Hurricane Electric's IPv6 Tunnel Broker Forums

Tunnelbroker.net Specific Topics => Questions & Answers => Topic started by: srappleyea on November 01, 2014, 12:03:26 PM

Title: Tunnel Broker now works from Router, but not Windows 7 PC
Post by: srappleyea on November 01, 2014, 12:03:26 PM
Hello all,

So first, a little background.  I am a student, trying to help develop a Networking lab exercise for college students around IPv6.  I am working with a Windows 7 PC, which is attached via ethernet to a MikroTik router (the same make and model being used by the students).  That router is itself attached via ethernet to an ActionTec router / dsl modem that services my entire local network. 

After some considerable trial and error, and putting my MikroTik router in the DMZ of the ActionTec router, I am now able to ping IPv6 addresses from within my MikroTik RouterOS by using Hurricane Electric's tunnel broker.  Hooray!  Success!  Except that I still can't access any ipv6 address from my PC.  IPv6 IS enabled on my PC, and I can successfully ping the local IPv6 address of my MikroTik router from my PC.

Does anyone know why the tunnel works from my router but not my PC?
Title: Re: Tunnel Broker now works from Router, but not Windows 7 PC
Post by: mattwilson9090 on November 01, 2014, 06:47:15 PM
Where are you getting the IPv6 addresses you are assigning the PC? You should be assigning them from your your routed /64 or /48.
Title: Re: Tunnel Broker now works from Router, but not Windows 7 PC
Post by: cholzhauer on November 01, 2014, 07:08:20 PM
Furthermore, what address did you assign to the inside interface of your router?
Title: Re: Tunnel Broker now works from Router, but not Windows 7 PC
Post by: srappleyea on November 01, 2014, 07:17:33 PM
I'm set up with DHCP from my ActionTec router, so I haven't actually assigned any ip addresses.  Are you saying I need to remove DHCP service from my "outside" router and use my MikroTik router to provide IP addresses?
Title: Re: Tunnel Broker now works from Router, but not Windows 7 PC
Post by: cholzhauer on November 01, 2014, 07:35:26 PM
I'm sort of surprised that device does dhcpv6.  Even so, you need slaac to get routing info

Manually assign an address out of your routed /64 to the inside interface of your router and give an address in the same subnet to your pc.  We can move to dynamic stuff after everything works
Title: Re: Tunnel Broker now works from Router, but not Windows 7 PC
Post by: mattwilson9090 on November 01, 2014, 07:39:52 PM
We didn't say anything about DHCP. However you have DHCP configured for IPv4 won't change as a result of any of this.

What we are saying is that the IPv6 addresses that the computers are using needs to come from your routed /64 or /48.

I'm guessing that you gave the MicroTik router the Client IPv6 address and nothing else. It needs to also have one of the routed /64 or /48 addresses, and the computers would then have addresses from that same subnet that are assigned statically, via SLAAC, or via DHCPv6.

Where are the PC's getting their IPv6 addresses now?
Title: Re: Tunnel Broker now works from Router, but not Windows 7 PC
Post by: cholzhauer on November 01, 2014, 07:53:12 PM
Oops, read into that too much, thanks for clarifying my point
Title: Re: Tunnel Broker now works from Router, but not Windows 7 PC
Post by: srappleyea on November 01, 2014, 09:12:02 PM
Quote from: mattwilson9090 on November 01, 2014, 07:39:52 PM
We didn't say anything about DHCP. However you have DHCP configured for IPv4 won't change as a result of any of this.

What we are saying is that the IPv6 addresses that the computers are using needs to come from your routed /64 or /48.

I'm guessing that you gave the MicroTik router the Client IPv6 address and nothing else. It needs to also have one of the routed /64 or /48 addresses, and the computers would then have addresses from that same subnet that are assigned statically, via SLAAC, or via DHCPv6.

Where are the PC's getting their IPv6 addresses now?

I haven't actually configured any IPv6 addresses except, as you correctly guessed, the client IPv6 address address.  Existing IPv6 addresses were assigned by my actiontec router via DHCPv6. 

