• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Error creating a tunnel

Started by Gorovoro, October 15, 2010, 05:46:18 AM

Previous topic - Next topic

cholzhauer

Well, lets start from the beginning.

You need to enabled ICMP to your host.
You need to make sure your router is passing Proto41 traffic to your end point

Regarding adding the address:
http://msdn.microsoft.com/en-us/library/bb736546(VS.85).aspx

Make sure you use an address out of your routed /64


allen4names

I found something that may help.

Microsoft Internet Protocol Version 6 (IPv6)

You can also Google 'windows xp ipv6 support'.

Gorovoro

#17
This isn't going the way i wanted, i'm looking for HE SPECIFIC instructions not general info on ipv6.
Anyway after searching both google and this forum i found
http://www.tunnelbroker.net/forums/index.php?topic=919.0
and decided to post some pics so this is how it looks after following DezzaNet:
http://i54.tinypic.com/2w50miv.jpg

so what's wrong?

cholzhauer

You're behind a NAT; what commands did you enter to create your tunnel?  On the HE webpage, it includes your public IP address in the commands you need to enter.  However, since you're behind a NAT, you need to change those commands to reflect that.

Example.  Your public IP address is 1.2.3.4 and your NAT address is 192.168.1.4.

On the HE page, it lists netsh interface ipv6 add v6v4tunnel IP6Tunnel 1.2.3.4 209.51.181.2

You need to change that to be netsh interface ipv6 add v6v4tunnel IP6Tunnel 192.168.1.4 209.51.181.2

Note that 209.51.181.2 is the IP address of the Chicago tunnel and unless you're using that tunnel server, you should change that IP to reflect your tunnel server's IP.

For your routing tables, you need to do a "netsh int ipv6 sh route"  (netstat -nr will not show IPv6 routes in XP)

Gorovoro

#19
YES! IT WORKS finally Ipv6, can't believe i spent hours on something as simple as a nat address..
THANKS A LOT cholzhauer and everyone else as well.
And thanks to DezzaNet i also have Ipv6 on my laptop.

A few more things tho
This is what i used for DezzaNet guide

Server IPv4 Address: 216.66.80.26
Server IPv6 Address: 2001:470:1f08:f88::1/64
Client IPv4 Address: 192.168.1.4
Client IPv6 Address: 2001:470:1f08:f88::2/64
Routed /64: 2001:470:1f09:f88::/64


And the bat file

netsh interface ipv6 add v6v4tunnel IP6Tunnel 192.168.1.4 216.66.80.26
netsh interface ipv6 add addr IP6Tunnel 2001:470:1f08:f88::2
netsh interface ipv6 set interface IP6Tunnel forwarding=enabled
netsh interface ipv6 set interface "Local Area Connection 2" forwarding=enabled advertise=enabled
netsh interface ipv6 add addr "Local Area Connection 2" 2001:470:1f09:f88::1
netsh interface ipv6 add route 2001:470:1f09:f88::/64 "Local Area Connection 2" publish=yes
netsh interface ipv6 add route ::/0 "IP6Tunnel" 2001:470:1f08:f88::1 publish=yes
pause


I didn't miss anything right? and is this permanent? i don't have to do this each time my pc starts.
One pc has to run this so others can have access or is it stored in the router?

If i add install ipv6 at the head of the bat file do i still need to run this on a fresh install?

ipv6 install
ipv6 rtu ::/0 2/::216.66.80.26 pub
ipv6 adu 2/2001:470:1f08:f88::2


My ip is dynamic do i still need to access HE to update my ipv4 endpoint each time i change it?

And finally is all of this safe? i mean can anyone see anything besides what he should? i don't want any security holes.

Please address each question and thanks again.

Gorovoro

After some more exploring i'm left with:
I didn't miss anything right? in the bat file that is.
After enabling router advertisements is it a permanent setting in the router or not?
Do i need to add the HE config to the bat file? assuming a fresh install.
How safe is it especially considering the router advertisements?

Gorovoro

QuoteI didn't miss anything right? in the bat file that is.
I don't think i did and if there was something you would have told Dezza to fix it

QuoteAfter enabling router advertisements is it a permanent setting in the router or not?
It only works when this pc is on so it's not a router thing, but then it's kind of useless better off opening a tunnel on other pc's as well

QuoteDo i need to add the HE config to the bat file? assuming a fresh install.
Still don't know that for sure but better safe than sorry so i'l run it anyway

QuoteHow safe is it especially considering the router advertisements?
I guess if it's any pc in the network it means wireless is a liability so i added mac filtering

I guess that's it unless someone has something to add if not thanks again everyone.

