• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

A little help with set-up on Windows 7 behind a router, please.

Started by Quill, January 13, 2011, 11:42:33 PM

Previous topic - Next topic

Quill

Here's the situation:

Windows 7 Ultimate ---> Router ---> Internet

The router has been configured as the end point for the tunnel and it seems to work as it should, i.e. I can ping6 any IPv6 enabled site, such as ipv6.he.net or ipv6.google.com. However, when I attempt to do the same from my PC, it fails with 'request timed out'.

What I've done so far is to use the router to allocate an address for the PC, I've also tried setting a static address on the PC NIC (I may well be choosing an incorrect address) I also use the set-up instructions for the tunnel from the HE site, however, I changed the endpoint to the IPv4 address of my PC.


netsh interface ipv6 add v6v4tunnel IP6Tunnel 192.168.1.143 216.66.80.30
netsh interface ipv6 add address IP6Tunnel 2001:470:1f0a:823::2
netsh interface ipv6 add route ::/0 IP6Tunnel 2001:470:1f0a:823::1


In the interface of the router, there are options for setting different IPv6 addresses (see attached) I used the Client IPv6 address, supplied by HE, for the WAN side of my tunnel, but wasn't sure what to use for the LAN address. I did try 2001:470:1f0a:823::3, I also used this as well as ::4 when I set a static address on the NIC. I have also tried setting different gateway addresses ::1, ::2 and ::3.


Windows IP Configuration

   Host Name . . . . . . . . . . . . : Calisto
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 00-1D-7D-04-77-6B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:470:1f0a:823::4(Preferred)
   Link-local IPv6 Address . . . . . : fe80::972:322:9617:bc8d%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.143(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, January 14, 2011 4:35:29 PM
   Lease Expires . . . . . . . . . . : Saturday, January 15, 2011 4:35:29 PM
   Default Gateway . . . . . . . . . : 2001:470:1f0a:823::3
                                       192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{3DEBEC41-0DB9-4781-8058-726218A5B202}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes


The DNS addresses were obtained from my firewall logs...

Obviously, I'm doing something wrong but I don't know what. any help would be appreciated.

Incidentally, when IPv6 is enabled on the NIC any site that is both IPv6 and IPv4 enabled, such as HE, takes a long time to load and sometimes simply times-out altogether. Disable IPv6 on the NIC so only IPv4 is used and there's no problem. Is that a DNS issue or simply the tunnel not working?

One final point, I have rules in my firewall to allow protocol 41, IPv6 DNS as well as ICMPv6. I also tried without the firewall installed.

 

cholzhauer

Well first, if you have the tunnel hosted on your router, you don't need to also host it on your PC, so these commands are useless:

Quote


netsh interface ipv6 add v6v4tunnel IP6Tunnel 192.168.1.143 216.66.80.30
netsh interface ipv6 add address IP6Tunnel 2001:470:1f0a:823::2
netsh interface ipv6 add route ::/0 IP6Tunnel 2001:470:1f0a:823::1


You'll need to remove them

You have used an incorrect IPv6 address on your LAN connection.  On your HE page, you should see a line that says "routed /64"  You need to pull an address out of this range and assign it to your LAN connection.  The easiest way to do this is to add a static address the same way you would an IPv4 address, but chose the v6 adapter. Or, if you router does Router Advertisements, this would be even easier.

As for DNS....the addresses you listed are site local, and I'm assuming that those addresses don't have a DNS server listening on them.

Quote
Incidentally, when IPv6 is enabled on the NIC any site that is both IPv6 and IPv4 enabled, such as HE, takes a long time to load and sometimes simply times-out altogether. Disable IPv6 on the NIC so only IPv4 is used and there's no problem. Is that a DNS issue or simply the tunnel not working?

This is because your computer thinks it has IPv6 access (because of the IP address assigned) but it really doesn't because even though your tunnel is up, it's not working properly.

EDIT:

I just looked at your picture...for the box that wants an IPv6 address, you need to give it one out of your routed /64 that I mentioned earlier.  As for an IPv6 dns server, you could use 2001:470:200::2

donbushway

The static IP is any ip out of your assigned block. usually 2001:470:1f0b:823::1. Remove the changes made to the client pc. The DNS is any DNS server 2001:470:0:70::2 is one of the ones I use.

