locked
Cannot connect to the Global_ cloud through NAT Linksys WRT150N RRS feed

  • Question

  • Hi,

    I am developing a Consumer product that currently is using WCF PeerChannel as the default communication method. When trying things out in my home network on multiple machines, it work for machines inside my LAN but somehow I cannot connect to the Global_ network. For testing this scenario I have disabled all firewalls (Router and Windows), and followed all the debugging steps presented at: http://blogs.msdn.com/p2p/archive/2007/07/24/pnrp-debugging-guide-part-1.aspx but I cannot find a way to connect, I am always getting an Alone status.

    When I tested pinging the seed server I got:

    netsh p2p pnrp diag ping seed Global_

    SOLICIT sent to address: [2002:4136:e383::4136:e383]:3540.
    Destination did not respond (error 0x80980800).

    SOLICIT sent to address: [2002:4137:97fb::4137:97fb]:3540.
    Destination did not respond (error 0x80980800).

    SOLICIT sent to address: [2002:4136:e385::4136:e385]:3540.
    Destination did not respond (error 0x80980800).


    After some time of testing stuff with no good idea of what might have been going on, I decided to connect my machine directly to the internet bypassing the router (a Linksys WRT150N). After that I was able to connect to the Global cloud and even use the product we are developing with a coworker in his home. Pinging the seed server now worked as expected.

    Then I connected back the router, and strangely I was getting some responses when pinging the seed server:

    SOLICIT sent to address: [2002:4136:e383::4136:e383]:3540.
    Destination did not respond (error 0x80980800).

    SOLICIT sent to address: [2002:4137:97fb::4137:97fb]:3540.
    Destination did not respond (error 0x80980800).

    SOLICIT sent to address: [2002:4136:e385::4136:e385]:3540.
    Destination did not respond (error 0x80980800).

    SOLICIT sent to address: [2002:4136:e383::4136:e383]:3540.
    Destination did not respond (error 0x80980800).

    SOLICIT sent to address: [2002:4137:97fb::4137:97fb]:3540.
    Destination did not respond (error 0x80980800).

    SOLICIT sent to address: [2002:4136:e385::4136:e385]:3540.
    ADVERTISE returned 5 ID(s) in 234 milliseconds.
            42e3c425b1d8970670bb19112bec0963.87f59d08a1cf2c1fff689507d93ae915
            276b7a1201ae7a8d5bed419d8c4a20b1.7700660055004400e25d9b54e000301d
            de266c0d9e2629a0ef7f4e9b5304230c.7700660055004400db4aec525ed85772
            036e2f05686382ef6fa941a5586bde32.770066005500440002e1a866cc9b2436
            f7f94425cb57e1487d90484fb0d0182b.7700660055004400f238d270ebe0a7f0


    The strange think is now the netsh p2p pnrp cloud show list reports an active link and the netsh p2p pnrp cloud show stat Global_ reports being connected but my coworker cannot see me on the Global cloud:

    Scope  Id     Addr   State             Name
    -----  -----  -----  ----------------  -----
        1      0      1  Active            Global_
        3     11      1  Alone             LinkLocal_ff00::%11/8

    Scope  Id     Addr   State             Name
    -----  -----  -----  ----------------  -----
        1      0      1  Active            Global_

    Synchronize server:     pnrpv2.ipv6.microsoft.com;pnrpv21.ipv6.microsoft.com
    Use Server:             Used
    Use SSDP:               No addresses
    Use Persisted cache:    No addresses
    Cloud Configured Mode:       Auto
    Cloud Operational Mode:       Full Participant

    IP Addresses:           [2001:0:4137:9e50:34cd:78f8:4109:e399]:3540

    Number of cache entries:      10
    Estimated cloud size:         2144
    Number of registered names:   1
    Throttled resolves:           0
    Throttled solicits:           0
    Throttled floods:             0
    Throttled repairs:            0


    Theres is probably something that I am missing, but I cannot figure it out... what troubles me more is that the product we are developing is intended for consumers, that are not as tech savvy as ourselves, so I must find out how to solve this problem and diagnose it in advance to give proper instructions in the installation procedure. I would appreciate any help you can give me.

    Thanks in advance,
    Federico Lois
    Corvalius

    PD: This is my router configuration at least to know if there is something odd in there that you can spot.

    Router: Linksys WRT150N
    Internet Connection Type: Automatic DHCP
    Router IP: 192.168.1.1
    DHCP Server: Enabled
    Advance Routing (NAT): Enabled
    SPI Firewall: Enabled|Disabled (tryied both)
    Filter Anonymous Internet Requests: Enabled
    Filter Multicast: Disabled
    Filter Internet NAT Redirections: Disabled
    Filter IDENT (113): Enabled
    IPSec Passthrough: Enabled
    PPTP Passthrough: Enabled
    L2TP Passthrough: Enabled
    2 Single port forwarding rules on unrelated ports.

