• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Win 7 Tunnel setup, DNS resolution, destination port unreachable

Started by iui, September 29, 2011, 04:04:30 PM

Previous topic - Next topic

iui

I've managed to get the tunnel setup.  Everything works fine along with the video tutorial.. up until the ping.  I think I may have something messed up in my routing table,though I did use the configuration command from the tunnel.  I changed the client address to the ipv4 address of my win 7 machine (100.100.1.2) which sits behind a RVS4000 Cisco Router.  The ping -6 commands  look to be resolving the domains (ipv6.google.com and pong6.com) to their ipv6 address - but there is no route to get to them.

I also tried disabling firewalls on win 7 and the router as well as the IPS protection system on the router to no avail.

I'm stuck at this point - any ideas are greatly appreciated!  

These are the commands I ran from the Tunnel Details Example Configurations:
netsh interface teredo set state disabled
netsh interface ipv6 add v6v4tunnel IP6Tunnel 100.100.1.2 216.66.22.2
netsh interface ipv6 add address IP6Tunnel 2001:470:7:63e::2
netsh interface ipv6 add route ::/0 IP6Tunnel 2001:470:7:63e::1

this is my ipconfig:
C:\Windows\system32>ipconfig

Windows IP Configuration


Ethernet adapter Local Area Connection:

  Connection-specific DNS Suffix  . : example.com
  IPv6 Address. . . . . . . . . . . : 2002:d80f:1e34:0:893d:de64:522a:b2cc
  Temporary IPv6 Address. . . . . . : 2002:d80f:1e34:0:3923:f6da:6c37:cb47
  Link-local IPv6 Address . . . . . : fe80::893d:de64:522a:b2cc%13
  IPv4 Address. . . . . . . . . . . : 100.100.1.2
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
  Default Gateway . . . . . . . . . : fe80::21c:10ff:fef8:7de6%13
                                      100.100.1.1

Ethernet adapter Local Area Connection 2:

  Connection-specific DNS Suffix  . : local
  Link-local IPv6 Address . . . . . : fe80::44a9:ff8d:52d4:6c26%9
  IPv4 Address. . . . . . . . . . . : 192.168.200.2
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
  Default Gateway . . . . . . . . . :

Tunnel adapter IP6Tunnel:

  Connection-specific DNS Suffix  . : example.com
  IPv6 Address. . . . . . . . . . . : 2001:470:7:63e::2
  Link-local IPv6 Address . . . . . : fe80::b085:368b:ec2f:c560%10
  Default Gateway . . . . . . . . . : 2001:470:7:63e::1

and this is the result of my ping6:

C:\Users\Herschel>ping -6 ipv6.google.com

Pinging ipv6.l.google.com [2001:4860:b007::68] with 32 bytes of data:
Destination host unreachable.
Destination host unreachable.
Destination host unreachable.
Destination host unreachable.

Ping statistics for 2001:4860:b007::68:
   Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\Users\Herschel>ping -6 pong6.com

Pinging pong6.com [2607:f740:f::f90] with 32 bytes of data:
Destination port unreachable.
Destination port unreachable.
Destination port unreachable.
Destination port unreachable.

Ping statistics for 2607:f740:f::f90:
   Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

The ipv6 address of my RVS4000 router is pingable:
C:\Users\Herschel>ping -6 2002:d80f:1e34::1

Pinging 2002:d80f:1e34::1 with 32 bytes of data:
Reply from 2002:d80f:1e34::1: time=2ms
Reply from 2002:d80f:1e34::1: time<1ms
Reply from 2002:d80f:1e34::1: time=1ms
Reply from 2002:d80f:1e34::1: time<1ms

Ping statistics for 2002:d80f:1e34::1:
   Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
   Minimum = 0ms, Maximum = 2ms, Average = 0ms

But I cannot ping the ipv6 address of the server endpoint (ipv4 ping works to ipv4 addresses):
C:\Users\Herschel>ping -6 2001:470:7:63e::1

Pinging 2001:470:7:63e::1 with 32 bytes of data:
Destination port unreachable.
Destination port unreachable.
Destination port unreachable.
Destination port unreachable.

Ping statistics for 2001:470:7:63e::1:
   Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

I also tried the portscan test (http://www.tunnelbroker.net/portscan.php) and it appears to work (did have to check the box to turn off initial ping) when I use my client ipv6.
Starting Nmap 5.00 ( http://nmap.org ) at 2011-09-29 17:22 PDT
All 1000 scanned ports on dyegoe-3-pt.tunnel.tserv13.ash1.ipv6.he.net (2001:470:7:63e::2) are filtered

Nmap done: 1 IP address (1 host up) scanned in 4.31 seconds

broquea

Try not running 6to4 and 6in4 at the same time, and double check your IPv6 routing table. Although...

