Ticket ID: SIXXS #708127 Ticket Status: User PoP: gblon02 - Goscomb Technologies (London)
installing aiccu on windows server with routing and remote access
Carmen Sandiego on Sunday, 13 April 2008 02:39:45
I have read and followed the "Reporting Problems" section on the Contact page and am providing the following details for this report based on the list of items stated there:
I am trying to get the Aiccu application to work on my Windows Server 2003.
Here are my details:
Tunnel- T15148 Ipv4- 80.192.183.52 Ipv6- 2a01:348:6:c8::2
The server has two ethernet NICs. One is directly connected to the Internet (WAN), another is connected to a wireless router (for the LAN). I have routing and remote access enabled, with DHCP and DNS so that people in my house wirelessly connect to the server and automatically gain an IP and use a proxy server on the server.
The DNS server is 172.16.3.1 (the server IP set on the LAN ethernet NIC as static) and DHCP hands out IP's in the 172.16.4.1- 254 band to wireless clients (the wireless router has no DHCP of it's own enabled, it all comes off the server).
I have enabled ICMP and turned off basic firewall in routing and remote access to allow ping requests through, and to allow remote connections.
I installed the tap32 driver and used the Aiccu GUI application to login and select my tunnel, and clicked configure. I set it as a service by using the command line. However the virtual ethernet device (the tap32 one) still keeps saying "network cable is unplugged" and Aiccu doesn't seem to pick it up. I have tried renaming the network adapter to "aiccu" with no effect, and tried stopping and restarting Aiccu, still won't work. Is it that Aiccu does not work if Routing and remote access is installed? If there is a way to get it working, how can I go about this? I really want IPv6 connectivity.
Samuel Hlls
State change: user
Jeroen Massar on Sunday, 13 April 2008 02:41:24
The state of this ticket has been changed to user
installing aiccu on windows server with routing and remote access
Jeroen Massar on Sunday, 13 April 2008 02:47:04
Unfortunately we don't have any Windows Server 2003 or for that matter any Windows Server products handy, as such, we can't replicate your setup in anyway. It should behave the same as Windows XP as far as I know though.
In either case, try the console version, that also has the latest tun32 adapter and gives a nice log of what it is doing and what might be wrong.
installing aiccu on windows server with routing and remote access
Carmen Sandiego on Sunday, 13 April 2008 14:10:02
I have read and followed the "Reporting Problems" section on the Contact page and am providing the following details for this report based on the list of items stated there:
I tried using the scipt commands from this website, and got as far as to enable ping on the interface with the command:
netsh firewall set adapter SixXS icmp all=enable
But I get an error message: The following command was not found: netsh firewall set adapter SixXS icmp all=enable
I used the console version of aiccu and ran a test, I got to the point of pinging the other side of the tunnel from my own address (2a01:348:6:c8::2 to 2a01:348:6:c8::1) but I got an error: invalid source route specified. This is strange because I can ping my own IPv6 address according to the test, just not the end point.
The other commands work in the script template I got off this website, just not this one that I need to enable pings with. So I'm kind of stuck here. On another note, all my clients connected to my server through wireless can now resolve ipv6-only hostnames like ipv6.google.com (but of course they time out connecting), so it is starting to work. I think my problems arise because "routing and remote access" has it's own firewall specifically for servers, and doesn't use windows firewall, though apparently they are built with the same filter base according to microsoft.
I have found one post on the forum from someone with the same problem, but like.. back in 2003! Noone else seems to have this problem.
installing aiccu on windows server with routing and remote access
Jeroen Massar on Sunday, 13 April 2008 15:35:55 I have read and followed the "Reporting Problems" section on the Contact page and am providing the following details for this report based on the list of items stated there:
Clearly you don't as all the important details are missing. And these details are crucial, they might just show what is configured wrongly.
Try a 'netsh interface ipv6 reset', that might clean out problems that exist. Then try and run the console aiccu client, with verbosity on, again.
You are running all of this as with Administrator privileges I assume?
The other commands work in the script template I got off this website, just not this one that I need to enable pings with.
Which exact command is that?
all my clients connected to my server through wireless can now resolve ipv6-only hostnames like ipv6.google.com
That has nothing to do with having working IPv6 connectivity. One can do DNS queries over both IPv4 and IPv6.
installing aiccu on windows server with routing and remote access
Carmen Sandiego on Sunday, 13 April 2008 17:15:53
I mean the script from https://noc.sixxs.net/home/tunnelinfo/script/?tunnel=15148&os=winxp
rem Windows XP/.Net IPv6 in IPv4 Tunnel Script
rem Autogenerated by SixXS Website (http://www.sixxs.net)
rem Created at 2008-04-13 13:25:49
netsh interface ipv6 install
netsh interface ipv6 add v6v4tunnel SixXS 80.192.183.52 77.75.104.126
netsh interface ipv6 add address SixXS 2a01:348:6:c8::2
netsh interface ipv6 add route 2a01:348:6:c8::2/64 SixXS
netsh interface ipv6 add route 0::/0 SixXS
netsh firewall set adapter SixXS icmp all=enable
All those commands work, except the last command "netsh firewall set adapter SixXS icmp all=enable" says command not found.