I can see my PC's IPv6 address in the MikroTik's IPv6 address list, but if I'm understanding you correctly I still need to do something like:

/ipv6 address add address=(/64 address on my tunnelbroker page) advertise=yes interface=ether2   (ether2 is the port my PC is connected to)

Is that right?  I just tried that, no luck yet accessing ipv6 addresses from my pc but I'm thinking there are more steps?

UPDATE: Also, I'm looking at my /ipconfig right now on my pc and I have a ton of IPv6 addresses (probably from all the experimenting I've been doing).  I'm trying to get rid of the extras but haven't been able to yet.  Are those going to get in the way?

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2001:470:b:523:etc.
   IPv6 Address. . . . . . . . . . . : 2001:470:dcd9:1:etc.
   Temporary IPv6 Address. . . . . . : 2001:470:b:523:etc.
   Temporary IPv6 Address. . . . . . : 2001:470:dcd9:etc.
   Link-local IPv6 Address . . . . . : fe80::c549:etc.
   IPv4 Address. . . . . . . . . . . : 192.168.88.254
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : fe80::d6ca:etc.
                                       192.168.88.1
Title: Re: Tunnel Broker now works from Router, but not Windows 7 PC
Post by: mattwilson9090 on November 01, 2014, 11:29:51 PM
Again where are you getting the address that you assigning by DHCPv6? I don't mean what technical method are you using to assign IPv6, I mean how do you know to use the addresses that you are using. Are they coming from your routed /64 or routed /48 that HE electric assigned you when your tunnel was created? If they aren't coming from there you are not going to get IPv6 access to the internet. Without knowing where you are getting these addresses it's almost impossible to help you with this.

If you post the details from your HE tunnel that would help a lot so we can figure out what your doing right and wrong.

I get the impression that the MicroTik router is the endpoint for your HE tunnel, so why are you trying to handout address from the Actiontec via DHCPv6? If things are configured as I think they are, the PC's aren't even directly "seeing" the Actiontec, so it won't be assigning IPv4 or IPv6 addresses to them. It also shouldn't be necessary for anything to be in the DMZ of anything else. Generally speaking, that's a very insecure way to do things.

As an example my network looks this way (I'm not discussing anything that isn't related to my IPv6 setup so a few pieces aren't mentioned, there's a UTM firewall in this mix as well, but it's transparently passing HE tunnel traffic so I wont' mention it to simplify things). Ethernet port from cable modem is connected to WAN port on Linksys WRT54G-TM router. One of the LAN ports on that router is connected to the WAN port on an ASUS RT-N66U modem., which is then connected to my gigabit switch that has everything else connected to it. The ASUS router is the endpoint for my HE tunnel. It is also assigned one of the addresses from my routed /64. The PC's in this LAN assign themselves IPv6 addresses in the routed /64 that is configured on the router.

I really can't asses most of the information from your IPCONFIG without knowing where your IPv6 addresses are coming from so I'm not going to comment on that right now.
Title: Re: Tunnel Broker now works from Router, but not Windows 7 PC
Post by: srappleyea on November 02, 2014, 01:18:40 AM
Thanks for your help, sorry if I'm a little thick.  From what I've gathered, yes, the problem is that my ipv6 addresses are NOT coming from my routed /64 HE assigned ip block.  The problem is, I'm still enough of a newb with this that I don't know HOW to make my computer take an IP address from that block and nowhere else.  I imagine it's something I have to do from within my MikroTik router, maybe there's also something I have to do from my PC, I don't know.  Still trying to figure that out.  Just knowing that's where the problem lies at least helps a lot though.

My MicroTik IS, in fact, the endpoint for my HE tunnel.  I'm not really trying to take the addresses I got from the Actiontec (and whatever other source all those came from), I just don't know how to get rid of them and get them from somewhere else! 

