• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Windows 7 machine has 3 IPv6 addresses!

Started by lobotiger, September 30, 2010, 04:11:58 PM

Previous topic - Next topic

lobotiger

Ok so I've had this problem for a long time and I'm only getting around to looking into it just now.  I have noticed from an "ipconfig" that my LAN interface on my Windows 7 machine has 3 IPv6 addresses from my assigned HE block.

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2001:470:b081::2
   IPv6 Address. . . . . . . . . . . : 2001:470:b081:0:7d9e:e8eb:a4d7:a943
   Temporary IPv6 Address. . . . . . : 2001:470:b081:0:4df6:7618:db3c:fcb6
   Link-local IPv6 Address . . . . . : fe80::7d9e:e8eb:a4d7:a943%11
   IPv4 Address. . . . . . . . . . . : 192.168.0.3
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 2001:470:b081::1
                                       fe80::21b:d4ff:feab:b9ac%11
                                       192.168.0.1

I'm familiar with the link-local one and I have hard coded ::2 to my LAN interface under the IPv6 settings of TCP/IP.  What I'm curious about is why I have two other ones there?

The HE tunnel is terminated on my Cisco 1811 router and my LAN interface looks like this:

interface FastEthernet0
description to LAN
ip address 192.168.0.1 255.255.255.0
ip access-group INTERNAL_ACL in
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat inside
ip ips sdm_ips_rule in
ip virtual-reassembly
load-interval 30
duplex auto
speed auto
ipv6 address 2001:470:B081::1/64
ipv6 enable
service-policy output egress-to-LAN-parent

The reason why I'm looking to resolve this is because I noticed today that when I checked my IPv6 address from whatsmyipv6.com, it showed the temporary one up there instead of the ::2 I was expecting.

Any suggestions or tips as to why this is like this?

LoboTiger

cholzhauer

Regarding the temporary address

http://technet.microsoft.com/en-us/library/cc736439(WS.10).aspx

Basically, it's trying to emulate the dial up days where you had a certain degree of anonymity because every time you would dial in to the internet, you would get a different address.

If you no longer want that address, run a "netsh int ipv6 set privacy disabled" and reboot

The other address is because your router is doing RA (router advertisements) and your computer is auto-configuring an address.  You can disable RA on the router...I think it's something like:


conf t
interface fastethernet0
suppress RA


At least that's what it is for an ASA, and they normally have pretty close syntax

You can also forbid your computer from listening for RA...You have to disable one of the flags under your adapter...I think it's the R flag?  (Easier to change the router)

allen4names

lobotiger

Please let us know where you want the tunnel endpoint. Your computer or your router.

lobotiger

cholzhauer:  Ahh I see.  I understand the MS one and I'll likely disable that one.  However for the RA one, I personally prefer my own desktop to be hardcoded for bittorrent and stuff like that but all my other computers and devices I would like to keep having some kind of auto configuration like RA.  I'm thinking that disabling RA would mean that those machines wouldn't get an IPv6 address assigned to them anymore.

allen4names: I want the tunnel endpoint to be terminated on the router.

LoboTiger

allen4names

#4
LoboTiger

You should have this checked by someone with more experience.

@echo off
rem  Start the ipv6 log
netsh interface ipv6 show interfaces > ipv6log.txt
netsh interface ipv6 show addresses >> ipv6log.txt
netsh interface ipv6 show routes >> ipv6log.txt
echo. >> ipv6log.txt
rem  Delete the tunnel
netsh interface ipv6 delete route ::/0 "IP6Tunnel" 2001:470:b081::1
netsh interface ipv6 delete address "IP6Tunnel" 2001:470:b081::1
netsh interface ipv6 delete interface "IP6Tunnel"
rem  Complete the ipv6 log
netsh interface ipv6 show interfaces >> ipv6log.txt
netsh interface ipv6 show addresses >> ipv6log.txt
netsh interface ipv6 show routes >> ipv6log.txt
exit

This should remove the tunnel endpoint from your computer allowing you to use the one on your router as well as creating a log in case something goes wrong.

cholzhauer

Well then, you can just tell your desktop to stop accepting RA solicitations...How you do this sort of depends on the numbered index of your network adapter.

For example:


C:\Users\cholzhauer>netsh int ipv6 sh int

Idx     Met         MTU          State                Name
---  ----------  ----------  ------------  ---------------------------
  1          50  4294967295  connected     Loopback Pseudo-Interface 1
12          25        1500  connected     Wireless Network Connection
16          50        1280  disconnected  isatap.{78D990D2-DEA8-4FEC-B7C2-EFE695332DBB}
11           5        1500  disconnected  Local Area Connection
14          50        1500  disconnected  Bluetooth Network Connection


So, the adapter I want has an index of 11


C:\Users\cholzhauer>netsh int ipv6 sh int 11

Interface Local Area Connection Parameters
----------------------------------------------
IfLuid                             : ethernet_6
IfIndex                            : 11
State                              : disconnected
Metric                             : 5
Link MTU                           : 1500 bytes
Reachable Time                     : 15000 ms
Base Reachable Time                : 30000 ms
Retransmission Interval            : 1000 ms
DAD Transmits                      : 1
Site Prefix Length                 : 64
Site Id                            : 1
Forwarding                         : disabled
Advertising                        : disabled
Neighbor Discovery                 : enabled
Neighbor Unreachability Detection  : enabled
Router Discovery                   : enabled
Managed Address Configuration      : disabled
Other Stateful Configuration       : disabled
Weak Host Sends                    : disabled
Weak Host Receives                 : disabled
Use Automatic Metric               : enabled
Ignore Default Routes              : disabled
Advertised Router Lifetime         : 1800 seconds
Advertise Default Route            : disabled
Current Hop Limit                  : 0
Force ARPND Wake up patterns       : disabled
Directed MAC Wake up patterns      : disabled


We see here that router discovery is enabled, so,


netsh int ipv6 set int 11 routerdiscovery=disabled


You would obviously set the "11" to whatever index number your adapter shows as.

lobotiger

Thanks cholzhauer!  Telling it to stop accepting RA solicitations did the trick.  Now I've only got my local plus the assigned ::2 address. 

LoboTiger