    Friday, September 18, 2009 3:18 AM

All replies

  • One extra piece of information that may be of interest for troubleshooting, I am using Windows 7 Ultimate RTM x64 on an Intel Quad Core.
    Friday, September 18, 2009 3:23 AM
  • Hi,

    I have this problem also. Sometimes I get ping responses sometimes I don't. I'm behind a WRT54G router. I don't know if the router is causing the problem. I apparently have no global IPv6 IP. Pardon me if that's not the correct terminology as I'm unfamiliar with IPv6.

    netsh p2p pnrp cloud show list

    Scope  Id     Addr   State             Name
    -----  -----  -----  ----------------  -----
        1      0      1  Active            Global_
        3     12      1  Virtual           LinkLocal_ff00::%12/8
        3     18      1  Virtual           LinkLocal_ff00::%18/8
        3     16      1  Virtual           LinkLocal_ff00::%16/8


    netsh int ipv6 show teredo
    arbitrarily I get nat restricted or not:

    Teredo Parameters
    ---------------------------------------------
    Type                    : client
    Server Name             : teredo.ipv6.microsoft.com
    Client Refresh Interval : 30 seconds
    Client Port             : 34567
    State                   : qualified
    Client Type             : teredo client
    Network                 : managed
    NAT                     : restricted


    Teredo Parameters
    ---------------------------------------------
    Type                    : client
    Server Name             : teredo.ipv6.microsoft.com
    Client Refresh Interval : 30 seconds
    Client Port             : 34567
    State                   : dormant
    Client Type             : teredo client
    Network                 : managed
    NAT                     : none (global connectivity)

    Sunday, October 11, 2009 3:07 AM
  • hi,
    Your ipv6 prefix starts with 2002 means its a 6to4 NAT assigned address, teredo prefix starts with 2001. Enable teredo & disable 6to4 tunneling or configure ur router to disable 6to4 nat.
    regards,
    vasanth
    Friday, October 30, 2009 10:12 AM
  • I have much the same problem.  

    To get the global_ state to show shows active I have to assign a ::0 route to the adapters (even if they already exist) and then ping an IPV6 only site. This eventually is succesful and then I can connect to IPV6 sites. But it makes no sense to me.

    Resolving domain names also works sometimes but mostly not.

    Re the comment of the IPV6 prefix above, the Teredo assigned address has a 2001 prefex so its OK.
    Are you looking at the address of the seed server which has a 2002 prefix? Isn't that just its IPV6 address.

    Why has this become so hard to get working?.  Windows XP has no such issues.
     

    Sunday, November 29, 2009 6:39 AM
  • Hi AQUAR,

    From what I've read this issue has to do with Windows Vista not allowing IPv6 DNS unless it's specifically requested by an application. So by default most applications won't receive IPv6 addresses when attempting to resolve hostnames. There's a workaround that forces traffic to be routed to the teredo interface. Read this webpage:

    http://yorickdowne.wordpress.com/2008/01/26/ipv6-at-home-part-1-overview-teredo/

    scroll down to the "Setting Up Teredo" / "Windows Vista" section


    The behavior is described by microsoft in a technet article in the dns query section here:
    http://technet.microsoft.com/en-us/library/bb727035.aspx

    • If the host has only link-local or Teredo IPv6 addresses assigned, the DNS Client service sends a single query for A records.

    • If the host has at least one IPv6 address assigned that is not a link-local or Teredo address, the DNS Client service sends a DNS query for A records and then a separate DNS query to the same DNS server for AAAA records. If an A record query times out or has an error (other than name not found), the corresponding AAAA record query is not sent.



    What a PITA though, right? I'm in the same situation. XP is beautiful with IPv6, Vista is not.
    Friday, December 18, 2009 2:31 AM
  • Hi Red Knight,
    The issue is your router can't understand dns ipv6 response. When u connect ur router, it acts as a DNS server gets the request from ur m/c & forwards its to the actual DNS server.  Here when ur m/c try to resolve this  pnrpv2.ipv6.microsoft.com, dns server sends a ipv6 address in response which ur router can't understand so drops it.
    You can confirm this by pinging 
    pnrpv2.ipv6.microsoft.com with & without router.
    Most network devices still not ready for ipv6.
    regards,
    vasanth
    Friday, December 18, 2009 7:41 AM