Hey, I am playing around with Windows Server 2008r2.
DNS works fine but i cannot get it to listen to my tunnel ipv6
any idees?
(http://bildr.no/image/693491.jpeg)
http://bildr.no/view/693513
Any reason you haven't assgned a public address to your local area connction 2?
1) obfuscating the IPs, no point. You clearly left the tserv side of the tunnel so we can guess that you are trying to do this on 2001:470:27:292::2. And any published AAAA or PTR records involved are also going to be public knowledge.
2) looks like the software doesn't like/recognize the tunnel interface, so you should try adding one of your routed /64 IPs to your physical LAN adapter. I'd say try 2001:470:28:292::1/64, or seeing as you took a /48 because you must have required more than the 1 /64 subnet we automatically allocate and statically route, an IP from that range.
How do i add a /64 to the physical lan adapter?
so i need to add the /64 ip in addition to the one /48 i already have on the tunnel?
You just need to pick any address you want out of the /64 or /48...2001:dba:1234:1::3 for example
hmm dont quite uderstand that ???
From the start i tunneled one from my /48.
which i can connect to any ipv6 server with.
dont see why windows server does not see it in the listening to part. Would be nice to have this server also support end to end ipv6 (well sort off excluding the tunnel) ;D
Ok let me try again. You say you've already used a /64 out of your /48. If this server is going to be in the same subnet, than you should use an address out of that same /64. If you want this server to be on a different subnet, that you should choose another /64 out of your /48 and select an address out of that.
You can either assign that address staticly or dynamically; windows accepts router advertisements by default
(http://kripos.nu/ws.png) - Uncut ver.
How do i advertise eather of those v6s so that they are listed in "Listen on" in there?
Heres a lill thing,
if i run endpoint on my router (WRT610n) with dd-wrt
and assign ipv6 over radvd from it. it works
(http://kripos.nu/radvd.png)
But then i get an interal ip (192.168.1.100)
but i kinda need external for dns to work properly. And i havent found away to get external ip from dd-wrt and retain the ipv6 tunnel on it.
now this is getting strange in IIS7. It does list the corrects ips (2001:470:dcb7::d), but not in dns.
(http://kripos.nu/iis.png)
I have the same problem. 2008r2 windows DNS does not listen to the ipv6 address only the ipv4 and local-link address. I remember reading a microsoft post stating it was disabled by default.
I've been running server 2008 on my dns servers for a long time now and never had to do anything special to make it work. My router is running RA and that's how my server gets an ipv6 address. I then statically adding an ipv4 address (private) and make the necessary firewall changes.
If you need a certain ipv6 address, why not make it static and put it in by hand? You'll need to create the reverse lookup zone by hand, but that's simple. If dns isn't getting the address of your server, add it by hand
i dont like nat, so i rather not have use my router as an enpoint.
Unless there is away to make dd-wrt give me a public ip.
I don't blame you. Ddwrt will do whatever you want it to, you just need to configure it. I don't know what your network setup is, but you just need to connect your server to the outside interface of your router (which is what I assume the ddwrt router is doing... If not, a network diagram would help) and assign it a public address
I just looked at your picture... You should assign that ::d address to your LAN connection on your server
does the tunnel work if you host it on your server?
Again, I think a diagram would help here
i installed ISS and set it up for you.
that works
http://[2001:470:dcb7::d]:80
<- Internert - > Cisco ECP3000 (modem) - > Simple Switch (p1) -> Modem
-> Simple Switch (p2) - Main Computer
-> Simple Switch (p3) - Server
-> Simple Switch (p4) - Cisco / Linksys WRT610n with ddwrt - eth1 -> Storage Server.
-> Simple Switch (p5) - Linksys WRT54g2 - Wireless Bridge with repater to another WRT54g2 which connects to an Xerox WorkCenter 7435.
"You should assign that ::d address to your LAN connection on your server"
How?
atm i dont have a fixed set of ips from my isp. it gives me 4 external ips. which are based on mac. and does not change as long as the computer / switch is online for the duration of the lase and renews it .
Im getting new isp next week where i have my own fixed /28 ipv4.
Quote
"You should assign that ::d address to your LAN connection on your server"
How?
