Hurricane Electric's IPv6 Tunnel Broker Forums

General IPv6 Topics => IPv6 on Windows => Topic started by: Insano on February 15, 2010, 06:43:39 AM

Title: Problem setting up tunnel with Windows 7 64-bit
Post by: Insano on February 15, 2010, 06:43:39 AM
Hello,

First of all I want to note that I read through all the threads about the same problem (http://www.tunnelbroker.net/forums/index.php?topic=653.0), but I didn't find the solution to my problem.

I'm trying to set up a tunnel, which I've already requested. So I have the tunnel details, but the config commands for Vista/2008 don't seem to work. This is what I'm given:

Code: [Select]
netsh interface ipv6 add v6v4tunnel IP6Tunnel 193.190.253.144 216.66.84.46
netsh interface ipv6 add address IP6Tunnel 2001:470:1f14:762::2
netsh interface ipv6 add route ::/0 IP6Tunnel 2001:470:1f14:762::1

The first time entering these commands (as Administrator of course) I received no error, but I couldn't reach ipv6.google.com. So I reseted the ipv6 ("netsh int ipv6 reset"), but when I now try to enter the commands again I get the following error: "You were not connected because a duplicate name exists on the network. If joining a domain, go to System in Control Panel to change the computer name and try again. If joining a workgroup, choose another workgroup name." for the first command and "The object already exists." for the second and third.

Here is my "ipconfig /all" and "netstar -nr" information:

Code: [Select]
C:\Windows\system32>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Simon-Laptop
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : kotnet.kuleuven.ac.be

Wireless LAN adapter Draadloze netwerkverbinding:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : kotnet.kuleuven.ac.be
   Description . . . . . . . . . . . : Intel(R) PRO/Wireless 3945ABG Network Con
nection
   Physical Address. . . . . . . . . : 00-1B-77-3D-59-0B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter LAN-verbinding:

   Connection-specific DNS Suffix  . : kotnet.kuleuven.ac.be
   Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethernet
   Physical Address. . . . . . . . . : 00-1B-38-69-49-DB
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::d8c5:3f48:6398:9c5f%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.8.18.242(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.254.0
   Lease Obtained. . . . . . . . . . : maandag 15 februari 2010 15:07:44
   Lease Expires . . . . . . . . . . : maandag 15 februari 2010 17:07:44
   Default Gateway . . . . . . . . . : fe80::8907:9e70:7a47:7500%11
                                       10.8.19.254
   DHCP Server . . . . . . . . . . . : 134.58.127.4
   DHCPv6 IAID . . . . . . . . . . . : 234887992
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-09-B5-88-00-1B-38-69-49-DB

   DNS Servers . . . . . . . . . . . : 134.58.126.3
                                       134.58.127.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.kotnet.kuleuven.ac.be:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : kotnet.kuleuven.ac.be
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter IP6Tunnel:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Direct Point-to-point Adapater
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

C:\Windows\system32>netstat -nr
===========================================================================
Interface List
 13...00 1b 77 3d 59 0b ......Intel(R) PRO/Wireless 3945ABG Network Connection
 11...00 1b 38 69 49 db ......Broadcom NetLink (TM) Gigabit Ethernet
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 16...00 00 00 00 00 00 00 e0 Microsoft Direct Point-to-point Adapater
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      10.8.19.254      10.8.18.242     20
        10.8.18.0    255.255.254.0         On-link       10.8.18.242    276
      10.8.18.242  255.255.255.255         On-link       10.8.18.242    276
      10.8.19.255  255.255.255.255         On-link       10.8.18.242    276
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       10.8.18.242    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       10.8.18.242    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 11    276 ::/0                     fe80::8907:9e70:7a47:7500
  1    306 ::1/128                  On-link
 11    276 fe80::/64                On-link
 11    276 fe80::d8c5:3f48:6398:9c5f/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
 If Metric Network Destination      Gateway
  0 4294967295 ::/0                     2001:470:1f14:762::1
===========================================================================

Thanks in advance for your help!

