After hours of figuring out how it works... some bugs and requests
Shadow Hawkins on Wednesday, 22 February 2012 16:02:52
Hello,
I have found 6 bugs and 2 requests which I would like to submit and discuss.
My configuration:
- Windows XP x32 SP2
- Virtual Machine (NAT Network Mode)
- SixXS tunnel with AYIYA mode
- Sitting behind NAT
At the beginning of the SixXS setup (attempt), I tried "tap32-driver" which did not work because I have not installed OpenVPN. I skipped that.
Bug 1: The BAT file does only work for English Windows XP systems, since "C:\Program Files\" is hardcoded. Please use %PROGRAMFILES% to support XP, too.
Then I took my hand over "tap-driver-32_64" and ran addtap.bat , which had success.
I initially ran aiccu-2006-07-23-windows-gui .
Request 1: Initially I had a weird error message "Application configuration wrong" which was really annoying. Reason was that .NET 2.0 and Windows Installer 3.0 were not installed. I think you should write those requirements somewhere good visible since Windows shows that stupid and non-informative error messages.
After I got AICCU running, logged in and selected the tunnel, I clicked "Enable". Nothing happened. I waited a few minutes to let IPv6 "boot", but nothing happened. The TAP adapter did not enable and nothing worked.
Bug 2: Why do you publish a GUI version of AICCU if it does not work??? Why isn't there any MESSAGE that indicates that something went wrong? Clicking the "Enable" buttons makes nothing and I lost several hours of searching the reason why IPv6 connectivity did not work...
I used the GUI version to save my configuration in aiccu.conf .
Then I ran the other tool "aiccu-2012-02-02-windows-console".
The output is the following (errors in German - I translated them below):
"OK.
Unknown configuration statement on line 35 of aiccu.conf: "behindnat"
Successfully retrieved tunnel information for T(XXXXX)
Error opening registry key: SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0000\ComponentId (t3)
Renaming adapter 'LAN-Verbindung 2' to 'aiccu' and using it
OK.
OK.
OK.
Der folgende Befehl wurde nicht gefunden: set interface aiccu mtu=1280.
OK.
OK.
OK.
Ungltige Syntax. Weitere Informationen finden Sie in der Hilfe des Befehls.
..........
..........
..........
..........
.........."
There are 4 errors in here:
Bug 3: Unknown configuration statement on line 35 of aiccu.conf: "behindnat", which was used by the GUI. If the CLI version does not support the configuration statement "behindnat", then please ignore it silently, since it was used in the GUI version.
Bug 4: "Error opening registry key: SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0000\ComponentId (t3)"
Bug 5: "Following command was not found: set interface aiccu mtu=1280."
Bug 6: "Invalid syntax". Alas, the tool did not show which command exactly has failed :-(((
After checking out http://test-ipv6.com/ , I finally found out that it finally works with the CLI version.
But the analysis showed me that my MTU is not correct (which was also showing up in the CLI error message resp. "Bug 5"). Additionally I found out that "ping6 ipv6.google.com" does not work and the connections to HTTP sites is VERY slow.
Workaround: Close CLI of AICCU, open the network card "aiccu" and manually set the MTU to 1280. Then rerun aiccu CLI.
Finally, I am happy. The connection is fast, "ping6" commands do work and test-ipv6.com says that everything is fine.
Still, I do not know if bugs 3, 4 and 6 are "severe". Something seems to be not OK, but it still works...
After all, I am happy that I can finally work with IPv6, but SixXS should really improve documentation. I spent HOURS of figure out how to set it up and because I always trusted the "GUI version", which is buggy, nothing worked. I spent hours to google for tutorials and nothing really worked.
Request 2: Also, this information is very misleading: http://www.sixxs.net/faq/connectivity/?faq=ossetup&os=windows . I tried it out, but it did not work either. I also do not know what "[Your IPv4 Endpoint]" means. Is that my private IP behind NAT? Is it my public dynamic IP from my ISP? Why do I need the netsh commands at all, if "aiccu CLI" does work without?
Probably you guys had more luck with setup... but I personally think SixXS is not "IPv6 beginner" friendly.
I would be glad to post an tutorial for SixXS on my blog, but please fix those bugs and tell me why the GUI version did not work.
Best regards
Daniel Marschall
After hours of figuring out how it works... some bugs and requests
Shadow Hawkins on Wednesday, 22 February 2012 16:03:55
Addendum to Bug 6. It is probably the command "set icmpsetting" which failed.
After hours of figuring out how it works... some bugs and requests
Jeroen Massar on Wednesday, 22 February 2012 16:42:19 - Windows XP x32 SP2
You are aware that Service Pack 3 is out already for a 4 years and that it includes a lot of IPv6 fixes next to all the security fixes that have been released since SP2 and even then, since SP3?