Quill

Thank you both for your replies :)

I have made some changes based upon your suggestions and I am a step closer. This is what I have done:

In the router I changed the Static LAN address to 2001:470:1f0b:823::1
I used The DNS address 2001:470:0:70::2
I reset the IPv4 and IPv6 stack via netsh and rebooted

I was able to reach ipvg.he.net from the router but I got Destination host unreachable from the PC.

I manually added the address 2001:470:1f0b:823::3 to the IPv6 interface and added the DNS address also.

After a release and renew I was able to ping -6 ipv6.he.net from the PC and I was able to reach ipv6.google.com via the browser. I was not able to reach ipv6.he.net from the browser and when I checked whatsmyipv6.com it still showed only an IPv4 address. Clearly, I am still doing something wrong.

Here is the most recent ipconfig:


Windows IP Configuration

   Host Name . . . . . . . . . . . . : Calisto
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 00-1D-7D-04-77-6B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:470:1f0b:823::3(Preferred)
   IPv6 Address. . . . . . . . . . . : 2001:470:1f0b:823:972:322:9617:bc8d(Preferred)
   Link-local IPv6 Address . . . . . : fe80::972:322:9617:bc8d%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.143(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Saturday, January 15, 2011 12:32:23 AM
   Lease Expires . . . . . . . . . . : Sunday, January 16, 2011 12:32:23 AM
   Default Gateway . . . . . . . . . : 2001:470:1f0a:823::1
                                       fe80::e2cb:4eff:fea8:6ef3%11
                                       192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DNS Servers . . . . . . . . . . . : 2001:470:0:70::2
                                       192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{3DEBEC41-0DB9-4781-8058-726218A5B202}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

C:\Windows\System32>ping -6 ipv6.he.net

Pinging ipv6.he.net [2001:470:0:64::2] with 32 bytes of data:
Reply from 2001:470:0:64::2: time=332ms
Reply from 2001:470:0:64::2: time=332ms
Reply from 2001:470:0:64::2: time=331ms
Reply from 2001:470:0:64::2: time=334ms



cholzhauer

FWIW it does look like your router is doing RA

That is strange.  Normally when this breaks, it means you don't have an address assigned, but in this case, you do.




donbushway

The default gateway is wrong.

Default Gateway . . . . . . . . . : 2001:470:1f0a:823::1
Should be:   Default Gateway . . . . . . . . . : 2001:470:1f0a:823::1


cholzhauer

Good catch.

If your router is doing RA, I'd just remove all of the static entries you put in and let RA do it's job.  (Unless you wanted the address to be 2001:470:1f0b:823::3 for a reason)

Quill

Quote from: donbushway on January 14, 2011, 07:37:44 AM
The default gateway is wrong.

Default Gateway . . . . . . . . . : 2001:470:1f0a:823::1
Should be:   Default Gateway . . . . . . . . . : 2001:470:1f0a:823::1

Did you mean if0b as opposed to if0a?

QuoteIf your router is doing RA, I'd just remove all of the static entries you put in and let RA do it's job.  (Unless you wanted the address to be 2001:470:1f0b:823::3 for a reason)

I have changed the settings so that I'm only using the router RA for address allocation. Unfortunately, there is no provision in the router interface to enter an IPv6 gateway address, apart from the remote gateway assigned by HE. Because of this the router assigns it's link local address as the gateway.

Having made these changes, I can still ping he but I still cannot connect via the browser. I also tried changing the DNS to the address you proposed.


