win7 VPN with ipv6 and error 800

Knowing that there are many situations that can develop where VPNs
simply will not work, here is my situation.

In brief: the VPN between 2 computers works fine with ipv4 addresses,
it does not work with ipv6 addresses although they are reachable.

In detail:
2 machines (both win7, vpn-server-side 64bit, client-side 32bit), each
machine uses a fritzbox as adsl-modem router, the machines are in 2
cities, both have dynamic ipv4 (with dyndns) and static ipv6+subnet
with sixxs tunnelbroker.

On the vpn-server-side, i created a "new incoming connection",
allowing ipv4 and ipv6 protocols.
On the client side, i created a new "connection to a workplace" (a vpn
client connection).

On the fritzbox of the vpn server, i created two port-forward rules,
allowing all incoming tcp und udp packets on port 1723to be forwarded
to the server, i.e. using the protocol 41.
On the ipv6 side, all machines connected to the fritzbox have their
proper ipv6 address that has no firewall, i.e. all packets on all
ports are forwarded.

On the vpn-client side, when i type in the ipv4 address of the vpn
server (using dynamic dns), all works.
When i type in the ipv6 address, the logon process takes a while and
then yields to error 800.

Does anyone know why? Is Windows7 vpn not working properly with ipv6
or soes someone know what i might be doing wrong, before examining the
long and weery event log.

greetings

Roland Schweiger

Hi, Roland.

"fritzbox"?

I know a dozen or two German words (not nearly enough to carry on a
conversation, written or verbal) but that's a new one for me. Could you
translate, please?

RC
--
R. C. White, CPA
San Marcos, TX

Microsoft Windows MVP (2002-2010)
Windows Live Mail 2011 (Build 15.4.3538.0513) in Win7 Ultimate x64 SP1


"Roland Schweiger" wrote in message news:jds6jg$ba4$...

Knowing that there are many situations that can develop where VPNs
simply will not work, here is my situation.

In brief: the VPN between 2 computers works fine with ipv4 addresses,
it does not work with ipv6 addresses although they are reachable.

In detail:
2 machines (both win7, vpn-server-side 64bit, client-side 32bit), each
machine uses a fritzbox as adsl-modem router, the machines are in 2
cities, both have dynamic ipv4 (with dyndns) and static ipv6+subnet
with sixxs tunnelbroker.

On the vpn-server-side, i created a "new incoming connection",
allowing ipv4 and ipv6 protocols.
On the client side, i created a new "connection to a workplace" (a vpn
client connection).

On the fritzbox of the vpn server, i created two port-forward rules,
allowing all incoming tcp und udp packets on port 1723to be forwarded
to the server, i.e. using the protocol 41.
On the ipv6 side, all machines connected to the fritzbox have their
proper ipv6 address that has no firewall, i.e. all packets on all
ports are forwarded.

On the vpn-client side, when i type in the ipv4 address of the vpn
server (using dynamic dns), all works.
When i type in the ipv6 address, the logon process takes a while and
then yields to error 800.

Does anyone know why? Is Windows7 vpn not working properly with ipv6
or soes someone know what i might be doing wrong, before examining the
long and weery event log.

greetings

Roland Schweiger

On 02/01/2012 15:23, R. C. White wrote:
> Hi, Roland.
>
> "fritzbox"?

http://www.fritzbox.eu/en/index.php

--

Jeff

Hi, Jeff.

Thanks! I never would have guessed that one. ;^}

RC
--
R. C. White, CPA
San Marcos, TX

Microsoft Windows MVP (2002-2010)
Windows Live Mail 2011 (Build 15.4.3538.0513) in Win7 Ultimate x64 SP1


"Jeff Layman" wrote in message news:jdsikn$3n9$...

On 02/01/2012 15:23, R. C. White wrote:
> Hi, Roland.
>
> "fritzbox"?

http://www.fritzbox.eu/en/index.php

--

Jeff

Roland Schweiger wrote:
> Knowing that there are many situations that can develop where VPNs simply will not
> work, here is my situation.
>
> In brief: the VPN between 2 computers works fine with ipv4 addresses, it does not
> work with ipv6 addresses although they are reachable.
>
> In detail:
> 2 machines (both win7, vpn-server-side 64bit, client-side 32bit), each machine uses a
> fritzbox as adsl-modem router, the machines are in 2 cities, both have dynamic ipv4
> (with dyndns) and static ipv6+subnet with sixxs tunnelbroker.
>
> On the vpn-server-side, i created a "new incoming connection", allowing ipv4 and ipv6
> protocols.
> On the client side, i created a new "connection to a workplace" (a vpn client
> connection).
>
> On the fritzbox of the vpn server, i created two port-forward rules, allowing all
> incoming tcp und udp packets on port 1723to be forwarded to the server, i.e. using
> the protocol 41.
> On the ipv6 side, all machines connected to the fritzbox have their proper ipv6
> address that has no firewall, i.e. all packets on all ports are forwarded.
>
> On the vpn-client side, when i type in the ipv4 address of the vpn server (using
> dynamic dns), all works.
> When i type in the ipv6 address, the logon process takes a while and then yields to
> error 800.
>
> Does anyone know why? Is Windows7 vpn not working properly with ipv6 or soes someone
> know what i might be doing wrong, before examining the long and weery event log.

