Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Pages: [1] 2 3 4

Author Topic: Need help with creating a working IPv6 tunnel  (Read 26095 times)

idjuric10

  • Newbie
  • *
  • Posts: 22
Need help with creating a working IPv6 tunnel
« on: December 21, 2012, 11:33:52 AM »

Hi, I'm having some trouble with setting up an IPv6 tunnel. Judging from the information you get from the Example Configuration you'd think that the process is simple and straight-forward, that you'd just need to copy and paste four commands:

Quote
netsh interface teredo set state disabled
netsh interface ipv6 add v6v4tunnel IP6Tunnel 79.101.74.9 216.66.80.30
netsh interface ipv6 add address IP6Tunnel 2001:470:1f0a:90e::2
netsh interface ipv6 add route ::/0 IP6Tunnel 2001:470:1f0a:90e::1

However, that doesn't work. Since I messed up I needed these commands to be able to start over:

Quote
netsh interface ipv6 delete interface IP6Tunnel
netsh interface ipv6 reset

After I found out I needed to use the IPv4 address I got with the ipconfig command instead of the 79.101.74.9 in my example, I pasted the commands again with that corrected.

Quote
netsh interface teredo set state disabled
netsh interface ipv6 add v6v4tunnel IP6Tunnel 192.168.1.2 216.66.80.30
netsh interface ipv6 add address IP6Tunnel 2001:470:1f0a:90e::2
netsh interface ipv6 add route ::/0 IP6Tunnel 2001:470:1f0a:90e::1

But it still won't work. After some asking around and reading these forums for a bit I found out that DMZ is often mentioned as the number one problem to why an IPv6 tunnel won't work. The router I'm using is Huawei HG 520s and the only mention of DMZ in the router settings that I seemed to find was this:



The SPI option was set to Disable so I tried enabling it even though I'm assuming that the description refers to the Enable option. Still won't work.

Apparently I should also try forwarding GRE and some other protocol, anyone know anything about that?

All help is greatly appreciated, thanks.

This was supposed to go to the IPv6 on Windows sub forum, hopefully a moderator will move it.
« Last Edit: December 21, 2012, 11:51:15 AM by idjuric10 »
Logged

nickbeee

  • tunneld
  • Jr. Member
  • **
  • Posts: 72
  • I do this just for fun.
Re: Need help with creating a working IPv6 tunnel
« Reply #1 on: December 21, 2012, 12:06:09 PM »

Your Windows config should use the second option as you are behind a NAT.

I'm not familiar with that router but it sounds like it's blocking protocol 41.
GRE (protocol 47) is not used in this case.

I had a quick look at a PDF manual, does yours have an option to set a FILTER? If so I suggest the following parameters:

Interface - whatever your WAN, likely PVC0
Direction - incoming
Type - tcp/ip
Source IP address - HE end of the tunnel 216.66.80.30
Subnet mask - 255.255.255.255 - only the one HE host address
Port number - 0
Protocol - This only has options for TCP/UDP/ICMP so try all three

No guarantee that this will work but there don't appear to be any other options on that router!
Logged
Nick B.

Tunnelling with [Open|Net|Free]BSD and IOS.
IPv6 courtesy of   HE and   Sixxs.

idjuric10

  • Newbie
  • *
  • Posts: 22
Re: Need help with creating a working IPv6 tunnel
« Reply #2 on: December 21, 2012, 02:09:27 PM »

It does indeed have a Filter option, does this look about right?



Unfortunately I tried all three options (TCP/UDP/ICMP), deleting and resetting the tunnel after trying out each one but it didn't seem make a difference. Any other thoughts?

Shouldn't I get an OK after inputting the second of the four commands if everything's working like it should? Because nothing comes out after I enter it.
« Last Edit: December 21, 2012, 02:13:20 PM by idjuric10 »
Logged

kasperd

  • Founder, Netiter ApS
  • Hero Member
  • *****
  • Posts: 965
Re: Need help with creating a working IPv6 tunnel
« Reply #3 on: December 21, 2012, 05:03:05 PM »

After some asking around and reading these forums for a bit I found out that DMZ is often mentioned as the number one problem to why an IPv6 tunnel won't work.
Any link to where you found such information?

