I tried to set this up a couple of years ago but gave up because I got stuck at this same point.
I created a regular tunnel, generated the code, pasted it into a .bat file, ran it.
I go to whatismyipv6.net and it shows my ipv4 address.  I have tried ipv6.google.com and the page doesn't display.  I tried kame.net, the turtle doesn't dance.
It doesn't seem like there was much room for error, but somehow it doesn't work for me.
I'm using Windows 7 x64.  I have tried with my computer in the router's DMZ, firewall disabled, adblock disabled.
Am I missing something?
			
			
			
				Please list the commands you used to create the tunnel. 
			
			
			
				netsh interface teredo set state disabled
netsh interface ipv6 add v6v4tunnel IP6Tunnel 75.119.250.239 184.105.253.14
netsh interface ipv6 add address IP6Tunnel 2001:470:1f10:a4a::2
netsh interface ipv6 add route ::/0 IP6Tunnel 2001:470:1f10:a4a::1
			
			
			
				You mentioned that you put your computer in the dmz of your router.  That tells me that you're behind a nat, which means that you need to replace your pubic ip with the private address of your computer.
Remove the ip6tunnel interface and rerun the commands using your nat ip address instead
			
			
			
				
Ok I did 
netsh interface ipv6 delete interface "IP6Tunnel"
no errors
Then I redid the bat file with my 192.168 address instead of the 75.119 address.  No errors.
Then I tried the 3 ipv6 sites and the first thing I noticed is that browsing is really slow.  But the 3 ipv6 sites do exactly the same as they did before.
			
			
			
				Are you sure you got the IPv4 addresses right? When I did a traceroute to 75.119.250.239 I do not get a response from that IP. The last functional hop on the route is 208.111.182.138. It looks the same for both ICMP echo requests and protocol 41 packets.
HE won't even let you configure a client IPv4, which is not reachable for ICMP echo requests. Not that there is any reason for this restriction, but that means you couldn't configure a tunnel on that client IPv4 address.
Also when I look at the IP address 2001:470:1f10:a4a::1 from your post, I find the tunnel server IP address 209.51.181.2, which is not what you have in your config.
			
			
			
				I have a dynamic IP and have since gotten a new one.  After getting the new IP, I updated the ipv4 address at tunnelbroker.  Then did netsh interface delete, then reran the bat file.
As for the " 209.51.181.2"... i have no clue what that is, as my new IP is 206.248.181.119.
			
			
			
				Quote from: kasperd on July 12, 2013, 11:42:56 PM
Also when I look at the IP address 2001:470:1f10:a4a::1 from your post, I find the tunnel server IP address 209.51.181.2, which is not what you have in your config.
That's fine actually.  Chicago and Dallas gained region-specific IPs a while ago.  New tunnels get the new IP, old tunnels still have the old, with an option of shifting to the new.
			
 
			
			
				What's interesting is that whatismyipv6 also said I didn't have an IPv6 address either and listed my home DSL's IPv4.  Meanwhile, my collocated server clearly tells me (both on the page and the logs) that I came in via IPv6, so I know that my IPv6 works.
What I suspect is that both you and me are lacking an IPv6 path to the whatis... server OR that the DNS is resolving to an IPv4 address before an IPv6 address is encountered because that is what is in the answer packet first (even though it should take the AAAA record first).
Personally, I don't care about that site, but maybe these two things are happening to you and that explains why you're having trouble.
Therefore, check your DNS answers and your traceroute path and see if something is screwy there.
			
			
			
				Quote from: PracticalShutIn on July 13, 2013, 06:45:18 AMmy new IP is 206.248.181.119.
That IP does respond to ICMP echo request. But it appears to drop everything else. With that DMZ setting in place, your router should be sending time to live exceeded ICMP errors when a traceroute from the outside hits anything, which the DMZ setting applies to.
I tried traceroute with protocol 41 as well as TCP and UDP. In all cases there was silence from 206.248.181.119. Have you managed to get the DMZ setting to work for any other traffic?
Quote from: kcochran on July 13, 2013, 07:27:54 AMThat's fine actually.  Chicago and Dallas gained region-specific IPs a while ago.  New tunnels get the new IP, old tunnels still have the old, with an option of shifting to the new.
I am I understanding correctly, that 209.51.181.2 and 184.105.253.14 are both assigned to the same tunnel server? What is affected by switching to the new IP? Does it only influence the source IP of packets the server sends through the tunnel, or is something else affected as well?
			
 
			
			
				IP ranges are announced with priority in certain regions.  Dallas and Chicago pre-dated a Central-specific range, so had IPs which in certain cases would now come in via the West or East coast, instead of going directly Central.  To all intents, you could consider it a second tunnel server in that location, using the same IP pools, but with possibly better v4 routing in certain situations.
			
