• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Vista+Linksys WRT54G router=no IPv6 tunnel connectivity

Started by a1pcfixer, September 06, 2010, 02:51:41 AM

Previous topic - Next topic

a1pcfixer

I'm running Vista Ultimate behind a Linksys WRT54G ver 2.0 router, and running
Norton Security Suite.

After registering at tunnelbroker.net and obtaining tunnel settings there,
I followed the directions under "IPv6 Tunnel Configurations by OS (Vista)"

As far as I can tell, in Norton Security Suite I'm good to go;

"The Automatic Learn IPv6 NAT Traversal Traffic option is available
only when Automatic Program Control is on. By default, Automatic Learn
IPv6 NAT Traversal Traffic is turned on. In this case, Norton Security
Suite allows all IPv6 NAT Traversal traffic."

Problem is (I think), my Linksys router doesn't seem to be allowing such traffic;

http://ipv6.google.com

Firefox 3.6.8
Firefox can't find the server at ipv6.google.com.

MSIE 8
Oops! This page appears broken. DNS Error - Server cannot be found.

-also-

http://test-ipv6.com/

7/10     for your IPv4 stability and readiness, when publishers offer
both IPv4 and IPv6
0/10    for your IPv6 stability and readiness, when publishers are
forced to go IPv6 only

My Linksys WRT54GS ver 2.0 has v4.71.1, Hyperwrt 2.1b1 +
Thibor15c [May 12 2006] firmware. That router cannot filter by "protocol",
only "port". The poor router knows only about TCP and UDP.

I've seen it mentioned in these forums about using the routers DMZ, but
I've set my DMZ in my router to a high IP on my LAN so unsolicited packets
get dropped (for security), and I'd rather not go that route unless
absolutely needed.

So, with my VERY limited knowledge of all of this, how do I get this working?

cholzhauer

Well, is whatever you're using for DNS returning a IPv6 address?

Also note that in Windows, you NEED to assign your Local Area Connection an IPv6 address to browse the web.


a1pcfixer

Quote from: cholzhauer on September 06, 2010, 05:49:45 AM
Well, is whatever you're using for DNS returning a IPv6 address?

Also note that in Windows, you NEED to assign your Local Area Connection an IPv6 address to browse the web.


Q1; I'm uncertain, as I'm not sure any such requests are even leaving my PC/router.

My router is setup with the following 3 DNS;

204.117.214.10
204.97.212.10
4.2.2.4

Q2; In Vista under properties for my Lan connection in Control Panel, settings for
"Internet Protocol Version 6 (TCP/IPv6)" are all set to automatic. I assumed such worked automatically.

If I knew how to set that up to manually assign a specific IPv6 address I would.
Network settings for TCP/IPv4 I understood, but this newer TCP/IPv6 has me a bit confused.

Some of my HE tunnel settings are;

Server IPv4 address:     209.51.181.2
   Server IPv6 address:    2001:470:1f10:435::1/64
   Client IPv4 address:    204.117.214.10
   Client IPv6 address:    2001:470:1f10:435::2/64
Available DNS Resolvers
   Anycasted IPv6 Caching Nameserver:    2001:470:20::2
   Anycasted IPv4 Caching Nameserver:    74.82.42.42

So, out of those settings, what exactly do I set in my Local Area Connection TCP/IPv6?

Please excuse my ignorance on this.

cholzhauer

Let's assign an address first.

It sounds like you're not doing RA or DHCP, so we'll manually assign address.  You will need do double check this address, as this is only a guess.  On your tunnel page, there's a line for routed /64...I assume that is something like 2001:470:1f11:435::/64 ?

I assume you know how to add a static v4 address to your adapter.  To add a static v6 address, you go through the same steps (control panel, networking, ect) except instead of opening the properties on the TCPIPv4, open properties on TCPIPv6.  Enter in a static v6 address from your routed /64, for example 2001:470:1f11:435::2. 

After you've done that, can you post the output of "ipconfig /all" and "netstat -nr" ?

a1pcfixer

Quote from: cholzhauer on September 06, 2010, 10:36:14 AM
Let's assign an address first.

It sounds like you're not doing RA or DHCP, so we'll manually assign address.  You will need do double check this address, as this is only a guess.  On your tunnel page, there's a line for routed /64...I assume that is something like 2001:470:1f11:435::/64 ?

After you've done that, can you post the output of "ipconfig /all" and "netstat -nr" ?

I assigned it; 2001:470:1f11:435::2
It then stated I also needed a subnet mask(?), I clicked on OK, and it auto-assigned it to 64 (hope that's good).

ipconfig /all.......