GUI would be easiest. Do you know how to assign a static IPv4 address to an adapter via the GUI? (Control panel, network connections, ect) Do it the same way for Ipv6, but just chose the IPv6 stack instead of IPv4)
Is the server connected to p3 the one you want to give a public IPv4 address to?
p3 serverhar no internet, only intranet :P. and i dont enough public ipv4 for it on current isp. new one will change that when i get my /28. when i get that ill give it public ip and put it online.
I tryed to assinged the v6 to static in network settigns but it did allow it. WHen i assinged a new ip there ::d1. it did accept but not pingable from outside...
if you want i can give you rdc access to the server or something like that.
Ive been repsonding to all of this from my iPod..let me get back to a real computer tomorrow and I'll type the whole thing out
The error i get is
"The IP address 2001:470:dcb7::d you entered for this network adapter is already assigned to another adapter
Microsoft Direct point to point on this computer. If the same address is assigned to both adapters they both become active, only one of them will use this address. This may result in incorrect system configuration.
Do you want to fix this problem by entering a different IP for this adapter in the list of IP address in the advanced dialog box?"
when i still save that, it asks for a reboot. when its back up again those settings are reversed back to blank.
I think the Point to Point thing is a VPN connection for server 2008? You might want to look into that.
Why not choose another IP address? Use ::e or something
Ok, I just re-read your first post, so we'll start from there.
1) I assume you have your tunnel working. If that's the case, we need to assign an IP address to your local area connection. Look at this link and add an address either from the command line or from the GUI. If you're having problems with ::d, use something else
http://www.itechtalk.com/thread1600.html
After you add that address, double check in the command line by doing a "ipconfig /all" and making sure the address shows on your adapter.
After that, check your DNS settings and you should see a box listed to check/un-check for the new IP address. If no, you might have to remove and re-add the DNS role
still get object allrady exsit if i add a new one eg ::e
that is not pinable or routable :(
Ethernet adapter Server:
Connection-specific DNS Suffix . : getinternet.no
IPv6 Address. . . . . . . . . . . : 2001:470:dcb7::e
Link-local IPv6 Address . . . . . : fe80::d4d5:270d:5b2d:b5a9%13
IPv4 Address. . . . . . . . . . . : 84.208.95.28
Subnet Mask . . . . . . . . . . . : 255.255.192.0
Default Gateway . . . . . . . . . : 84.208.64.1
Tunnel adapter IP6Tunnel:
Connection-specific DNS Suffix . : getinternet.no
IPv6 Address. . . . . . . . . . . : 2001:470:dcb7::d
Link-local IPv6 Address . . . . . : fe80::182c:9644:c360:8cd4%15
Default Gateway . . . . . . . . . : 2001:470:27:292::1
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
15 281 ::/0 2001:470:27:292::1
13 276 ::/0 2001:470:27:292::1
1 306 ::1/128 On-link
15 281 2001:470:dcb7::/64 On-link
13 276 2001:470:dcb7::/64 On-link
15 281 2001:470:dcb7::d/128 On-link
13 276 2001:470:dcb7::e/128 On-link
15 281 fe80::/64 On-link
13 276 fe80::/64 On-link
15 281 fe80::182c:9644:c360:8cd4/128
On-link
13 276 fe80::d4d5:270d:5b2d:b5a9/128
On-link
1 306 ff00::/8 On-link
15 281 ff00::/8 On-link
13 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
If Metric Network Destination Gateway
0 4294967295 ::/0 2001:470:27:292::1
0 4294967295 ::/0 2001:470:dcb7:d::1
0 4294967295 ::/0 2001:470:27:292::1
===========================================================================
You shouldn't have that ::d address on your tunnel...that should be the ::2 address assigned to you from HE.
Also, you have assigned the ::e and ::d addresses out of the same /64 that your tunnel is on (the ::1 and ::2) That won't work
On your tunnel info page, you have a couple of lines. One is the ::1 address of the HE tunnel end point, one is the ::2 address that you assign to your end of the tunnel (these are both out of the same /64), you have a /48 line which is probably blank, and you have a router /64 line. The routed /64 line is where you need to pull the ::d and ::e addresses from.
if you want to post a screen shot of your tunnel page, I can be more specific.
(http://night.me.uk/ws/tunnel.png)
Thank you very much for your help, really appropriate it!