allen4names

I can't answer all of your questions but you are using Windows XP right? If so then you will need to change the following batch script so that it will run on XP.
@echo off
rem  IPv6 report batch script for Windows Vista
echo IPv6 report > ipv6_report.txt
date /t >> ipv6_report.txt
time /t >> ipv6_report.txt
echo. >> ipv6_report.txt
echo ver >> ipv6_report.txt
ver >> ipv6_report.txt
echo ipconfig /all >> ipv6_report.txt
ipconfig /all >> ipv6_report.txt
echo. >> ipv6_report.txt
echo netsh interface ipv6 show teredo >> ipv6_report.txt
netsh interface ipv6 show teredo >> ipv6_report.txt
echo. >> ipv6_report.txt
echo netsh interface ipv6 show route >> ipv6_report.txt
netsh interface ipv6 show route >> ipv6_report.txt
echo. >> ipv6_report.txt
echo nslookup ipv6.google.com >> ipv6_report.txt
nslookup ipv6.google.com >> ipv6_report.txt
echo. >> ipv6_report.txt
echo ping ipv6.google.com >> ipv6_report.txt
ping ipv6.google.com >> ipv6_report.txt
echo. >> ipv6_report.txt
echo nslookup www.google.com >> ipv6_report.txt
nslookup www.google.com >> ipv6_report.txt
echo. >> ipv6_report.txt
echo ping -6 www.google.com >> ipv6_report.txt
ping -6 www.google.com >> ipv6_report.txt
exit

The netsh commands are new to Windows Vista. Except for what I have redacted this is what my batch script produced.
IPv6 report
Mon 10/18/2010
03:49 AM

ver

Microsoft Windows [Version 6.0.6002]
ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : [Redacted]
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Mixed
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Atheros AR5007EG Wireless Network Adapter
   Physical Address. . . . . . . . . : 00-24-D2-69-DF-79
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 00-1E-33-B8-61-EC
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::c856:8f0d:2a9d:53fc%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.64(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, October 17, 2010 10:20:59 PM
   Lease Expires . . . . . . . . . . : Monday, October 18, 2010 10:20:59 PM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 167779891
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-86-E8-D0-00-1E-33-B7-8B-54
   DNS Servers . . . . . . . . . . . : 2001:470:20::2
                                       192.168.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{0913D5A8-EAAD-4D04-821E-DF2C6404AAB0}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{33A008A6-E696-464A-8C85-F41BB59A2309}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter IP6Tunnel:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Direct Point-to-point Adapater
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:470:a:18f::2(Preferred)
   Link-local IPv6 Address . . . . . : fe80::cde8:203:e38e:be5a%16(Preferred)
   Default Gateway . . . . . . . . . : 2001:470:a:18f::1
   DNS Servers . . . . . . . . . . . : 2001:470:20::2
                                       192.168.0.1
   NetBIOS over Tcpip. . . . . . . . : Disabled

netsh interface ipv6 show teredo
Teredo Parameters
---------------------------------------------
Type                    : default
Server Name             : teredo.ipv6.microsoft.com.
Client Refresh Interval : 30 seconds
Client Port             : unspecified
State                   : offline
Error                   : none


netsh interface ipv6 show route

Publish  Type      Met  Prefix                    Idx  Gateway/Interface Name
-------  --------  ---  ------------------------  ---  ------------------------
No       Manual    256  ::/0                       16  2001:470:a:18f::1
No       Manual    256  ::1/128                     1  Loopback Pseudo-Interface 1
No       Manual    256  2001:470:a:18f::/64        16  IP6Tunnel
No       Manual    256  2001:470:a:18f::2/128      16  IP6Tunnel
No       Manual    256  fe80::/64                  16  IP6Tunnel
No       Manual    256  fe80::/64                  10  Local Area Connection
No       Manual    256  fe80::/64                  11  Wireless Network Connection
No       Manual    256  fe80::5efe:192.168.0.64/128   15  Local Area Connection* 6
No       Manual    256  fe80::89b6:d566:b988:38b4/128   11  Wireless Network Connection
No       Manual    256  fe80::c856:8f0d:2a9d:53fc/128   10  Local Area Connection
No       Manual    256  fe80::cde8:203:e38e:be5a/128   16  IP6Tunnel
No       Manual    256  ff00::/8                    1  Loopback Pseudo-Interface 1
No       Manual    256  ff00::/8                   16  IP6Tunnel
No       Manual    256  ff00::/8                   10  Local Area Connection
No       Manual    256  ff00::/8                   11  Wireless Network Connection


nslookup ipv6.google.com
Server:  ordns.he.net
Address:  2001:470:20::2

Name:    ipv6.l.google.com
Address:  2001:4860:8005::6a
Aliases:  ipv6.google.com


ping ipv6.google.com


Pinging ipv6.l.google.com [2001:4860:8005::6a] from 2001:470:a:18f::2 with 32 bytes of data:

