• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Problems getting Tunnel under Windows7 64bit

Started by susanoo, June 14, 2010, 02:26:10 PM

Previous topic - Next topic

susanoo

I have read and tried I guess everything that is mentioned in the following threads:

http://www.tunnelbroker.net/forums/index.php?topic=653.0
http://www.tunnelbroker.net/forums/index.php?topic=793.0

even added:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\DisabledComponents

(dword = 0)

Did do:

netsh interface ipv6 add v6v4tunnel interface=IP6Tunnel 192.168.1.6 216.66.84.46
netsh interface ipv6 add address IP6Tunnel 2001:470:1f14:13db::2
netsh interface ipv6 add route ::/0 IP6Tunnel 2001:470:1f14:13db::1

(Because I think I am behind a NAT and it gave me an OK)

and got the following now:

Microsoft Windows [versie 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. Alle rechten voorbehouden.

C:\Users\Gebruiker>ipconfig /all

Windows IP-configuratie

  Hostnaam  . . . . . . . . . . . . : ********
  Primair DNS-achtervoegsel . . . . :
  Knooppunttype . . . . . . . . . . : hybride
  IP-routering ingeschakeld . . . . : nee
  WINS-proxy ingeschakeld . . . . . : nee

Ethernet-adapter voor LAN-verbinding:

  Verbindingsspec. DNS-achtervoegsel:
  Beschrijving. . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
  Fysiek adres. . . . . . . . . . . : 6C-F0-49-50-61-48
  DHCP ingeschakeld . . . . . . . . : ja
  Autom. configuratie ingeschakeld  : ja
  Link-local IPv6-adres . . . . . . : fe80::54d:b4ae:737:2bb1%11(voorkeur)
  IPv4-adres. . . . . . . . . . . . : 192.168.1.6(voorkeur)
  Subnetmasker. . . . . . . . . . . : 255.255.255.0
  Lease verkregen . . . . . . . . . : maandag 14 juni 2010 22:36:32
  Lease verlopen. . . . . . . . . . : dinsdag 15 juni 2010 22:36:32
  Standaardgateway. . . . . . . . . : 192.168.1.1
  DHCP-server . . . . . . . . . . . : 192.168.1.1
  DHCPv6 IAID . . . . . . . . . . . : 242020425
  DHCPv6-client DUID. . . . . . . . : 00-01-00-01-13-5A-55-2A-6C-F0-49-50-61-48
  DNS-servers . . . . . . . . . . . : 192.168.1.1
  NetBIOS via TCPIP . . . . . . . . : ingeschakeld

Tunnel-adapter voor isatap.{7F345730-5297-48AA-B3EA-13CF47B9C46B}:

  Mediumstatus. . . . . . . . . . . : medium ontkoppeld
  Verbindingsspec. DNS-achtervoegsel:
  Beschrijving. . . . . . . . . . . : Microsoft ISATAP Adapter
  Fysiek adres. . . . . . . . . . . : 00-00-00-00-00-00-00-E0
  DHCP ingeschakeld . . . . . . . . : nee
  Autom. configuratie ingeschakeld  : ja

Tunnel-adapter voor IP6Tunnel:

  Verbindingsspec. DNS-achtervoegsel:
  Beschrijving. . . . . . . . . . . : Microsoft Direct Point-to-point Adapater
  Fysiek adres. . . . . . . . . . . : 00-00-00-00-00-00-00-E0
  DHCP ingeschakeld . . . . . . . . : nee
  Autom. configuratie ingeschakeld  : ja
  IPv6-adres. . . . . . . . . . . . : 2001:470:1f14:13db::2(voorkeur)
  Link-local IPv6-adres . . . . . . : fe80::cd64:ed80:dc88:44ee%14(voorkeur)
  Standaardgateway. . . . . . . . . : 2001:470:1f14:13db::1
  DNS-servers . . . . . . . . . . . : 192.168.1.1
  NetBIOS via TCPIP . . . . . . . . : uitgeschakeld

C:\Users\Gebruiker>netsh int ipv6 show interface

Idx     Met         MTU          Status                Naam
---  ----------  ----------  ------------  ---------------------------
 1          50  4294967295  connected     Loopback Pseudo-Interface 1
12          50        1280  disconnected  isatap.{7F345730-5297-48AA-B3EA-13CF47B9C46B}
14          25        1280  connected     IP6Tunnel
11          20        1500  connected     LAN-verbinding

C:\Users\Gebruiker>netstat -nr
===========================================================================
Interfacelijst
11...6c f0 49 50 61 48 ......Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
  1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
14...00 00 00 00 00 00 00 e0 Microsoft Direct Point-to-point Adapater
===========================================================================

