Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Pages: [1] 2 3 ... 10
 1 
 on: June 20, 2018, 07:35:15 PM 
Started by tjeske - Last post by RDWells
Yes, I took tunnel.sys from v1709 and copied into the v1803 installation.  I tried putting the v1803 version back but I kept getting "element not found" when I ran the HE CMD script.

Registries need not be altered, and just a reminder, the nettun files go as follows:

nettun.inf - copied to these folders:  Windows\INF and Windows\WinSxS\amd64_nettun.inf_31b...(etc)
nettun.inf_loc - copied to these folders:  Windows\System32\Driver Store\en-us and Windows\WinSxS\amd64_nettun.inf.resources_31b...(etc)
amd64_nettun.inf.resources_31bf3856ad364e35_10.0.16299.15_en-us_7612c139e588cebb - copied to Windows\WinSxS\Manifests

Sadly, the driver is still showing as unsigned.  Darned if I know why, so it looks like we'll still have the unsigned driver thing to deal with upon reboot.

 2 
 on: June 20, 2018, 06:51:48 PM 
Started by tjeske - Last post by tjeske
Sorry, I didn't fully understand your answer.

So did you take the tunnel.sys from 1709 and copied it to the 1803 installation? Or did you just leave the tunnel.sys from the 1803 installation?

I just tried copying the nettun-files, but it didn't solve it for now. But I also messed up my registry during my first tries. Fortunately I am just experimenting inside a VM until I find the proper method.

 3 
 on: June 20, 2018, 04:11:01 PM 
Started by tjeske - Last post by RDWells
That sounds interesting. And quite similar to my approach. No idea why I had no success :(

Anyway, I guess with this method you have to turn driver signature enforcement off with every boot? Maybe an alternative for that would be to use a self-signed driver (i.e. to sign a driver with your own certificate, that you create somewhere somehow). Then you only need to turn "testsigning" on, which is much more secure than no signature enforcement at all.

Agreed, and as it has turned out, yes, I had to turn off driver signature enforcement with a subsequent reboot.  Grrr....

Although I wonder what breaks the certificate of the old driver? Shouldn't it still be fine with MS old driver? Maybe if we also swap out tunnel.sys? Or does it need to be packed with the .cat-file and installed from there?

Yup, you'd think that tunnel.sys from v1709 would be fine, but noooo.... It's the one I used to replace the one in v1803.  If you find a suitable replacement and its source, I'm sure you'll let us know.  I'm thinking I can locate the v1803 version of it and replace the one from v1709.  Worth a shot, ya think?  It just might solve the driver signing issue.  No time right now to test that but I'll give it a go and see what happens.

 4 
 on: June 20, 2018, 10:57:10 AM 
Started by tjeske - Last post by tjeske
That sounds interesting. And quite similar to my approach. No idea why I had no success :(

Anyway, I guess with this method you have to turn driver signature enforcement off with every boot? Maybe an alternative for that would be to use a self-signed driver (i.e. to sign a driver with your own certificate, that you create somewhere somehow). Then you only need to turn "testsigning" on, which is much more secure than no signature enforcement at all.

Although I wonder what breaks the certificate of the old driver? Shouldn't it still be fine with MS old driver? Maybe if we also swap out tunnel.sys? Or does it need to be packed with the .cat-file and installed from there?

 5 
 on: June 16, 2018, 06:32:47 PM 
Started by tjeske - Last post by RDWells
Ladies and Gentlemen, be of good cheer!

I have found a way around the bustage and I credit TJeske for pointing me in the right direction.  I am pleased to report that as a result of what I am about to share that I have an HE tunnel that gives me 10/10 (https://test-ipv6.com) and 20/20 (http://ipv6-test.com) using the HE tunnel script for Win 10.

Here we go:

From where one can find it, obtain the .iso for v1709 and extract it to the folder of your choice.  Within it, search in Windows Explorer for nettun.inf.  You will find several files with either that name or the name within the file name:  (Caveat;  you may have to Take Ownership of the files and the folders in which they go for the copy transfer to work.)

nettun.inf - copied to these folders:  Windows\INF and Windows\WinSxS\amd64_nettun.inf_31b...(etc)
nettun.inf_loc - copied to these folders:  Windows\System32\Driver Store\en-us and Windows\WinSxS\amd64_nettun.inf.resources_31b...(etc)
amd64_nettun.inf.resources_31bf3856ad364e35_10.0.16299.15_en-us_7612c139e588cebb - copied to Windows\WinSxS\Manifests

Now, do a search for tunnel.sys.  You will find:

tunnel.sys - copied to these folders:  Windows\System32\drivers and Windows\WinSxS\amd64_microsoft-windows-tunnel_31b...(etc)
tunnel.sys.mui - copied to these folders:  Windows\System32\drivers\en-US and Windows\WinSxS\amd64_microsoft-windows-tunnel.resources_31b...(etc)

Now, run the tunnel config script from HE, check the results with ipconfig /all, and you should have your v6v4tunnel tunnel in place.

I must caution, however, that I did run into a few snags while going through all this.  You may well have the Microsoft Direct Point-to-point "Adapater" (yeah, that's what it says) but it has a yellow flag by it due to it not recognizing the driver as being digitally signed.  This is the sucky part.  Test the driver by drilling down to Windows\INF to nettun.inf, right click it, click Install and see what happens.  You might get a warning about a third-party driver signature issue in which case you'll have to do this:

Reboot by holding the Shift key while clicking Restart, choose Troubleshoot, then Advanced Options, then Startup Settings.  When the reboot comes around, you'll have a menu from which to choose.  Pick Option 7 Disable Driver Signature Enforcement and let the reboot continue to its end.  Drill back down to Windows\INF nettun.inf, right-click it, click Install, and this time you'll likely get a warning with the option to "continue anyway".  Choose that, and you're good.

If for some reason things get botched and you want to delete the "adapater", go to Device Manager, click View, show Hidden Devices, right click on the "adapater" and Uninstall.  Re-run your HE config script and THIS time things should be good to go.

Having typed all this, I have possibly left out some more caveats with all the trial-and-error I went though before I succeeded, so if there are any snags you hit along the way, I'll gladly try to walk/talk you through a solution.

Good luck, folks, and happy IPv6ing!

 6 
 on: June 15, 2018, 09:29:59 AM 
Started by BCN - Last post by broquea
It did. You should have some replies from the ticket system shortly.

 7 
 on: June 14, 2018, 10:06:18 PM 
Started by BCN - Last post by BCN
Yeah, not getting replies to the tickets. Need to ask maintainer to see whats up. Will find out later tomorrow if our server is even getting the emails from your server.

I just went old school and faxed it as well. Hopefully the old fashioned way works at least.

 8 
 on: June 14, 2018, 09:47:59 PM 
Started by BCN - Last post by BCN
Our server is google, our email is hosted by google apps.

 9 
 on: June 14, 2018, 09:40:47 PM 
Started by BCN - Last post by broquea
Yeah, not getting replies to the tickets. Need to ask maintainer to see whats up. Will find out later tomorrow if our server is even getting the emails from your server.

 10 
 on: June 14, 2018, 09:27:17 PM 
Started by BCN - Last post by BCN
Hi broquea, I have already twice sent an email, and yes it was to ipv6@he.net and the first one was in reply to the generated email ticket ID in the subject.

I just resent it again twice, once from our ticketing system and once in a separate email just in case.

Our prefix and ASN are in the IRR as well in case that speeds things up.


Pages: [1] 2 3 ... 10