Ethernet adapter Local Area Connection:

  Connection-specific DNS Suffix  . :
  Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
  Physical Address. . . . . . . . . : 00-1D-7D-04-77-6B
  DHCP Enabled. . . . . . . . . . . : Yes
  Autoconfiguration Enabled . . . . : Yes
  IPv6 Address. . . . . . . . . . . : 2001:470:1f0b:823:972:322:9617:bc8d(Preferred)
  Link-local IPv6 Address . . . . . : fe80::972:322:9617:bc8d%11(Preferred)
  IPv4 Address. . . . . . . . . . . : 192.168.1.143(Preferred)
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
  Lease Obtained. . . . . . . . . . : Saturday, January 15, 2011 1:55:55 AM
  Lease Expires . . . . . . . . . . : Sunday, January 16, 2011 1:56:02 AM
  Default Gateway . . . . . . . . . : fe80::e2cb:4eff:fea8:6ef3%11
                                      192.168.1.1
  DHCP Server . . . . . . . . . . . : 192.168.1.1
  DNS Servers . . . . . . . . . . . : 2001:470:0:70::2
                                      192.168.1.1
  NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{3DEBEC41-0DB9-4781-8058-726218A5B202}:

  Media State . . . . . . . . . . . : Media disconnected
  Connection-specific DNS Suffix  . :
  Description . . . . . . . . . . . : Microsoft ISATAP Adapter
  Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
  DHCP Enabled. . . . . . . . . . . : No
  Autoconfiguration Enabled . . . . : Yes

C:\Windows\System32>ping -6 ipv6.he.net

Pinging ipv6.he.net [2001:470:0:64::2] with 32 bytes of data:
Reply from 2001:470:0:64::2: time=331ms
Reply from 2001:470:0:64::2: time=331ms
Reply from 2001:470:0:64::2: time=331ms
Reply from 2001:470:0:64::2: time=332ms

cholzhauer

Quote
Unfortunately, there is no provision in the router interface to enter an IPv6 gateway address, apart from the remote gateway assigned by HE. Because of this the router assigns it's link local address as the gateway.

That's normal and the way it should be.

What do your routing tables look like

donbushway


Quill

Thank you both for your on-going help, unfortunately, I still cannot get this to function correctly. I believe the configuration is now correct, as per your instructions, however, whilst I am able to ping various ipv6 sites, I cannot connect via the browser, when IPv6 is enabled. I'm beginning to wonder if the router is failing somewhere. If I get some time later today I'll make a connection without the router. For now, here are my settings:


Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 00-1D-7D-04-77-6B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:470:1f0b:823:972:322:9617:bc8d(Preferred)
   Link-local IPv6 Address . . . . . : fe80::972:322:9617:bc8d%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.143(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Saturday, January 15, 2011 10:30:00 AM
   Lease Expires . . . . . . . . . . : Sunday, January 16, 2011 10:30:00 AM
   Default Gateway . . . . . . . . . : fe80::e2cb:4eff:fea8:6ef3%11
                                       192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DNS Servers . . . . . . . . . . . : 2001:470:20::2
                                       192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{3DEBEC41-0DB9-4781-8058-726218A5B202}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

C:\Windows\System32>ping -6 ipv6.he.net

Pinging ipv6.he.net [2001:470:0:64::2] with 32 bytes of data:
Reply from 2001:470:0:64::2: time=335ms
Reply from 2001:470:0:64::2: time=335ms
Reply from 2001:470:0:64::2: time=335ms
Reply from 2001:470:0:64::2: time=336ms




C:\Windows\System32>netstat -r
===========================================================================
Interface List
11...00 1d 7d 04 77 6b ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.143     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.143    276
    192.168.1.143  255.255.255.255         On-link     192.168.1.143    276
    192.168.1.255  255.255.255.255         On-link     192.168.1.143    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.143    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.143    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  1    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None



Quill

Update:

It would appear to be either a site or a browser issue, at least with ipv6.he.net, as I cannot connect to this site, when using ipv6, via firefox (3.6 and 4b10), Opera 11 or iron 8.0.555. I can connect (as i'm doing now) with IE 8 (I'll try 9 later) I can connect to other ipv6 sites in these browsers...


Edit: After further testing, it would appear that I cannot connect to any of the HE sites,  with any browser, when IPv6 is enabled. It also appears that I cannot connect to numerous other IPv6 enabled sites, such as Sixxes, sixy.ch, ipv6.internode.on.net etc. even though I get a perfect score on the test site.


This is minefield 4.0b10 (firefox nightly build)