At the beginning of the SixXS setup (attempt), I tried "tap32-driver" which did not work because I have not installed OpenVPN. I skipped that.
One does not need OpenVPN, just the driver, which is made available from the page.
I initially ran aiccu-2006-07-23-windows-gui .
Why? You installed the v9 driver, which is not supported by that, as back then it did not exist, from the AICCU page:
For AYIYA support on Windows the Tun/Tap32 driver from the OpenVPN project is needed. AICCU upto 2006.07.23 only support the tap801 version of the driver. Newer AICCU support tap801, tap802 and tap901 Reason was that .NET 2.0 and Windows Installer 3.0 were not installed.
As the GUI edition is a MFC application it merely means that either one of those installers installs the relevant MFC libraries that are needed for running the tool. As 99% of XP users back then have that it is rather strange that your host did not.
After I got AICCU running, logged in and selected the tunnel, I clicked "Enable". Nothing happened. I waited a few minutes to let IPv6 "boot", but nothing happened. The TAP adapter did not enable and nothing worked.
That is because that driver is not supported as clearly stated on the AICCU page, see also above.
Bug 2: Why do you publish a GUI version of AICCU if it does not work???
The GUI edition works fine unless one uses the newer TAP driver, this is clearly stated on the page.
Bug 3: Unknown configuration statement on line 35 of aiccu.conf: "behindnat", which was used by the GUI. If the CLI version does not support the configuration statement "behindnat", then please ignore it silently, since it was used in the GUI version.
It is an invalid configuration statement, as such it reports that.
Bug 4: "Error opening registry key: SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0000\ComponentId (t3)"
This is a misconfiguration on your host. AICCU merely reports this indiscrepancy.
Bug 5: "Following command was not found: set interface aiccu mtu=1280."
That is strange, that command used to exist for sure. Maybe that is because you are using a 8 year old version of XP.
Bug 6: "Invalid syntax". Alas, the tool did not show which command exactly has failed :-(((
If, as indicated on the contact page and the AICCU page, you would enable verbosity you would see nearly everything that AICCU tries to do.
Workaround: Close CLI of AICCU, open the network card "aiccu" and manually set the MTU to 1280. Then rerun aiccu CLI.
Normally this would not have been needed as the MTU would have been configured properly. Updating your system to something from this decennia would be a good first step.
but SixXS should really improve documentation.
There is a wiki where people can add more details too if wanted, we also have a FAQ. For a lot of people that is already too much information. Thus what more documentation do you need?
Request 2: Also, this information is very misleading: http://www.sixxs.net/faq/connectivity/?faq=ossetup&os=windows .
It is not misleading, it details how to configure a Protocol-41 tunnel. For AYIYA you need to use AICCU, it says so on the first line of that text and even directly after that again with a nice big exclamation mark in front of it.
I also do not know what "[Your IPv4 Endpoint]" means.
It is the public IPv4 address that acts as "Your IPv4 endpoint".
Is that my private IP behind NAT?
If you are behind a NAT and are able to convince your NAT box to properly forward protocol-41 packets, then it would actually be your local IPv4 address.
Is it my public dynamic IP from my ISP?
If you where terminating the tunnel on your router, then yes, but as it is dynamic it would change a lot and thus a static tunnel is not made for that, that is why heartbeat and AYIYA exist.
Why do I need the netsh commands at all, if "aiccu CLI" does work without?
Because they are mutually exclusive, you either do it by hand or let AICCU do it for you. And effectively AICCU just calls those commands for static proto-41 tunnels.
Probably you guys had more luck with setup... but I personally think SixXS is not "IPv6 beginner" friendly.
We are aware that not everything is beginner friendly, but you do realize that you are talking about a new Internet Protocol here and just picking which tunneling protocol one should use is one thing that is tricky let alone configuring it properly. AICCU does a pretty good job at automating this already though and if we had time next to keeping this service up and running in our spare time to invest more time into it we would, but time is limited, we also need time to actually do real work which brings food on the table and keeps a roof over our heads.
I would be glad to post an tutorial for SixXS on my blog,
As it looks a lot like you are misunderstanding a lot of concepts and clearly omitted reading various clearly indicated things, I think that writing a tutorial would be a bad idea and would not help other people.
After hours of figuring out how it works... some bugs and requests
Shadow Hawkins on Wednesday, 22 February 2012 17:09:08
Hello,
You are aware that Service Pack 3 is out already for a 4 years and that it includes a lot of IPv6 fixes next to all the security fixes that have been released since SP2 and even then, since SP3?
That does not change anything in the problem. For my "real" system I use the up to date software with Windows Update enabled. For the VM, I have no important software installed, so I did not install everything up to date.
