|
Windows 7 X64 with ESET & Routers Adventure
![[us]](/s/countries/us.gif) Shadow Hawkins on Sunday, 21 March 2010 22:52:47
Hi all, my name is Bob and I am going to try and share my experiences so far.
I am currently disabled which gives me more time to tinker but less funds to
invest in hardware. I have been working with computers since the mid 70's so
I have seen more than most when it comes to all things electronics and digital.
I have Windows 7 X64 on an AMD Athlon X64 6400+(3.2Ghz) with 8Gb of DDR2, 2 Ea.
ATI HD3870 video cards, and 3 Ea. WD 500Gb hard drives in raid 0 on a Gigabyte
GA-MA-790FX-DQ6 (yea, it's a lot it took a long time to upgrade to). I also have a DLink EBR-2310 router with a DLink DGS-2205 Gigabit Switch connected to a Windstream provided Speedstream 4200 DSL modem (don't get me started about their 2-wire router stuff).
At first I requested an AYIYA tunnel over NAT concerns. I do however use static private addresses which comes highly recommended. I had problems though because
I wanted to use the GUI AICCU so I tried to install the v801 X64 TAP driver which Win7 promptly rejected as unsigned. I know about booting with unsigned drivers (can you say RAID?)but I didn't want to go through that again.
In hindsight I had two options. I could have either went the V901 TAP driver and AICCU console version or request a new Heartbeat tunnel. However, I still like instant gratification so I converted my tunnel to Heartbeat instead since I was static behind my NAT anyway.
Now I haven't mentioned yet that I was running ESET AV & firewall. It seems that V4 eats Protocol 41 packets that Heartbeat uses saying there is something wrong with packet length. It also still eats them even when the firewall is disabled. I have seen this documented on the 'net also. I no longer use ESET for that reason (thou shalt not mess with my packets when I disable you).
I am currently using AVG which seems to at least pass packets through it. I have learned from this that a ping to www.sixxs.net gets you "general failure" when software is blocking you and other blocking normally gets you "request timed out" (although software can give you this sometimes).
Speaking of things learned, if you can get your router to pass Protocol 41 and you have a static private IP behind a NAT, Heartbeat will work if you specify "behind NAT" in AICCU and use "netsh interface ipv6 add v6v4tunnel ...." with the interface name of your choice and the PRIVATE IP and tunnel IPV4 IP. The rest I have seen Win 7 autoconfigure although at times I have had to manually add the IPV6 local address to the interface ("netsh interface ipv6 add address....").
Oh, and before i forget make sure you disable all of the other tunnel stuff (ISATAP, 6to4, & Teredo) either through "netsh" or Device Manager ("netsh" is much nicer removing the devices other than 6to4 which stays but doesn't interfere then) BEFORE installing the v6v4tunnel.
I have found out though that the DLink EBR-2310 rev a (with the latest 1.05 firmware) that I have refuses to pass Proto-41 packets even using the DMZ function.
I tried the Speedstream 4200 DSL modem in router mode (I normally put it in "bridge" mode) and managed to get it to work on and off but for some reason once I turn the firewall on to pass P-41 packets it stops forwarding DNS calls most of the time (anyone got any ideas?)(although I am loath to trust its router now).
So here I sit now with a reluctantly installed v901 TAP driver and the AICCU console waiting for Kredits and approval for a AYIYA tunnel. Remember, multiple tunnels may seem wasteful but may be necessary. (I'm keeping the Heartbeat up in good faith until then).
I'm open to suggestions, ideas, and donations (of hardware to experiment with). I'd rather not even try Linksys but beggars can't be choosers. No sense in wasting flames here, since my last job was at a foundry and I can take the heat. 8^P
Feel free to ask me anything related to this in the hope it may save you some time and heartache.
Bob
Windows 7 X64 with ESET & Routers Adventure
Shadow Hawkins on Sunday, 21 March 2010 23:38:05
The SixXS folks really ought to do something about the login timeout. I almost had a heart attack seeing a "Who are you?" message after the last post. Luckily it still posted.