Your port forwarding needs to be expanded (probably) to include
IKE: 50
NTP: 123
isakmp: 500
MSTSC (for remote desktop)
NAT-Traversal 4500
and maybe 10010 ...

"R. C. White"

>"fritzbox"?

Sorry. FritzBox is the brand name for a series of
ADSL-modem-router-devices made by German company AvM.
The model i use (FritzBox 7390) is a combination device of ADSL modem
+ router + accesspoint + DECT base-station.
The model is capable of handling native ipv4 and ipv6 addressing, or
as in my case, ipv6 is provided by the tunnel-broker SIXXS but the
FritzBox handles it as if it were native.
As Sixxs offers ipv6-subnets, any computer connected to the fritzbox
has its own proper ipv6 address that is reachable from outside.

greetings

Rolnd Schweiger

"meagain"

>
Your port forwarding needs to be expanded (probably) to include
IKE: 50
NTP: 123
isakmp: 500
MSTSC (for remote desktop)
NAT-Traversal 4500
and maybe 10010 ...
>


Hm. On the ipv4 side, the vpn works, and i only forwarded tcp/udp that
reach the adslmodemrouter incoming, to the vpn-server-machine.

On the ipv6 side however, i have no forwarding at all because the
vpn-server-machine has its own public ipv6 address that derives from
the ipv6 subnt that is provided by the sixxs tunnelbroker.
So i only told my fritzbox (the adsl modem router device) to
completely deactivate the "firewall" for ipv6, so the vpn machine is
reachable on all ports for all protocols.
It is also ping-able (i know that PING alone if it works, does not
mean that everything works).

greeting

Roland Scweiger

Hi, Roland.

Thank you. As I told Jeff, I never would have guessed that one.

RC
--
R. C. White, CPA
San Marcos, TX

Microsoft Windows MVP (2002-2010)
Windows Live Mail 2011 (Build 15.4.3538.0513) in Win7 Ultimate x64 SP1


"Roland Schweiger" wrote in message news:jdsr6j$ogf$...

"R. C. White"

>"fritzbox"?

Sorry. FritzBox is the brand name for a series of
ADSL-modem-router-devices made by German company AvM.
The model i use (FritzBox 7390) is a combination device of ADSL modem
+ router + accesspoint + DECT base-station.
The model is capable of handling native ipv4 and ipv6 addressing, or
as in my case, ipv6 is provided by the tunnel-broker SIXXS but the
FritzBox handles it as if it were native.
As Sixxs offers ipv6-subnets, any computer connected to the fritzbox
has its own proper ipv6 address that is reachable from outside.

greetings

Rolnd Schweiger

Roland Schweiger wrote:
> "meagain"
>
>>
> Your port forwarding needs to be expanded (probably) to include
> IKE: 50
> NTP: 123
> isakmp: 500
> MSTSC (for remote desktop)
> NAT-Traversal 4500
> and maybe 10010 ...
>>
>
>
> Hm. On the ipv4 side, the vpn works, and i only forwarded tcp/udp that reach the
> adslmodemrouter incoming, to the vpn-server-machine.
>
> On the ipv6 side however, i have no forwarding at all because the vpn-server-machine
> has its own public ipv6 address that derives from the ipv6 subnt that is provided by
> the sixxs tunnelbroker.

But the 'modemrouter' has to clone that 'IPV6 subnt' in order to present it to the
outside world, doesn't it?

> So i only told my fritzbox (the adsl modem router device) to completely deactivate
> the "firewall" for ipv6, so the vpn machine is reachable on all ports for all protocols.
> It is also ping-able (i know that PING alone if it works, does not mean that
> everything works).
>
> greeting
>
> Roland Scweiger
>

"meagain"
> On the ipv6 side however, i have no forwarding at all because the
> vpn-server-machine
> has its own public ipv6 address that derives from the ipv6 subnt
> that is provided by
> the sixxs tunnelbroker.
>
But the 'modemrouter' has to clone that 'IPV6 subnt' in order to
present it to the
outside world, doesn't it?
>


Well, i use the same principle to access the machine via remote
desktop protocol, on the client side i type in the ipv6 address of the
"server", this works,
so i assume(d) that vpn server should work just the same ... but
something is wrong however.

greetings

Roland Schweiger