• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

HOWTO: D-Link DIR-655 and tunnelbroker.net using Windows XP (and 2003)

Started by ykok, October 26, 2011, 11:49:32 AM

Previous topic - Next topic

ykok

This is meant as a guide to setup IPv6 using tunnelbroker.net, D-Link DIR-655 router and Windows XP. Probably this is not done the most efficient / correct way, so I hope anyone with better ideas will reply. Update: Read the update in the bottom first.

Here's my information from tunnelbroker.net:



And here's how I used that information on my router:

The internal IP address is just the first in the range I'm given by tunnelbroker.net. The DNS servers are googles.

Configuring your computer
Now, you'd think that this would make your Windows XP or at least your Windows 2003 able to get an IPv6 address within your scope (in my example 2001:470:28:a6c) - think again. Neither operating systems reacted on the router. I tried different commands that should renew or reset the IPv6 address, but all in vain. Notice that using statefull (DHCPv6) doesn't work either - as far as I know it's not supported by Windows XP nor Windows 2003.

If you just have an Windows XP and you just want it to work, you can specify the address and the route manually using either the "ipv6" command (only in Windows XP - think it is obsolete in Vista and Windows 7) or using "netsh"

Guides
Guide for using "ipv6" command for routing can be found here:
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sag_ip_v6_pro_rt_add.mspx?mfr=true
With a general ipv6 guide here:
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sag_ip_v6_add_utils.mspx?mfr=true

Guide for using "netsh":
http://technet.microsoft.com/en-us/library/cc740203(WS.10).aspx#BKMK_6

What I did
Using "ipv6" to specify route with my configuration I had to type:
ipv6 rtu ::/0 4/2001:470:28:a6c::1

Where "::/0" means that every destination can use this route, "2001:470:28:a6c::1" is my routers inside IP (see above), and 4 is my "Local Area Connection" cards interface number, which can be found using the command:
ipv6 if

Using netsh, I believe I should have typed:
netsh interface ipv6 add route ::/0 "Local Area Connection" 2001:470:28:a6c::1

To add an IPv6 address you can use the same command tools, here's an example using "netsh":
netsh interface ipv6 add address "Local Area Connection" 2001:470:28:a6c::42
The address 2001:470:28:a6c::42 is just a random in the address space given by tunnelbroker.net

If you have a server at hand and want to avoid manually configuring clients
If you want you can use Windows Router Advertisement Server (http://sourceforge.net/projects/wradvs/). This tool will route IPv6 messages though your server (which I would like to avoid), but will actually work stateless with Windows XP (automaticly assign IPv6 and routes to clients, hooray). If anyone finds a way to make Windows XP work statelessly and route directly through the router, let me know.

Great - but I still don't get an IPv6 DNS server configured statelessly
Neither do I. Either configure it manually or just use your IPv4 DNS server - they'll normally work fine for translation to IPv6 (at least googles does).

UPDATE
It seems that the problems I had where all fixed in a later firmware upgrade. While writing the above I had firmware version 2.00. Since I'm an Danish (European) customer later firmwares where not directly available. However at least one later firmware can be downloaded from d-link German ftp site. I found it here:
ftp://ftp.dlink.de/dir/dir-655/driver_software/

It should be possible to use the American firmwares as well as the European(according to some forum I went by - no, I don't remember which), but they are named diffidently.

After using firmware 2.01 IPv6 works with stateless autoconfiguration in windows XP as well (without a routing server in between).

cholzhauer

FYI this is much easier in Vista and Win7...it just works

I didn't know Google was providing DNS over IPv6...where did you find those addresses?

broquea

Fair warning about the Google NS, they aren't white-listed for their own IPv6 services.

ykok

Quote from: cholzhauer on October 26, 2011, 11:51:19 AM
FYI this is much easier in Vista and Win7...it just works

I didn't know Google was providing DNS over IPv6...where did you find those addresses?

Are you sure that it "just works" in Vista and Win7 when using this specific router? Because when I used the server application Windows XP worked like a charm (I just had to install IPv6 then the rest worked automatically).

I believe Google announced them recently, they can be found here:
http://code.google.com/intl/da-DK/speed/public-dns/docs/using.html

cholzhauer

Yep...I have that router at home and didn't have to change a thing in Win7/Vista

ykok

Quote from: cholzhauer on October 28, 2011, 11:39:14 AM
Yep...I have that router at home and didn't have to change a thing in Win7/Vista

Damn - hope I didn't do anything wrong in configuring it. Well that just makes me a bit happier about my router  :)

ykok

Thanks cholzhauer.

Your comments made me look into later firmwares, and that solved my problems. I've updated the original post.

cholzhauer

Cool, I guess mine must have come with the later firmware then.  I checked the other day and there wasn't an upgrade for mine yet...I assume there probably wont be either

ykok

Quote from: cholzhauer on November 04, 2011, 06:58:53 PM
Cool, I guess mine must have come with the later firmware then.  I checked the other day and there wasn't an upgrade for mine yet...I assume there probably wont be either
Well, there might be an upgrade for yours. When I went to D-link homepage and used my correct location, there was no new firmware - and when I tried the "Check online Now for Latest Firmware.." button on the routers web configuration tools page it didn't find any updates either. It wasn't until I found a forum where it was mentioned that it was available from the German site.

If you want to know which firmware you have you can check it on the routers web configuration page - it's displayed in the top right. The latest firmware is 2.03 for US users. For European users the latest I could find was 2.01.

dougransom

Non-obvious to me was that I had to add 1 to the Routed/64 value for the Lan IPV6 Value


ykok

@dougransom

Yeah - that's true. I'm not really sure if it uses that address at all - I think it only uses the prefix. So I believe that's non-obvious to us all.

plugwash

Quote from: dougransom on April 01, 2013, 05:11:21 PM
Non-obvious to me was that I had to add 1 to the Routed/64 value for the Lan IPV6 Value
I suspect you can actually use any address you like from your routed /64 .

ziddey

Have any luck getting ddns to work? Specifically, I'm working with a dir657, but nothing seems to work. Hasn't been an issue so far since my ip rarely changes, but I can see it eventually being an issue (and if I'm away from home...).

Also, I'm curious if this massive security vulnerability affects other dlink routers. It seems that the remote management setting only applies to the ipv4 wan address. The ipv6 firewall does nothing for the ipv6 local or ipv6 lan addresses. As a result, the router's web server is accessible publicly over ipv6. I've already sent dlink a few emails, but it looks like they aren't even interested in humoring me with a canned response.

kasperd

Quote from: ziddey on April 11, 2013, 07:09:22 PMAs a result, the router's web server is accessible publicly over ipv6.
As long as it requires login with a password, and doesn't have any vulnerabilities, which can be exploited without being logged in, that is not a security problem. But of course being able to restrict it to only LAN addresses, would provide an extra layer of defence.

Can you bind the server to an unpredictable IP address? That would mean any attacker would first have to guess a 64 bit value before they can access the webserver.

ziddey

Yes I can set the router's lan ipv6 but the local ipv6 is fixed for the tunnel.