[error] Tunnel Setup Failed
Shadow Hawkins on Wednesday, 30 September 2009 23:41:13
I've tried several tutorials, but my tunnel is still not working :S
Can someone help me? Thanks in advance!
Some info:
- My pc is running Windows 7 64bit
- Openvpn-2.1_rc19 is installed
- Using aiccu console
Aiccu.conf:
# AICCU Configuration (Saved by AICCU 2006.07.23)
# Login information
username AVK7-SIXXS
password ********
protocol tic
server tic.sixxs.net
# Interface names to use
ipv6_interface sixxs
# The tunnel_id to use
# (only required when there are multiple tunnels in the list)
tunnel_id T23321
# Try to automatically login and setup the tunnel?
automatic true
# Script to run after setting up the interfaces
#setupscript <path>
# No configuration, only beat?
noconfigure false
# TLS Required?
requiretls false
# Be verbose?
verbose true
# Daemonize?
daemonize true
# Behind a NAT?
behindnat false
# Make heartbeats when the protocol needs it?
makebeats true
More info:
C:\Windows\system32>netsh int ipv6 show address
Interface 1: Loopback Pseudo-Interface 1
Addr Type DAD State Valid Life Pref. Life Address
--------- ----------- ---------- ---------- ------------------------
Other Preferred infinite infinite ::1
Interface 11: Local Area Connection
Addr Type DAD State Valid Life Pref. Life Address
--------- ----------- ---------- ---------- ------------------------
Manual Preferred infinite infinite 2002:81a8:102::
Other Preferred infinite infinite fe80::d7e:af7e:c34a:bc04%11
Interface 21: sixxs
Addr Type DAD State Valid Life Pref. Life Address
--------- ----------- ---------- ---------- ------------------------
Manual Tentative infinite infinite 2001:610:600:58b::2
Other Deprecated infinite infinite fe80::ed00:261e:bb3d:1032%21
C:\Windows\system32> netsh int ipv6 show routes
The following command was not found: int ipv6 show routes.
C:\Windows\system32> ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : Q6600
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter sixxs:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Win32 Adapter V9
Physical Address. . . . . . . . . : 00-FF-72-B8-D7-F9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
Physical Address. . . . . . . . . : 00-19-DB-E8-71-62
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:81a8:102::(Preferred)
Link-local IPv6 Address . . . . . : fe80::d7e:af7e:c34a:bc04%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.8(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : woensdag 30 september 2009 19:06:44
Lease Expires . . . . . . . . . . : donderdag 1 oktober 2009 19:06:44
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 234887643
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-39-83-1B-00-19-DB-E8-71-62
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Windows\system32>aiccu autotest
sock_getline() : "200 SixXS TIC Service on noc.sixxs.net ready (http://www.sixxs
.net)"
sock_printf() : "client TIC/draft-00 AICCU/2008.03.15-console-win32 WinNT/6.1.7
600"
sock_getline() : "200 Client Identity accepted"
sock_printf() : "get unixtime"
sock_getline() : "200 1254333095"
sock_printf() : "username AVK7-SIXXS"
sock_getline() : "200 Choose your authentication challenge please"
sock_printf() : "challenge md5"
sock_getline() : "200 2e96f0f470fc8583204a164bc394320a"
sock_printf() : "authenticate md5 0553c8b6b768f6115bd1ef823a5ae1ff"
sock_getline() : "200 Succesfully logged in using md5 as AVK7-SIXXS (Arjan van K
ranenburg) from 2001:960:800::2"
sock_printf() : "tunnel show T23321"
sock_getline() : "201 Showing tunnel information for T23321"
sock_getline() : "TunnelId: T23321"
sock_getline() : "Type: 6in4-heartbeat"
sock_getline() : "IPv6 Endpoint: 2001:610:600:58b::2"
sock_getline() : "IPv6 POP: 2001:610:600:58b::1"
sock_getline() : "IPv6 PrefixLength: 64"
sock_getline() : "Tunnel MTU: 1280"
sock_getline() : "Tunnel Name: My First Tunnel"
sock_getline() : "POP Id: nlams05"
sock_getline() : "IPv4 Endpoint: heartbeat"
sock_getline() : "IPv4 POP: 192.87.102.107"
sock_getline() : "UserState: enabled"
sock_getline() : "AdminState: enabled"
sock_getline() : "Password: xxxxxxxxxxxxx"
sock_getline() : "Heartbeat_Interval: 60"
sock_getline() : "202 Done"
Succesfully retrieved tunnel information for T23321
sock_printf() : "QUIT The Trick Is To Keep Breathing"
Tunnel Information for T23321:
PoP Id : nlams05
IPv6 Local : 2001:610:600:58b::2/64
IPv6 Remote : 2001:610:600:58b::1/64
Tunnel Type : 6in4-heartbeat
Adminstate : enabled
Userstate : enabled
Name : My First Tunnel
Flag: HAS_IFHEAD not present
Flag: NEED_IFHEAD not present
heartbeat_socket() - IPv4 : 192.168.1.8
[HB] HEARTBEAT TUNNEL 2001:610:600:58b::2 sender 1254333116 92789a3a3481b3fa438d
32c202de2bbb
[error] Tunnel Setup Failed
[error] Tunnel Setup Failed
Shadow Hawkins on Wednesday, 30 September 2009 20:12:55
Can you post the output of "netsh int ipv6 sh route"
[error] Tunnel Setup Failed
Shadow Hawkins on Wednesday, 30 September 2009 20:23:03
Oh, another thing..how did you get the address of 2002:81a8:102:: on your NIC? Did you assign that?
