LAG issue - HowTo solve it

[sgt_baker]

QUOTE (voobscout @ Apr 28 2009, 04:28 PM) Sir Baker:

Sygate Personal Firewall:

Tools -> Advanced Rules -> Add

Tab General:
- Give description, press Allow this traffic

Tab Ports and Protocols:
- Drop down box: Protocol IP Type
- IP Type: 41
- Traffic direction: both

---

The same would also apply to your smoothwall, but as i have stated earlier, you'd be negating your firewall.... a simple solution is to have your sygate mimic the ruleset from your smoothwall....

Thanks I added that to Sygate and will test shortly. No obvious way to enable IP41 in smoothwall without getting dirty with the command line. Out of interest, I don't suppose you know the netsh commands to delete the configured IPv6 interface and routes without having to completely uninstall IPv6 and reboot the machine?

[sgt_baker]

QUOTE (voobscout @ Apr 28 2009, 04:39 PM) hm... turns out smoothwall is perfectly capable of running ipv6 with HE.... here it is, including detailed instructions on how to set it up: http://community.smoothwall.org/forum/view...=26&t=29744

Yeah that's exactly what I found earlier.

[voobscout]

QUOTE (sgt_baker @ Apr 28 2009, 05:40 PM) Thanks I added that to Sygate and will test shortly. No obvious way to enable IP41 in smoothwall without getting dirty with the command line. Out of interest, I don't suppose you know the netsh commands to delete the configured IPv6 interface and routes without having to completely uninstall IPv6 and reboot the machine?

netsh interface ipv6 del route ::/0 IP6Tunnel [replace with your Server IPv6 address] this will remove routing information
netsh interface ipv6 del address IP6Tunnel [replace with your client IPv6 address] that removes the interface

netsh interface ipv6 uninstall <- that requires a reboot

btw: aside from adding IP41 to sygate, you need to do the same on smoothwall, otherwise it won't work.... and all you have to do is to create a rule for IP protocol number, i'm positively sure it's a very simple task, instead of tcp/udp you should probably select IP, since i'm not running any smoothwall instance, i can't be any more specific, but generally, absolutely ANY kind of packet filter (including things like sygate on private boxes) simply has to have that functionality.

if you're really interested, i can deploy smoothwall on one of my VMs and dig out how to do it, but it shouldn't be hidden or non-obvious, it's a must have for gre tunnels... so it must be there somewhere

[sgt_baker]

QUOTE (voobscout @ Apr 28 2009, 05:03 PM) netsh interface ipv6 del route ::/0 IP6Tunnel [replace with your Server IPv6 address] this will remove routing information
netsh interface ipv6 del address IP6Tunnel [replace with your client IPv6 address] that removes the interface

netsh interface ipv6 uninstall <- that requires a reboot

btw: aside from adding IP41 to sygate, you need to do the same on smoothwall, otherwise it won't work....

Coolness

Here's something I (we) didn't anticipate:

When I install IPv6 (I just tested this after a uninstall/reboot), it automatically configures itself to use a tunnel provider without any further input.

See below:

Code: Select all

C:\>ipconfig

Windows IP Configuration


Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : 86.28.156.108
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        IP Address. . . . . . . . . . . . : fe80::2e0:81ff:fe26:782d%5
        Default Gateway . . . . . . . . . : 86.28.156.1

Tunnel adapter Teredo Tunneling Pseudo-Interface:

        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%4
        Default Gateway . . . . . . . . . :

Tunnel adapter 6to4 Tunneling Pseudo-Interface:

        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : 2002:561c:9c6c::561c:9c6c
        Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301

Tunnel adapter Automatic Tunneling Pseudo-Interface:

        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : fe80::5efe:86.28.156.108%2
        Default Gateway . . . . . . . . . :

Code: Select all

C:\>tracert6 ipv6.google.com

Tracing route to ipv6.l.google.com [2001:4860:a003::68]
from 2002:561c:9c6c::561c:9c6c over a maximum of 30 hops:

  1       18 ms     *       11 ms  6to4-relay.sov.kewlio.net.uk [2001:4bd0:d10:2002::1]
  2       13 ms    12 ms    12 ms  bbr01-g0-0.lndn01.occaid.net [2001:4830:d1::1]
  3       42 ms    49 ms    57 ms  2001:7f8:4::3b41:1
  4       30 ms    29 ms    28 ms  2001:4860::23
  5       37 ms    28 ms    27 ms  fx-in-x68.google.com [2001:4860:a003::68]

Trace complete.

It appears that by deafault, IPv6 tries to do some DHCP type stuff with a server over at MS and this is the result. Any thoughts?

[sgt_baker]

And a warning to anybody else attempting this stuff. It appears that File Sharing and Client for Microsoft Networks are both enabled by default on the new inferface when you install IPv6. They appear with greyed out ticks in the network properties box. Best to switch that stuff off on an internet-facing inferface.

[voobscout]

is that your ISP ?
http://www.virginmedia.com/

[sgt_baker]

'1

[voobscout]

QUOTE (sgt_baker @ Apr 28 2009, 06:20 PM) '1

congratulations Sir Baker,

your ISP actually provides you with direct ipv6, you don't need no stinking tunnel broker, i bet you're also subscribed to 50mb broadband with them

this is actually you: cpc3-walt12-2-0-cust107.13-2.cable.virginmedia.com

[sgt_baker]

Ironically I get better pings with HE.

[sgt_baker]

I'm pretty certain that this isn't native IPv6. All packets are being routed via 6to4.ipv6.microsoft.com [192.88.99.1]. We sure that Windoze hasn't been instructed in a recent update to set up said tunnel by default?

^^At least that's what the firewall packet logger is telling me. Initial tests on the IPv4 end seems to suggest that that server is indeed in London somewhere, yet the MS domain etc???