IPv4 routetabel
===========================================================================
Actieve routes:
Netwerkadres             Netmasker          Gateway        Interface Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.6     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.6    276
      192.168.1.6  255.255.255.255         On-link       192.168.1.6    276
    192.168.1.255  255.255.255.255         On-link       192.168.1.6    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.6    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.6    276
===========================================================================
Permanente routes:
  Geen

IPv6 routetabel
===========================================================================
Actieve routes:
Indien metrische netwerkbestemming      Gateway
14    281 ::/0                     2001:470:1f14:13db::1
  1    306 ::1/128                  On-link
14    281 2001:470:1f14:13db::/64  On-link
14    281 2001:470:1f14:13db::2/128
                                    On-link
14    281 fe80::/64                On-link
11    276 fe80::/64                On-link
11    276 fe80::54d:b4ae:737:2bb1/128
                                    On-link
14    281 fe80::cd64:ed80:dc88:44ee/128
                                    On-link
  1    306 ff00::/8                 On-link
14    281 ff00::/8                 On-link
11    276 ff00::/8                 On-link
===========================================================================
Permanente routes:
Indien metrische netwerkbestemming      Gateway
  0 4294967295 ::/0                     2001:470:1f14:13db::1
===========================================================================


So I think I did it all right, however I still do not got any ipv6 connectivity because I can not ping ipv6.google.com.

Can someone assist me in order for me to fix this?

jimb

Can you ping the other side of the tunnel (2001:470:1f14:13db::1)?

Is your firewall/NAT device permitting 6in4 (IP proto 41) through?

susanoo

I tried to ping: NO doesnt work.

This is taken from my multimedia modem:

NAT -- Port Triggering Setup

Some applications require that specific ports in the Router's firewall be opened for access by the remote parties. Port Trigger dynamically opens up the 'Open Ports' in the firewall when an application on the LAN initiates a TCP/UDP connection to a remote party using the 'Triggering Ports'. The Router allows the remote party from the WAN side to establish new connections back to the application on the LAN side using the 'Open Ports'. A maximum 32 entries can be configured.



Application   Trigger   Open   Remove
Name   Protocol   Port Range   Protocol   Port Range   
               Start   End               Start   End   
IPv6   TCP/UDP   41   41   TCP/UDP   41   41   



That was added some time ago (using this modem for some time now already and did get tunnel working on my 'old' computer (Win XP).

jimb

#3
That's not 6in4.  That TCP and UDP port 41.  6in4 is IP transport protocol #41.  It's a transport layer protocol (layer 4) alongside TCP and UDP.  Unfortunately many firewalls don't allow you to forward a transport protocol (only ports under TCP/UDP).  Sometimes you must resort to using the "DMZ" function.

Most will allow inbound if they see outbound though.  i.e., if your tunnel box inside sends IP proto 41 packets, it will open a dynamic hole for return traffic.

However, if you have more than one inside host trying to do 6in4, then it will confuse the NAT/firewall.  6in4 doesn't support more than one inside machine using a single public IP in a NAT configuration because there are no ports to associate with inside machines like under TCP and UDP.  So make sure that your windows 7 box is the ONLY box trying to do 6in4!  If the XP box is still trying to do it, then it will confuse your NAT and likely flip the NAT mapping back and forth between the win 7 and win XP.

If you want IPv6 through the tunnel for all of your LAN boxes, then terminate the tunnel on one of your boxes, and use that as an IPv6 router for your whole LAN by putting your routed /64 on the LAN interface of that box.  There's a thread here somewhere describing all the steps to do that (you have to make sure forwarding is turned on, and advertising if you wish to use RA to autoconfigure IPv6 on your LAN).

If you've tried all that, then it's possible that your ISP is filtering it or something.  I suggest trying the PPTP solution offered by HE.  If your ISP allows PPTP, then you can put your 6in4 tunnel through that.  The only catch is that it's an "all or nothing" scenario, in that all of your internet traffic will also use the PPTP, at least on windows.

If you used a linux box for your tunnel, you could set up policy routing so you could have  "split tunnel" using PPTP only for 6in4 traffic, and everything else using your normal internet path.

susanoo

Ok. Thank you for your assistance. Well I tried something else. When I turned of AVG Internet Securities (no firewall on) I could actually ping ipv6.google.com.
(Stupid that I didnt try that first  ::) )

Do you know what line I can add to AVG so that it lets through ipv6 protocol? If not which firewall/virus scanner combo do you recommend?

jimb

Ah.  I should have included host based firewalls when I mentioned firewalls.  I've had similar problems with Norton, and a few others.

I'm not familiar with that AVG product, although I do run their free virus scanner.  It also has some web shield stuff built into it, but it has no effect on my IPv6 stuff.

cholzhauer

Regarding the AVG thing...

I don't know of any line you can add to it (not familiar with it) but be warned that if it doesn't know what Ipv6 is, it'll probably just block/drop that traffic by default.  I would assume any newer version would know what's going on though