Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
hklb
Contributor II

Created on ‎11-07-2016 02:50 PM

Tunnelbroker - icmp and dns works, but not able to access on https

Hello,

 

I try to configure a IPv6 interface on my fortigate with a public IP provided by tunnerbroker.

 

I'm able to ping, resolve dns query, do a telnet on ipv6 server on port 80, ... But I'm not able to load a http/s website.

 

My fortigate is behing my modem, but all the port/proto is nated on my fortigate. I saw the ip proto 41 out/in on my fortigate.

 

Is anyone has an idea for this problem ?

 

Here is a part on my config and debug flow :



id=20085 trace_id=21 func=resolve_ip6_tuple_fast line=3025 msg="vd-root received a packet(proto=6, 2001:xxx:xxx:xxx:594d:7e5d:8cd3:1ffc:52605->2001:4810::110:80) from testipv6."
id=20085 trace_id=21 func=resolve_ip6_tuple_fast line=3025 msg="vd-root received a packet(proto=6, 2001:xxx:xxx:xxx:594d:7e5d:8cd3:1ffc:52605->2001:4810::110:80) from testipv6."
id=20085 trace_id=21 func=resolve_ip6_tuple line=3116 msg="allocate a new session-000013a8"
id=20085 trace_id=21 func=vf_ip6_route_input line=533 msg="find a route: gw-2001:4810::110 via HeTunnelBroker err 0 flags 01000001"
id=20085 trace_id=21 func=fw6_forward_handler line=304 msg="Check policy between testipv6 -> HeTunnelBroker"
id=20085 trace_id=21 func=fw6_forward_handler line=424 msg="Allowed by Policy-1:"


config system sit-tunnel
 edit "HeTunnelBroker"
 set destination 216.xx.xx.xx
 set ip6 2001:xxx:xxx:xxx::2/64
 set interface "wan1"
 next
end
config router static6
 edit 1
 set device "HeTunnelBroker"
 next
end



config system interface
 edit "testipv6"
 set vdom "root"
 set type vap-switch
 set device-identification enable
 set snmp-index 13
 config ipv6
 set ip6-allowaccess ping
 set ip6-address 2001:xxx:xxx:xxx::1/64
 set ip6-send-adv enable
 set ip6-manage-flag enable
 config ip6-prefix-list
 edit 2001:xxx:xxx:xxx::/64
 set autonomous-flag enable
 next
 end
 end
 next
end


diagnose snifferpa packet any "ip proto 41" 4 0


interfaces=[any]
filters=[ip proto 41]
2.417429 wan1 out 192.168.1.254 -> 216.xx.xx.xx: ip-proto-41 72
2.417605 wan1 out 192.168.1.254 -> 216.xx.xx.xx: ip-proto-41 60
2.534385 wan1 in 216.xx.xx.xx -> 85.yy.yy.yy: ip-proto-41 60
2.535355 wan1 in 216.xx.xx.xx -> 192.168.1.254: ip-proto-41 72
2.540262 wan1 out 192.168.1.254 -> 216.xx.xx.xx: ip-proto-41 60
2.541366 wan1 out 192.168.1.254 -> 216.xx.xx.xx: ip-proto-41 498
2.901267 wan1 out 192.168.1.254 -> 216.xx.xx.xx: ip-proto-41 498
3.312483 wan1 out 192.168.1.254 -> 216.xx.xx.xx: ip-proto-41 498
4.032740 wan1 out 192.168.1.254 -> 216.xx.xx.xx: ip-proto-41 498

					
				
			
			
				
			
			
				
			
			
			
			
			
			
		

		
		
	

	
	


	
				
		
			 
 


		
			
					
		
	
				
		
			
					
			
		
				
		
			
		
			
					
				
		
	
	


		

	

		

			
		

			
		

	

		

			

	
		
			

  2360


		
			
					

	
			

				
		
			
		
			
				

					
						
	
			0
		

	Kudos

					
				

			
			
		

	
		
    	
		

			
				
					
				
				
			
		

	
    
			

		

	

	

	

    

	

	


				
		
			
					
				
		
	
	


		

			

	
		
			
					
		
			

				
			

		
	
				
		
			
					
		
	
				
		
			
					
		
	
				
		
			
					
				
		
			
		
			
		
			    
    

      
      
    


		
	
	


		

	

		

			

	
		
			
					
				
		
			
					
				
		
			
					
		
	
				
		
			
					
		
	
				
		
	
	


		

	



		

	

	

	




			
		
    
            

                

            

        

	
		

		
	

	

	

	
			
		

	


					

	

		

			
 

		

		

			
		

		

			
 

		

	



				
		
		
			
			
		
		
			
			
		
		
			
		
			
			
	

		0 REPLIES 0
	


		
		
			
			
			
					
	
			

			

			


	

	
		

			

			
	

	

		


	

	

	

	



	

	

		
		
	


	

	




			
				


	
			
				

					
						

							
		

			

	
			
				
					
				
				
			
		


		

	
							

								
								
							

							

								

	
									
								


							

						

					
				

			
		
	


			
		

	

	

				
		
		
			
		
	
	


		

			

	
		
			
 
Announcements

	
    	

Select Forum Responses to become Knowledge Articles!


Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

        
    

 

		
			
		
			
 
Labels

	
	
	

		
			

	

		
 

		

			

				
					

						

							
								
        
	
							
						

					

				
				

					

						
		
				

					

	
	


				

			
	
					

				

			

		

		
 

	



			
		
	


 

		
			
 
Top Kudoed Authors


	

	

	

	
		

	 
	
	
	


	
	
View all



 

		
	
	


		

	

		

			
		

	

		

			

	
		
			

	

		

			

	
		
			
		
	
	


		

	

		

			

	
		
			
 
 
 
  
 Broad. Integrated. Automated. 
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
 
 
 Social Media  
 
 
 Security Research  
 
 Company  
 
 
 News & Articles  
 
 Contact Us  
 
 
 



		

			
Copyright  2024 Fortinet, Inc. All Rights Reserved.