I am not aware of any cases, where DMZ functionality would be the problem. On some routers, DMZ is the solution.

This was supposed to go to the IPv6 on Windows sub forum
I don't think so, because your question is about Huawei HG 520s, which I suppose doesn't run Windows. Looks like you did configure Windows correctly in your second attempt. My guess the router is the only reason it didn't work for you.

I tried all three options (TCP/UDP/ICMP)
None of them are applicable. There are more than a hundred protocol numbers defined, if that checkbox only lists three of them, then your router is a bit too limited.

A sensible router would have an option in that pulldown menu saying "Other". If you chose other, then port number fields would disappear and instead you would see a single protocol number field, in which you could type in 41.

Can you show us the full list of possible choices for "Filter Type" and for "Protocol"?

Though I suspect the filer functionality isn't going to help. I think it is for blocking traffic, which would otherwise be allowed through. In that case adding filters isn't going to make it work, but if you did get it working, adding a filter might break it again.

So try to browse through the menus on the router looking for something more usable. Three sorts of features you should look for on the router are:
  • (port) forwarding
  • DMZ
  • IPv6 tunnel functionality (any page mentioning IPv6, 6to4, 6in4 or 6rd is interesting.)
If you don't find any of those three settings on the router, I am afraid you are going to need another router firmware to make it work.
Logged

idjuric10

  • Newbie
  • *
  • Posts: 22
Re: Need help with creating a working IPv6 tunnel
« Reply #4 on: December 21, 2012, 11:56:27 PM »

After some asking around and reading these forums for a bit I found out that DMZ is often mentioned as the number one problem to why an IPv6 tunnel won't work.
Any link to where you found such information?

I am not aware of any cases, where DMZ functionality would be the problem. On some routers, DMZ is the solution.

Yeah sorry, that's what I meant, as far as I understood DMZ should be one of the top things that should solve the problem most people have with not being able to get a working tunnel.

I tried all three options (TCP/UDP/ICMP)
None of them are applicable. There are more than a hundred protocol numbers defined, if that checkbox only lists three of them, then your router is a bit too limited.

A sensible router would have an option in that pulldown menu saying "Other". If you chose other, then port number fields would disappear and instead you would see a single protocol number field, in which you could type in 41.

Can you show us the full list of possible choices for "Filter Type" and for "Protocol"?

Of course:





Though I suspect the filer functionality isn't going to help. I think it is for blocking traffic, which would otherwise be allowed through. In that case adding filters isn't going to make it work, but if you did get it working, adding a filter might break it again.

Makes sense, I guess that's probably the case.


So try to browse through the menus on the router looking for something more usable. Three sorts of features you should look for on the router are:
  • (port) forwarding
  • DMZ
  • IPv6 tunnel functionality (any page mentioning IPv6, 6to4, 6in4 or 6rd is interesting.)
If you don't find any of those three settings on the router, I am afraid you are going to need another router firmware to make it work.

Can't seem to find any of those unfortunately... Here are the available options:

Logged

kasperd

  • Founder, Netiter ApS
  • Hero Member
  • *****
  • Posts: 965
Re: Need help with creating a working IPv6 tunnel
« Reply #5 on: December 22, 2012, 02:50:57 AM »

Here are the available options
Can we get to see what options are available under NAT, IP Route, and Port Mapping?
Logged

idjuric10

  • Newbie
  • *
  • Posts: 22
Re: Need help with creating a working IPv6 tunnel
« Reply #6 on: December 22, 2012, 03:45:35 AM »



Don't know how I missed it, should've paid attention to the buttons too, good call!

