locked
WCF Teredo IPv6 not accessible on a machine behind NAT RRS feed

  • Question

  • Hi,
     
    I have created one sample p2p chat application in WCF using Custom Peer Resolver.
    From all the scenarios which I have tried, I found that when I host the WCF service (with Teredo ipv6 address )  on some machine which has live IPv4, I am able to host the service and it is accessible from Teredo IPv6 endpoint. Thus it works in this scenario.

    But when I host the same WCF service on a machine behind NAT, I am able to ping to that Teredo IPv6 from other machine in same and different network, but whenever I try to connect to it, I always get the following exception.  But when I host the same service with ipv4 address, and try to access it from IPv4 endpoint it works. Also when I host the service on Teredo IPv6 address and try to access that service using IPv4 endpoint it works, and same service cannot be accessed using Teredo IPv6 endpoint.
    --------------------------------------------------------------ERROR-------------------------------------------------------------------
    System.ServiceModel.CommunicationException: The Peer resolver threw an exception.  Please refer to InnerException. ---> System.ServiceModel.EndpointNotFoundException: Could not connect to net.tcp://[2001:0000:4137:9E66:8000:3F3A:C45A:EBE2]:5000/peerResolverService. The connection attempt lasted for a time span of 00:00:00.9375000. TCP error code 10061: No connection could be made because the target machine actively refused it 2001:0:4137:9e66:8000:3f3a:c45a:ebe2:5000.  ---> System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it 2001:0:4137:9e66:8000:3f3a:c45a:ebe2:5000

    -------------------------------------------------------------ERROR--------------------------------------------------------------------

    I have tried this on the machines which have XP SP2, Server 2003 and Vista.
    Firewall is ON and properly configured for Teredo traffic.

    Following UDP Ports are opened in firewall exception:

    1900,3544,3450,3540

    The port on which I have hosted the service is also added in the firewall exception i.e. TCP port 5000

    My Teredo client is working on UDP port 3544

    When i use this command "netsh interface ipv6 show teredo" , I get the  following output

    Teredo Parameters
    ---------------------------------------------
    Type                    : client
    Server Name             : default
    Client Refresh Interval : default
    Client Port             : default
    State                   : qualified
    Type                    : teredo client
    Network                 : unmanaged
    NAT                     : cone

    Does anyone know the solution for this why I can't access WCF IPv6 service which is behind NAT??? Please help....

    Friday, February 22, 2008 7:02 AM

All replies

  • I am working with somebody called Rachit Rastogi on this issue which seems to be a Teredo issue already...this was a few days before this posting..Can we please request you guys to not post the same question multiple times - it doesnt help in troubleshooting/tracking and it really randomizes us.

     

    I will get back on the results of that troubleshooting here.

    Thanks,

    Shalini.

    Saturday, February 23, 2008 6:13 PM
  • This is a bit of a long shot after so many months - but, if you're still there... did you ever resolve this issue and find the cause, or post the results of the troubleshooting anywhere?

     

    cheers

     

    Saturday, September 20, 2008 1:52 AM
  • Hi,

    I never heard back from these folks again, and lost track of this after a while...I can help you out with your problem though. What seems to be the problem?

     

    Thanks,

    shalini.

     

    Sunday, September 21, 2008 9:24 PM
  • Hi,

    Actually, I haven't specifically had the problem the OP mentioned - I'm just trying to gather as much information about problems with Teredo and P2P and was interested in what was going on there.

     

    My situation is that I'm prototyping a P2P app which will primarily use teredo (since it will be a home consumer type of app). I have had a couple of problems myself with teredo, and have some posts on this forum regarding that. I'm also using WCF, and have a query about that in relation to Teredo.

     

    Specifically, the problems/questions are:

    1) how reliable is teredo? I've noticed that I sometimes lose my teredo address on my home PC, but by switching to another teredo server (in fact, I've only got this one to work: teredo.remlab.net) I can get it to work again. So I presume the default teredo server at microsoft sometimes must have problems, or perhaps it's more temperamental with users from Europe (I'm based in the UK). Also, the MS teredo server doesn't seem to be pingable - should it be, or is it normal for it not to respond to pinging?

     

    2) When teredo does work on my machine (and it has actually been very stable with the default server over the last 3 weeks or so) it detects an unmanaged network. However it suddenly detected my network as managed the other day, and I'm wondering why, and how to debug this? I wouldn't want this happening to users of my app, as teredo connectivity would then be lost. More details in the original post below:

     

    http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=3901197&SiteID=1

     

    3) For normal socket programming with teredo, I've read about the IPV6_PROTECTION_LEVEL parameter, and in particular its PROTECTION_LEVEL_UNRESTRICTED value. Since I'm trying to use WCF, all the raw socket stuff is done in the bowels of WCF itself - but I'm wondering what it does about IPV6_PROTECTION_LEVEL? I've noticed a TeredoEnabled flag on the TcpTransportBindingElement class, but since this is a bool and IPV6_PROTECTION_LEVEL has 3 predefined values, I'd like to confirm a) that TeredoEnabled has something to do with IPV6_PROTECTION_LEVEL, and if so, how does it map to it? I'd be very happy if TeredoEnabled == true would be equivalent to IPV6_PROTECTION_LEVEL == PROTECTION_LEVEL_UNRESTRICTED.

