 icmp -> 64 icmp <- 64 icmp -> 64 icmp -> 64 icmp <- 64 icmp -> 64 but with wifi data its completly ok. log is like this : icmp <- 1068 icmp -> 76 icmp <- 1068 icmp -> 76 icmp <- 1068 icmp -> 84 icmp <- 1068 icmp <- 1068 icmp -> 76 icmp <- 1068 icmp -> 84 icmp <- 1068 icmp <- 1068

also ping is good for mobile data:

PING 2001:41d0:*********(2001:41d0:*********) 56 data bytes
64 bytes from 2001:41d0:*********: icmp_seq=1 ttl=40 time=257 ms
64 bytes from 2001:41d0:*********: icmp_seq=2 ttl=40 time=166 ms
64 bytes from 2001:41d0:*********: icmp_seq=3 ttl=40 time=199 ms
64 bytes from 2001:41d0:*********: icmp_seq=4 ttl=40 time=223 ms
^C
--- 2001:41d0:********* ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 165.667/211.263/257.223/33.399 ms

whats the problem with mobile cellular data ? could it be due to internet censorship and disruptions imposed by the government on mobile data ?

[tryeverything91]

can you help please ?

[stealth]

Mind saying which country that is? Is it possible to directly connect SSH to the IPv6 VPS or only via ICMP6? Its hard to say whats the problem with mobile data without access to tcpdump and having debug logs.

[tryeverything91]

yes i can connect to vps with ipv6 do you need tcpdump log ?