Kitz Forum
Broadband Related => ISPs => Topic started by: hushcoden on January 29, 2018, 08:10:12 PM
-
Would someone be able to give me a definite answer whether the IPv6 prefix length on Sky is /56 or /64 ?
Tia.
-
56 all day long ;)
-
Roger that :graduate: And I don't why but it works with /64 too...
-
I think whatever you select will be overridden but if you prefer to use the correct one go 56
-
It wouldn't matter if you make it /64 for one LAN surely.
-
And one last thing: once enabled IPv6 in the router why I can't ping an IPv6 address ???
I open a command prompt window, and if I try ping -4 google.com I get
Pinging google.com [216.58.206.142] with 32 bytes of data:
Reply from 216.58.206.142: bytes=32 time=21ms TTL=57
Reply from 216.58.206.142: bytes=32 time=23ms TTL=57
Reply from 216.58.206.142: bytes=32 time=21ms TTL=57
Reply from 216.58.206.142: bytes=32 time=22ms TTL=57
Ping statistics for 216.58.206.142:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 21ms, Maximum = 23ms, Average = 21ms
But if I try ping -6 google.com then I can't
Pinging google.com [2a00:1450:4009:811::200e] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 2a00:1450:4009:811::200e:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
-
I get
2a00:1450:4009:802::200e
for google.com, and I can successfully ping it, because I have an ISP and kit that supports IPv6. And no firewall rules that block this.
-
What happens if you traceroute to it?
Display your routing table too.
-
I have sky obviously and mine works fine with sky's ipv6 no problem.
Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.
PS C:\WINDOWS\system32> ping -6 google.com
Pinging google.com [2a00:1450:4009:801::200e] with 32 bytes of data:
Reply from 2a00:1450:4009:801::200e: time=9ms
Reply from 2a00:1450:4009:801::200e: time=9ms
Reply from 2a00:1450:4009:801::200e: time=10ms
Reply from 2a00:1450:4009:801::200e: time=9ms
Ping statistics for 2a00:1450:4009:801::200e:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 9ms, Maximum = 10ms, Average = 9ms
PS C:\WINDOWS\system32>
-
How do we check your firewalling state, from outside?
-
tracert -4 google.com
Tracing route to google.com [216.58.206.142]
over a maximum of 30 hops:
1 1 ms 1 ms <1 ms R7000 [192.168.0.1]
2 * * * Request timed out.
3 23 ms 22 ms 22 ms be362.pr2.hobir.isp.sky.com [89.200.131.118]
4 19 ms 19 ms 18 ms 72.14.203.194
5 * * * Request timed out.
6 19 ms 18 ms 20 ms 209.85.242.20
7 19 ms 19 ms 19 ms 108.170.246.194
8 21 ms 22 ms 22 ms 216.239.58.131
9 19 ms 19 ms 25 ms 209.85.143.66
10 22 ms 21 ms 21 ms 108.170.246.129
11 21 ms 21 ms 21 ms 216.239.56.193
12 21 ms 21 ms 21 ms lhr25s15-in-f14.1e100.net [216.58.206.142]
Trace complete.
tracert -6 google.com
Tracing route to google.com [2a00:1450:4009:811::200e]
over a maximum of 30 hops:
1 1 ms <1 ms <1 ms 2a02:c7f:229:1100:xxx:yy:wwww:z
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 * * * Request timed out.
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 * * * Request timed out.
24 * * * Request timed out.
25 * * * Request timed out.
26 * * * Request timed out.
27 * * * Request timed out.
28 * * * Request timed out.
29 * * * Request timed out.
30 * * * Request timed out.
Trace complete.
If I telnet to the R7000 then I can ping IPv4 and IPv6 with no problems at all from the router itself :baby:
-
perhaps there is a host firewall? turn off any firewall on your own pc?
Actually, wait a minute, presumably you can IPv6-ping your own router? Looks like that's a ‘no’ from the tracert?
-
I can ping my router and also by disabling Kasperky Internet Security I still can't ping IPv6... ???
-
must be a setting on the r7000 ipv6 config. what's your router and client config? have you added ipv6 dns servers on the router as such as Google or open dns
-
Yes I've added OpenDNS servers...
