All connection attempts of IPv6 peers are disconnected immediately

Hi.

I'm running with Vista SP1 and I got IPv6/Teredo tunneling enabled.

Anyway when uT starts & works (fine) the log shows the same message about peers with IPv6 addresses:

[2008-11-15 16:02:40] [2001:0:d5c7:a2ca:1495:3f:af21:81ad]:26936: Connecting: source: X

[2008-11-15 16:02:40] [2001:0:d5c7:a2ca:1495:3f:af21:81ad]:26936: Disconnect: Peer error: ...

[2008-11-15 16:02:56] [2002:5745:2428::5745:2428]:44982: Connecting: source: X

[2008-11-15 16:02:56] [2002:5745:2428::5745:2428]:44982: Disconnect: Peer error: ...

[2008-11-15 16:03:25] [2001:0:d5c7:a2ca:c1c:acd:a89f:32c7]:59684: Connecting: source: X

[2008-11-15 16:03:25] [2001:0:d5c7:a2ca:c1c:acd:a89f:32c7]:59684: Disconnect: Peer error: ...

[2008-11-15 16:03:26] [2002:d572:ef93::d572:ef93]:5001: Connecting: source: X

[2008-11-15 16:03:26] [2002:550:9eed::550:9eed]:10158: Connecting: source: X

[2008-11-15 16:03:26] [2002:d572:ef93::d572:ef93]:5001: Disconnect: Peer error: ...

[2008-11-15 16:03:26] [2002:550:9eed::550:9eed]:10158: Disconnect: Peer error: ...

[2008-11-15 16:03:27] [2001:0:d5c7:a2ca:28f3:313a:b984:8976]:53389: Connecting: source: X

[2008-11-15 16:03:27] [2001:0:d5c7:a2ca:3ca9:ceb:af2a:918c]:60553: Connecting: source: X

[2008-11-15 16:03:27] [2001:0:d5c7:a2ca:a2:d66:aae1:5e09]:64299: Connecting: source: X

[2008-11-15 16:03:27] [2001:0:d5c7:a2ca:28f3:313a:b984:8976]:53389: Disconnect: Peer error: ...

[2008-11-15 16:03:27] [2001:0:d5c7:a2ca:a2:d66:aae1:5e09]:64299: Disconnect: Peer error: ...

[2008-11-15 16:03:27] [2001:0:d5c7:a2ca:3ca9:ceb:af2a:918c]:60553: Disconnect: Peer error: ...

[2008-11-15 16:03:28] [2002:4cb7:d964::4cb7:d964]:32140: Connecting: source: X

[2008-11-15 16:03:28] [2001:0:d5c7:a2ca:1495:3f:af21:81ad]:26936: Connecting: source: X

[2008-11-15 16:03:28] [2002:4cb7:d964::4cb7:d964]:32140: Disconnect: Peer error: ...

[2008-11-15 16:03:28] [2001:0:d5c7:a2ca:1495:3f:af21:81ad]:26936: Disconnect: Peer error: ...

where ... is the message "Operation attempt on a network impossible to join" (fast translation in Eng.)

Anyway uT's log says IPv6 is installed but doesn't provide one Teredo address.

Teredo address was assigned before during 2 weeks (2 months ago) but not anymore.

And of course I don't see any IPv6 in Peers tab, only IPv4.

Do you have some ideas why IPv6 peers are disconnected immediately after the connection attempt ?

The Microsoft Teredo relay is unstable, you could try switching. Also note that you will only see a Teredo address on start up, and if Windows got one (might need to restart µT to see the address, though it does check occasionally for one anyway so it'd be better to use ipconfig to check for an address and netsh to check for errors).

Do this to change relays:

Windows Key + R > CMD /k netsh int ipv6 set Teredo client teredo.remlab.net

Relays listing:

* teredo.remlab.net (France)

* teredo.autotrans.consulintel.com (Spain)

* teredo.ipv6.microsoft.com (crappy relay) (USA, Redmond) (default for WindowsXP/2003/Vista/2008 OS)

* teredo.ngix.ne.kr (Korea)

Hi. Thx for your detailed answer, that's cool.