As to the DMZ business, I was trying for two weeks to get this tunnel working any other way; I think generally lack of configuration capability on the ActionTec is preventing me.  Tried just forwarding, even tried temporarily disabling the firewall (Very temporary!), but just couldn't get it to work that way.  Not ideal, but it's the best I have for now.

Here are my HE details:

IPv6 Tunnel Endpoints
Server IPv4 Address:216.218.226.238
Server IPv6 Address:2001:470:a:523::1/64
Client IPv4 Address:71.221.71.110
Client IPv6 Address:2001:470:a:523::2/64
Routed IPv6 Prefixes
Routed /64:2001:470:b:523::/64
Title: Re: Tunnel Broker now works from Router, but not Windows 7 PC
Post by: cholzhauer on November 02, 2014, 07:39:53 AM
I think something like this will work


netsh int ipv6 delete address 2001:470:b:523:etc
netsh int ipv6 delete address 2001:470:dcd9:1:etc


The easiest thing might be to do a


netsh interface ipv6 reset


That will reset everything to defaults allowing you to create your tunnel again.

After you create your tunnel, assign the addresses like so:

Inside interface of router: 2001:470:b:524::1
Interface of PC: 2001:470:b:524::2

   
Title: Re: Tunnel Broker now works from Router, but not Windows 7 PC
Post by: mattwilson9090 on November 02, 2014, 01:31:22 PM
Then yes, if the IPv6 addresses on your PC are not from your routed /64 then you won't be making any IPv6 connections from them. At this point I'd suggest not worry about any sort of dynamic address assignment such as SLAAC or DHCPv6 and manually assign address just to make sure the "pipes" are working correctly. After that you can worry about dynamic assignment.

For all I know the firmware on your router might not even be able to help with SLAAC. I haven't worked with one of those routers, and I don't know it's interface, with GUI or CLI, so I can't tell you how to do things, only what needs to be accomplished.

I'm not sure what you were doing with forwarding or DMZ, but none of that is necessary for an HE tunnel. The HE traffic is passed through via Protocol 41 (not Port 41), and since it's a Protocol, not a Port, you can't even do forwarding of that traffic. There are some ISP's and routers that don't properly pass Protocol 41, and the only solution to that is generally to get different equipment or to get the ISP to life their blocks. Using a DMZ might be a jury rig to get things working, but I wouldn't suggest using it in the long run. Remember, enabling a DMZ, at least the way it's defined on most routers is functionally the same as disabling the "firewall" since it just passes all traffic through without examining it.

Based on the tunnel information you provided, your router will have two IPv6 address. The first is Client IPv6 Address:2001:470:a:524::2/64, that's the one used to establish your end of the tunnel, and what allows your router to communicate via IPv6 with the internet. The second one will be from your Routed /64:2001:470:b:524::/64. You could assign it as 2001:470:b:524::2 just to keep the machine address the same, with the only difference between the network portion of the address. That's how I simplify things for myself.

Then follow cholzhauer suggestions of running "netsh interface ipv6 reset" on your PC to reset all of the IPv6 settings back to default to start over. Finally assign your PC and address of 2001:470:b:524::100 with the gateway address being the routers fe80 address. (cholzhauer address suggestions would work as well, mine just come from my own personal style for doing things) After that you should be able to reach the internet via IPv6 from the PC.

One other piece of advice. Since this work is apparently being done as some sort of college assignment, get your professor involved. Let them look over what you've already done and critique it. Aside from being inexperienced, from some of your descriptions you seem to have done some decidedly odd things. I could tell far more (and recommend far more) from a 5 minute hands on look at your setup than I could tell you in days of back and forth on a message board. After all, that is one part of a college instructors job, to help their student and provide help and guidance. It's an invaluable resource, use it.
Title: Re: Tunnel Broker now works from Router, but not Windows 7 PC
Post by: cholzhauer on November 02, 2014, 02:07:47 PM
Quote from: mattwilson9090 on November 02, 2014, 01:31:22 PM

I'm not sure what you were doing with forwarding or DMZ, but none of that is necessary for an HE tunnel. The HE traffic is passed through via Protocol 41 (not Port 41), and since it's a Protocol, not a Port, you can't even do forwarding of that traffic. There are some ISP's and routers that don't properly pass Protocol 41, and the only solution to that is generally to get different equipment or to get the ISP to life their blocks. Using a DMZ might be a jury rig to get things working, but I wouldn't suggest using it in the long run. Remember, enabling a DMZ, at least the way it's defined on most routers is functionally the same as disabling the "firewall" since it just passes all traffic through without examining it.