			
			
				
The technical level is getting over my head now..
I don't know what a DNS answer is, and can't tell what is screwy when looking at a traceroute path.
C:\Users\Me>tracert 184.105.253.14
Tracing route to 184.105.253.14 over a maximum of 30 hops
  1     2 ms    <1 ms    <1 ms  192.168.0.254
  2   166 ms    16 ms    10 ms  lo-100.lns02.tor.packetflow.ca [206.248.154.122]
  3    14 ms     9 ms    10 ms  2150.ae3.bdr03.tor.packetflow.ca [69.196.136.163]
  4    18 ms     9 ms    14 ms  gw-he.torontointernetxchange.net [206.108.34.112]
  5    21 ms    23 ms    25 ms  10gigabitethernet12-1.core1.chi1.he.net [184.105.213.150]
  6    20 ms    20 ms    20 ms  184.105.253.14
Trace complete.
"Have you managed to get the DMZ setting to work for any other traffic?"
I don't quite understand the question.  I keep this computer in the DMZ at all times, and use a software firewall so I can see what is getting blocked.  Is there anything else that needs to be allowed besides ICMP?  There are a lot of ICMP v4 and v6 settings in my firewall that can be allowed/disallowed for inbound & outbound.
The only things shown in my firewall block log are a couple of TCP incoming packets blocked because of the "attack detection component"; a general Block IGMP rule; and a general "block NetBIOS traffic" rule for outgoing UDP.
			
			
			
				Quote from: PracticalShutIn on July 14, 2013, 08:52:54 AMI keep this computer in the DMZ at all times
What exactly do you mean by that?
Something was changed in your setup since I last checked this thread, because at that time 206.248.181.119 was responding to ICMP echo requests. But it is not responding anymore. I tried mtr towards that IP as well as the closest router from your output, and I got this.
Quote from: mtr 206.248.154.12210. 213.248.71.154                    0.0%   165   19.2  27.8  18.2 109.7  10.9
11. 69.28.172.130                     0.0%   165   27.5  30.0  20.0 123.9  13.1
12. 69.28.172.125                     0.0%   165   36.7  45.5  35.8 121.8  10.3
13. 69.28.172.5                       0.0%   165  124.7 131.5 117.4 378.3  27.8
14. 69.28.172.74                      0.0%   165  131.5 141.1 127.9 283.5  17.7
15. 208.111.182.138                   0.0%   165  162.3 156.9 147.4 270.7  13.6
16. 206.248.154.122                   0.0%   165  260.4 162.9 138.7 523.1  50.6
Quote from: mtr 206.248.181.11910. 213.248.71.154                    0.0%   152   31.6  29.1  17.6 123.6  15.1
11. 69.28.172.130                     0.7%   152   20.5  30.3  19.6 120.5  12.1
12. 69.28.172.125                     0.0%   152   39.7  45.9  36.0 119.5  11.3
13. 69.28.172.5                       0.0%   152  121.5 127.1 116.9 284.9  17.1
14. 69.28.172.74                      0.0%   152  134.2 136.9 127.6 274.5  13.4
15. 208.111.134.238                   0.0%   152  139.6 146.9 139.5 297.9  14.3
16. 69.196.136.47                     0.0%   152  141.0 157.6 138.3 378.3  40.5
17. ???
Previously the last hop before 206.248.181.119 was not responding, which is also inconsistent with what I am seeing now. Unfortunately I didn't save the previous output, so I can't compare. If you can tell what you changed since I looked previously, it may provide some hint.
			
 
			
			
				Quote from: kasperd on July 14, 2013, 11:04:23 AM
Quote from: PracticalShutIn on July 14, 2013, 08:52:54 AMI keep this computer in the DMZ at all times
What exactly do you mean by that?
"By using the Virtual DMZ port, a computer or device on the network is exposed to the Internet without protection from the firewall function of the Home Networking modem."  IIRC, it lets that computer bypass the router's firewall.
I can't figure out what has changed since your last post.. I haven't changed anything in the router, firewall, disconnected or rebooted the PC.  Isn't it a good thing that there's 0% packet loss for both mtrs?
			
 
			
			
				Keep in mind that the DMZ implementation on some routers is broken and does not expose it to protocol 41 traffic; there are numerous posts on here involving that.
You may want to grab something like wireshark and examine your traffic to see if you have protocol 41 packets hitting your computer.
			
