• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

XP IPv6 networking works... but IPv6 applications don't!

Started by xenium1024, May 16, 2011, 12:56:43 AM

Previous topic - Next topic

xenium1024

Ugh... Windows...

I have a network segment (Ethernet & bridged 802.11g), with a CentOS Linux box acting as the segment's IPv6 gateway to the IPv6 Internet.  The CentOS box has a HE tunnel configured on the sit1 interface with my point-to-point /64, and a statically configured address from my routed /64 on the eth0 interface.  It's running radvd on eth0 and announcing the routed /64 to my segment.  I have several Linux boxes (Cent, Ubunut) on the network that are picking up those announcements and doing stateless autoconfig, and everything is peachy with them... ping6, traceroute6, Firefox to IPv6 only sites, I can see the dancing turtle, etc.

On my Windows XP box however, it's a different story...  Stateless autoconfig SEEMS to work... I see an IPv6 address from my routed /64 on the "Local Area Connection" interface, and the default gateway is set to the link-local address of eth0 on my Linux gateway.  I can ping6 from the box, and I can tracert from the box to IPv6 sites.  Name resolution seems to work and returns quad-A records, etc.  BUT, any attempt to bring up any IPv6 only web site fails ("Firefox can't establish a connection to the server at ipv6.google.com", or if I try to connect by IP address, "Firefox can't establish a connection to the server at [2001:470:1f11:ed5::130].")  Same for both Firefox and IE, and even basic port tests using telnet fail:

C:\>telnet [fe80::a00:27ff:fe70:cdc2] 80
Connecting To [fe80::a00:27ff:fe70:cdc2]...Could not open connection to the host, on port 80: Connect failed

(I'm not 100% certain that's the right syntax for telnet via IPv6, but I've tried it with and without the brackets, and by hostname, same results.  Of course similar IPv4 tests work fine.)

If I run "netstat -s -p ipv6" on the Windows box, I see that both my "Packets Received" and "Output Requests" counters increment by 1 for each ping6, as expected, but when trying to connect to anything from within an application, neither increments, so the box is not even trying to use IPv6 to send (as opposed to say it getting dropped somewhere after leaving the box.)

If I run tcpdump on eth0 of the Linux gateway, I see the same thing; I see IPv6 traffic to and from the XP box when doing ping6 and traceroute6, but I see NOTHING (IPv6 or IPv4) when trying to connect from a browser, or a port test with telnet.  (I do see the name resolution via IPv4, which returns a quad-a, then NOTHING, not a single packet.)

For the sake of troubleshooting sanity, I have completely disabled the ip6tables firewall on the Linux router for this test.

To the best of my knowledge there is no firewall running on the XP box either (the Windows Firewall is disabled under control panel, unless it is configured in a different place for the IPv6 stack?  Does IPv6 under Windows have it's own, separate firewall?)

It's almost as if I have both stacks running, but my application layer only knows about the IPv4 stack.

I've rebooted three times, for those who know. ;-)

Ideas?
Jeff Morris
----------
UCP, LPIC-1, Linux+, Network+,
I-Net+, A+, HE IPv6 Sage

cholzhauer

A lot of times when I see a post like this, there hasn't been an IPv6 address assigned to the local area connection interface.  However, you mentioned that you're doing RA and the LAN connection does indeed grab an address.

Have you tried setting an IP address manually just to see what would happen?

An no, there isn't a separate firewall for IPv6.  (Make sure you've disabled any firewalls that come with virus protection too)

jimb

You're using a link local address.  You need to provide an interface either through the % mechanism (likely) or whatever the app uses.


{jimb@T510jimb/tty0}~> wping fe80::213:a9ff:fe0e:d91e

Pinging fe80::213:a9ff:fe0e:d91e with 32 bytes of data:
Destination host unreachable.

{jimb@T510jimb/tty0}~> wping fe80::213:a9ff:fe0e:d91e%12

Pinging fe80::213:a9ff:fe0e:d91e%12 with 32 bytes of data:
Reply from fe80::213:a9ff:fe0e:d91e%12: time<1ms
Reply from fe80::213:a9ff:fe0e:d91e%12: time=1ms
Reply from fe80::213:a9ff:fe0e:d91e%12: time<1ms
Reply from fe80::213:a9ff:fe0e:d91e%12: time<1ms

Ping statistics for fe80::213:a9ff:fe0e:d91e%12:
   Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
   Minimum = 0ms, Maximum = 1ms, Average = 0ms

(wping is simply the windows ping command called from cygwin, wping:   aliased to /cygdrive/c/Windows/System32/ping.exe !*).

