Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 2 subscribers
  • Views 1861 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[9.108-23] Did firmware update break IPv6 TunnelBroker?

bgiles
About a month ago, I set up a tunnel broker account with Hurricane Electric (tunnelbroker.net) and created an IPv6 tunnel. For several weeks, it was running without any problems on our ASG-220. In fact, it continued to work flawlessly right up until earlier today, at the point where I updated the UTM firmware to 9.108-23 and rebooted the ASG-220. Tunnel Broker hasn't worked since, even after another manual reboot. The IPv6 Global page in the UTM web interface says "Tunnel Broker: connecting..." but never connects.

Here's what I see in the IPv6 log file, starting at the point where I flip the switch on in the IPv6 Global panel: 

2014:02:07-18:01:15 fw-1 ipv6_watchdog[7215]: Starting IPv6 address watchdog
2014:02:07-18:01:32 fw-1 hurricane[7411]: Found no Tunnels, wrong username/password?
2014:02:07-18:01:50 fw-1 radvd[8000]: version 1.9.2 started
2014:02:07-18:01:50 fw-1 radvd[8003]: sendmsg: Operation not permitted
2014:02:07-18:02:33 fw-1 hurricane[7411]: Found no Tunnels, wrong username/password?
2014:02:07-18:03:34 fw-1 hurricane[7411]: Found no Tunnels, wrong username/password?
2014:02:07-18:04:34 fw-1 hurricane[7411]: Found no Tunnels, wrong username/password?

And the "wrong username/password?" errors just continue from there.

I have not changed the username or password, although I did eventually re-enter them on the IPv6 Tunnel Broker page, to no avail. I also double-checked the server address and the Tunnel ID number, and they are correct as well. I've logged onto the tunnelbroker.net website and checked to make sure the tunnel I created still exists, and it does.

Has anyone else seen this problem? Any idea what the fix is?


This thread was automatically locked due to age.
  • 0
    Sounds like the same problem reported in the 9.2 beta.  See this thread.
  • 0
    I'm also having the same issue.

    2014:02:08-11:30:21 fw01-1 hurricane[14038]: Found no Tunnels, wrong username/password?

    I also added an UpdateKey under advanced settings at he.net but that didn't work either.

    PS: I updated the Firewall some days ago and the IPv6 Tunnel worked like a charme. The Problem persists only after i changed my Password. I reentered the Password on HE and on the Firewall but still can't connect.
  • 0
    I just installed the RPM from the Beta Thread on a Test-Firewall with 9.108-23: https://community.sophos.com/products/unified-threat-management/astaroorg/f/81/t/65566

    Installed with rpm -Uhv 

    After that the connection Broker established the connection successfully:


    2014:02:08-17:15:21 fw03 hurricane[7133]: Testing alternative method for authentication
    2014:02:08-17:15:33 fw03 hurricane[7133]: User ID v65*********911.63806***
    2014:02:08-17:15:33 fw03 hurricane[7133]: Found Tunnel 219***
    2014:02:08-17:15:33 fw03 hurricane[7133]: Found Tunnel 219***
    2014:02:08-17:15:33 fw03 hurricane[7133]: No tunnel configured, using first one 219xx
    2014:02:08-17:15:34 fw03 hurricane[7133]: IPv4 178.22.xx.***-216.66.80.98
    2014:02:08-17:15:34 fw03 hurricane[7133]: IPv6 2001:470:xx:xx::2-2001:470:xx:axx::1
    2014:02:08-17:15:34 fw03 hurricane[7133]: Network 2001:470:26:xx::/64
    2014:02:08-17:15:34 fw03 hurricane[7133]: Network 2001:470:***::/48
    2014:02:08-17:15:35 fw03 hurricane[7133]: IPv4 84.72.xx.***-216.66.80.98
    2014:02:08-17:15:35 fw03 hurricane[7133]: IPv6 2001:470:xx:xx::2-2001:470:xx:xx::1
    2014:02:08-17:15:35 fw03 hurricane[7133]: Network 2001:470:xx:xx::/64
    2014:02:08-17:15:35 fw03 hurricane[7133]: Network 2001:470:xx::/48
    2014:02:08-17:15:35 fw03 hurricane[7133]: Update Key not found and alternative update method used
    2014:02:08-17:15:36 fw03 hurricane[7133]: Setting tunnel 219xx to AUTO
    2014:02:08-17:15:36 fw03 hurricane[7133]: -ERROR: Invalid API key or password
  • 0 in reply to JonEtkins
    Sounds like the same problem reported in the 9.2 beta.  See this thread.


    Yep, I believe it's the same problem. And I see someone has offered a patch to fix it, however due to the uncertain provenance of the patch, I believe I'll wait to see if an official fix is forthcoming.

    (No offense offended to the provider of the patch, but where my company's network security is concerned, I'm hesitant to install anything that I don't know exactly where it came from. Besides -- IPv6 isn't critical for us yet, so we can afford to wait.)