     

    (Original post here:

    http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=3901142&SiteID=1)

     

    Hope you can help, or point these points at someone who can!

     

    thanks,

    Sunday, September 21, 2008 11:18 PM
  • Hi Shalini,

    did you get anywhere with the questions I asked?

     

    cheers

     

    Monday, September 29, 2008 9:19 AM
  • Hi Pete,

     

    This post got lost in my mail...sorry about that. I am no Teredo expert really, but let me hook you up with a Teredo team member/blog and they'd be able to help you out specifically.

    Your other questions on TCP and Teredo too are out of my scope, and are better asked in NetTcpBinding section or title in the WCF forums...

    All these troubleshooting steps are purely based on my expereince while testing real world scenarios for Peer Channel (NetPeerTcpbinding)...you delve deep into Teredo and I'll get you an expert to answer your Teredo-specific questions. For NetTcpbinding, you'll get a faster response on hte WCF forums and reposting this specific bit on tcpBinding and Teredo.

     

    I'll get back..

    -shalini.

    Monday, September 29, 2008 4:34 PM
  • Hi there Pete,

     

    Some teredo answers for you from the Teredo team. Also, please look at http://www.microsoft.com/technet/network/ipv6/teredo.mspx if you havent already for more Teredo information.

     

    Also, for point 3 below, the Teredo team would like to work with you to get traces etc and I'd like to put you in touch with them offline and also send you specific instructions..Is there an email id i can use to get in touch with you? You can reach me at shalinij@microsoft.com

     

    1) how reliable is teredo? I've noticed that I sometimes lose my teredo address on my home PC, but by switching to another teredo server (in fact, I've only got this one to work: teredo.remlab.net) I can get it to work again. So I presume the default teredo server at microsoft sometimes must have problems, or perhaps it's more temperamental with users from Europe (I'm based in the UK).

    Teredo should be pretty reliable.

     

    2)      Also, the MS teredo server doesn't seem to be pingable - should it be, or is it normal for it not to respond to pinging?

    Teredo.ipv6.microsoft.com is not ping-able.

     

    3)      When teredo does work on my machine (and it has actually been very stable with the default server over the last 3 weeks or so) it detects an unmanaged network. However it suddenly detected my network as managed the other day, and I'm wondering why, and how to debug this? I wouldn't want this happening to users of my app, as teredo connectivity would then be lost. More details in the original post below:

    This should not happen in the normal scenario.

     

    What OS are you running?

     

    Thanks,

    shalini.

     

     

    Wednesday, October 1, 2008 11:14 PM
  • Hi Shalini,

    thanks very much for getting back - I will send you my email address.

     

    The OS I'm running on all 3 machines I'm using to test PNRP and Teredo is Windows XP SP3, with PNRP and IPv6/Teredo installed.

     

    Some more developments on the teredo front:

    1) The detection of my network by teredo as a managed network lasted about 2 days. It finally reverted back to normal after a reboot after the 2 days - however, during the 2 days it was being detected like this, reboots didn't affect it.

    (What happened was that after the 2 days, I noticed on one of the machines which had been rebooted for other reasons, it had reverted back to 'unmanaged' - so I went to the other machine which hadn't been rebooted, and this still showed 'managed' as it had been doing. However this time the reboot caused it also to say 'unmanaged' again.)

     

    The 2 machines involved are both in the same network, using the same ISP and behind the same wireless router/NAT.

     

    2) I have hardly had the issue again - however when doing extreme 'fiddling' with teredo via netsh (i.e. setting the teredo server to be different, restarting as a client, renewing or restarting ipv6, etc.) I have noticed about 3 times it has said it's in a managed network. It seems to revert back to normal either on its own, or when I issue a 'netsh int ipv6 set teredo client' to reset it. I need to do more testing to see if there's any pattern to this, but it appeared to be totally random.

     

    3) I did a test between 2 machines behind different ISP IP addresses - Teredo, PNRP and IPv6 were set up on both machines. Both successfully got Teredo addresses, and 'teredo show' showed the NAT type as restricted on both.

    When teredo was configured to use the default server, I tried publish a PNRP name on both. On one machine, this showed the Global_ cloud as being in the Alone state. My machine showed it as being in the Active state. So, the peer names were obviously not resolvable.

     

    As a further test, just to ensure that the machines were visible to each other via Teredo, I tried a ping. Neither machine could ping the other's teredo address.

     

    I decided to change the default teredo server on both to teredo.remlab.net. Once I'd done that everything worked - the new teredo addresses were pingable from both sides, and the PNRP publishing worked and could be resolved by either side. This is why I fear that the default teredo server has some kind of problem or unreliability.

     

    I will send more details of all this if you need it once we're hooked up by email

     

    cheers,

    Thursday, October 2, 2008 8:54 AM
  • I've experienced the same issues as Pete.  I am running the same OS and was

    able to get teredo setup for about a day.  The next day I was getting secondary address was unreachable.  I checked the firewall configuration and drove through the netsh cmds to debug and everything seemed ok.  Changing the teredo server name to teredo.remlab.net resolved this for me as well

    Wednesday, November 19, 2008 12:22 AM