The %12 refers to the interface #12 as listed with the netsh int ipv6 sh int command (my gigE port on this laptop in this instance)

xenium1024

Quote from: cholzhauer on May 16, 2011, 07:27:46 AM
A lot of times when I see a post like this, there hasn't been an IPv6 address assigned to the local area connection interface.  However, you mentioned that you're doing RA and the LAN connection does indeed grab an address.

Yes, it definitely is grabbing an address, and it's a valid autoconfigure address (the first 64 bits are indeed my routed HE subnet, and the last 64 bits are the MAC address derived address... the default gateway is the link-local address address of my Linux gateway... which seems weird to me that it uses the link-local address, I don't know why it doesn't show the gateway's global address, but my understanding is that this is nonetheless correct for Windows.  And again, from the command line, ICMP based tools like ping6, tracert, all work fine.  It's just higher level (TCP/UCP) connections that don't seem to work.)

For the heck of it, I just created an XP VM on another system, so I would be working with a clean, fresh install of XP SP3, with all updates applied.  I got the exact same thing, although curiously, that machine is picking up a bunch of IPv6 addresses.  Although I thought I had a fairly good understanding of IPv6, I must admit that I really don't understand the ins and outs of the Microsoft IPv6 stack and netsh.  It seems unnecessarily complicated to me (by a factor of like 10.) :-)  Every one of my Linux boxes (about 7 of them if you include VMs, including several CentOS 5.6, and Ubuntu Server and Desktop 10.10, and 11.04) are behaving exactly as expected, picking up exactly one valid autoconfigure IPv6 address on eth0, and inserting exactly one route to 0::/0, pointed at the gateway, while the Windows XP boxen are doing all kinds of crazy things.  I do also have one Windows 7 box which I just brought up, and it is working fine as well, so it's only XP that is having problems.  On the Windows 7 box I see two IPv6 addresses (not counting the link local one), one of which says "IPv6 Address", and the other "Temporary IPv6 Address", both of which are on my routed subnet.  Not sure what that's about, but again, that box works, with zero configuration.

Here's the output from ipconfig on the non-working XP VM.  Again, this is a clean XP SP3 install + all updates, nothing else installed or altered on it, no AV software, Windows firewall disabled in Control Panel:


Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . : nullmodem.org
        IP Address. . . . . . . . . . . . : 192.168.2.129
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        IP Address. . . . . . . . . . . . : 2001:470:1f0f:bb9:600e:3b27:9f5b:a35b
        IP Address. . . . . . . . . . . . : 2001:470:1f0f:bb9:a00:27ff:fe0c:58b2
        IP Address. . . . . . . . . . . . : fe80::a00:27ff:fe0c:58b2%6
        IP Address. . . . . . . . . . . . : 2001:470:1f0f:bb9:18a9:f585:6b6c:af76
        IP Address. . . . . . . . . . . . : 2001:470:1f0f:bb9:a00:27ff:fe0c:58b2
        IP Address. . . . . . . . . . . . : fe80::a00:27ff:fe0c:58b2%4
        Default Gateway . . . . . . . . . : 192.168.2.1
                                            fe80::a00:27ff:fe70:cdc2%4

Tunnel adapter Teredo Tunneling Pseudo-Interface:

        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%5
        Default Gateway . . . . . . . . . :

Tunnel adapter Automatic Tunneling Pseudo-Interface:

        Connection-specific DNS Suffix  . : nullmodem.org
        IP Address. . . . . . . . . . . . : fe80::5efe:192.168.2.129%2
        Default Gateway . . . . . . . . . :


Why all those addresses?  I don't get that.  And again, just like the XP box on physical hardware, the XP VM can ping6, tracert to IPv6 only hosts just fine, but any higher level tests, like from a web browser or telnet, not only fail, but I don't even see any packets coming from the box when I run a tcpdump on the segment.