[error] Tunnel Setup Failed
Shadow Hawkins on Wednesday, 30 September 2009 20:26:16
Yes, i assigned that address according to some of the tutorials.
I've tried the following links, but with no succes:
http://www.sixxs.net/wiki/Configuring_Windows_Vista
http://www.cumps.be/howto-setup-ipv6-tunnel-on-windows-vista/
http://yorickdowne.wordpress.com/2008/04/05/ipv6-at-home-part-2-tunnel-brokers-windows-ayiya-tunnel/
C:\Windows\system32>netsh int ipv6 sh route
Publish Type Met Prefix Idx Gateway/Interface Name
------- -------- --- ------------------------ --- ------------------------
Yes Manual 256 ::/0 21 2001:610:600:58b::1
No Manual 256 ::1/128 1 Loopback Pseudo-Interface
1
No Manual 256 2001:610:600:58b::/64 21 sixxs
No Manual 256 2002:81a8:102::/64 11 Local Area Connection
No Manual 256 2002:81a8:102::/128 11 Local Area Connection
No Manual 256 fe80::/64 11 Local Area Connection
No Manual 256 fe80::/64 21 sixxs
No Manual 256 fe80::d7e:af7e:c34a:bc04/128 11 Local Area Connection
No Manual 256 fe80::ed00:261e:bb3d:1032/128 21 sixxs
No Manual 256 ff00::/8 1 Loopback Pseudo-Interface
1
No Manual 256 ff00::/8 11 Local Area Connection
No Manual 256 ff00::/8 21 sixxs
[error] Tunnel Setup Failed
Shadow Hawkins on Wednesday, 30 September 2009 20:34:35
I'm assuming that nothing works? No IPv6 ping, no Internet?
[error] Tunnel Setup Failed
Shadow Hawkins on Wednesday, 30 September 2009 20:39:02
Nope, nothing works (no ping results and going to ipv6.google.com or other ipv6 sites with browser firefox or IE)
[error] Tunnel Setup Failed
Shadow Hawkins on Wednesday, 30 September 2009 21:06:25
Or is it perhaps that i use a 6in4-static tunnel and need to have an AYIYA tunnel?
[error] Tunnel Setup Failed
Shadow Hawkins on Wednesday, 30 September 2009 21:07:34
It looks like you are behind a NAT, so yes, you would need AYIYA
[error] Tunnel Setup Failed
Shadow Hawkins on Wednesday, 30 September 2009 23:40:51
Okay i've switched to AYIYA, but still not working (ping and websites).
