SixXS::Sunset 2017-06-06

receiving packets
[gb] Shadow Hawkins on Monday, 10 October 2011 18:08:57
I have an ubuntu machine with SixXS set up and running. I have a windows 7 machine with an auto configured teredo interface. Both machines are behind a NAT router. I have wireshark running on both machines. I want to send a UDP packet from one to the other. (I have also tried TCP connections, but they behave the same.) I have two problems. 1. It only seems to work one way at a time. i.e. Server (SixXS, Ubuntu) to client works for a bit, then it stops. On the way that isn't working, I see the packet leave the machine but not get to the other machine. I think this might be because the teredo router is confused because they both come from the same IP address and it thinks it is a routing loop - not sure. Any comment on this would be welcome. 2. More importantly, I see perfectly good UDP packets coming into both machines at times, but they are not picked up by the app with the socket. I made a java app at both ends. I also used netcat to do this. I tried UDP and TCP. The sockets are listening properly (I can see them in netstat and I get prot not reachable errors when they are not listening), but the packets are never delivered. the java apps work if I use IPv4, or link local IPv6 addresses, so I guess this is a security setting somewhere. Any pointers would be appreciated. Same problem on windows and ubuntu.
receiving packets
[gb] Shadow Hawkins on Monday, 10 October 2011 18:52:09
should point out that the firewall is disabled on both machines.
receiving packets
[ch] Jeroen Massar SixXS Staff on Monday, 10 October 2011 19:19:04
I think this might be because the teredo router is confused because they both come from the same IP address and it thinks it is a routing loop - not sure.
"The Internet" (thus for instance the Teredo box) does not know the IPv4 addresses (neither PoP or client) of the SixXS tunnel. Thus that cannot be it.
More importantly, I see perfectly good UDP packets coming into both machines at times,
Do you have a dump?
so I guess this is a security setting somewhere. Any pointers would be appreciated.
Most very likely a firewall issue, even though you claim in the other message that they are disabled, how disabled are they really? Do also note that Teredo is not one of the most stable transition technologies. Sometimes it works perfectly fine, other times it breaks. You might want to check that traceroutes properly function and also how the hosts think they are connected to each other.
receiving packets
[gb] Shadow Hawkins on Monday, 10 October 2011 22:24:34
Hello; "how disabled are they really?" Any way of telling on windows you know of? Yes teredo is flaky, but it is preinstalled and I am not looking for performance, just to get an occasional packet to a machine. Anyhow, on the client the route is like this. Tracing route to cl-1272.lon-02.gb.sixxs.net [2a01:348:6:4f7::2] over a maximum of 30 hops: 1 722 ms 204 ms 101 ms brunel.lhr.uk.as44980.net [2001:1a08:666:202::211] 2 121 ms 305 ms 204 ms gi4-0-202.br1.lhr.uk.as44980.net [2001:1a08:666:202::1] 3 123 ms 202 ms 101 ms ae0-465.rt0.the.uk.goscomb.net [2a01:348:0:4:0:26:0:1] 4 129 ms 204 ms 103 ms xe-0-1-0.cs0.thw.uk.goscomb.net [2a01:348::27:1:1] 5 428 ms 204 ms 409 ms gblon02.sixxs.net [2a01:348:0:4:0:3:1:1] 6 431 ms 204 ms 409 ms cl-1272.lon-02.gb.sixxs.net [2a01:348:6:4f7::2] I did get a dump, but couldn't post it here. The interesting part was when I treid to send the UDP packet to the server I get "destination unreachable - administratively prohibited". I can send the caps to you by mail if you like.
receiving packets
[gb] Shadow Hawkins on Monday, 10 October 2011 22:27:26
On the server traceroute looks like this traceroute to 2001:0:5ef5:79fb:c68:2f1d:a9e4:ff30 (2001:0:5ef5:79fb:c68:2f1d:a9e4:ff30) from 2a01:348:6:4f7::2, 30 hops max, 16 byte packets 1 gw-1272.lon-02.gb.sixxs.net (2a01:348:6:4f7::1) 36.931 ms 36.367 ms 36.17 ms 2 ge-0-0-5-20.cs0.thw.uk.goscomb.net (2a01:348:0:4:0:3:0:1) 36.456 ms 36.177 ms 37.101 ms 3 xe-0-0-0.rt0.the.uk.goscomb.net (2a01:348::27:0:1) 77.634 ms 36.157 ms 36.194 ms 4 cairney-26.gw.goscomb.net (2a01:348:0:4:0:26:1:1) 38.166 ms 38.397 ms 37.169 ms 5 brunel.lhr.uk.as44980.net (2001:1a08:666:202::211) 37.659 ms 39.785 ms 36.932 ms 6 2001:0:5ef5:79fb:c68:2f1d:a9e4:ff30 (2001:0:5ef5:79fb:c68:2f1d:a9e4:ff30) 205.21 ms 152.946 ms * I thought these looked ok.
receiving packets
[gb] Shadow Hawkins on Tuesday, 11 October 2011 12:18:40
Jeroen; You were right, the windows firewall is dropping ICMP packets and UDP packets form my sixxs machine. It says this in the log, even though I have switched the firewall off and added appropriate rules. So, looks like I can't stop it or change it. Mad thing - the windows UI just lies. Anyway, thanks for the tip.
receiving packets
[gb] Shadow Hawkins on Wednesday, 12 October 2011 16:58:39
This is all working for me now. Some things I learned... You need to set IPV6_PROTECTION_LEVEL on the socket in windows. This wasn't easy in Java, so I switched to C#. Would work equally well in C/C++. See http://msdn.microsoft.com/en-us/library/windows/desktop/bb968771%28v=vs.85%29.aspx Packets are dropped in the firewall on Windows 7 even if it is "off". Also, a lot of ports are administratively disabled. This seems to be any well known port. This was giving me my ICMPv6 rejection "destination unreachable administratively prohibited". Just use a non IANA port for comms. Note - both these problems are Microsoft/Teredo not Ubuntu/SixXS (which worked from the start). Why am I not surprised...

Please note Posting is only allowed when you are logged in.
Static Sunset Edition of SixXS
©2001-2017 SixXS - IPv6 Deployment & Tunnel Broker