Windows IP Configuration

   Host Name . . . . . . . . . . . . : xxxxxxx-a
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : hsd1.in.comcast.net

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : hsd1.in.comcast.net
   Description . . . . . . . . . . . : Intel(R) 82562V-2 10/100 Network Connecti
on
   Physical Address. . . . . . . . . : 00-19-D1-7F-13-E2
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:470:1f11:435::2(Preferred)
   Link-local IPv6 Address . . . . . : fe80::3d68:98ac:9f8b:fb0%7(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.106(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, September 05, 2010 6:08:21 AM
   Lease Expires . . . . . . . . . . : Tuesday, September 07, 2010 5:18:59 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 184555985
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0F-91-B2-C3-00-19-D1-7F-13-E2

   DNS Servers . . . . . . . . . . . : 204.117.214.10
                                       204.97.212.10
                                       4.2.2.4
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 10:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : hsd1.in.comcast.net
   Description . . . . . . . . . . . : isatap.hsd1.in.comcast.net
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter IP6Tunnel:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Direct Point-to-point Adapater
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes



netstat -nr...........

===========================================================================
Interface List
  7 ...00 19 d1 7f 13 e2 ...... Intel(R) 82562V-2 10/100 Network Connection
  1 ........................... Software Loopback Interface 1
  9 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
15 ...00 00 00 00 00 00 00 e0  isatap.hsd1.in.comcast.net
16 ...00 00 00 00 00 00 00 e0  Microsoft Direct Point-to-point Adapater
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.106     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.106    276
    192.168.1.106  255.255.255.255         On-link     192.168.1.106    276
    192.168.1.255  255.255.255.255         On-link     192.168.1.106    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.106    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.106    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  7    276 2001:470:1f11:435::/64   On-link
  7    276 2001:470:1f11:435::2/128 On-link
  7    276 fe80::/64                On-link
  7    276 fe80::3d68:98ac:9f8b:fb0/128
                                    On-link
  1    306 ff00::/8                 On-link
  7    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
If Metric Network Destination      Gateway
  0 4294967295 ::/0                     2001:470:1f10:435::1
===========================================================================


ping -6 ipv6.google.com

Pinging ipv6.l.google.com [2001:4860:8009::6a] from 2001:470:1f10:435::2 with 32
bytes of data:
General failure.
General failure.
General failure.
General failure.

Ping statistics for 2001:4860:8009::6a:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

cholzhauer

/64 is correct.

Did you could check that 2001:470:1f11:435::/64 is your routed /64 ?  (Check on the Tunnel details page)

Something isn't working (obviously)  Did you use 192.168.1.106 as your IP address when you created your tunnel?  (That is, you took the commands HE gave you and substituted 192.168.1.106 as your side of the tunnel)

a1pcfixer

Quote from: cholzhauer on September 07, 2010, 05:38:51 AM

Did you could check that 2001:470:1f11:435::/64 is your routed /64 ?  (Check on the Tunnel details page)

Yes.

Quote from: cholzhauer on September 07, 2010, 05:38:51 AM
Something isn't working (obviously)  Did you use 192.168.1.106 as your IP address when you created your tunnel?  (That is, you took the commands HE gave you and substituted 192.168.1.106 as your side of the tunnel)

Are you referring to..... 

IPv4 endpoint:
(your side of the tunnel)

....if yes, I'm not certain.

Should I create a new tunnel and start all over?

cholzhauer

Quote
IPv4 endpoint:
(your side of the tunnel)

Yep.  HE would have filled in whatever public address it saw your traffic coming from eg, 12.34.56.78 and not 192.168.1.106.

Deleting the tunnel and starting over would probably help.

a1pcfixer

Quote from: cholzhauer on September 07, 2010, 08:01:25 AM
Quote
IPv4 endpoint:
(your side of the tunnel)

Yep.  HE would have filled in whatever public address it saw your traffic coming from eg, 12.34.56.78 and not 192.168.1.106.

Deleting the tunnel and starting over would probably help.

On Create a Regular Tunnel/setup page I entered  192.168.1.106  into "IPv4 endpoint:(your side of the tunnel)", and hit Submit. It came back with "Error: That IPv4 endpoint has been blocked (RFC1918 Private Address Space)"

The following is what the HE "Setup Regular IPv6 Tunnel" page shows me........

IPv4 endpoint:
(your side of the tunnel)    
You are viewing from IP:    67.167.109.154
We recommend you use:    
Chicago, IL [ 209.51.181.2 ]
Which Server Is Closest to you?:

cholzhauer

Right.