Here's my radvd.conf for good measure... looks pretty straightforward, but maybe there's something missing that XP and only XP needs?


interface eth0
{
        AdvSendAdvert on;
        MinRtrAdvInterval 30;
        MaxRtrAdvInterval 100;
        prefix 2001:470:1f0f:bb9::1/64
        {
                AdvOnLink on;
                AdvAutonomous on;
                AdvRouterAddr off;
        };

};


Should "AdvRouterAddr" be set to on?  The above is what I've seen in most example radvd.conf files, so that's what I've used, but isn't the whole point of the router advertisement protocol supposed to be, well, to advertise the router? :-)  Still, everything but my XP boxes seems to work fine with radvd configured as it is.  Maybe I'll give that a try though.

QuoteHave you tried setting an IP address manually just to see what would happen?

No, but I'll give it a try.  I need to figure out how to do so with netsh first though, as you've probably figured out, I'm a Linux guy. :-)
Jeff Morris
----------
UCP, LPIC-1, Linux+, Network+,
I-Net+, A+, HE IPv6 Sage

xenium1024

Quote from: jimb on May 16, 2011, 05:02:21 PM
You're using a link local address.  You need to provide an interface either through the % mechanism (likely) or whatever the app uses.

But I'm *not* using a link-local address.  Stateless autoconfig is picking up a valid, global address from my routed subnet (2001:470:1f0f:bb9::/64).

Or are you referring to the default route?  That is showing as a link-local address, but it's the link-local address on my gateway, not on the XP machine.  My understanding (from other posts that I have read here and elsewhere) is that this is normal for Windows.  Indeed, on my Windows 7 box, which is working, that is what it shows as a default route as well.  It does show a %4 after it, which is the correct interface number for my Ethernet adapter.  (Thanks for the info on the % characters, I was wondering what that meant!)

And why would ping6 and tracert work from the box, but not TCP based applications, if I were using a link-local address?  Shouldn't all attempts to communicate outside the local box fail if using a link-local address?
Jeff Morris
----------
UCP, LPIC-1, Linux+, Network+,
I-Net+, A+, HE IPv6 Sage

xenium1024

Quote from: xenium1024 on May 16, 2011, 05:46:12 PM
Should "AdvRouterAddr" be set to on?  The above is what I've seen in most example radvd.conf files, so that's what I've used, but isn't the whole point of the router advertisement protocol supposed to be, well, to advertise the router? :-)  Still, everything but my XP boxes seems to work fine with radvd configured as it is.  Maybe I'll give that a try though.

Well, I tried that , but got the exact same thing... on my XP boxes, and only on my XP boxes, things like "ping6 ipv6.google.com" work fine, while "http://test-ipv6.com/" reports "No IPv6 address detected", and "http://ipv6.google.com/" can't be connected to. :-(  My Windows 7 box and all of my Linux boxen work just fine with stateless autoconfig, while both XP boxes seem to configure their interfaces correctly with statetless autoconfig, but then TCP based apps completely fail to use IPv6. :-(  Truly bizarre.
Jeff Morris
----------
UCP, LPIC-1, Linux+, Network+,
I-Net+, A+, HE IPv6 Sage

cholzhauer

A couple of my XP installs at work grabbed like 10 IPv6 addresses while others only grabbed one.  I fixed it by going to a more modern operating system ;)

johnpoz

I have not played with ipv6 on xp to be honest, but are we sure it supports ipv6 dns even?  Not sure putting in that ipv6 dns is going to be used at all.

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sag_ip_v6_imp_config_items.mspx?mfr=true
For the IPv6 protocol for Windows, all DNS query and response traffic is sent by using IPv4, even though IPv6 addresses are being resolved. The addresses for DNS servers are configured through the properties of the Internet Protocol (TCP/IP) protocol in Network Connections. Alternately, you can place host name to IPv6 address mappings in the Hosts file.

Also what browser are you using on the XP box when you try and access http://test-ipv6.com

When I get a chance I will fire up a xp vm and turn ipv6 for it.  To see if I can help in your browsing to ipv6 websites issue.

I do recall seeing a few threads over the years with xp and ipv6 not really being fully up to speed, etc.

cholzhauer

Quote
I have not played with ipv6 on xp to be honest, but are we sure it supports ipv6 dns even?

Correct..it does not.

Quote
I do recall seeing a few threads over the years with xp and ipv6 not really being fully up to speed, etc.
I agree, it's not, and we know they're not going to backport any new enhancements to it.