I know it is the price of being an early adapter but IPV6 should be easier than it is.
It really shows how much ISPs and others are dragging their feet in the US too.
Bob
Windows 7 X64 with ESET & Routers Adventure
Shadow Hawkins on Monday, 22 March 2010 21:45:05
Followup from yesterday:
I got a reply and 20 ISKs from SixXS today. I requested and got a new AYIYA tunnel shortly thereafter.
I set up the tunnel in the GUI AICCU since I had already installed the TAP 901 driver from the latest OpenVPN package. (I unchecked everything else in the installer but still got empty OpenVPN start menu entries, oh and forget the TAP 901 driver on the AICCU page it refuses to install under Win 7 X64). I also modified the aiccu.conf file to point to the new "Local Area Connection 3" that the TAP driver created (I have 2 regular gigabit ethernet ports, hence the 3).
I punched the UDP 5074 hole in my routers firewall but still did not have connectivity with using the latest AICCU console. Turns out that the IPV6 address had to be manually configured on the new connection along with the gateway and DNS servers as well.
All is happy for the moment in IPV6 land here when I explored all of the IPV6 things I could. Only exception is I wish that Bittorrent would see some IPV6 peers that would resolve but there might not be many of those out there since most may still be using Teredo. Yes, Bittorrent is my favorite download tool for anything legal like wallpapers and unlicensed fansubbed Anime (My licensed Anime collection is another pride and joy of mine besides the computer, consisting of as much sale, clearance, and used stuff as I can find but still all legally owned.).
Which brings me to the main reason for wanting better IPV6 connectivity for me and my family. Japan and Europe have much more IPV6 connectivity and I find myself visiting many non-US sites and machines. I'm hoping to see at least some improvement in all of the 'net stuff we do. Plus, it's one thing I can do for free and still be an early adapter.
Bob
P.S. Adventures in the land of Heartbeat tunnels will continue once I have been able to get a router that passes those wonderful Proto-41 packets since I have nailed down my private IP addresses.
Windows 7 X64 with ESET & Routers Adventure
Shadow Hawkins on Tuesday, 23 March 2010 19:47:19
Is this one Win7 host the only one you plan to use with IPv6? If so, you may wish to stick to Teredo until you have a firewall in place to act as your tunnel broker and gateway. If you're looking to do it on the cheap, you might check out m0n0wall, shorewall, or even a vanilla OpenBSD system. I chose the latter as that's my preferred platform but it doesn't offer any GUI admin options like the others I mentioned.
-Gary
Windows 7 X64 with ESET & Routers Adventure
Shadow Hawkins on Friday, 26 March 2010 07:23:15
I've got a couple of laptops my wife & kids are using I want to add too. One has Windows 7 and the other has Vista. I am also hoping to have other desktops and /or laptops for the kids. So I do plan on requesting a subnet when I have enough ISKs.
I am not adverse to using a Linux box as a router (I actually did that for a while some years ago before wired routers became cheaper) but I am in a smallish trailer now so the space and power savings of a router appliance box are more appealing especially if I can snag one cheap enough with wireless. Plus, my spare parts have dwindled low enough so I can no longer cobble together a frankenbox.
I am sorta stuck at the moment right now financially too due to reasons beyond my control so I will have to make do with what i have unless I can find something for free or close to it.
If I could find the right router sometime in the near future, I have been looking at the Linux firmwares Open-WRT and DD-WRT to put on it.
A used mini desktop or HTCP box might be more feasible but I don't know of any with more than one ethernet port or room for an extra card.
It's too bad that computer shows went the way of the dodo bird, There was some really cheap used stuff there, if you looked hard enough, that the 'net and places like ebay don't have.