Finally I thought to the same thing.

Teredo has a very weird and random behavior with Vista.

My ISP is French Orange and I have a routeur Livebox. I had Teredo with uT on my laptop but not anymore...

When I moved to parent's home with same ISP, same Livebox, same ADSL package, I pluged my laptop and Teredo address appeared in uT.

I saw that because the Livebox (surely UPnP) created an automatic port forwarding rule (same as ones for utorrent TCP/UDP) about Teredo.

Anyway at my local home, NOTHING. :/

No Teredo rule is added in my Livebox and so uT's log doesn't display Teredo address.

So I will try to change the Teredo server, maybe that depends on where I am in France.

EDIT: I changed the Teredo server but same issue.

When I checked the Teredo Interface (netsh>interface>teredo>show state), status was offline and uT doesn't display any Teredo address.

It's very weird: I'm sure my laptop has no broken Teredo interface because with another Livebox, Teredo has been enabled (in Livebox setup and uT log)... :/

Any chance your Livebox router at home is configured differently than the Livebox router at your parent's home?

Also, many ADSL modems now have router and firewall features which might interfere.

Is your modem model in www.portforward.com on their ROUTERS page?

(If so, it contains a mini-router and/or firewall.)

Same router Livebox 3202 Sagem with same firmware. Internal firewall included.

My parents didn't configure it, I did it for them.

So it's the same configuration (internal FW has never been modified in the both routers).

But as I ask again IPv6 + Teredo worked fine with uT at my home, but one day uT's log has stopped to display Teredo address as if by magic... :/

I thought it was my laptop, maybe an issue about the network card (wifi or ethernet) or stg like that, but when I used it at my parent's home, Teredo appeared in the Livebox and in uT without any changes.

At my home I disabled UPnP in the Livebox but even after a reset of router settings (so UPnP was again enabled), Teredo was not enabled: no auto port forward rule for Teredo in the Livebox, no Teredo address in uT.

I know Teredo is not a main feature for uT, anyway maybe I need to exchange my Livebox for a new one...

Maybe the Livebox firmware is old? I think Windows needs a UPnP advertisement to find a router.

Could try ipv6 renew or ipv6 reset, re-switch Teredo server after reset. No error field either? :/

Hi.

As I'm at parent's house, I'm testing again to retrieve Teredo's use with uTorrent.

After many tests, I think it's not an issue relative to my router or its firmware.

I'm running with Vista and I disabled Windows Firewall (Win FW).

When I deleted the exception about uT in Win FW and re-enable it, uT assigned me a Teredo address (visible in the logger).

So as Switeck said, I think the problem comes from the Win FW when it is disabled, no Teredo address is assigned.

Therefore I got 2 questions:

1/ Does Teredo need to enable UPnP mapping in uT ?

(I tested and it seems UPnP is not necessary, I got a Teredo add. w/o or not UPnP checked)

2/ The MAIN one: how to disable Win FW but allow Teredo address assignment in uT ?

Is there a bug ? :/

Thx for helping.

About your question 2/ I found that on the Web. In addition it's the same issue reported here:

http://forum.utorrent.com/viewtopic.php?id=46450

It sounds like a "weird" behavior of Teredo + Windows Firewall.

http://www.windowsnetworking.com/articles_tutorials/Windows-Vista-Resource-Kit-Chapter-23-Supporting-Users-Using-Remote-Assistance-Part3.html

The FAQ is about Remote Assistance of Microsoft that enables Teredo for edge traversal. And the Windows Firewall issue is explained.

3. If I disable the Windows Firewall I cannot make an RA connection in certain cases. This is counter-intuitive since I expect connectivity to be less restrictive with the firewall disabled.

In Vista the Windows firewall is IPv6 aware. The RA exception in the Windows Firewall enables Teredo for edge traversal. If the Windows Firewall is disabled, the ability to use Teredo for NAT traversal is also disabled. The Windows Firewall must be running with the RA exception enabled for RA to be able to traverse NATs using Teredo.

