• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Main Menu

Windows 10 default gateway

Started by rlatorre, October 27, 2015, 01:08:38 PM

Previous topic - Next topic

rlatorre

I have been running a he.net tunnel on a Linux machine as the gateway for a small network for a few years. A delegated /64 is in use on the LAN and has ran without care and feeding for a long time. When a Windows 10 client was added to the LAN, it refuses to work on ipv6. After extensive troubleshooting it appears to be something to do with the default gateway, especially when I compare routing tables on Windows 8 clients (which can access the IPv6 Internet).

On Windows 10, the routing table looks like:
C:\WINDOWS\system32>route print -6
Active Routes:
If Metric Network Destination      Gateway
  2    266 ::/0                     fe80::250:56ff:fe00:1
  2     26 ::/0                     fe80::10


On Windows 8, the client works fine with routing like:
C:\>route -6 print
Active Routes:
If Metric Network Destination      Gateway
  4    261 ::/0                     fe80::250:56ff:fe00:1

On the Windows 10 machine access to the ipv6 net works if I manually add a static default route (which would have a smaller metric.)

Why is Win10 adding the gateway fe80::10 and how can I get rid of it? It seems to be causing the problem. When I try to remove it with route DEL, Windows says "OK" but does not remove it.

Any ideas? This is driving me nuts.

cholzhauer

Is that FE80 address the address of your linux router?

I just checked mine and I have the same metric with the FE80 address of my RA server.

rlatorre

The higher (worse) metric gateway fe80::250:56ff:fe00:1 is my RA server. But no, fe80::10 is not configured on the gateway. Windows 8 doesn't seem to add this, but Windows 10 does and I don't know why or how to get rid of it.

cholzhauer

I didn't notice the second address before, sorry.

Did you go into your adapter config and look at your static IPv6 settings? (the same way you would for IPv4, just choose IPv6)

rlatorre

On both reference systems (Win8/Win10) the IPv6 configuration on the adapters is completely default (automatic). I wonder if others see the fe80::10 gateway on their Win10 systems.

cholzhauer

Nope...I have several hundred here at work and none of them have that address.

What does ipconfig /all look like?

rlatorre

Thanks for looking. Pretty long output due to virtual adapter and (presumably default) tunnel adapters.

C:\>ipconfig /all

Windows IP Configuration

    Host Name . . . . . . . . . . . . : office2
    Primary Dns Suffix  . . . . . . . : blank.com
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : blank.com

Ethernet adapter Ethernet:

    Connection-specific DNS Suffix  . : blank.com
    Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
    Physical Address. . . . . . . . . : E0-CB-4E-81-9B-F6
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    IPv6 Address. . . . . . . . . . . : 2001:470:b14d:15::3(Preferred)
    Lease Obtained. . . . . . . . . . : Wednesday, October 28, 2015 10:42:36 AM
    Lease Expires . . . . . . . . . . : Wednesday, October 28, 2015 10:52:36 AM
    IPv6 Address. . . . . . . . . . . : 2001:470:b14d:15:c47c:d993:d7b0:2027(Preferred)
    Temporary IPv6 Address. . . . . . : 2001:470:b14d:15:c176:2d1a:bffd:d677(Preferred)
    Link-local IPv6 Address . . . . . : fe80::c47c:d993:d7b0:2027%2(Preferred)
    IPv4 Address. . . . . . . . . . . : 172.21.15.3(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : fe80::250:56ff:fe00:1%2
                                        fe80::10%2
                                        172.21.15.1
    DHCPv6 IAID . . . . . . . . . . . : 81840974
    DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-1B-74-4A-E0-CB-4E-81-9B-F6
    DNS Servers . . . . . . . . . . . : 2001:470:b14d:15::1
                                        172.21.15.1
                                        8.8.8.8
    NetBIOS over Tcpip. . . . . . . . : Enabled
    Connection-specific DNS Suffix Search List : blank.com

Ethernet adapter VMware Network Adapter VMnet1:

    Connection-specific DNS Suffix  . :
    Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet1
    Physical Address. . . . . . . . . : 00-50-56-C0-00-01
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    Link-local IPv6 Address . . . . . : fe80::7da1:bb24:75e3:147%11(Preferred)
    IPv4 Address. . . . . . . . . . . : 192.168.89.1(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . :
    DHCPv6 IAID . . . . . . . . . . . : 50352214
    DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-1B-74-4A-E0-CB-4E-81-9B-F6
    DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                        fec0:0:0:ffff::2%1
                                        fec0:0:0:ffff::3%1
    NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter VMware Network Adapter VMnet8:

    Connection-specific DNS Suffix  . :
    Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet8
    Physical Address. . . . . . . . . : 00-50-56-C0-00-08
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    Link-local IPv6 Address . . . . . : fe80::d8dc:a62b:d0fc:58aa%4(Preferred)
    IPv4 Address. . . . . . . . . . . : 192.168.206.1(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . :
    DHCPv6 IAID . . . . . . . . . . . : 117461078
    DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-1B-74-4A-E0-CB-4E-81-9B-F6
    DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                        fec0:0:0:ffff::2%1
                                        fec0:0:0:ffff::3%1
    NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{993757C4-EB06-4309-86F7-0E3A4B74E544}:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix  . :
    Description . . . . . . . . . . . : Microsoft ISATAP Adapter
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{2A678B93-0689-4E34-BC98-E92242CD6C7D}:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix  . :
    Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{025F2C20-E51B-4795-8D02-CC3797A83721}:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix  . : blank.com
    Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

    Connection-specific DNS Suffix  . :
    Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:105d:34cf:e769:bf1b(Preferred)
    Link-local IPv6 Address . . . . . : fe80::105d:34cf:e769:bf1b%12(Preferred)
    Default Gateway . . . . . . . . . :
    DHCPv6 IAID . . . . . . . . . . . : 318767104
    DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-1B-74-4A-E0-CB-4E-81-9B-F6
    NetBIOS over Tcpip. . . . . . . . : Disabled

C:\Users\ryan>


cholzhauer

I'd turn off isatap and teredo

May not fix your issue, but you don't need them anyway.


netsh int ipv6 set teredo disabled
netsh int ipv6 isatap set state disabled

cholzhauer

Your assigned IPv6 address didn't come from RA  2001:470:b14d:15::3

Did you set up a DHCPv6 server or did you assign manually?

rlatorre

Agreed - no need for isatap and teredo, I've turned them off now. Still have the strange default route.  The assigned IPv6 address is coming from DHCP, yes. But gateway comes from the RA. Windows 10 sees the RA for the gateway, but I don't know where that other one comes from.

rlatorre

Did another test. Installed Windows 10 fresh into a virtual machine with bridged adapter. It also has the fe80::10 route. I also disabled dhcpd6 on the linux gateway to eliminate that (used only stateless autoconfig.) In that configuration the Win10 VM got a usable IPv6 address and the two gateways consistent with the topic in this thread. So maybe I have a bad radvd configuration? Did I miss something that Windows 10 specifically needs?


interface eth1
{
        AdvSendAdvert on;

# These settings cause advertisements to be sent every 3-10 seconds.  This
# range is good for 6to4 with a dynamic IPv4 address, but can be greatly
# increased when not using 6to4 prefixes.
        MinRtrAdvInterval 3;
        MaxRtrAdvInterval 10;

# You can use AdvDefaultPreference setting to advertise the preference of
# the router for the purposes of default router determination.
# NOTE: This feature is still being specified and is not widely supported!
        AdvDefaultPreference high;

# Disable Mobile IPv6 support
        AdvHomeAgentFlag off;

# MTU
        AdvLinkMTU 1480;

# Configure my routed prefix(es)
        # Inside VLAN, from my /48
        prefix 2001:470:b14d:15::/64
        {
                AdvOnLink on;
                AdvAutonomous on;
                AdvRouterAddr off;
        };

        # Advertise default route
        route ::/0
        {
        };
};

cholzhauer

So something on your network is handing out that address.  Are you sure that IP isn't associated with your Linux VM somehow?

rlatorre

Solved! This is a very strange one so I'll share my findings and how I got there.

I did a fresh install of Windows 8 as a guest on the test host, and it too had the undesirable route. This observation along with your comment said it has to be coming from somewhere. I physically unplugged the linux gateway and still learned that route. Used netsh int ipv6 show neighbor to give me the MAC address of it. With the MAC address, looked at the CAM table on my switch. The MAC is associated with my upstream ISP gateway but on a different (outside) VLAN. I use VLANs with 802.1Q tags on the switch ports.

I determined that the NIC in my host machine was receiving RAs on the outside VLAN (from the ISP) (this part is expected on a trunk port) but the NIC driver incorrectly strips the VLAN tag, so the OS then processes the RA as if it's on the local segment.

I suppose it's unlikely that anyone else will hit this issue, but who knows. The NIC/driver in question is the onboard Realtek gigabit ethernet.

Thanks for the dialog cholzhauer, much appreciated.

cholzhauer

Sorry I couldn't help you directly solve it, but I'm glad you got it figured out.

Cheers

Napsterbater

Quote from: rlatorre on October 29, 2015, 11:36:33 AM
I suppose it's unlikely that anyone else will hit this issue, but who knows. The NIC/driver in question is the onboard Realtek gigabit ethernet.
I have experienced this as well, if you have the port as a trunk the OS should have the NICs VLAN tools installed and VLANs setup correctly.