2001:470:27:292::1 is the address of the HE side of the tunnel
2001:470:27:292::2 is the address of your side of the tunnel. This should be the IP address on your "IP6tunnel" interface
2001:470:28:292::/64 is your routed /64. You can select any address from 2001:470:28:292::1 to 2001:470:28:292:ffff:ffff:ffff:ffff and HE will point traffic intended for that address at your side of the tunnel. I assume that your network is flat (only one subnet) so this is what I'll use.
Assign 2001:470:28:292::d to your "local area connection" interface according to the directions in the link I posted earlier.
Assuming your tunnel is up, the above should give you IPv6 connectivity on that host.
There is one thing though. I just checked the info on your RDNS server:
[carl@mars ~]$ host d.politiet.nu
d.politiet.nu has address 84.208.95.28
d.politiet.nu has IPv6 address 2001:470:dcb7::d
You picked an address out of your routed /48 for that host. That is fine, however, if your DNS server and the other server we're discussing are on the same subnet, they should have the same address range; you'd need to change one of them. It's probably easier to change the host you're working on rather than your DNS server, so use 2001:470:dcb7::2 /64 for the server you're working on. (If the two are not in the same subnet, then don't worry about it)
Hope this helps. If you have problems, let me know, and try to provide as much detail as possible.
netsh interface ipv6 delete address Server 2001:470:dcb7::2
netsh interface ipv6 delete address IP6Tunnel 2001:470:dcb7::d
netsh interface ipv6 add address IP6Tunnel 2001:470:27:292::2
netsh interface ipv6 add address Server 2001:470:28:292::d
netsh interface ipv6 add route ::/0 Server 2001:470:27:292::1
Publish Type Met Prefix Idx Gateway/Interface Name
------- -------- --- ------------------------ --- ------------------------
No Manual 256 ::/0 21 2001:470:27:292::1
No Manual 256 ::/0 13 2001:470:27:292::1
No Manual 256 ::1/128 1 Loopback Pseudo-Interface 1
No Manual 256 2001:470:27:292::/64 21 IP6Tunnel
No Manual 256 2001:470:27:292::2/128 21 IP6Tunnel
No Manual 256 2001:470:28:292::/64 13 Server
No Manual 256 2001:470:28:292::2/128 13 Server
No Manual 256 2001:470:28:292::d/128 13 Server
No Manual 256 fe80::/64 13 Server
No Manual 256 fe80::/64 21 IP6Tunnel
No Manual 256 fe80::7d05:88b5:3b7a:6a16/128 21 IP6Tunnel
No Manual 256 fe80::d4d5:270d:5b2d:b5a9/128 13 Server
No Manual 256 ff00::/8 1 Loopback Pseudo-Interface 1
No Manual 256 ff00::/8 13 Server
No Manual 256 ff00::/8 21 IP6Tunnel
Ethernet adapter Server:
Connection-specific DNS Suffix . : getinternet.no
IPv6 Address. . . . . . . . . . . : 2001:470:28:292::2
IPv6 Address. . . . . . . . . . . : 2001:470:28:292::d
Link-local IPv6 Address . . . . . : fe80::d4d5:270d:5b2d:b5a9%13
IPv4 Address. . . . . . . . . . . : 84.208.95.28
Subnet Mask . . . . . . . . . . . : 255.255.192.0
Default Gateway . . . . . . . . . : 2001:470:27:292::1
84.208.64.1
Tunnel adapter IP6Tunnel:
Connection-specific DNS Suffix . : getinternet.no
IPv6 Address. . . . . . . . . . . : 2001:470:27:292::2
Link-local IPv6 Address . . . . . : fe80::7d05:88b5:3b7a:6a16%21
Default Gateway . . . . . . . . . : 2001:470:27:292::1
Did that and still nothing ???
Strange.
OK, give me a little bit...I"m going to set up a windows server and see if I can replicate this
as i said i can give you vnc/mstsc access to my server :)
hit a pm with jabber/msn/ or what not :)
OK, here's what I found.