			
			
				Quote from: PracticalShutIn on July 15, 2013, 08:06:17 AM"By using the Virtual DMZ port, a computer or device on the network is exposed to the Internet without protection from the firewall function of the Home Networking modem."  IIRC, it lets that computer bypass the router's firewall.
Not all devices have the same definition of what DMZ means. From that description it is not clear if it is doing something usable.
Quote from: PracticalShutIn on July 15, 2013, 08:06:17 AMI can't figure out what has changed since your last post.. I haven't changed anything in the router, firewall, disconnected or rebooted the PC.
Strange.
Quote from: PracticalShutIn on July 15, 2013, 08:06:17 AMIsn't it a good thing that there's 0% packet loss for both mtrs?
That doesn't really tell anything. Both ends at a specific router 1-2 hops away from your router. Notice how the trace to your IP ends with a hop with 100% packet loss, obviously the IP of that hop isn't shown in the output.
The two best options for finding out more are:
- Run a traceroute from your end towards the tunnel server using protocol 41 packets.
- Look at the actual network traffic using a tool like Wireshark.
 
			
			
				Quote from: cholzhauer on July 15, 2013, 08:08:15 AMYou may want to grab something like wireshark and examine your traffic to see if you have protocol 41 packets hitting your computer.
My software firewall has a firewall log & packet log.  There's a system-wide rule which I guess I manually entered at some point in the past that allows all traffic using IP protocol 41.  My log shows items like this every 10 mins.
11:01:56 AM   N/A   OUT   PROTO41    184.105.253.14   *   *Allow IP for IPv6   360   0
10:52:08 AM   N/A   OUT   PROTO41    184.105.253.14   *   *Allow IP for IPv6   88   0
N/A = process, * = port, last 2 columns = bytes sent, received.
That IP belongs to HE.
One strange thing about my firewall is the Block IGMP rule.  Normally the lines that get blocked are red, but those aren't.  It is a default rule of the software, and is indeed set to block.  Probly not relevant *shrug*.
Other possibly relevant information:
There's an item in my Home Network IP Config screen that is unusual.  Here is a picture of the screen (I found the pic on another site but shows you what I'm looking at)
http://www.dslreports.com/r0/download/746882~7a55238e358a38a7841ee49c8c07d9da/domain.jpg
The Domain Name:  no-domain-set.bellcanada is what I'm talking about.
it shows up in my ipconfig as "DNS Suffix Search List. . . . . . : no-domain-set.bellcanada"
Also, in my tcp/ipv4 properties, I have it set to automatically receive an IP address, but in the Alternate Config, it is manually entered, with a preferred DNS server (OpenDNS).  It's not currently in use, but I figured it's good to tell you of anything non-standard. 
Can't for the life of me figure out how to traceroute protocol 41.
			
 
			
			
				Quote from: PracticalShutIn on July 16, 2013, 09:19:31 AMMy log shows items like this every 10 mins.
11:01:56 AM   N/A   OUT   PROTO41    184.105.253.14   *   *Allow IP for IPv6   360   0
10:52:08 AM   N/A   OUT   PROTO41    184.105.253.14   *   *Allow IP for IPv6   88   0
If I understood you correctly, that means your Windows machine is sending protocol 41 packets to your router, and your router appears to be forwarding them. We don't know if they make it the rest of the way to the tunnel server.
Quote from: PracticalShutIn on July 16, 2013, 09:19:31 AMOne strange thing about my firewall is the Block IGMP rule.  Normally the lines that get blocked are red, but those aren't.  It is a default rule of the software, and is indeed set to block.  Probly not relevant *shrug*.
I agree that an IGMP related rule is probably not relevant. You can use the tunnel service without ever sending or receiving an IGMP packet.
Quote from: PracticalShutIn on July 16, 2013, 09:19:31 AMOther possibly relevant information:
There's an item in my Home Network IP Config screen that is unusual.  Here is a picture of the screen (I found the pic on another site but shows you what I'm looking at)
http://www.dslreports.com/r0/download/746882~7a55238e358a38a7841ee49c8c07d9da/domain.jpg
The Domain Name:  no-domain-set.bellcanada is what I'm talking about.
it shows up in my ipconfig as "DNS Suffix Search List. . . . . . : no-domain-set.bellcanada"
That does look a bit odd, but since the TLD is non-existent, that setting should be harmless.
Quote from: PracticalShutIn on July 16, 2013, 09:19:31 AMAlso, in my tcp/ipv4 properties, I have it set to automatically receive an IP address, but in the Alternate Config, it is manually entered, with a preferred DNS server (OpenDNS).  It's not currently in use, but I figured it's good to tell you of anything non-standard.
I recommend against using OpenDNS because they systematically hijack lookups of nonexistent domains, and have also been seen hijacking lookups of existing domains. You should use a more trustworthy DNS provider. HE and Google are both good options. Some ISPs also provide DNS servers, which can be trusted. But so far there does not seem to be any evidence suggesting your problem is DNS related.
Quote from: PracticalShutIn on July 16, 2013, 09:19:31 AMCan't for the life of me figure out how to traceroute protocol 41.
I have no idea how to do it on Windows. On one of the traceroute implementations for Linux you can use 
-P 41. I am expecting the output of such a traceroute to be telling us a lot about what your problem is, so it is worth looking more into.