Here's the autotest log :
C:\Windows\system32>aiccu autotest
sock_getline() : "200 SixXS TIC Service on noc.sixxs.net ready (http://www.sixxs
.net)"
sock_printf() : "client TIC/draft-00 AICCU/2008.03.15-console-win32 WinNT/6.1.7
600"
sock_getline() : "200 Client Identity accepted"
sock_printf() : "get unixtime"
sock_getline() : "200 1254338262"
sock_printf() : "username AVK7-SIXXS"
sock_getline() : "200 Choose your authentication challenge please"
sock_printf() : "challenge md5"
sock_getline() : "200 b535446adb1a668711eeaafc161e4fd8"
sock_printf() : "authenticate md5 0678f9ffc19857b2771c25dd431b38a9"
sock_getline() : "200 Succesfully logged in using md5 as AVK7-SIXXS (Arjan van K
ranenburg) from 2001:7b8:3:4f:202:b3ff:fe46:bec"
sock_printf() : "tunnel show T23321"
sock_getline() : "201 Showing tunnel information for T23321"
sock_getline() : "TunnelId: T23321"
sock_getline() : "Type: ayiya"
sock_getline() : "IPv6 Endpoint: 2001:610:600:58b::2"
sock_getline() : "IPv6 POP: 2001:610:600:58b::1"
sock_getline() : "IPv6 PrefixLength: 64"
sock_getline() : "Tunnel MTU: 1280"
sock_getline() : "Tunnel Name: My First Tunnel"
sock_getline() : "POP Id: nlams05"
sock_getline() : "IPv4 Endpoint: ayiya"
sock_getline() : "IPv4 POP: 192.87.102.107"
sock_getline() : "UserState: enabled"
sock_getline() : "AdminState: enabled"
sock_getline() : "Password: xxxxxxxxxxx"
sock_getline() : "Heartbeat_Interval: 60"
sock_getline() : "202 Done"
Succesfully retrieved tunnel information for T23321
sock_printf() : "QUIT I'll be back. Ha, you didn't know I was going to say that
!"
Tunnel Information for T23321:
PoP Id : nlams05
IPv6 Local : 2001:610:600:58b::2/64
IPv6 Remote : 2001:610:600:58b::1/64
Tunnel Type : ayiya
Adminstate : enabled
Userstate : enabled
Name : My First Tunnel
Flag: HAS_IFHEAD not present
Flag: NEED_IFHEAD not present
[warning] Error opening registry key: SYSTEM\CurrentControlSet\Control\Class\{4D
36E972-E325-11CE-BFC1-08002BE10318}\Properties (t1)
Found interface named 'sixxs', with guid {72B8D7F9-4D99-4FF1-B3E0-D4343B91865C},
using it
[tun-start] Trying \\.\Global\{72B8D7F9-4D99-4FF1-B3E0-D4343B91865C}.tap
Flag: HAS_IFHEAD not present
Flag: NEED_IFHEAD not present
[AYIYA-start] : Anything in Anything (draft-02)
[AYIYA-tun->tundev] : (Socket to TUN) started
heartbeat_socket() - IPv4 : 192.168.1.8
#######
####### AICCU Quick Connectivity Test
#######
####### [1/8] Ping the IPv4 Local/Your Outer Endpoint (192.168.1.8)
### This should return so called 'echo replies'
### If it doesn't then check your firewall settings
### Your local endpoint should always be pingable
### It could also indicate problems with your IPv4 stack
Pinging 192.168.1.8 with 32 bytes of data:
Reply from 192.168.1.8: bytes=32 time<1ms TTL=128
Reply from 192.168.1.8: bytes=32 time<1ms TTL=128
Reply from 192.168.1.8: bytes=32 time<1ms TTL=128
Ping statistics for 192.168.1.8:
Packets: Sent = 3, Received = 3, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
######
####### [2/8] Ping the IPv4 Remote/PoP Outer Endpoint (192.87.102.107)
### These pings should reach the PoP and come back to you
### In case there are problems along the route between your
### host and the PoP this could not return replies
### Check your firewall settings if problems occur
Pinging 192.87.102.107 with 32 bytes of data:
Reply from 192.87.102.107: bytes=32 time=27ms TTL=57
Reply from 192.87.102.107: bytes=32 time=27ms TTL=57
Reply from 192.87.102.107: bytes=32 time=27ms TTL=57
Ping statistics for 192.87.102.107:
Packets: Sent = 3, Received = 3, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 27ms, Maximum = 27ms, Average = 27ms
######
####### [3/8] Traceroute to the PoP (192.87.102.107) over IPv4
### This traceroute should reach the PoP
### In case this traceroute fails then you have no connectivity
### to the PoP and this is most probably the problem
Tracing route to sixxs.surfnet.nl [192.87.102.107]
over a maximum of 30 hops:
1 <1 ms 3 ms <1 ms 192.168.1.1
2 25 ms 26 ms 26 ms ip1-176-173-82.adsl2.static.versatel.nl [82.173.
176.1]
3 25 ms 25 ms 25 ms ge-0-1-0-1104.ncr01asd2.versatel.net [217.16.44.
