• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Main Menu

Tunnel behind server

Started by csolutions, September 14, 2010, 12:08:46 AM

Previous topic - Next topic

csolutions

I've entered the netsh commands to create a v6v4tunnel successfully with my private ip address but it's still not working. I am behind a server as well so the ip address comes from the server and the router wouldn't have access to my pc, I was wandering if that would have anything to do with it?

cholzhauer

What do you mean you're behind a server?

Is your router/firewall passing protocol 41 traffic to you?

csolutions

#2
> What do you mean you're behind a server?
A windows 2003 server, so my client computer connected to it is within an internal network 192.168.101.* separate from computers connected to the router 192.168.100.* (netgear dg834gt)

> Is your router/firewall passing protocol 41 traffic to you?
Ah probably not (after creating the tunnel adapter tunnelbroker.net now takes 21sec for the dns to resolve), I've tried the "IPv6-over-IPv4 tunnels across a firewall" instructions found on this page without success, would I need to configure windows firewall as well?
http://ipv6.raphnet.net/

Here's my ip configuration if this helps:

QuoteEthernet adapter Local Area Connection:

  Connection-specific DNS Suffix  . : csolutions.local
  Link-local IPv6 Address . . . . . : fe80::b89f:5f5a:c5e8:cf8e%11
  IPv4 Address. . . . . . . . . . . : 192.168.101.22
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
  Default Gateway . . . . . . . . . : 192.168.101.1

Tunnel adapter IP6Tunnel:

  Connection-specific DNS Suffix  . : csolutions.local
  IPv6 Address. . . . . . . . . . . : 2001:470:c:5a7::2
  Link-local IPv6 Address . . . . . : fe80::2063:7217:98c3:45a6%14
  Default Gateway . . . . . . . . . : 2001:470:c:5a7::1

[Update]
I've just tried connecting to the tunnel's IPv4 VPN and then used the client IP4 address from the vpn in creating the ip6tunnel without success as well. Did I understand this correct from other forum posts or do I need to take additional steps?

cholzhauer

Well for one, you need to assign an IPv6 address to your local area connection.

But first, we need to fix the tunnel.

Honestly, I don't know if the tunnel will work behind a double NAT.  I assume it would work as long as you entered your NAT IP address instead of your public IP address (you did do that didn't you?)

You do need to verify that the router(s) upstream from you will pass you protocol 41.

csolutions

> Well for one, you need to assign an IPv6 address to your local area connection.
Ok, that's now done.

> You do need to verify that the router(s) upstream from you will pass you protocol 41.
Is there an easy way to do that? I'm just trying to load an ipv6 only site but if there are other issues like not having assigned an ipv6 address to my connection then I can't answer that question. As well as trying the telnet solution I've also followed the advice on this site under "IPv6 Debian" which mentions opening a hole for Any(All) service for ipv6 tunnel gateway since the only other services listed are TCP or UDP and not protocol 4 on the netgear router I have.
http://aaisp.net.uk/kb-broadband-ipv6.html

cholzhauer

If there's an easy way to test to see if protocol 41 is passed, I'd love to know it ;)

I'm usually forced to pass all IP traffic to that host (because my ASA can't do filtering by protocol, only port)

After adding that IPv6 address to your connection, as long as your tunnel is up, everything should work.  Of course, if protocol 41 isn't passed, it won't work.  What does wireshark show?

And I assume you added an IP address out of your routed /64 or /48?