Bob
Windows 7 X64 with ESET & Routers Adventure
Shadow Hawkins on Monday, 29 March 2010 18:47:33
I believe DD-WRT has an AICCU build available. That would probably be the best and most inexpensive option for you -- the power consumption is considerably lower as well. I don't know if you have a Goodwill, St. Vincent de Paul, Deseret Industries, or other charitable thrift store in your town but I've found those to be excellent places to shop for discarded Linux compatible routers. Occasionaly, Craigslist might have something, too, but I'd check the thrift stores first. I recently found a spare DSL access device slash firewall for less than $10. But I should go back as I'm looking for another DD-WRT box myself as I gave my last one to a friend.
-Gary
Windows 7 X64 with ESET & Routers Adventure
Shadow Hawkins on Monday, 12 April 2010 23:56:42
Some random ideas for your or others' consumption:
You could try running a smalll Linux router in a VM with VirtualPC, VMWare, Virtualbox, Bochs, or whatever. I'm thinking configure two bridged interfaces, one as WAN with the tunnel and one as LAN with radvd.
Agreed on not using "behind NAT". I forget what it's for, but it's not for heartbeat tunnels behind a single NAT router.
When forwarding protocol 41 from a router, don't confuse port and protocol. Ideally you will forward protocol 41 from the router to the tunnel host running AICCU. If not then you may lose incoming connection when there is no outbound traffic; this is due to NAT connection tracking timing out. I don't know why DMZ wouldn't work; it should blindly give all IP traffic to the DMZ host.
You might try bouncing the router as a policy after making any configuration changes. When I was toying around with a failover tunnel endpoint I found my big problem was the router's connection tracking getting confused and causing problems when I moved the endpoint around in testing. (Even though in theory I shouldn't have had protocol 41 packets getting connection-tracked, it was happening anyway.)
For your DNS issue, I ran into a problem (on my end) when using SixXS IPv6-hosted DNS resolvers. My forwarding resolver wouldn't fail back to IPv4 transport when IPv6 was offline. Are you trying to use any IPv6-transport DNS?
Windows 7 X64 with ESET & Routers Adventure
Actually, it is somewhat what I do now: I have a media box which is running XP Home (Dutch even, it is what came with the box, not going to bother with getting another license ;). That has a Virtual PC on it. Then I have multiple accounts + the TSSession regkey setup properly. When the box boots it auto-logins to the vm account which starts Virtual PC and in that a Debian VM. This VM, first NTP syncs (ntpd -g -x ;) and has an AICCU which sets up an AYIYA tunnel to the outside world. It then radvd's the prefix to the rest of the network.
Presto, works like a charm.
(And the VM also runs a mpd for the music, controlled by mpdminion from the real box, the real box has an XBMC which does work in full under Windows and no weird driver stuff under Linux, presto perfect setup ;)
Windows 7 X64 with ESET & Routers Adventure
![[hk]](/s/countries/hk.gif) Shadow Hawkins on Tuesday, 13 April 2010 02:18:51
I got also similar experience on my Linksys router on other broker. Someone suggested moving to DMZ zone, some port forwarding #41 and some suggested changing firmware but all failed. Proto-41 and behind NAT is horrible to me.
There is why I come to try AYIYA. Any netsh commands available for fixing heartbeat problem?
Windows 7 X64 with ESET & Routers Adventure
It is protocol, not port.
Port 41 is apparently 'graphics'.
Protocol 41 is IPv6
As for heartbeat, nothing you can fix with netsh as it is a protocol not implemented by anything but AICCU.
Windows 7 X64 with ESET & Routers Adventure
Shadow Hawkins on Wednesday, 14 April 2010 03:26:17
Yes Protocol 41 is not a port. It is an encapsulation of IPv6 tunnel in the IPv4 and is a need for some tunneling. Not every router/firewall supports it.
It is hardware dependent and be hardcoded within firmware.
A bit of confuse in IPv6 world so much similar evolve terms such as 6over4, 6to4, 6in4, 4to6,...some have different meanings.
Nice to meet you again.
|
![[ch]](/s/countries/ch.gif)
on Tuesday, 13 April 2010 12:57:52
Posting is only allowed when you are