Greetings,
Insano
Title: Re: Problem setting up tunnel with Windows 7 64-bit
Post by: cholzhauer on February 15, 2010, 07:28:39 AM
Are you behind a NAT?
Title: Re: Problem setting up tunnel with Windows 7 64-bit
Post by: Insano on February 15, 2010, 10:50:44 AM
I think I am, but I'm not 100% sure. I'm on a university network where everybody shares the same IP to the outside world.

Is there a way to check this out for sure? And does this affect the way I should set up the tunnel?
Title: Re: Problem setting up tunnel with Windows 7 64-bit
Post by: cholzhauer on February 15, 2010, 10:55:44 AM
Quote
I think I am, but I'm not 100% sure. I'm on a university network where everybody shares the same IP to the outside world.

Is there a way to check this out for sure?

My fault..I should have read the output you supplied a little closer.  Your IP address is a 10., meaning you are on a NAT.

This would explain why you were unable to get your tunnel to work.

You had posted a copy of the output of your system...was it before or after you ran "netsh int ipv6 reset" ?
Title: Re: Problem setting up tunnel with Windows 7 64-bit
Post by: broquea on February 15, 2010, 11:03:49 AM
64-bit also requires that "interface=IP6Tunnel" bit to be used
Title: Re: Problem setting up tunnel with Windows 7 64-bit
Post by: Insano on February 15, 2010, 08:24:28 PM
You had posted a copy of the output of your system...was it before or after you ran "netsh int ipv6 reset" ?
The given output was from after I ran the "netsh int ipv6 reset" command, and is the current state I'm in.
64-bit also requires that "interface=IP6Tunnel" bit to be used
Does this mean that the command

"netsh interface ipv6 add v6v4tunnel IP6Tunnel 193.190.253.144 216.66.84.46"

should change into

"netsh interface=IP6Tunnel ipv6 add v6v4tunnel IP6Tunnel 193.190.253.144 216.66.84.46"?

This gives the error message "The following command was not found: (...)", so I assume that's not the part that I have to change.
Title: Re: Problem setting up tunnel with Windows 7 64-bit
Post by: broquea on February 15, 2010, 08:29:59 PM
It means:

netsh interface ipv6 add v6v4tunnel interface=IP6Tunnel $ipv4b $ipv4a

Like in the example for Windows Vista/2008/7 in this forum thread
Title: Re: Problem setting up tunnel with Windows 7 64-bit
Post by: Insano on February 16, 2010, 03:40:09 AM
I see. I still get the two errors I described in my first post though when I try to execute the commands.

Two questions remain:

Thanks for the help so far, by the way!
Title: Re: Problem setting up tunnel with Windows 7 64-bit
Post by: broquea on February 16, 2010, 04:43:13 AM
There is some netsh ipv6 reset command, it's somewhere in all these Windows threads. I don't remember the command off hand.

You should be using the 10. address instead of the ipv4 endpoint, like the *NOTE* recommends when generating the example commands in the broker's webUI.
Title: Re: Problem setting up tunnel with Windows 7 64-bit
Post by: cholzhauer on February 16, 2010, 05:09:41 AM
Just a reminder/FYI...  Are you sure that the firewall you're behind is passing protocol41 traffic?
Title: Re: Problem setting up tunnel with Windows 7 64-bit
Post by: Insano on February 16, 2010, 08:07:33 AM
There is some netsh ipv6 reset command, it's somewhere in all these Windows threads. I don't remember the command off hand.

You should be using the 10. address instead of the ipv4 endpoint, like the *NOTE* recommends when generating the example commands in the broker's webUI.
Okay, so I subsituted the 10. address (10.8.18.242) for my previous ipv4 endpoint address (193.190.253.14).

I entered the following command:

netsh interface ipv6 add v6v4tunnel interface=IP6Tunnel 10.8.18.242 216.66.84.46

But I get once again the same error: "You were not connected because a duplicate name exists on the network. If joining a domain, go to System in Control Panel to change the computer name and try again. If joining a workgroup, choose another workgroup name."
Just a reminder/FYI...  Are you sure that the firewall you're behind is passing protocol41 traffic?
I have no idea whether this is the case. As you by now must have noticed, I'm new to this and still trying to figure a lot of this out.