So I guess it's the same case if you disable Windows Firewall and want to use Teredo with uT.

Anyway I can't help you anymore, maybe someone here who has more skills in Windows Firewall... :/

EDIT:

Same remark done by a paper of Symantec:

http://www.symantec.com/avcenter/reference/Vista_Network_Attack_Surface_RTM.pdf

F. Disabling the Microsoft Windows Firewall Disables Teredo

During the course of the research, we wished to disable Windows Firewall in order to understand the network filtering on a Microsoft Windows Vista host via a Teredo interface. However, it was discovered that by disabling Windows Firewall, the following entry is added to the trace information: (...)

The result of this action is that Microsoft Windows Vista simply reports that it is either unable to locate the host in question or that a general failure has occurred. This result occurs in response to all requests that interact with IPv6 via Teredo using either hostnames or IP addresses. The benefits of this result are obvious: no non-firewalled Microsoft Windows Vista hosts should be available within the Teredo address space. Additionally, this functionality removes any possible race condition in the duration between the Teredo interface opening and a firewall starting at system startup.

This behavior is consistent with the documentation in the "Implementing the Teredo Security Model" section of[40], which indicates "An IPv6-capable host firewall must be registered with Windows Security Center (WSC) on the machine. In the absence of a host-based firewall, or WSC itself, the Teredo interface will not be available for use. This is the only requirement to receive solicited traffic from the Internet over the Teredo interface."

Well, it turns out in Win7 that when you have Windows Firewall turned off Teredo still works...so it seems to be a "bug" -- for want of a better term -- in Vista that you need to have Windows Firewall turned on for Teredo to work....

Hi,

I had the same problem with my two win 7 machines. I found a solution here (Or read revelant post below) and I also turned on widows firewall at the same time on both machines and it worked. I have since turned of windows firewall in case it causes conflicts with ZoneAlarm and it still works.

I know jack about these things but I can follow a set of instructions and make the changes but I wouldn't know the consequences of them. My question is could these changes cause other problems like allow back door access?

Based on my research, I would like to explain that IPv6 was depended on by the RNRP service. To troubleshoot the issue, let's refer to the following steps.

1. Temporarily disable Firewall and third party antivirus program on the computer for a test.

2. Verify relevant services

=========================

a. Click "Start", type "services.msc" (without quotation marks) in Search Bar and press Enter.

Note: If you are prompted for an administrator password or confirmation, type your password, or click Continue.

b. Right click the "Peer Networking Grouping" service and choose Properties.

c. Please check if the service is started; if not, please click the Start button and see if it works.

d. You may also choose Automatic next to Startup type.

e. Click OK.

f. Please repeat the above steps with another service: PNRP Machine Name Publication Service.

3. Modify IPv6 registry key to enable IPV6

==========================

a. Click Start, type regedit in Search Bar, and then click regedit in the Programs list.

Note: If you are prompted for an administrator password or confirmation, type your password or click Continue.

b. Locate and then click the following registry subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TCPIP6\Parameters

c. Check whether the "DisabledComponents" registry key exists. If so, let's move on the next steps.

d. Double click the "DisabledComponents" registry key and modify the value to 0.

(If the key doesn't exist, please create the key above and assign the value 0)

e. Exit Registry Editor, and then restart the computer.

For more information, we can refer to the link below:

How to disable certain Internet Protocol version 6 (IPv6) components in Windows Vista, Windows 7 and Windows Server 2008

ZA is completely buggy with Win 7/Vista and p2p applications, it's known.

Never had any problems with ZA and it didn't effect tis either.

It has a hard-earned bad reputation and we've seen it cause more troubles here than nearly anything else.

Thanks but ZA is not an issue for me at the moment. Can anyone help with my question "Could these changes cause other problems like allow back door access?"

No. And a firewall is just pointless. The only way you're gonna get exploited is if you're running something exploitable. And keeping things up to date does the job very well.

ZA's a horrible firewall and just breaks all kinds of stuff.