• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Windows Tunnel times out or goes to sleep or something?

Started by PepperdotNet, August 26, 2009, 01:35:12 PM

Previous topic - Next topic

PepperdotNet

First question here, please go easy on me.  ;D

I've setup a couple of tunnels, one to a Windows 7 host and one to a 2008 server. I followed the instructions exactly. The first was to establish "connectivity" for a n00b, and the second was the "we want to send you an email" test. Everything works. Except... if I leave it alone a few minutes, it's no longer reachable from the outside, until I do something on that machine again, i.e. ping an ipv6 host which wakes it back up.

Is there by default a timeout mechanism in the Windows tunnel, and how do I override it? I don't really want to have to setup a scheduled task to ping something every five minutes.

dataless

I've seen several people with similar problems, I'm wondering if maybe it's due to being behind certain NAT routers.

It might be that after a period of inactivity your router is closing the connection.

There's an article in the SixXS FAQ that mentions this..

http://www.sixxs.net/faq/connectivity/?faq=conntracking

What kind of router do you have?

jimb

You need to set up a static NAT for IP proto 41 on your NAT firewall, pointing traffic to your tunnel box.  You can only do one per external IP, so if you have two different tunnel routers, you need two external IPs to separately forward proto 41.

If you don't have a static NAT, the firewall will time out the connection/NAT entry if there is no traffic for a while, then packets from the remote HE tunnel server will be dropped by your firewall as unsolicited traffic.

If your tunnel device is at the edge, make sure there's a firewall rule allowing the traffic from the HE tunnel server to the IP of your tunnel router.

EDIT: Unfortunately, some consumer grade routers/firewalls don't give you an option to do an arbitrary IP protocol forward.  They presume that you'll only ever want to forward TCP or UDP ports.  If this is the case for you, then your only choices are to look for some alternative firmware (OpenWRT, Tomato, etc), or to do something like send a ping every X seconds to force the NAT entry to refresh so it doesn't time out (X =  the TTL of your NAT entries on your router).

kriteknetworks


PepperdotNet

Ah, this makes sense now. I've got Netgear FVX538 and FVS338 routers. They will allow me to forward TCP, UDP or ICMP to an internal host but not an arbirtrary protocol. So it looks like a scheduled task to send some traffic from the inside is my only hope.

jimb

Quote from: kriteknetworks on August 27, 2009, 07:29:01 AM
Or buy a decent router :)
Yeah.  Or if you're like me, use an old PC or laptop and make a linux/iptables router or (or BSD/pf ... or m0n0wall).  Way more features than any consumer router you'll find out there, and free (if you have a spare PC and some nics)!

Ninho

@JimB : Praytell how you managed to display your badge in sig on your every post ?

I must be particularly dense, I couldn't for the sake of me find how to (even spying the posts' source code!)

It seems you are the only one who succeeded - or cared to try   ;)

Just vanitas vanitatum (speaking only for myself, of course...)



broquea

Quote from: Ninho on September 19, 2009, 02:44:56 PM
@JimB : Praytell how you managed to display your badge in sig on your every post ?

I must be particularly dense, I couldn't for the sake of me find how to (even spying the posts' source code!)

It seems you are the only one who succeeded - or cared to try   ;)

Just vanitas vanitatum (speaking only for myself, of course...)





SMF code can be used, so you use[img]http://url.to.image[/img]in your signature settings.

jimb

Quote from: Ninho on September 19, 2009, 02:44:56 PM
@JimB : Praytell how you managed to display your badge in sig on your every post ?

I must be particularly dense, I couldn't for the sake of me find how to (even spying the posts' source code!)

It seems you are the only one who succeeded - or cared to try   ;)

Just vanitas vanitatum (speaking only for myself, of course...)
Yep.  Just a BBCODE image tag in my signature:
[img]http://ipv6.he.net/certification/create_badge.php?pass_name=jimb&badge=3[/img]
Has to be a non-flash badge.

Ninho

#9
Quote from: jimb on September 19, 2009, 05:10:45 PM
Yep.  Just a BBCODE image tag in my signature:
Has to be a non-flash badge.

Well, I thought I tried that, but didn't work (hung at "Fetching Preview", and when posted all the same, image was not there!)

Let's try once more (direct insertion, not a premade signature) :

[img]http://ipv6.he.net/certification/create_badge.php?pass_name=Ninho&badge=3[/img]




At long last  !!!! Noting, still, this prevents the Preview option from working...