After clicking on DMZ:



And after clicking on Port Forwarding:

Logged

kasperd

  • Founder, Netiter ApS
  • Hero Member
  • *****
  • Posts: 965
Re: Need help with creating a working IPv6 tunnel
« Reply #7 on: December 22, 2012, 03:53:25 AM »

After clicking on DMZ:

Set it to enabled, and type in the LAN address of the Windows machine, where you are running the tunnel (192.168.1.2 according to your first post). Notice that this means that Windows machine will receive all traffic, which the router has no other place to send. So make sure that Windows machine is kept up to date with security fixes.
Logged

idjuric10

  • Newbie
  • *
  • Posts: 22
Re: Need help with creating a working IPv6 tunnel
« Reply #8 on: December 22, 2012, 04:00:14 AM »

Just did that, still won't work. The next thing to try should be Port Forwarding, right?
Logged

kasperd

  • Founder, Netiter ApS
  • Hero Member
  • *****
  • Posts: 965
Re: Need help with creating a working IPv6 tunnel
« Reply #9 on: December 22, 2012, 04:14:39 AM »

The next thing to try should be Port Forwarding, right?
Depends on what choices there is for the protocol.

My current guess is, your router is one of those, where DMZ is the only way to get it working. But we may need to fire up Wireshark or equivalent to see what is going on. I might be able to figure out something by probing your network with a few packets, but I don't have time at the moment.

If you don't get it working, you can try to leave it configured with the DMZ setting, which should work, then I'll find some time later to take another look.
Logged

idjuric10

  • Newbie
  • *
  • Posts: 22
Re: Need help with creating a working IPv6 tunnel
« Reply #10 on: December 22, 2012, 04:19:50 AM »

The options are TCP and UDP:



And back to the option I first tried that I mentioned in the first post:



Should it be enabled or disabled?
« Last Edit: December 22, 2012, 04:27:55 AM by idjuric10 »
Logged

kasperd

  • Founder, Netiter ApS
  • Hero Member
  • *****
  • Posts: 965
Re: Need help with creating a working IPv6 tunnel
« Reply #11 on: December 22, 2012, 02:32:09 PM »

I tried traceroute towards your IP address using various kinds of packets. What I found was that I can do a traceroute to 79.101.74.9 using ICMP echo request. It responds to echo requests and I can see all hops in between.

If I do a traceroute using UDP packets or protocol 41 packets, I can see all hops until 212.200.15.66 (which according to the above traceroute is the next to last hop). But once the packets reach 79.101.74.9, they appear to be silently dropped.

The options are TCP and UDP
Then it is not applicable, since what you need to get through is not UDP or TCP, but rather protocol 41. So ignore the port forwarding section. The only forwarding you can use to get the tunnel through is the DMZ feature.

And back to the option I first tried that I mentioned in the first post:



Should it be enabled or disabled?
I think that should be disabled. If you set firewall to disabled is the SPI option still available, or does it get ghosted, once you disable firewall?
Logged

cholzhauer

  • Hero Member
  • *****
  • Posts: 2744
Re: Need help with creating a working IPv6 tunnel
« Reply #12 on: December 22, 2012, 03:09:12 PM »

My guess is your router is probably blocking protocol 41.  Can you use something like wireshark and look for packets to confirm/deny that?
Logged

snarked

  • Hero Member
  • *****
  • Posts: 798
Re: Need help with creating a working IPv6 tunnel
« Reply #13 on: December 22, 2012, 03:18:29 PM »

General comment:  In all the screens, plus info at http://www.modemarea.com/2011/07/huawei-hg520s-router-specifications/, there is no hint that the router itself handles IPv6.  Although that doesn't mean conclusively that it won't pass protocol 41 (6in4), there does seem to be a corrolation between not doing so when IPv6 support is missing.

The manufacturer does mention IPv6 support on its web site (but not specifically for that device).  Their HG232f does claim to support IPv6.  I suspect that you have an older device that may not.
« Last Edit: December 22, 2012, 03:22:46 PM by snarked »
Logged

idjuric10

  • Newbie
  • *
  • Posts: 22
Re: Need help with creating a working IPv6 tunnel
« Reply #14 on: December 22, 2012, 03:37:01 PM »

And back to the option I first tried that I mentioned in the first post:



Should it be enabled or disabled?
I think that should be disabled. If you set firewall to disabled is the SPI option still available, or does it get ghosted, once you disable firewall?

It's still available even if I disable the firewall option... So I'll set SPI back to Disable, which was the default option.
« Last Edit: December 22, 2012, 03:39:09 PM by idjuric10 »
Logged
Pages: [1] 2 3 4