I have tried the suggested "netsh interface ipv6 reset" command, that said "ok" and that has stopped the "invalid source route specified" message while running "console test", and it now says "request timed out" instead. From the look of the log, no connection is being established, as the ipv6 tracerts don't reach anything..
All of this I am logged on as an administrator (I never do log on as a regular user so I forgot to mention, sorry). I am sorry if I am fustrating, I don't find it easy to think from another's point of view, it's a problem I have always had.
I notice when using "console start" I get "HAS_IFHEAD not present" and "NEED_IFHEAD not present", I couldn't get a log of that so I have a screenshot at this address http://webcore.acns.pns.edu/unprotected/flags.png
I have set "be verbose" to true in the aiccu.conf file, here:
--------------------------------
# AICCU Configuration (Saved by AICCU 2006.07.23)
# Login information
username SHW3-SIXXS
password *********
protocol tic
server tic.sixxs.net
# Interface names to use
ipv6_interface aiccu
# The tunnel_id to use
# (only required when there are multiple tunnels in the list)
tunnel_id T15148
# Try to automatically login and setup the tunnel?
automatic true
# Script to run after setting up the interfaces
#setupscript <path>
# No configuration, only beat?
noconfigure false
# TLS Required?
requiretls false
# Be verbose?
verbose true
# Daemonize?
daemonize false
# Behind a NAT?
behindnat false
# Make heartbeats when the protocol needs it?
makebeats true
------------------------------------
Here's the logfile from the console from running "console autotest >aiccu.log":
Tunnel Information for T15148:
PoP Id : gblon02
IPv6 Local : 2a01:348:6:c8::2/64
IPv6 Remote : 2a01:348:6:c8::1/64
Tunnel Type : 6in4-static
Adminstate : enabled
Userstate : enabled
Name : My First Tunnel
#######
####### AICCU Quick Connectivity Test
#######
####### [1/8] Ping the IPv4 Local/Your Outer Endpoint (80.192.183.52)
### This should return so called 'echo replies'
### If it doesn't then check your firewall settings
### Your local endpoint should always be pingable
### It could also indicate problems with your IPv4 stack
Pinging 80.192.183.52 with 32 bytes of data:
Reply from 80.192.183.52: bytes=32 time<1ms TTL=64
Reply from 80.192.183.52: bytes=32 time<1ms TTL=64
Reply from 80.192.183.52: bytes=32 time<1ms TTL=64
Ping statistics for 80.192.183.52:
Packets: Sent = 3, Received = 3, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
######
####### [2/8] Ping the IPv4 Remote/PoP Outer Endpoint (77.75.104.126)
### These pings should reach the PoP and come back to you
### In case there are problems along the route between your
### host and the PoP this could not return replies
### Check your firewall settings if problems occur
Pinging 77.75.104.126 with 32 bytes of data:
Reply from 77.75.104.126: bytes=32 time=32ms TTL=55
Reply from 77.75.104.126: bytes=32 time=24ms TTL=55
Reply from 77.75.104.126: bytes=32 time=29ms TTL=55
Ping statistics for 77.75.104.126:
Packets: Sent = 3, Received = 3, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 24ms, Maximum = 32ms, Average = 28ms
######
####### [3/8] Traceroute to the PoP (77.75.104.126) over IPv4
### This traceroute should reach the PoP
### In case this traceroute fails then you have no connectivity
### to the PoP and this is most probably the problem
Tracing route to gblon02.sixxs.net [77.75.104.126]
over a maximum of 30 hops:
1 19 ms 12 ms 12 ms 10.111.128.1
2 10 ms 11 ms 11 ms gsr01-bl.blueyonder.co.uk [62.30.32.225]
3 34 ms 11 ms 12 ms pc-62-30-253-25-ro.blueyonder.co.uk [62.30.253.25]
4 19 ms 12 ms 15 ms pres-t3core-1a-ge-010-0.inet.ntl.com [80.0.160.69]
5 23 ms 18 ms 22 ms lee-bb-a-ge-330-0.inet.ntl.com [213.105.175.173]
6 21 ms 22 ms 22 ms bre-bb-b-so-200-0.inet.ntl.com [213.105.175.26]
7 29 ms 32 ms 30 ms telc-ic-1-as0-0.inet.ntl.com [62.253.185.74]
8 327 ms 47 ms 36 ms linx-gw2.goscomb.net [195.66.226.226]
9 289 ms 21 ms 28 ms ge-0-0-3-1085.rt0.lon4.goscomb.net [77.75.104.233]
10 20 ms 20 ms 21 ms gblon02.sixxs.net [77.75.104.126]
Trace complete.