If I had to guess, I'd say that the firewall of my router isn't blocking protocol41 traffic, because I could set up a proper tunnel with Hexago on Windows Vista.
Title: Re: Problem setting up tunnel with Windows 7 64-bit
Post by: cholzhauer on February 16, 2010, 08:18:50 AM
Quote

I think I am, but I'm not 100% sure. I'm on a university network where everybody shares the same IP to the outside world.

If I had to guess, I would say proto/41 is being blocked "just because"

Hexago/Go6/GoGo6 does not use Proto/41..IIRC they tunnel over TCP.

As for your error, take a look at reply number 14 from jimb
http://www.tunnelbroker.net/forums/index.php?topic=780.0 (http://www.tunnelbroker.net/forums/index.php?topic=780.0)

Title: Re: Problem setting up tunnel with Windows 7 64-bit
Post by: Insano on February 16, 2010, 08:50:24 AM
That post of jimb helped me avoid the errors. I now have the connection set up, but its state is disconnected.

Here is the code of the command inputs and the interface state at the end.

Code: [Select]
C:\Windows\system32>netsh int ipv6 show interface

Idx     Met         MTU          State                Name
---  ----------  ----------  ------------  ---------------------------
  1          50  4294967295  connected     Loopback Pseudo-Interface 1
 13          50        1500  disconnected  Draadloze netwerkverbinding
 12          50        1280  disconnected  isatap.kotnet.kuleuven.ac.be
 14          50        1280  disconnected  isatap.kotnet.org
 11          20        1500  connected     LAN-verbinding


C:\Windows\system32>netsh interface ipv6 add v6v4tunnel interface=IP6Tunnel 10.8
.18.242 216.66.84.46


C:\Windows\system32>netsh int ipv6 show interface

Idx     Met         MTU          State                Name
---  ----------  ----------  ------------  ---------------------------
  1          50  4294967295  connected     Loopback Pseudo-Interface 1
 13          50        1500  disconnected  Draadloze netwerkverbinding
 12          50        1280  disconnected  isatap.kotnet.kuleuven.ac.be
 14          50        1280  disconnected  isatap.kotnet.org
 11          20        1500  connected     LAN-verbinding
 16          50        1280  disconnected  IP6Tunnel


C:\Windows\system32>netsh interface ipv6 add address interface=IP6Tunnel 2001:47
0:1f14:762::2


C:\Windows\system32>netsh interface ipv6 add route ::/0 interface=IP6Tunnel 2001
:470:1f14:762::1
Ok.


C:\Windows\system32>netsh int ipv6 show interface

Idx     Met         MTU          State                Name
---  ----------  ----------  ------------  ---------------------------
  1          50  4294967295  connected     Loopback Pseudo-Interface 1
 13          50        1500  disconnected  Draadloze netwerkverbinding
 12          50        1280  disconnected  isatap.kotnet.kuleuven.ac.be
 14          50        1280  disconnected  isatap.kotnet.org
 11          20        1500  connected     LAN-verbinding
 16          50        1280  disconnected  IP6Tunnel
Title: Re: Problem setting up tunnel with Windows 7 64-bit
Post by: jimb on February 16, 2010, 09:11:42 AM
Have you tried pinging something like ipv6.google.com?

Most firewalls/NAT devices won't allow proto-41 traffic in unless something inside generates outbound proto-41 traffic.  Therefore the status will be 'disconnected' until some traffic is generated.

What are you using for your network firewall/NAT?  If possible configure a protocol forward NAT entry on this device, forwarding any IP protocol 41 traffic arriving at the public IPv4 to your windows box's private IPv4.
Title: Re: Problem setting up tunnel with Windows 7 64-bit
Post by: Insano on February 16, 2010, 10:11:02 AM
Have you tried pinging something like ipv6.google.com?
When I do this (ping ipv6.google.com) I get the following error:

"Ping request could not find host ipv6.google.com. Please check the name and try again."

