locked
6to4 adapter and Teredo Tunneling enabled on private LAN RRS feed

  • Question

  • I’m at a home network and getting a 172.168.1.x address. When I connect to direct access it has enabled the 6to4 adapter and Teredo Tunneling. As I result I cannot get to the network resources. If I disable 6to4 it works.

    I have had a read of this article which is similar but I am getting a private IP address rather than a public

    http://social.technet.microsoft.com/wiki/contents/articles/solving-a-directaccess-client-blocked-6to4-connection.aspx

    Could anybody tell me what is happening. Should I just disable 6to4?

     

    Ethernet adapter Local Area Connection:
    
       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : Intel(R) 82577LM Gigabit Network Connection
       Physical Address. . . . . . . . . : 68-B5-99-F7-05-98
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::932:8ca1:728:2c25%12(Preferred) 
       IPv4 Address. . . . . . . . . . . : 172.168.1.105(Preferred) 
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Lease Obtained. . . . . . . . . . : Tuesday, 11 October 2011 9:29:48 AM
       Lease Expires . . . . . . . . . . : Wednesday, 12 October 2011 9:29:48 AM
       Default Gateway . . . . . . . . . : 172.168.1.1
       DHCP Server . . . . . . . . . . . : 172.168.1.1
       DHCPv6 IAID . . . . . . . . . . . : 292074905
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-14-A8-FE-68-B5-99-F7-05-98
       DNS Servers . . . . . . . . . . . : 202.142.142.142
                                           202.142.142.242
       NetBIOS over Tcpip. . . . . . . . : Enabled
    
    
    Tunnel adapter Reusable Microsoft 6To4 Adapter:
    
       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : Microsoft 6to4 Adapter
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv6 Address. . . . . . . . . . . : 2002:aca8:168::aca8:168(Preferred) 
       IPv6 Address. . . . . . . . . . . : 2002:aca8:169::aca8:169(Preferred) 
       Default Gateway . . . . . . . . . : 2002:ca8e:8122::ca8e:8122
       DNS Servers . . . . . . . . . . . : 202.142.142.142
                                           202.142.142.242
       NetBIOS over Tcpip. . . . . . . . : Disabled
    
    Tunnel adapter isatap.{AC7C530F-2C30-452C-B6AE-93380CF45BAC}:
    
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
    
    Tunnel adapter isatap.{FFC3E4EC-D85F-4D09-A8E7-E2AE261E6AFE}:
    
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
    
    Tunnel adapter Teredo Tunneling Pseudo-Interface:
    
       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv6 Address. . . . . . . . . . . : 2001:0:ca8e:8122:28e4:88a:3571:7ee1(Preferred) 
       Link-local IPv6 Address . . . . . : fe80::28e4:88a:3571:7ee1%48(Preferred) 
       Default Gateway . . . . . . . . . : 
       NetBIOS over Tcpip. . . . . . . . : Disabled
    
    Tunnel adapter isatap.{AA342A3B-827D-4F1E-9C7B-AD32D21070BA}:
    

     


    I am also getting this in the log

    Probes List 

    FAIL - The server name resolved successfully, but failed to access PING: 2002:ca8e:8123::ca8e:8123


    Regards, Blair Muller Check Out My Blog: http://blair-muller.blogspot.com/


    Monday, October 10, 2011 11:31 PM

Answers

  • Hi Blair,

    the problem in your case is that you are using "faked" public IPs (e.g. 172.168.x.x) on your internal network. In this case 6to4 get enabled automatically. I think 6to4 is simply not designed for those scenarios^^ I would like to recommend to change the internal IPs of you home network to a scope defined in RFC1918 (e.g. 192.168.0.0/24, 172.16.0.0/12, 192.168.0.0/24)

    -Kai


    This posting is provided "AS IS" whithout any warranties. Kai Wilke | ITaCS GmbH | GERMANY, Berlin | www.itacs.de
    • Marked as answer by Blair Muller Tuesday, October 11, 2011 5:45 AM
    Tuesday, October 11, 2011 5:43 AM

All replies

  • Hi Blair,

    the problem in your case is that you are using "faked" public IPs (e.g. 172.168.x.x) on your internal network. In this case 6to4 get enabled automatically. I think 6to4 is simply not designed for those scenarios^^ I would like to recommend to change the internal IPs of you home network to a scope defined in RFC1918 (e.g. 192.168.0.0/24, 172.16.0.0/12, 192.168.0.0/24)

    -Kai


    This posting is provided "AS IS" whithout any warranties. Kai Wilke | ITaCS GmbH | GERMANY, Berlin | www.itacs.de
    • Marked as answer by Blair Muller Tuesday, October 11, 2011 5:45 AM
    Tuesday, October 11, 2011 5:43 AM
  • Thanks very much Kai,

    I think I may be better of disabling 6to4 as I cannot guarantee it will no hit this environment again.

    thanks again for the prompt response.

     

     


    Regards, Blair Muller Check Out My Blog: http://blair-muller.blogspot.com/
    Tuesday, October 11, 2011 5:45 AM
  • Hi Blair,

    Actually 172.168.X.X is not a RFC1918 network, it is a public IP address.

    172.16.0.0-172.31.255.255 is the private 172.16.0.0/12 block that I think you are thinking of.

    http://en.wikipedia.org/wiki/Private_network

    Most likely there was an error when someone configured that router :)

    (So since your client has a non-RFC1918 address it will prefer the 6to4 address but the traffic will either be dropped when leaving your external network or the return traffic will be routed back to AOL who seems to be the owner of 172.128.0.0 - 172.191.255.255)

    Best wishes,
    Jonas Blom

    Tuesday, October 11, 2011 5:51 AM
  • Thanks guys, I'm guessing the client isn't smart enough to know something is wrong and drop back to Teredo?
    Regards, Blair Muller Check Out My Blog: http://blair-muller.blogspot.com/
    Tuesday, October 11, 2011 9:30 PM
  • Disabling the 6to4 adapter on DA clients is quite commonly required for various scenarios, and the approach I would recommend for you...
    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    Wednesday, October 12, 2011 8:58 AM