######
###### [4/8] Checking if we can ping IPv6 localhost (::1)
### This confirms if your IPv6 is working
### If ::1 doesn't reply then something is wrong with your IPv6 stack
Pinging ::1 from ::1 with 32 bytes of data:
Reply from ::1: time<1ms
Reply from ::1: time<1ms
Reply from ::1: time<1ms
Ping statistics for ::1:
Packets: Sent = 3, Received = 3, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
######
###### [5/8] Ping the IPv6 Local/Your Inner Tunnel Endpoint (2a01:348:6:c8::2)
### This confirms that your tunnel is configured
### If it doesn't reply then check your interface and routing tables
Pinging 2a01:348:6:c8::2 from 2a01:348:6:c8::2 with 32 bytes of data:
Reply from 2a01:348:6:c8::2: time<1ms
Reply from 2a01:348:6:c8::2: time<1ms
Reply from 2a01:348:6:c8::2: time<1ms
Ping statistics for 2a01:348:6:c8::2:
Packets: Sent = 3, Received = 3, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
######
###### [6/8] Ping the IPv6 Remote/PoP Inner Tunnel Endpoint (2a01:348:6:c8::1)
### This confirms the reachability of the other side of the tunnel
### If it doesn't reply then check your interface and routing tables
### Don't forget to check your firewall (both IPv4 and IPv6) of course
### If the previous test was succesful then this could be both
### a firewalling and a routing/interface problem
Pinging 2a01:348:6:c8::1 from 2a01:348:6:c8::2 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 2a01:348:6:c8::1:
Packets: Sent = 3, Received = 0, Lost = 3 (100% loss),
######
###### [7/8] Traceroute6 to the central SixXS machine (noc.sixxs.net)
### This confirms that you can reach the central machine of SixXS
### If that one is reachable you should be able to reach most IPv6 destinations
### Also check http://www.sixxs.net/ipv6calc/ which should show an IPv6 connection
### If your browser supports IPv6 and uses it of course.
Tracing route to noc.sixxs.net [2001:838:1:1:210:dcff:fe20:7c7c]
over a maximum of 30 hops:
1 * * * Request timed out.
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 * * * Request timed out.
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 * * * Request timed out.
24 * * * Request timed out.
25 * * * Request timed out.
26 * * * Request timed out.
27 * * * Request timed out.
28 * * * Request timed out.
29 * * * Request timed out.
30 * * * Request timed out.
Trace complete.
######
###### [8/8] Traceroute6 to (www.kame.net)
### This confirms that you can reach a Japanese IPv6 destination
### If that one is reachable you should be able to reach most IPv6 destinations
### You should also check http://www.kame.net which should display
### a animated kame (turtle), of course only when your browser supports and uses IPv6
Tracing route to www.kame.net [2001:200:0:8002:203:47ff:fea5:3085]
over a maximum of 30 hops:
1 * * * Request timed out.
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 * * * Request timed out.
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 * * * Request timed out.
24 * * * Request timed out.
25 * * * Request timed out.
26 * * * Request timed out.
27 * * * Request timed out.
28 * * * Request timed out.
29 * * * Request timed out.
30 * * * Request timed out.
Trace complete.
######
###### ACCU Quick Connectivity Test (done)
### Either the above all works and gives no problems
### or it shows you where what goes wrong
### Check the SixXS FAQ (http://www.sixxs.net/faq/
### for more information and possible solutions or hints
### Don't forget to check the Forums (http://www.sixxs.net/forum/)
### for a helping hand.
### Passing the output of 'aiccu autotest >aiccu.log' is a good idea.
installing aiccu on windows server with routing and remote access
Jeroen Massar on Sunday, 13 April 2008 17:32:01 1 19 ms 12 ms 12 ms 10.111.128.1
What does that RFC1918 address do there? Are you behind a NAT? As when that is the case proto-41 most very likely will not work unless you are able to convince that host to make you the DMZ or properly forward proto-41 in another way.
All those commands work, except the last command "netsh firewall set adapter SixXS icmp all=enable" says command not found.
Microsoft changed that command at one point, thus try:
firewall set icmpsetting aiccu enable all
(Where 'aiccu' is the interface name you are using)
I am sorry if I am fustrating
Why frustrating? As long as you provide the details asked for we can get a step further at a time.
I notice when using "console start" I get "HAS_IFHEAD not present" and "NEED_IFHEAD not present"
This is mentioned because some "Distributions" compile aiccu wrongly, this way it at least shows in the log and we can figure out if those settings are correctly configured based on that. This is only relevant when using Tun/Tap though, which you might need to use, as that is required for AYIYA which is needed when you are behind a NAT.
Posting is only allowed when you are logged in. |