• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Windows Server 2008 Problem pinging the Hurricane Server IPv6 Address

Started by ToddBooth, July 29, 2010, 09:08:04 AM

Previous topic - Next topic

ToddBooth

I have a problem pinging the Hurricane Service IPv6 Address. 

I have several tunnels, for testing.

I have IPv6 ping working from my Windows 7 (32 bit, professional) with a public IPv4 address.

However, the problem occurs with both of the following:
  Server 2008 Enterprise with R2 with a public IPv4 address.
  Server 2008 Standard without R2 and with a public IPv4 address.

My general configuration, concerning this problem follows:

Windows Server 2008 Enterprise R2
It has its own public IP Address
Firewall: Using Microsoft Advanced Firewall (but turned off during test)
Packet capture: Microsoft Network Monitor version 3.4

HE configured the tunnel as follows:
IPv6 Tunnel Endpoints
   Server IPv4 address:    216.66.80.90
   Server IPv6 address:    2001:470:27:3d3::1/64
   Client IPv4 address:    184.104.246.234
   Client IPv6 address:    2001:470:27:3d3::2/64

HE asked me to configure my Server as follows:
netsh interface teredo set state disabled
netsh interface ipv6 add v6v4tunnel IP6Tunnel 184.104.246.234 216.66.80.90
netsh interface ipv6 add address IP6Tunnel 2001:470:27:3d3::2
netsh interface ipv6 add route ::/0 IP6Tunnel 2001:470:27:3d3::1

The above worked fine.

From my Server, I can ping my side 2001:470:27:3d3::2

However, from my Server, I can't ping the HE side 2001:470:27:3d3::1

From the Internet side, HE looking glass can ping the HE side 2001:470:27:3d3::1

Here is my detailed IP6Tunnel configuration
from netsh interface ipv6 show interface IP6Tunnel

Interface IP6Tunnel Parameters
----------------------------------------------
IfLuid                             : tunnel_10
IfIndex                            : 18
State                              : connected
Metric                             : 10
Link MTU                           : 1280 bytes
Reachable Time                     : 16500 ms
Base Reachable Time                : 30000 ms
Retransmission Interval            : 1000 ms
DAD Transmits                      : 1
Site Prefix Length                 : 64
Site Id                            : 1
Forwarding                         : enabled
Advertising                        : disabled
Neighbor Discovery                 : disabled
Neighbor Unreachability Detection  : disabled
Router Discovery                   : enabled
Managed Address Configuration      : disabled
Other Stateful Configuration       : disabled
Weak Host Sends                    : disabled
Weak Host Receives                 : disabled
Use Automatic Metric               : enabled
Ignore Default Routes              : disabled
Advertised Router Lifetime         : 1800 seconds
Advertise Default Route            : disabled
Current Hop Limit                  : 0
Force ARPND Wake up patterns       : disabled
Directed MAC Wake up patterns      : disabled
Link-Layer Address                 : 77.110.21.209
Remote Link-Layer Address          : 216.66.80.90

Here is the output from my neighbors, on the IP6Tunnel.  Note that the HE side shows up, as a neighbor.
Interface 18: IP6Tunnel

Internet Address                              Physical Address   Type
--------------------------------------------  -----------------  ---------
2001:470:27:3d3::1                            216.66.80.90       Permanent
2001:470:27:3d3::2                            216.66.80.90       Permanent
fe80::3553:465f:4902:6cfa                     216.66.80.90       Permanent
fec0:0:0:ffff::1                              216.66.80.90       Permanent
fec0:0:0:ffff::2                              216.66.80.90       Permanent
fec0:0:0:ffff::3                              216.66.80.90       Permanent
ff02::c                                       216.66.80.90       Permanent
ff02::16                                      216.66.80.90       Permanent
ff02::1:2                                     216.66.80.90       Permanent
ff02::1:3                                     216.66.80.90       Permanent

The following may be related and helpful.

Using the Freenet6 GoGo net IPv6 broker service, it does not work in IPv6-in-IPv4 Native mode (Server 2008 with public IPv4 address and firewall disabled).
But when I configure the same server 2008 Freenet6 to IPv6-in-UDP-IPv4 NAT tunnel mode, it works.  Again, I have a public IPv4 address.

I have the same problem, on a Microsoft Server 2008 Standard (without R2), with an entirely different ISP (also public IP address).