You need to leave the webpage fill in whatever values it wants (67.167.109.154)

You don't need to delete and re-create the tunnel on the webpages, but if you have already deleted it, we'll need to re-create it.

Create it the same way you did before, then at the bottom of the page, I assume you selected Windows, then copied the commands below, and then pasted them into a command prompt in windows?

Before you paste the contents into the command prompt, you need to change 67.167.109.154 to 192.168.1.106.  For example, this is what HE gives me to enter in a command prompt.


netsh interface teredo set state disabled
netsh interface ipv6 add v6v4tunnel IP6Tunnel 12.199.185.10 209.51.181.2
netsh interface ipv6 add address IP6Tunnel 2001:470:1f10:2aa::2
netsh interface ipv6 add route ::/0 IP6Tunnel 2001:470:1f10:2aa::1


The 12.199.185.10 is my public IP address.  Yours probably looks something like this


netsh interface teredo set state disabled
netsh interface ipv6 add v6v4tunnel IP6Tunnel 67.167.109.154 209.51.181.2
netsh interface ipv6 add address IP6Tunnel 2001:470:1f10:435::2
netsh interface ipv6 add route ::/0 IP6Tunnel 2001:470:1f10:435::1


You needed to change it so it looks like this  (assuming you are going to use Chicago as your tunnel end point)


netsh interface teredo set state disabled
netsh interface ipv6 add v6v4tunnel IP6Tunnel 192.168.1.106 209.51.181.2
netsh interface ipv6 add address IP6Tunnel 2001:470:1f10:435::2
netsh interface ipv6 add route ::/0 IP6Tunnel 2001:470:1f10:435::1

a1pcfixer

Quote from: cholzhauer on September 07, 2010, 11:03:34 AM
Right.

You need to leave the webpage fill in whatever values it wants (67.167.109.154)

You don't need to delete and re-create the tunnel on the webpages, but if you have already deleted it, we'll need to re-create it.


I deleted it, and then recreated another. I think THAT (IPv4 endpoint) is where my troubles start.
My IP on the web shows as [67.167.109.154]. My IP behind my router is [192.168.1.106]

If I enter either of those into........

IPv4 endpoint:
(your side of the tunnel)   

...it comes back with errors;

[192.168.1.106]..........
Error: That IPv4 endpoint has been blocked (RFC1918 Private Address Space)

[67.167.109.154]..........
Error: Your IPv4 endpoint is unreachable or unstable. Please make sure ICMP is not blocked. If you are blocking ICMP, please allow 66.220.2.74 through your firewall.

I currently have Norton Secuity Suite's firewall disabled, so my Linksys WRT54G router must be a part of this mess.

I used one of my 3 DNS server IP's to create a tunnel, which I'm guessing is wrong.

cholzhauer

As you've found out, you can't use 192.168.0.0/16 or 10.0.0.0/8 ect.

You NEED to use your 64.167.109.154 address that HE detects.

As you've also found you, your system needs to reply to Ping requests for any of this to work.  Check the firewall on your Vista system as well (which is what I assume you're using to browse to HE's site) 

You will need to either use the DMZ functionality on your Linksys, enable Ping across the board, or enable Ping for a certain host

a1pcfixer

Quote from: cholzhauer on September 07, 2010, 12:38:35 PM
As you've found out, you can't use 192.168.0.0/16 or 10.0.0.0/8 ect.

You NEED to use your 64.167.109.154 address that HE detects.

As you've also found you, your system needs to reply to Ping requests for any of this to work. 

I've managed to disable enough things on the router to get HE to allow me to setup another tunnel with
[64.167.109.154]. That's a small bit of progress! (hoping I'm not exposed now).

Altering the recommended commands as you suggested.........

netsh interface teredo set state disabled
netsh interface ipv6 add v6v4tunnel IP6Tunnel 192.168.1.106 209.51.181.2
netsh interface ipv6 add address IP6Tunnel 2001:470:1f10:91e::2
netsh interface ipv6 add route ::/0 IP6Tunnel 2001:470:1f10:91e::1


C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu>netsh interface teredo
set state disabled
Ok.

C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu>netsh interface ipv6 a
dd v6v4tunnel IP6Tunnel 192.168.1.106 209.51.181.2
You were not connected because a duplicate name exists on the network. If joinin
g a domain, go to System in Control Panel to change the computer name and try ag
ain. If joining a workgroup, choose another workgroup name.