What are you using for your network firewall/NAT?  If possible configure a protocol forward NAT entry on this device, forwarding any IP protocol 41 traffic arriving at the public IPv4 to your windows box's private IPv4.
On this machine, I have BitDefender Total Security 2010 as firewall. I have no access to any settings outside of my windows box, so I don't think I can set up such a forwarding of traffic.
Title: Re: Problem setting up tunnel with Windows 7 64-bit
Post by: cholzhauer on February 16, 2010, 10:15:59 AM
Quote
"Ping request could not find host ipv6.google.com. Please check the name and try again."
Sounds like a DNS issue.

Does Bit Defender know what IPv6 is?    If the firewalls don't know what IPv6 is, they normally discard it.

I go back to the protocol41 issue though, and Jimb also hinted at it.   If you don't have rights to the firewall to look at the config to to change the config, you'll need to stick to Hexago or Sixxs.
Title: Re: Problem setting up tunnel with Windows 7 64-bit
Post by: jimb on February 16, 2010, 10:31:34 AM
Have you tried pinging something like ipv6.google.com?
When I do this (ping ipv6.google.com) I get the following error:

"Ping request could not find host ipv6.google.com. Please check the name and try again."
Hrm.  Well you have even more problems.  Apparently your DNS server doesn't return AAAA records, or filters them.  You may want to point your win7 box to openDNS or google DNS or something like that.

In the meantime, try to ping the other side of the tunnel by IP:  2001:470:1f14:762::1

Quote
What are you using for your network firewall/NAT?  If possible configure a protocol forward NAT entry on this device, forwarding any IP protocol 41 traffic arriving at the public IPv4 to your windows box's private IPv4.
On this machine, I have BitDefender Total Security 2010 as firewall. I have no access to any settings outside of my windows box, so I don't think I can set up such a forwarding of traffic.
Hrm.  Third party firewalls which replace the built in windows firewall is asking for trouble when it comes to IPv6, in my experience.  Some of them don't even support IPv6 period.  You may want to disable the FW parts of the product and use the windows firewall and see if it works.  Otherwise, if it supports IPv6, you'll probably have to go in there an add an exclusion, or some permit security policy entry for IP protocol 41 incoming from the HE tunnel server to your windows box.
Title: Re: Problem setting up tunnel with Windows 7 64-bit
Post by: Insano on February 16, 2010, 10:47:52 AM
I switched to Google DNS server and I keep getting the same error message when pinging ipv6.google.com. Besides that, I also get a "General failure" when pinging the other side of the tunnel.

This is with the third party firewall disabled as well.

It looks like this is the end of my journey, and I'll be resorting to Hexago or Sixxs instead.

Thanks for all the help, people!
Title: Re: Problem setting up tunnel with Windows 7 64-bit
Post by: broquea on February 16, 2010, 11:04:02 AM
FYI, if using an external resolver fails to look up ipv6.google.com, using another broker won't fix dns resolution errors. 8.8.8.8 definitely returns an answer for it btw:

Code: [Select]
:~$ dig aaaa ipv6.google.com @8.8.8.8

; <<>> DiG 9.6.1-P2 <<>> aaaa ipv6.google.com @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38829
;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;ipv6.google.com. IN AAAA

;; ANSWER SECTION:
ipv6.google.com. 2180 IN CNAME ipv6.l.google.com.
ipv6.l.google.com. 233 IN AAAA 2001:4860:b006::68
ipv6.l.google.com. 233 IN AAAA 2001:4860:b006::63
ipv6.l.google.com. 233 IN AAAA 2001:4860:b006::69
ipv6.l.google.com. 233 IN AAAA 2001:4860:b006::93
ipv6.l.google.com. 233 IN AAAA 2001:4860:b006::6a
ipv6.l.google.com. 233 IN AAAA 2001:4860:b006::67

;; Query time: 25 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Feb 16 11:05:31 2010
;; MSG SIZE  rcvd: 222