Which thus effectively excludes the GUI edition from being used.
Well, if nobody should use the GUI, then remove it from your website, please.
I was very confused about all the "TAP versions" and stuff and so I just picked the download where I hoped it would be easy. So I have chosen "GUI" since GUIs are often more easier than CLI versions. I was not aware that this was the main reason for most of the problems.
As 99% of XP users back then have that it is rather strange that your host did not.
That is not strange. I installed a VM to test software and to test out IPv6. It is not strange for a VM to have .NET framework not installed.
This is a misconfiguration on your host. AICCU merely reports this indiscrepancy.
Which misconfiguration? How to solve that? I did only run the software and installed everything which is necessary. The operating system is fresh installed. There is no misconfiguration, instead default behavior.
That is strange, that command used to exist for sure. Maybe that is because you are using a 8 year old version of XP.
I will install SP3 now and check if the MTU command and the other command (invalid syntax) does work then and come back to you.
Thus what more documentation do you need? It is not misleading, it details how to configure a Protocol-41 tunnel. For AYIYA you need to use AICCU, it says so on the first line of that text and even directly after that again with a nice big exclamation mark in front of it.
In my opinion, the whole information flood is misleading. I am not an expert in all those IPv6 stuff, AICCU, AYIYA etc and there are so many possibilities how to setup SixXS that it is hard to find out what you have to do. There should be a overview that shows "If you have ... then you need to do this howto ... . If you have ... then you need this howto ... . If you are running ... then you need to do that ... " etc. In short: There should be an tutorial "from the very beginning" where it is clearly described what you have to do if you are running any configuration.
There could be a road map for example:
If you are behind a NAT and running Windows, then do the following:
1. Request a tunnel with AYIYA
2. Download TAP 9..." and install it
3. Download AICCU Cli and run it
This is as easy as possible.
I think that writing a tutorial would be a bad idea and would not help other people.
At least I can try to summarize the steps "How to setup SixXS on Windows behind a NAT", since this applies to most users. I am not thinking about writing a tutorial for everyone's needs/configuration possibilites, since this is complex, of course.
Regards
Daniel Marschall
After hours of figuring out how it works... some bugs and requests
Shadow Hawkins on Wednesday, 22 February 2012 17:50:15
Update: I have installed Win XP SP3 and enabled verbosity and the errors are exactly the same...
1. Command "netsh set interface "aiccu" mtu=1288"
results in "Command not found" Please see http://www.colorconsole.de/cmd/de/Windows_XP/netsh/interface/ipv6/set/interface.htm for Windows XP syntax which is different from Windows Vista syntax-
2. "netsh firewall set icmpsetting aiccu enable all"
results in "Invalid syntax"
3. The "Error opening registry key" is still existing. I really wonder what is wrong with my fresh VM installation...
After hours of figuring out how it works... some bugs and requests
Shadow Hawkins on Wednesday, 29 February 2012 18:29:52
Hallo. Ich habe mal ein paar Bugfixes zusammengetragen. Habe gerade keine Lust mir den Quellcode anzuschauen oder etwas darin zu ndern. Da netsh bei jeder Win-Version eine andere Syntax hat, MUSS AICCU die Betriebssystemversion prfen und dementsprechend andere Befehle ausfhren. Beachten Sie auch die Unterschiede zw. Win2008 und Vista.
---------------------
(Bug 1) Bzgl mangelnder Internationalisierung
Bitte die hardgecodeten "C:\Program Files" in %PROGRAMFILES% bei den *.bat (TAP-Packages) ndern... Es schat sich nicht jeder die BAT-Datei im Editor an, bevor er sie ausfhrt.
Auerdem wre ein "pause." am Ende nicht schlecht damit man ggf Fehlermeldungen zu Gesicht bekommt.
---------------------
(Bug 2) Bzgl GUI-Inkompatibilitt:
Es ist wirklich sehr verwirrend dass die GUI nicht mit TAP 9.01 zusammenarbeitet. Auf der Seite sieht man deutlich, dass gleich oben sowohl GUI als auch CLI angeboten wird. Erst danach steht irgendetwas von 2006 und TAP 8. Sie weisen (bis auf den Dateinamen) den Nutzer nicht explizit darauf hin, dass es sich bei der GUI um eine uraltversion von 2006 handelt. Durch die Downloadauswahl "CLI oder GUI" suggestieren Sie dem Benutzer dass er die freie wahl hat und dass beide Versionen gleichwertig (und gleich NEU) sind.
Besser und viel einleuchtender wre folgende Auswahl:
Download AICCU for Windows:
- Command Line Edition [version 2012-02-..] (requires [TAP 9.01] driver)
- