Running ipv6 tunnel on windows 7 alongside local dns server

1

I am running an IPv6 tunnel via Hurricane Electric in Windows 7, which has been working fine for ages. My router does not support IPv6 at all natively.

I am also experimenting with running a local DNS server (I have installed dnsmasq on a Raspberry Pi, and confirmed it is working insofar as I can see my iPad uses it when I set the DNS server to the LAN IPv4 address of the Pi).

However, on the Windows 7 machine I can't reach the local DNS server because it always uses the IPv6 DNS servers (which are set to OpenDNS). Though the Pi can run IPv6 or indeed another tunnel, neither is going to help me I think because (a) the other end of the tunnel won't be able to see a local IPv6 address, (b) an external IPv6 address for the DNS server would get blocked by the router firewall (which I wouldn't want to open for this) and (c) that would defeat the point, as it would require going out and back via both tunnels so it's no longer local. Clearly I can't have an IPv6 conversation directly between Win7 and Pi as the router doesn't support this.

Is there a way to get Windows to fall back to the IPv4 DNS servers (and therefore the local one) if the IPv6 ones don't find an address? (I know I could set up a hardware solution using an alternate router running ipv6, but if I can I'd like to solve the problem without).

frankieandshadow

Posted 2015-03-01T18:16:34.470

Reputation: 113

... or to use the IPv4 DNS lookup first or instead on Windows (as you could by editing gai.conf in Debian I believe) – frankieandshadow – 2015-03-01T18:33:58.137

Answers

1

Clearly I can't have an IPv6 conversation directly between Win7 and Pi as the router doesn't support this.

You can.

I'm going to assume that you have one of those "home gateway" / "WiFi router" devices with multiple Ethernet ports, and that both your Win7 computer and the Rπ are connected to its "LAN" ports.

Such a "router" usually is a combined router + switch, with one Ethernet port assigned to the "WAN" side and all others to the "LAN" side. In this case, there is no IP-level routing when devices on the same LAN communicate; just Ethernet-level switching. There is routing only between LAN and WAN.

Therefore, your IPv4 router doesn't need to support IPv6 for all LAN devices to use it. Chances are, both your computers could reach each other just fine via IPv6 addresses on the same subnet.

For example, link-local fe80::… addresses would work, though they're annoying to use.

Unique-local addresses would also work – they're the rough equivalent of the widely known RFC 1918 addresses (the ones that start with 10. or 192.168.) Just choose a random ULA network prefix and configure addresses from it on both devices.

And if you do need IPv6 routing, it can be done by a different device. Since your IPv6 ISP is Hurricane Electric, you can turn either your Win7 PC or your Raspberry Pi – whichever one you configure as the tunnel endpoint – into a fully capable IPv6 router between your LAN and the HE tunnel, providing IPv6 connectivity to the entire LAN.

(I've done so on Windows XP Pro, in fact.)

You just need a /64-sized1 IPv6 address range to assign to your LAN. Hurricane Electric assigns one to each tunnel – look for "Routed /64" in the configuration page.

So, assuming your HE tunnel interface is called "he0", and your Ethernet card is called "Ethernet":

  1. Run netsh in an elevated Command Prompt.

  2. netsh> interface ipv6

  3. Enable the IPv6 routing features in Win7. You must enable packet forwarding on both the "WAN" (tunnel) and LAN interfaces, but router advertisement on the LAN interface only.

    set interface "Ethernet" forwarding=enable advertise=enable
set interface "he0" forwarding=enable

  4. Route your /64 network through your local Ethernet interface, and make sure to publish it:

    add route your-prefix/64 "Ethernet" publish=yes valid=1d preferred=1h

    (For example, add route 2001:470:1f0b:123::/64 …)

    The "publish" option means that Win7 will include this route in "Router Advertisement" packets it broadcasts to the LAN. Since it's a /64 prefix, other devices will automatically configure their own IP addresses for it.

    The "valid" and "preferred" timers aren't strictly required, they just tell all other devices to forget that IPv6 route if it hasn't been advertised for a day.

  5. Also publish the existing "default" ::/0 route:

    set route ::/0 "he0" publish=yes valid=1d preferred=1h

  6. By now, Win7 itself will have auto-configured an IPv6 address; check show addr in netsh.

  7. Connect to your Rπ and take a look at ip addr – you should see an IPv6 address there as well.

Of course you can do the same with the Rπ as well... in fact, you probably should do it on the Rπ instead. But this is growing already long as it is, so feel free to post a new question about how to make Linux act as an IPv6 router. (You'll need radvd.)

1 For autoconfiguration to work, it must be a /64 prefix. Which means, if you want to use your "routed /48" for the LAN, you can use add route prefix/48, but you must still choose a /64 subnet from it, and add a (second) route for it as well.

user1686

Posted 2015-03-01T18:16:34.470

Reputation: 283 655

That's great, thank you very much. I hadn't realised that the ethernet layer would deal with a local ipv6 network with a router that only understands ipv4. You're right, it's a Virgin Media superhub (which is a rebranded netgear domestic router/gateway/modem combined), except that there is a gigabit switch between it and the two machines in question.

I also answered my own question directly: if I remove both the ipv6 DNS servers referenced on the Windows machine (netsh interface ipv6 delete dns "..." all), it drops back to the IPv4 one so can access the dns server on the pi on ipv4. – frankieandshadow – 2015-03-02T12:56:01.777

By the way, is what you say of ethernet also true of wifi provided by the router box? – frankieandshadow – 2015-03-02T13:36:51.410

@frankieandshadow: Yes, such devices almost always bridge the WiFi AP to the same "LAN". (Note how both WiFi and Ethernet clients share the same IP network, e.g. 192.168.1.0/24; it's a good sign that both are part of the same bridge/switch with no routing in between.) – user1686 – 2015-03-02T15:18:48.017

Asked: 2015-03-01T18:16:34.470

Viewed: 446 times

Active: 2015-03-02T15:39:50.033