After installing Server 2008 R2, it took me about three minutes to get a working tunnel and working connectivity (Most of that was configuring my firewall's NAT translations)
Here's what I did
Installed the OS
Enabled ping replies for IPv6 and IPv4 in the Advanced firewall settings
Ran the following commands:
netsh interface teredo set state disabled
netsh interface ipv6 add v6v4tunnel IP6Tunnel 192.168.102.199 209.51.181.2
netsh interface ipv6 add address IP6Tunnel 2001:470:1f10:533::2
netsh interface ipv6 add route ::/0 IP6Tunnel 2001:470:1f10:533::1
Took an IP address out of my routed /64 and added it to my Local Area Connection (added via the GUI in the control panel)
Here is the output of ipconfig /all and my routing tables
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.102.1 192.168.102.199 266
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.102.0 255.255.254.0 On-link 192.168.102.199 266
192.168.102.199 255.255.255.255 On-link 192.168.102.199 266
192.168.103.255 255.255.255.255 On-link 192.168.102.199 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.102.199 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.102.199 266
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 192.168.102.1 Default
===========================================================================
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
18 266 ::/0 2001:470:1f10:533::1
11 266 ::/0 2001:470:1f10:533::1
1 306 ::1/128 On-link
18 266 2001:470:1f10:533::/64 On-link
18 266 2001:470:1f10:533::2/128 On-link
11 266 2001:470:1f11:533::/64 On-link
11 266 2001:470:1f11:533::2/128 On-link
11 266 fe80::/64 On-link
18 266 fe80::/64 On-link
11 266 fe80::38c6:d028:b64d:17c0/128
On-link
18 266 fe80::e92c:a3d5:cc42:41b9/128
On-link
1 306 ff00::/8 On-link
11 266 ff00::/8 On-link
18 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
If Metric Network Destination Gateway
0 4294967295 ::/0 2001:470:1f10:533::1
0 4294967295 ::/0 2001:470:1f10:533::1
===========================================================================
PS C:\Users\Administrator>
PS C:\Users\Administrator> ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : WIN-GI5VUPHL46Q
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
Physical Address. . . . . . . . . : 00-0C-29-04-66-B2
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:470:1f11:533::2(Preferred)
Link-local IPv6 Address . . . . . : fe80::38c6:d028:b64d:17c0%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.102.199(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.254.0
Default Gateway . . . . . . . . . : 2001:470:1f10:533::1
192.168.102.1
DNS Servers . . . . . . . . . . . : 2001:470:c27d:e000:41bd:d9bf:9b66:9b95
192.168.102.14
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{915791CA-9966-4B21-9C93-A8F40FF5200F}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter IP6Tunnel:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Direct Point-to-point Adapater
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:470:1f10:533::2(Preferred)
Link-local IPv6 Address . . . . . : fe80::e92c:a3d5:cc42:41b9%18(Preferred)
Default Gateway . . . . . . . . . : 2001:470:1f10:533::1
DNS Servers . . . . . . . . . . . : 2001:470:c27d:e000:41bd:d9bf:9b66:9b95
192.168.102.14
NetBIOS over Tcpip. . . . . . . . : Disabled
Hmm, this is getting annoying.
Did all that and still nothing
Ethernet adapter Server:
Connection-specific DNS Suffix . : getinternet.no
IPv6 Address. . . . . . . . . . . : 2001:470:28:292::2
Link-local IPv6 Address . . . . . : fe80::d4d5:270d:5b2d:b5a9%13
IPv4 Address. . . . . . . . . . . : 84.208.95.28
Subnet Mask . . . . . . . . . . . : 255.255.192.0
Default Gateway . . . . . . . . . : 2001:470:27:292::1
84.208.64.1
Tunnel adapter IP6Tunnel:
Connection-specific DNS Suffix . : getinternet.no
IPv6 Address. . . . . . . . . . . : 2001:470:27:292::2
Link-local IPv6 Address . . . . . : fe80::25a4:c779:7667:1e96%16
Default Gateway . . . . . . . . . : 2001:470:27:292::1
nither iss responds to it
http://[2001:470:28:292::2]/ nor can i ping it. ???
http://[2001:470:27:292::2]/ works but thats not assigned to the interface so cant use it for dns.
I have enabled icmp echo ipv6 and v4 in fw settings
Just to update.
I remoted in to his server and was able to make everything work internally. DNS works when queried at 2001:470:28:292::2 and IIS also is listending on that address (I did remove a line in the IIS bindings that didn't need to be there, so now it's listening on all available addresses.)
I am unable to ping that address or to browse to that address from my machine, so you might want to check your firewall.
You also might want to email HE and ask them to make sure that everything is being routed to you correctly
checked all firewalls. on every level of the network. all are set to allow.
I tried a differnt tunnel server (london) still the same issue.