-
Windows client?
screen shot of adapter info etc
what do you get for http://ipv6-test.com
-
Screenshots attached
-
Hi
Your details show no ipv6 dns servers unless it’s my eyes sorry. Mobile screen very small
Many thanks
John
-
Hello, I did enter the IPv6 DNS servers: http://forum.kitz.co.uk/index.php/topic,20952.msg363723.html#msg363723
-
ipv6 dns server has not populated to the client.
I would add google v6 dns server to the win 10 manually and test just to see if it works. I just vpn to my win 10 monitoring pc and it indeed has the correct v6 dns server under the network adapter where yours is missing so something is not populating- win10 all up to date etc?
-
I've added manually the Google DNS servers, but still no joy, "Request timed out"...
-
just checked my laptop and the ipv6 dns address shown is my routers ipv6 lan address. What about entering that and see if it helps ?
Is windows totally up to date as there was some time ago an issue with the ipv6 stuff but this was resolved not that long ago by way of an update etc.
Have you tested it on a phone- run the ipv6 test and see what you get in case it's your pc etc..
also it is worth checking icmp echo status on your firewall/ router etc..Opnsense has ipv4 and ipv6 options. what options have you got?
-
Hi
I think you may need to check your AV for firewall if it controls firewall
If not, win10 firewall has ipv6 firewall as well
My guess is AV stopping it but I don’t use your AV
Many thanks
John
-
[Resident-type antivirus. No way. I never ever have on any of my machines or allowed it on any of my customers’ machines. Shudders. Just worse than pointless and ruins a reliable tested o/s.]
Apologies for sermon. Automatic allergic response :-[
-
Indeed, nothing to do with my AV/firewall... I did try to disable it but no change...
-
Damn, that would have been too easy. So swap-outs all round? Different box to test on, different router?
-
Hi
Sorry but if you disable AV firewall I thought it reverted back to win firewall
Many thanks
John
-
Yes, I did play with Windows firewall as well but it made no difference unfortunately...
-
Have you tried from another device to narrow it down to the windows machine or the router?
Pingtools is a fantastic Android app for doing 1001 network related tasks (ping/tracert/subnet scan/whois/etc). Worth a try if you have an Android phone.
traceroute to Google.com (2a00:1450:4009:801::200e), 30 hops max
Hop 1:
From broadband.bt.com (2a00:23c4:2bc8:b000::1), 366 ms
Hop 2:
*
Hop 3:
*
Hop 4:
From 2a00:2302::1103:100:3f, 335 ms
Hop 5:
From 2a00:2380:3013:8000::3a, 344 ms
Hop 6:
From 2a00:2380:13::7b, 326 ms
Hop 7:
From 2a00:2380:2001:7000::19, 342 ms
Hop 8:
From 2a00:1450:8000:266::1:1, 438 ms
Hop 9:
From 2001:4860:0:1::232e, 340 ms
Hop 10:
From 2001:4860:0:1::2482, 333 ms
Hop 11:
From 2001:4860::c:4000:dd7a, 324 ms
Hop 12:
*
Hop 13:
From 2001:4860:0:1::259, 345 ms
Hop 14:
From lhr35s01-in-x0e.1e100.net (2a00:1450:4009:801::200e), 32 ms
Traceroute complete: 14 hops, time: 36911 ms
-
First of all thank you all for the support... I was able to try with a different laptop and now also with my Android phone :graduate: and guess what, I can ping/tracert etc IPv6... :blush:
So glad that my R7000 with DD-WRT is working pretty well :angel:
-
there is a simple single command (netsh ? ) to turn off the windows firewall completely but it's been far too long so someone could perhaps prompt us. netsh has help for commands in it iirc.
-
I just disabled the windows firewall anyway as it's just one more thing to cause problems, since I had a hardware firewall anyway. But in a way it sort-of serves as a very poor app i/o security policy. I say poor because I see little to stop apps from just fiddling with it, which defeats most of the point. If microsoft had any clue at all they would have made firewall objects and rules securable with the usual ACLs’ architecture that is used elsewhere. Can't believe that they did not. Actually that would be a really good upgrade for the o/s now, provided the performance did not suffer, which I think should not be a problem given a competent designer.
-
I've got a feeling that even when disabled the Windows firewall still blocks ICMP. Equally, you can enable ICMP but keep other elements of the firewall. Bit of a hammer, but enabling all ICMP works:
netsh firewall set icmpsetting type=all mode=enable
Sent from my SM-G935F using Tapatalk
-
iirc I used
netsh firewall set opmode = disable