Again, I have the ping working from a Windows 7 32bit professional.  Here is the IP6Tunnel information from the working Windows 7 configuration:

Interface IP6Tunnel Parameters
----------------------------------------------
IfLuid                             : tunnel_5
IfIndex                            : 13
State                              : connected
Metric                             : 10
Link MTU                           : 1280 bytes
Reachable Time                     : 43000 ms
Base Reachable Time                : 30000 ms
Retransmission Interval            : 1000 ms
DAD Transmits                      : 1
Site Prefix Length                 : 64
Site Id                            : 1
Forwarding                         : disabled
Advertising                        : disabled
Neighbor Discovery                 : disabled
Neighbor Unreachability Detection  : disabled
Router Discovery                   : disabled
Managed Address Configuration      : disabled
Other Stateful Configuration       : disabled
Weak Host Sends                    : disabled
Weak Host Receives                 : disabled
Use Automatic Metric               : enabled
Ignore Default Routes              : disabled
Advertised Router Lifetime         : 1800 seconds
Advertise Default Route            : disabled
Current Hop Limit                  : 0
Force ARPND Wake up patterns       : disabled
Directed MAC Wake up patterns      : disabled
Link-Layer Address                 : 77.110.20.45
Remote Link-Layer Address          : 216.66.80.90

I'll now compare the detailed IP6Tunnel interfaces: Working Windows 7 32 bit with failing Windows Server 2008.  The working (windows 7) differences follow:

working: forwarding disabled
working: router discovery disabled

So on the Server 2008, which does not work, I then disabled forwarding and routing discovery but have the same problem.

I ran a packet trace on the working and non-working ip6tunnels. 

I do see the IPv6 icmp requests for both the working and non-working ip6tunnels.

I do not see any IPv6 icmp reply from HE in the Windows 2008 configurations.

Any ideas on what I should do next, to try and debug this?

I would guess that many people have Server 2008 Server, with a public IPv4 address working.  But can someone specifically confirm this?  Any special issues?

Thanks and Regards!

Todd Booth / IPv6 Research .com

cholzhauer

 I'm running server 2008 but not with a public ipv4 address, although I don't think it would matter.  Did you add a public ipv6 address to your local area connection?

ToddBooth

I have made great progress.

I previously reported that the problem was only with Microsoft Server Standard 2008 R2 and Server Enterprise R2.  I've performed the same tests with Server 2008 Standard (which was not R2).  The non-R2 pings the HE side.  I ran the same tests with Windows 7, Vista and XP, all of these ping the HE side.

It is only Server 2008 R2 which is having the problem with HE.

I tried the Freenet6 IPv6 tunnel broker.

With Server 2008 R2, I can not perform any native tunnels (even though I have public addresses)
These same two R2's work with the Freenet6 IPv6 tunnel via nat confirmation.

The Server 2008 (non-R2) which works with HE also works with Freenet6 IPv6 native tunnels.

So it appears that there is nothing working with HE or Freenet6.  It appears that problem is only with Server 2008 R2.  So the new relevant question is the following:

Does anyone have a Microsoft Server 2008 R2 working with either HE or Freenet6 (native)?

Concerning the previous post.  Thanks for your suggestion.  I did the following. 

I reset IPv6 user data with the following:
    netsh interface ipv6 reset

I disabled native IPv6 via the network adapter properties.

I deleted the IP6Tunnel connection with the following:
    netsh interface ipv6 delete interface IP6Tunnel

I then had no IPv6 addresses.  I then ran the provided HE script which added my IPv6 address.

I assume that you are running Server 2008 and not Server 2008 R2.

Thanks to all and best regards,

Todd Booth / IPv6 Research .com

cholzhauer

I guess i mis-understood...my tunnel is terminated on a freebsd machine; I'm just using server 2008 as one of my clients.

So, just to clarify, your problem is that you can't ping the he side of the tunnel after you bring then tunnel up

ToddBooth

Yes, that is correct.

If I bring the tunnel up, on a Server 2008 R2 (standard or enterprise), I can't ping the he ipv6 side.  Note that my status says the link is connect.  See the following:

netsh interface ipv6>show int

Idx  Met   MTU   State        Name
---  ---  -----  -----------  -------------------
  1   50 4294967295  connected    Loopback Pseudo-Interface 1
14   10   1280  connected    Local Area Connection* 11
24   50   1280  disconnected  Local Area Connection* 8
15   10   1280  connected    IP6Tunnel

However on Server 2008 (without R2), XP, Vista and Windows 7, I can bring the tunnel up, on that pc and ping the he ipv6.

