Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Author Topic: Tunnel behind server  (Read 4405 times)

csolutions

  • readonly_member
  • Newbie
  • *
  • Posts: 3
Tunnel behind server
« on: September 14, 2010, 12:08:46 AM »

I've entered the netsh commands to create a v6v4tunnel successfully with my private ip address but it's still not working. I am behind a server as well so the ip address comes from the server and the router wouldn't have access to my pc, I was wandering if that would have anything to do with it?
Logged

cholzhauer

  • Hero Member
  • *****
  • Posts: 2715
Re: Tunnel behind server
« Reply #1 on: September 14, 2010, 04:55:52 AM »

What do you mean you're behind a server?

Is your router/firewall passing protocol 41 traffic to you?
Logged

csolutions

  • readonly_member
  • Newbie
  • *
  • Posts: 3
Re: Tunnel behind server
« Reply #2 on: September 14, 2010, 03:51:45 PM »

> What do you mean you're behind a server?
A windows 2003 server, so my client computer connected to it is within an internal network 192.168.101.* separate from computers connected to the router 192.168.100.* (netgear dg834gt)

> Is your router/firewall passing protocol 41 traffic to you?
Ah probably not (after creating the tunnel adapter tunnelbroker.net now takes 21sec for the dns to resolve), I've tried the "IPv6-over-IPv4 tunnels across a firewall" instructions found on this page without success, would I need to configure windows firewall as well?
http://ipv6.raphnet.net/

Here's my ip configuration if this helps:

Quote
Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : csolutions.local
   Link-local IPv6 Address . . . . . : fe80::b89f:5f5a:c5e8:cf8e%11
   IPv4 Address. . . . . . . . . . . : 192.168.101.22
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.101.1

Tunnel adapter IP6Tunnel:

   Connection-specific DNS Suffix  . : csolutions.local
   IPv6 Address. . . . . . . . . . . : 2001:470:c:5a7::2
   Link-local IPv6 Address . . . . . : fe80::2063:7217:98c3:45a6%14
   Default Gateway . . . . . . . . . : 2001:470:c:5a7::1

[Update]
I've just tried connecting to the tunnel's IPv4 VPN and then used the client IP4 address from the vpn in creating the ip6tunnel without success as well. Did I understand this correct from other forum posts or do I need to take additional steps?
« Last Edit: September 14, 2010, 04:31:58 PM by csolutions »
Logged

cholzhauer

  • Hero Member
  • *****
  • Posts: 2715
Re: Tunnel behind server
« Reply #3 on: September 14, 2010, 06:25:23 PM »

Well for one, you need to assign an IPv6 address to your local area connection.

But first, we need to fix the tunnel.

Honestly, I don't know if the tunnel will work behind a double NAT.  I assume it would work as long as you entered your NAT IP address instead of your public IP address (you did do that didn't you?)

You do need to verify that the router(s) upstream from you will pass you protocol 41.
Logged

csolutions

  • readonly_member
  • Newbie
  • *
  • Posts: 3
Re: Tunnel behind server
« Reply #4 on: September 14, 2010, 08:52:43 PM »

> Well for one, you need to assign an IPv6 address to your local area connection.
Ok, that's now done.

> You do need to verify that the router(s) upstream from you will pass you protocol 41.
Is there an easy way to do that? I'm just trying to load an ipv6 only site but if there are other issues like not having assigned an ipv6 address to my connection then I can't answer that question. As well as trying the telnet solution I've also followed the advice on this site under "IPv6 Debian" which mentions opening a hole for Any(All) service for ipv6 tunnel gateway since the only other services listed are TCP or UDP and not protocol 4 on the netgear router I have.
http://aaisp.net.uk/kb-broadband-ipv6.html
Logged

cholzhauer

  • Hero Member
  • *****
  • Posts: 2715
Re: Tunnel behind server
« Reply #5 on: September 15, 2010, 05:03:37 AM »

If there's an easy way to test to see if protocol 41 is passed, I'd love to know it ;)

I'm usually forced to pass all IP traffic to that host (because my ASA can't do filtering by protocol, only port)

After adding that IPv6 address to your connection, as long as your tunnel is up, everything should work.  Of course, if protocol 41 isn't passed, it won't work.  What does wireshark show?

And I assume you added an IP address out of your routed /64 or /48?
Logged