C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu>netsh interface ipv6 a
dd address IP6Tunnel 2001:470:1f10:91e::2

C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu>netsh interface ipv6 a
dd route ::/0 IP6Tunnel 2001:470:1f10:91e::1

Why is it telling me this above?........
"You were not connected because a duplicate name exists on the network. If joinin
g a domain, go to System in Control Panel to change the computer name and try ag
ain. If joining a workgroup, choose another workgroup name."


ipconfig /all........

Windows IP Configuration

   Host Name . . . . . . . . . . . . : xxxxxxx-a
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : hsd1.in.comcast.net

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : hsd1.in.comcast.net
   Description . . . . . . . . . . . : Intel(R) 82562V-2 10/100 Network Connecti
on
   Physical Address. . . . . . . . . : 00-19-D1-7F-13-E2
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:470:1f11:435::2(Preferred)
   Link-local IPv6 Address . . . . . : fe80::3d68:98ac:9f8b:fb0%7(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.106(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, September 07, 2010 2:49:31 PM
   Lease Expires . . . . . . . . . . : Wednesday, September 08, 2010 2:49:31 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 184555985
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0F-91-B2-C3-00-19-D1-7F-13-E2

   DNS Servers . . . . . . . . . . . : 204.117.214.10
                                       204.97.212.10
                                       4.2.2.4
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 10:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : hsd1.in.comcast.net
   Description . . . . . . . . . . . : isatap.hsd1.in.comcast.net
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter IP6Tunnel:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Direct Point-to-point Adapater
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes


netstat -nr........

===========================================================================
Interface List
  7 ...00 19 d1 7f 13 e2 ...... Intel(R) 82562V-2 10/100 Network Connection
  1 ........................... Software Loopback Interface 1
  9 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
15 ...00 00 00 00 00 00 00 e0  isatap.hsd1.in.comcast.net
16 ...00 00 00 00 00 00 00 e0  Microsoft Direct Point-to-point Adapater
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.106     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.106    276
    192.168.1.106  255.255.255.255         On-link     192.168.1.106    276
    192.168.1.255  255.255.255.255         On-link     192.168.1.106    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.106    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.106    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  7    276 2001:470:1f11:435::/64   On-link
  7    276 2001:470:1f11:435::2/128 On-link
  7    276 fe80::/64                On-link
  7    276 fe80::3d68:98ac:9f8b:fb0/128
                                    On-link
  1    306 ff00::/8                 On-link
  7    276 ff00::/8                 On-link
================================================================
Persistent Routes:
If Metric Network Destination      Gateway
  0 4294967295 ::/0                     2001:470:1f10:435::1
  0 4294967295 ::/0                     2001:470:1f10:91e::1
================================================================



ping -6 ipv6.google.com

Pinging ipv6.l.google.com [2001:4860:b007::63] from 2001:470:1f10:435::2 with 32
bytes of data:
General failure.
General failure.
General failure.
General failure.

Ping statistics for 2001:4860:b007::63:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),


lukec

Couple of suggestions...can you ping your router address?

run        netsh interface ipv6 show interface 8" (where 8 in the index number of your interface)

Interface Local Area Connection Parameters
----------------------------------------------
IfLuid                             : ethernet_4
IfIndex                            : 8
Compartment Id                     : 1
State                              : connected
Metric                             : 20
Link MTU                           : 1500 bytes
Reachable Time                     : 25000 ms
Base Reachable Time                : 30000 ms
Retransmission Interval            : 1000 ms
DAD Transmits                      : 1
Site Prefix Length                 : 64
Site Id                            : 1
Forwarding                         : disabled
Advertising                        : disabled
Neighbor Discovery                 : enabled
Neighbor Unreachability Detecion   : enabled
Router Discovery                   : enabled
Managed Address Configuration      : enabled
Other Stateful Configuration       : disabled
Weak Host Sends                    : disabled
Weak Host Receives                 : disabled
Use Automatic Metric               : enabled
Ignore Default routes              : disabled


What is the status of"Neighbour Discovery" "NUD" "Router Discovery" ? These "should" be enabled ...

Your IPv6 routing table should have an active ::/0 - along the lines of

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination      Gateway
  8    276 ::/0                     fe80::223:ebff:fe96:6bad
  1    306 ::1/128                  On-link



Regards
lukec

cholzhauer

Quote
Why is it telling me this above?........
"You were not connected because a duplicate name exists on the network. If joinin
g a domain, go to System in Control Panel to change the computer name and try ag
ain. If joining a workgroup, choose another workgroup name."

Look at post #14 from jimb

http://www.tunnelbroker.net/forums/index.php?topic=780.0