FYI DMZ mode is often needed if a specific forwarding device doesn't recognize proto41... the idea being that instead of filtering the wrong stuff, the device will just send all traffic to the specified endpoint and let the endpoint sort it out.
Title: Re: Tunnel Broker now works from Router, but not Windows 7 PC
Post by: mattwilson9090 on November 02, 2014, 08:56:19 PM
Ok, thanks. I've never run into that. If you can't avoid it because of limitations of equipment that an ISP provides, you can't avoid it. I had a router once that was provided by an ISP which seemed to block Protocol 41, meaning I couldn't reestablish my HE tunnel. Luckily it wasn't one of those annoying combined router/modems so I was able to use something else in it's place and everything worked great.
Title: Re: Tunnel Broker now works from Router, but not Windows 7 PC
Post by: srappleyea on November 05, 2014, 07:17:22 AM
Thanks for all the help guys, sorry I've been away for a couple of days.  I do in fact have one of those annoying combined router/modems, and while it has GRE capabilities that are supposed to help with situations like this, I haven't been able to get it to work.  So, DMZ.

So I have verified that my PC is pulling IPv6 addresses from my MikroTik.  I unplugged the Internet cable from my MikroTik router then connected the PC, so that the PC was ONLY talking to the MikroTik, and saw the ipv6 addresses get populated in my ipconfig.  However, I guess it isn't pulling it properly or something?  Still no ipv6 connectivity from my PC.  No doubt something I'm doing wrong in my setup.  Here are the details from my ipconfig LAN on the PC:

Ethernet adapter Local Area Connection 2:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2001:470:b:523:540f:5fef:c3c4:21d5
   Temporary IPv6 Address. . . . . . : 2001:470:b:523:2017:9ba0:e3fb:ad4d
   Link-local IPv6 Address . . . . . : fe80::540f:5fef:c3c4:21d5%20
   IPv4 Address. . . . . . . . . . . : 192.168.88.254
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : fe80::d6ca:6dff:feb5:a276%20
                                       192.168.88.1

And the ipv6 addresses from the "addresses" table on my MikroTik (sit1 is the name of my tunnel interface, ether2 is where my PC is plugged in):
Address:                                  Interface:
2001:470:a:523::2/64                sit1
2001:470:b:523::2/64                ether2-master-local
fe80::3f9b:a276/64                    sit1

First two are global, last one is local.  The addresses do match up with what I currently have from Hurricane Electric.  Any thoughts on what I'm doing wrong?  I really appreciate the help!
Title: Re: Tunnel Broker now works from Router, but not Windows 7 PC
Post by: cholzhauer on November 05, 2014, 07:21:02 AM
So sit1 is the outside interface and ether2 is the inside interface?

Can you ping fe80::d6ca:6dff:feb5:a276%20 from your Win7 computer?  Can you ping 2001:470:b:523::2 ?
Title: Re: Tunnel Broker now works from Router, but not Windows 7 PC
Post by: srappleyea on November 05, 2014, 09:38:38 PM
Yes, I can ping both of those.  FYI, I deleted fe80::3f9b:a276/64 on my MikroTik with the intention of recreating it, but now I get an error "failure: can not add link local address".  But, I can still ping ipv6 from within my router, so I guess I won't worry about that.  Not sure what's missing now to get this thing working from my PC  ???
Title: Re: Tunnel Broker now works from Router, but not Windows 7 PC
Post by: mattwilson9090 on November 05, 2014, 10:08:34 PM
Why did you delete that address? Has the router automatically replaced it with something else?