145]
4 28 ms 28 ms 26 ms ge-0-0-0-664.br01sara.versatel.net [212.53.18.2]
5 26 ms 28 ms 27 ms XSR03.Asd001A.surf.net [195.69.144.50]
6 27 ms 26 ms 26 ms AE2.500.JNR01.Asd001A.surf.net [145.145.80.78]
7 39 ms 29 ms 26 ms V1131.sw4.amsterdam1.surf.net [145.145.19.170]
8 26 ms 28 ms 25 ms sixxs.surfnet.nl [192.87.102.107]
Trace complete.
######
###### [4/8] Checking if we can ping IPv6 localhost (::1)
### This confirms if your IPv6 is working
### If ::1 doesn't reply then something is wrong with your IPv6 stack
Pinging ::1 with 32 bytes of data:
General failure.
General failure.
General failure.
Ping statistics for ::1:
Packets: Sent = 3, Received = 0, Lost = 3 (100% loss),
######
###### [5/8] Ping the IPv6 Local/Your Inner Tunnel Endpoint (2001:610:600:58b::2
)
### This confirms that your tunnel is configured
### If it doesn't reply then check your interface and routing tables
Pinging 2001:610:600:58b::2 with 32 bytes of data:
General failure.
General failure.
General failure.
Ping statistics for 2001:610:600:58b::2:
Packets: Sent = 3, Received = 0, Lost = 3 (100% loss),
######
###### [6/8] Ping the IPv6 Remote/PoP Inner Tunnel Endpoint (2001:610:600:58b::1
)
### This confirms the reachability of the other side of the tunnel
### If it doesn't reply then check your interface and routing tables
### Don't forget to check your firewall (both IPv4 and IPv6) of course
### If the previous test was succesful then this could be both
### a firewalling and a routing/interface problem
Pinging 2001:610:600:58b::1 with 32 bytes of data:
General failure.
General failure.
General failure.
Ping statistics for 2001:610:600:58b::1:
Packets: Sent = 3, Received = 0, Lost = 3 (100% loss),
######
###### [7/8] Traceroute6 to the central SixXS machine (noc.sixxs.net)
### This confirms that you can reach the central machine of SixXS
### If that one is reachable you should be able to reach most IPv6 destinations
### Also check http://www.sixxs.net/ipv6calc/ which should show an IPv6 connecti
on
### If your browser supports IPv6 and uses it of course.
'tracert6' is not recognized as an internal or external command,
operable program or batch file.
######
###### [8/8] Traceroute6 to (www.kame.net)
### This confirms that you can reach a Japanese IPv6 destination
### If that one is reachable you should be able to reach most IPv6 destinations
### You should also check http://www.kame.net which should display
### a animated kame (turtle), of course only when your browser supports and uses
IPv6
'tracert6' is not recognized as an internal or external command,
operable program or batch file.
######
###### ACCU Quick Connectivity Test (done)
### Either the above all works and gives no problems
### or it shows you where what goes wrong
### Check the SixXS FAQ (http://www.sixxs.net/faq/
### for more information and possible solutions or hints
### Don't forget to check the Forums (http://www.sixxs.net/forum/)
### for a helping hand.
### Passing the output of 'aiccu autotest >aiccu.log' is a good idea.
C:\Windows\system32>
[error] Tunnel Setup Failed
Shadow Hawkins on Wednesday, 30 September 2009 21:45:41
From your output:
###### [4/8] Checking if we can ping IPv6 localhost (::1) ### This confirms if your IPv6 is working ### If ::1 doesn't reply then something is wrong with your IPv6 stack
Pinging ::1 with 32 bytes of data:
General failure.
General failure.
General failure.
Ping statistics for ::1:
Packets: Sent = 3, Received = 0, Lost = 3 (100% loss),
Repair your ipv6 stack with the instructions on the link you posted earlier
http://www.sixxs.net/wiki/Configuring_Windows_Vista
[error] Tunnel Setup Failed
Shadow Hawkins on Thursday, 01 October 2009 19:16:08
Wow, it works now :P
I've repaired my ipv6 stack and did step 8 to 13 again, with no succes.
But what i tried next was uninstalling my firewall ESET Smart Security, because i've read that firewalls can cause problems. I'm using Windows firewall instead now. When i tried to run aiccu again it worked :) I can ping and open ipv6 websites and even newsgroups are working.
So i want to thank you for your help!
[error] Tunnel Setup Failed
Shadow Hawkins on Thursday, 01 October 2009 19:18:25
You're welcome, glad to hear it works.
Posting is only allowed when you are logged in. |