Reply from 2001:4860:8005::6a: time=83ms

Reply from 2001:4860:8005::6a: time=82ms

Reply from 2001:4860:8005::6a: time=82ms

Reply from 2001:4860:8005::6a: time=82ms



Ping statistics for 2001:4860:8005::6a:

    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 82ms, Maximum = 83ms, Average = 82ms


nslookup www.google.com
Server:  ordns.he.net
Address:  2001:470:20::2

Name:    www.l.google.com
Addresses:  2001:4860:8005::93
  74.125.127.104
  74.125.127.147
  74.125.127.103
  74.125.127.106
  74.125.127.105
  74.125.127.99
Aliases:  www.google.com


ping -6 www.google.com


Pinging www.l.google.com [2001:4860:8005::63] from 2001:470:a:18f::2 with 32 bytes of data:

Reply from 2001:4860:8005::63: time=82ms

Reply from 2001:4860:8005::63: time=82ms

Reply from 2001:4860:8005::63: time=82ms

Reply from 2001:4860:8005::63: time=82ms



Ping statistics for 2001:4860:8005::63:

    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 82ms, Maximum = 82ms, Average = 82ms

Finally as you are behind a NAT like I am each machine that you want to give IPv6 connectivity to will have to tunnel though your NAT appliance. Please remember to give a different IPv6 address to each machine such as 2001:470:1f08:f88::5.

cholzhauer

Yes, everything should exist after a reboot; they all should be one time settings.

The only thing I am not sure about is the tunnel itself, but I'm 95% sure that will come back online after a reboot also.

I'm not sure what you mean by "how safe are router advertisements"  I assume you're comparing this against static addressing?  If that's the case, then yeah, static addresses are a little more secure, but if someone is allowed to join your network, they can just sniff traffic to find an IP address.

Gorovoro

#24
allen4names- I was trying to create a batch that will set ipv6 on a fresh install using dezzanet guide i found and i asked if everything was in order and that there's noting more to add to it especially the HE config for xp, so i'm not sure if you understood that correctly.

About your script i think everything is the same on xp except

nslookup ipv6.google.com -> shows my ISP's dns
ping -6 www.google.com -> Ping request could not find host www.google.com. Please check the name and try again.


The rest works just fine but i'm a little confused every result i've seen shows
Node Type . . . . . . . . . . . . : Mixed
while mine says
Node Type . . . . . . . . . . . . : Unknown
why is that?

Finally you mean a different ip like so?

netsh interface ipv6 add addr IP6Tunnel 2001:470:1f08:f88::5



cholzhauer- Yeah i kinda noticed everything was still there after reboot not sure why you weren't 100% sure tho
I want to make a batch to run on a fresh install so i wouldn't have to run this again so please check the code i posted and tell me if it's ok plus do i need the HE config or not?

Finally i'm not a network it so surely i wasn't referring to static addressing hehe i was merely saying that if anyone who got in the network could have access that easily isn't that dangerous especially on a wireless connection and what can i do about it...

allen4names

This may or may not help with the DNS. In Vista I went to the "Network and Sharing Center" and clicked on "View status". When "Local Area Connection Status" came up I clicked on "Properties". (I needed to confirm that I had administrative permissions.) When "Local Area Connection Properties" came up I highlighted "Internet Protocol Version 6 (TCP/IPv6)" and then clicked "Properties". I had already set things up to use 2001:470:20::2 as my preferred IPv6 DNS server so I didn't need to do anything.

I don't know why your "Node Type" is "Unknown".

Finally, yes as long as two machines do not have the same address or one of the two reserved ones which in your case would be 2001:470:1f08:f88:: and 2001:470:1f08:f88:ffff:ffff:ffff:ffff.

Gorovoro

What you just described is setting the dns servers manually on the tcp\ip 6 protocol, iv'e done so on the tcp\ip protocol but in xp at least the there aren't any properties on the tcp\ip 6 protocol the properties tab is disabled.

Well maybe some could tell me why Node Type is Unknown

Ok thanks, but what happens if two machines have the same ip? one can't connect?

cholzhauer

Quote
Ok thanks, but what happens if two machines have the same ip? one can't connect?

Same thing happens as would happen in an IPv4 world.

Gorovoro

cholzhauer- Yeah i kinda noticed everything was still there after reboot not sure why you weren't 100% sure tho
I want to make a batch to run on a fresh install so i wouldn't have to run this again so please check the code i posted and tell me if it's ok plus do i need the HE config or not?

Finally i'm not a network it so surely i wasn't referring to static addressing hehe i was merely saying that if anyone who got in the network could have access that easily isn't that dangerous especially on a wireless connection and what can i do about it...

Gorovoro

Can someone tell me why my Node Type is UNKNOWN and why does it take 5 min's to load this site?