How far up the chain are you able to ping IPv6 addresses (not domain names or URL's) from within the router? How far up are you able to ping from within the Windows 7 machine? You may or may not have a DNS issue going on, which is why I'm asking about pinging the addresses.

From what I can tell here, it looks like things are set up properly. Unfortunately I'm not familiar with your router, it's firmware, or it's interface. Do you have any confirmation that this router and the firmware running on it truly supports IPv6? I've seen firmware that although you can assign it an IPv6 address, it doesn't actually support routing IPv6.

Also, have you followed up on my suggestion that you speak to your professor about this? You did say that this whole thing is related to some sort of college project so that's a resource you should definitely use. Message boards can be helpful, but they aren't a replacement for hands on experience with a device.
Title: Re: Tunnel Broker now works from Router, but not Windows 7 PC
Post by: srappleyea on November 05, 2014, 10:41:07 PM
I deleted that address while I was just experimenting with some different configurations, thinking I would put it right back.  Didn't work out.

pinging "up the chain" is a good suggestion; I find that, while I can't ping a url from my pc like "ipv6.google.com" nor access it from a browser, I am able to ping some ipv6 addresses.  Here is a traceroute of pinging the HE server ipv6:

Tracing route to 2001:470:a:523::1 over a maximum of 30 hops

  1    <1 ms    <1 ms    <1 ms  2001:470:b:523::2
  2    34 ms    33 ms    34 ms  2001:470:a:523::1

Trace complete.

And while it is ridiculously hard trying to find a ping-able ipv6 address anywhere out on the wider web, I did find this address from Google DNS, and did a traceroute on it:

Tracing route to 2001:4860:4860::8888 over a maximum of 30 hops

  1     1 ms    <1 ms    <1 ms  2001:470:b:523::2
  2    36 ms    36 ms    36 ms  2001:470:a:523::1
  3    35 ms    43 ms    34 ms  2001:470:0:9b::1
  4    35 ms    35 ms    34 ms  2001:470:0:130::2
  5    38 ms    57 ms    63 ms  2001:4860::1:0:610
  6    34 ms    34 ms    34 ms  2001:4860::8:0:699a
  7    41 ms    41 ms    69 ms  2001:4860::8:0:61de
  8    42 ms    61 ms    41 ms  2001:4860::2:0:ab
  9     *        *        *     Request timed out.
10    42 ms    42 ms    41 ms  2001:4860:4860::8888

Trace complete.

So it looks like it gets out there.  Putting this address - [2001:4860:4860::8888] - in a browser gives me nothing though, but that may be just because there's nothing there that a browser could really read.

I can confirm that this MikroTik does support IPv6.

My professor has been unavailable this last week, though I have talked to him briefly about this problem.  I will be talking to him again tomorrow, but unfortunately since this lab is still under development (hence my work), he hasn't had a lot of the answers I've needed thus far.  He's pretty knowledgeable, don't get me wrong, but not on the details of this particular process.

Okay, here's a good one.  Maybe this will help.  I can ping 2607:f0d0:1002:51::4 from my PC (which is supposedly www.cyberciti.biz), but putting http://[2607:f0d0:1002:51::4]/ into my browser doesn't work.  Does that help anyone know what's going on?  When I was on a network that supported ipv6 without any need for a tunnel, I was able to get on to websites like ipv6.google.com, so it's not like it's browser related.  Very strange.
Title: Re: Tunnel Broker now works from Router, but not Windows 7 PC
Post by: mattwilson9090 on November 06, 2014, 12:03:15 AM
Ok, then you're problem is not one of IPv6 connectivity. It sounds like a DNS issue where whatever DNS server you are using (probably IPv4) does not properly support AAAA records. A properly configured IPv4 DNS server should still be able to return AAAA records. Pinging by IP address is a basic troubleshooting technique as well as pinging by URL.

Add the following IPv6 DNS server addresses to your Windows machine 2620:0:ccc::2 and 2620:0:ccd::2 They are recursive IPv6 DNS servers provided by OpenDNS. To read more about them see https://www.opendns.com/about/innovations/ipv6/

Due to the way that many web servers are set up trying to substitute the IP address for the domain name often yields inconclusive or misleading results, especially with a server that you don't completely control.