Thanks and Regards,

Todd Booth / IPv6 Research .com

cholzhauer

of course, i just deleted my VM that was running R2.  i'll fire another one up and test on monday

wrbutt


cholzhauer

It works for me on an R2 machine


PS C:\Users\Administrator> ping   2001:470:1f10:533::1

Pinging 2001:470:1f10:533::1 with 32 bytes of data:
Reply from 2001:470:1f10:533::1: time=43ms
Reply from 2001:470:1f10:533::1: time=38ms
Reply from 2001:470:1f10:533::1: time=50ms
Reply from 2001:470:1f10:533::1: time=64ms

Ping statistics for 2001:470:1f10:533::1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 38ms, Maximum = 64ms, Average = 48ms



Windows IP Configuration


Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2001:470:1f11:533::2
   Link-local IPv6 Address . . . . . : fe80::49a4:1d85:7cf:3e6%11
   IPv4 Address. . . . . . . . . . . : 192.168.102.199
   Subnet Mask . . . . . . . . . . . : 255.255.254.0
   Default Gateway . . . . . . . . . : 2001:470:1f10:533::1
                                       192.168.102.1

Tunnel adapter isatap.{47FE5A02-CAC0-46B3-A0D2-FD86EF7EEFF4}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter IP6Tunnel:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2001:470:1f10:533::2
   Link-local IPv6 Address . . . . . : fe80::3d7c:e40b:5bba:af60%13
   Default Gateway . . . . . . . . . : 2001:470:1f10:533::1



ToddBooth

Thank you very much!!!  You are very kind to have installed and tested it on your brand new R2 (windows 2008 R2).

I just now installed a brand new R2 under VmWare and I am also able to ping the remote HE ipv6 side.

So I now have a working and non-working R2.  I will compare my two R2's and try to reproduce and narrow down the issue.

Best Regards,

Todd Booth / IPv6 Research .com

ToddBooth

Summary of problem:  I'm using Windows Server 2008 R2s, to terminate the HE ipv6 tunnels (over ipv4).  On some 2008 R2s, I can always ping the HE tunnel side ipv6 address (from my ipv6 end of the tunnel).  On two other Windows Server 2008 R2s, I can never ping the HE tunnel side ipv6 address.  I've tried netsh interface ipv6 reset and rebuilt the tunnels several times.

New Information: I've compared the packet traces with Microsoft Network Monitor.  On the working 2008 R2's, I see both the native ipv6 ping request and the ipv4 (encapsulated ipv6 ping request).  However on both of the non-working 2008 R2's, I can only see the native ipv6 ping request.  So it appears that on the non-working 2000 R2's, the ipv6 ping request is not being sent via encapsulated ipv4.  The ipv6 IP6Tunnel status is connected.

Has anyone seen this problem?  Does anyone have any ideas on what I need to try, to get the ipv6 pings to be encapsulated in the IP6Tunnel?

Thanks and Regards,

Todd Booth / IPv6 Research .com



cholzhauer

Well, what's different between the two?

Have you turned off the firewall to make sure that's not a problem?

Are you using the same tunnel on both the working and non-working machines?  Maybe it's a tunnel problem/setting on HE's end?

ToddBooth

> Well, what's different between the two?

I've carefully compared the working and non-working Server 2008's.  Here is a difference.

After deleting the ip6tunnel and resetting the ipv6
(netsh interface ipv6
  del interface ip6tunnel &
  reset)

On the brand new working server, ipconfig /all includes the following:

Tunnel adapter Local Area Connection* 9:
   Connection-specific DNS Suffix  . : .
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2002:4d6e:15d3::4d6e:15d3(Preferred)
   Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301
   DNS Servers . . . . . . . . . . . : 85.11.1.11
   NetBIOS over Tcpip. . . . . . . . : Disabled

On the brand new working server, netsh interface ipv6 show int includes the following:

13          10        1280  connected     Local Area Connection* 9

In the above the 6to4 adapter is in the state "connected".

However, on the failing server, ipconfig /all includes the following:

Tunnel adapter Reusable Microsoft 6To4 Adapter:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Note in the above, that the 6To4 Adapter is in the state "Media disconnected"

On the failing server, netsh interface ipv6 show int includes the following:

13          50        1280  disconnected  Reusable Microsoft 6To4 Adapter

Note in the above, that the media state is "disconnected".

So it appears I need to somehow change the failing server 6To4 Adapter from "media disconnected" and "disconnected" to "connected".

As a test, on the failing server, I used device manager to manually add another microsoft 6To4 adapter.  It added it but it was also in the "media disconnected" and "disconnected" state.

As a test, on the working server, I used device manager to manually add another microsoft 6To4 adapter.  It added it but it was also in the "media disconnected" and "disconnected" state.

Any ideas how to change a 6To4 adapter from "media disconnected" and "disconnected" to "connected"?

Thanks,

Todd Booth / IPv6 Research .com





Have you turned off the firewall to make sure that's not a problem?

Are you using the same tunnel on both the working and non-working machines?  Maybe it's a tunnel problem/setting on HE's end?

broquea

That would mean the working server was working on 6to4 and not an HE tunnel, btw. While both are PRotocl 41 tunnels, one is automatically configured based on your public IPv4 address, and an HE tunnel needs to be manually configured. If you want to use the HE tunnel, you should be disabling both Teredo and 6to4 to avoid conflicts.