Actually, something looks wrong with this tunnel. It has no routed /64 associated with it. You might want to try deleting it and creating another.

-edit-

Ok, new tunnel looks properly configured on our side. You'll want to remove the old tunnel interface and default route on your Windows machine again, and run it with the new addresses.

Voodoomanic

I am experiencing the same problem, I tried deleting and creating a new tunnel (did reconfigure tunnel settings in windows) but still nothing.

Windows IP Configuration


Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::317d:5325:4aa1:ded6%10
   IPv4 Address. . . . . . . . . . . : 192.168.1.10
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1

Tunnel adapter isatap.{D6AA245F-A359-4BFB-995F-959C50B4F3FE}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter IP6Tunnel:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2001:470:1f08:1b16::2
   Link-local IPv6 Address . . . . . : fe80::8447:89d6:2b91:47da%11
   Default Gateway . . . . . . . . . : 2001:470:1f08:1b16::1

C:\Users\S>ping -6 ipv6.google.com

Pinging ipv6.l.google.com [2a00:1450:4002:802::1014] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 2a00:1450:4002:802::1014:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),


I tried turning off my firewall, but it makes no difference. I have a Huawei EchoLife HG520c with a local address 192.168.1.10.
These are the commands I used to create a tunnel:

netsh interface teredo set state disabled
netsh interface ipv6 add v6v4tunnel IP6Tunnel 192.168.1.10 216.66.80.26
netsh interface ipv6 add address IP6Tunnel 2001:470:1f08:1b16::2
netsh interface ipv6 add route ::/0 IP6Tunnel 2001:470:1f08:1b16::1


The only difference I have from iui is I'm not getting any results on portscan :(
Starting Nmap 5.00 ( http://nmap.org ) at 2011-12-16 05:42 PST
Note: Host seems down. If it is really up, but blocking our ping probes, try -PN
Nmap done: 1 IP address (0 hosts up) scanned in 3.10 seconds

Any suggestions?

cholzhauer


Voodoomanic

I can't seem to find any specifications about HG520c and protocol 41. Could it actually be that this home gateway router doesn't pass it? Is it any way to check for this other than specifications?

Thank you

cholzhauer

Quote from: Voodoomanic on December 16, 2011, 05:55:57 AM
I can't seem to find any specifications about HG520c and protocol 41. Could it actually be that this home gateway router doesn't pass it? Is it any way to check for this other than specifications?

It's very possible that it won't pass proto41...does it have a DMZ function?  Do you have anyway to take the router out of the mix and test?

Voodoomanic

Yes it does have a dmz option  and I tried putting my local address into it, but to no avail.

http://i39.tinypic.com/2dt8y91.png

This is the router that my ISP supplied me with. It stores their ppp username and pass. Now I did enter the admin acc on it but I can not see the password. The only way I can exclude this router is to buy one and ask my ISP to supply me with their pass.
The thing is I have an assignment at university to setup a ipv6 tunnel at home and to run some servers. Not sure if i'll have enough cash atm to buy a good router, I hope that those generic tp-link home routers pass protocol41, that would be a real life saver since they're quite cheap :)

cholzhauer

Quote
The thing is I have an assignment at university to setup a ipv6 tunnel at home and to run some servers.

It seems like they would at least give you the equipment to do this or let you do it on campus where they're able to help more (with protocol41 issues like this)

FWIW DMZ mode doesn't always help (as you're seeing)

Voodoomanic

Yeah I'll ask my professor, thanks for the help anyways  :)

nickbeee

Quote from: cholzhauer on December 16, 2011, 06:26:28 AM
Quote
The thing is I have an assignment at university to setup a ipv6 tunnel at home and to run some servers.

It seems like they would at least give you the equipment to do this or let you do it on campus where they're able to help more (with protocol41 issues like this)

Agreed. You would think they would give you the correct tools for the job  :o

I'd start by trying to ping your end of the tunnel (ending ::1 which should work) followed by the HE end of the tunnel (::2). If you ping ::1 but not ::2 then I'd be looking at a protocol 41 issue.

I use a Netgear DG834v4 for ADSL2+ Annexe A service which are plentiful on Ebay and pass protocol 41 quite happily.
Nick B.

Tunnelling with [Open|Net|Free]BSD and IOS.
IPv6 courtesy of   HE and   Sixxs.