I do have to say, if your professor is unknowledgeable about IPv6 why is he having a student who knows less than him setup a lab for him?
Title: Re: Tunnel Broker now works from Router, but not Windows 7 PC
Post by: srappleyea on November 06, 2014, 10:39:08 PM
Yes, that does the job, thank you!!!  One more question though.  Apparently as soon as I enabled that ipv6 DNS, I did gain access to IPv6 sites, but immediately lost access to ipv4 sites.  Same kind of DNS issue; I can ping an address, but can't browse to it.  I tried configuring my ipv4 to use Google's public ipv4 DNS, but still can't access any website that doesn't have IPv6 enabled.  That isn't the behavior I was expecting, but perhaps that is normal?

Thanks for your help getting me here!  The reason my professor doesn't know as much about configuring IPv6 to run over a tunnel is because he's never done anything with it before.  This class that I'm taking is project based.  I was looking for a project to do, and he had a lab he wanted developed, so I volunteered to take on the project to fulfill the requirements of the class.
Title: Re: Tunnel Broker now works from Router, but not Windows 7 PC
Post by: cholzhauer on November 07, 2014, 05:48:07 AM
Quote
One more question though.  Apparently as soon as I enabled that ipv6 DNS, I did gain access to IPv6 sites, but immediately lost access to ipv4 sites.  Same kind of DNS issue; I can ping an address, but can't browse to it.  I tried configuring my ipv4 to use Google's public ipv4 DNS, but still can't access any website that doesn't have IPv6 enabled.  That isn't the behavior I was expecting, but perhaps that is normal?

No, not normal at all.  The IPv6/IPv4 address just determines how you talk to the DNS server, it doesn't affect which records are returned to you.  Your computer makes the decision on how to talk to a device over v4/v6 based on the proprieties it has (all modern OS's prefer v6 over v4)
Title: Re: Tunnel Broker now works from Router, but not Windows 7 PC
Post by: mindlesstux on November 07, 2014, 07:05:29 AM
I have been halfway following this thread so I may be asking something that was already asked/stated.
Did you use the the example configuration of the tunnel from your tunnel details page on tunnelbroker.net?

It should look like something:
/interface 6to4 add comment="Hurricane Electric IPv6 Tunnel Broker" disabled=no local-address=WWW.XXX.YYY.ZZZ mtu=1280 name=sit1 remote-address=216.66.22.2
/ipv6 route add comment="" disabled=no distance=1 dst-address=2000::/3 gateway=2001:470:YYYY:ZZZZ::1 scope=30 target-scope=10
/ipv6 address add address=2001:470:YYYY:ZZZZ::2/64 advertise=yes disabled=no eui-64=no interface=sit1


That will setup the tunnel between the router and HE.net assuming no problems there.

The next thing that I did not see was how you have your LAN setup in the MikroTik.  Are all the ports on a bridge or are they switched?
I have my ports bridged, as to allow for me to put VPN connections into the same LAN segment, so to get LAN IPv6 connectivity all I had to add to the example configuration was,
/ipv6 address
add address=2001:470:XXXX:ZZZZ::254 interface=bridge-lan

*Please note this is X not Y address, HE gives you a routed /64, use that here.

The LAN route in the router was automatically added when I did that.  Also this also has advertise set as a default yes so systems in the network get setup statlessly so I dont have to mess with a DHCPv6 server.

As for DNS I have all the systems running in dual stacked mode right now with IPv4 DHCP handing out a single IP address, the routers, as the DNS entry.

I then configured the routers DNS server as follows,
/ip dns
set allow-remote-requests=yes cache-size=4096KiB servers=2001:4860:4860::8888,8.8.8.8,2001:4860:4860::8844,8.8.4.4


Leaves me with a caching DNS server that can fall back to v4 when needed.

