• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

No internet over ipv6, pings ipv6 google.

Started by remuron, December 19, 2017, 04:32:15 AM

Previous topic - Next topic

remuron

Hello,
I have a router cisco RV180w. Configured it according to this guide:https://supportforums.cisco.com/t5/small-business-support-documents/connecting-rv220w-to-an-ipv6-tunnel-broker/ta-p/3127148?attachment-id=35411

Used assignet routed/64 to assing ipv6 to my devices.

Problem is i cannot traceroute or ping any device over internet in my network but ping and traceroute works from my network out.


Examples in attachments.
1 (with green text) Trace to my pc inside my network with http://www.traceroute6.net/
2 command line traceroute from my pc to ipv6 google.com + my ipconfig
3 router ip adresses used

Need realy quick help because its part of my bachelor work.

cholzhauer

Sounds like you have a firewall issue, what is your firewall?

remuron

#2
Well thats a good question ...
I havent set any access rules so everithing is default. Appart from disabled stealth mode and allowed respose on ICMP ping.
Protocol 41 is by default blocked it seems.
Now i am trying to add access rule to allow incoming trafic on port 41 from any IPv4 to any Ipv4 inside. But i got stuck at the point of requesting from me specific dnat IPv4 And i dont know what to put in the field.

cholzhauer

I didn't look at your pictures...I got as far as where you typed "port" and stopped reading

Keep in mind that port != protocol, they're different.  You can try putting your host in a DMZ, but that doesn't always work.

remuron

very true...
I was so tired yesterday that i mixed up protocol with port thanks for pointing it out.

Will try that DMZ.

remuron

Tried that DMZ it works only for specific ipv4 host so it wont help on IPv6.

But also found out i can add to firewall IPv6 rule for other protocols. So i added protocol 41 to always allow inbound and outbound. But no difference incoming traceroute hangs on tserv1.bud1.he.net (2001:470:0:2ba::2).

Can you help? It does look like the problem is on your side.

cholzhauer


remuron

Thanks for that mail address just mailed them.

second thought...

If know it right. It should be working the way:
1. I send packet from my PC
2. Router handles it by puting it to protocol 41 and sends it over ipv4 trough static route to HE endpoint.
3. Skipping part how it goes trough network to packet coming back as response from some server.
4. It comes to HE s tunnel end and is sent again with protocol 41 to my IPv4 address and then routed to my PC

But i stumblet upon HE assigning IPv6 (endpoint address).
I dont use this adress beacuse it, in my thought, should be adress of WAN side of my router which isnt used at all.
+ My router does not allow assigning different subnets for itself and devices. So my router uses one adress from defined /64 prefix.

So in reality my routers IPv6 WAN is DHCP. LAN is one from routed /64 prefix and devices are all from assigned prefix.

cholzhauer


remuron

Yes but they were not much help.
They told me things i already knew apart from that just telling me what cant be done.

Now i am considering using my windows 10 server pc as router.
Hope this way it will work if not i am gonna tear all my hair out.

cholzhauer

You can at least try it and see if your router is passing protocol 41 traffic

mansmfr1

There is a nice command line tool from MS (I think it was part of resource kit or administrative tools, now probably remote server administration)
portqry.exe, you can use it to test ports in CMD, even automated in a batch file, e.g. using for %i in.... Do portyry -n <servername> -e <portnumber>