Not sure if any of this helps you in getting it setup on your router for your LAN.  If there are any other problems I would be willing to help out more.


*edit*
Going through the thread once more, saw there were some configuration questions. IF there are any other configuration questions and IF you do not mind internal and external IPs being listed you could do a "/export hide-sensitive" on the console (SSH/Telnet/Terminal in winbox) and copy/paste the output into a code block.  It might make it easier for some of us to follow along how things are setup.
Title: Re: Tunnel Broker now works from Router, but not Windows 7 PC
Post by: mattwilson9090 on November 07, 2014, 01:03:45 PM
Initially the problem was one of using the proper IPv6 address range, ie needing to assign the router /64 addresses to PC's.

After that we realized there was a DNS issue as well, namely that he needed to assign IPv6 DNS addresses to the PC's. It seemed like an IPv6 issue at first because he was only pinging URL's, not IPv6 addresses.

Now there seems to be an IPv4 DNS issue.

I'm not sure how you are assigning IPv4 addressing to your PC's, either static or via DHCP. Try using 208.67.222.222 and 208.67.220.220. Those are OpenDNS's IPv4 DNS servers and will complement the IPv6 ones you are using. A properly configured IPv4 and IPv6 (recursive) DNS server should be returning both A and AAAA records so I'm not sure why you're having this new issue with IPv4 hosted sites.
Title: Re: Tunnel Broker now works from Router, but not Windows 7 PC
Post by: srappleyea on November 07, 2014, 11:54:17 PM
@mindlesstux I have been able to get the configuration on my mikrotik set up all right, but as Matt pointed out the issues now seem to be all about the DNS.  I did try configuring my router's DNS server as you showed, but no luck.

So to update, I found out that if I put my MikroTik IPv6 address as the DNS server address on my windows machine, it will actually work to get me browsing on ipv6 sites.  I have now tried using my MikroTik DNS, OpenDNS, and Google's public DNS.  In each case, I have tried both letting my PC get the IPv4 DNS address automatically, and manually pairing each DNS service to it's matching IPv4 address.  My PC, which is perhaps gaining sentience and a bad attitude (I just saw the Age of Ultron trailer), has apparently decided to take the preference for IPv6 and turn it in to "If IPv6 is available, nothing else is allowed!"  Though I suppose that's not perfectly accurate, since I also realized that if I know the actual 4-octet IPv4 address of a site, I can still browse to it.  I don't know.  It appears that I can do one or the other, but not both.  If i ditch the IPv6 DNS, it switches back to IPv4 just fine.

There was a posting on Microsoft answers where someone appeared to be having a similar problem, but I tried the one solution given, and like the other poster at the bottom of the page that solution did not work for me.
http://answers.microsoft.com/en-us/windows/forum/windows_8-networking/ipv4-no-internet-access-but-ipv6-connectivity-is/55c47fc7-b493-4ed9-bc92-5b6bb5589740?tab=question&status=AllReplies#tabs

I am out of ideas.  I think I will just have to accept that I can do one or the other, but not both.  It will be interesting to see if my professor, using the walkthrough I'm providing, will have the same issues, or if it's some weird combination of factors with my equipment and provider here.
Title: Re: Tunnel Broker now works from Router, but not Windows 7 PC
Post by: mattwilson9090 on November 09, 2014, 04:20:25 PM
It sounds to me as if there is some sort of problem with the computer itself. Not knowing the full history of what you've done it's hard to point to.

One way you can test whether this a computer or network issue is to try another device that's IPv6 capable. Another Windows, *nix, or Mac machine would do. A mobile device such as a tablet or smatphone could, but I don't always trust how they handle IPv6. Alternatively, if you have a hard drive that isn't being used, temporarily swap it for the drive in your computer and do a quick and dirty install of Windows 7 or later and see how a clean install of Windows in your network connects to IPv4 and IPv6. If DHCv4 and RA (router advertisement) for SLAA on your computer are configured properly and there are no other network issues, then at most you might just need to configure the "new" Windows computer with IPv6 DNS addresses.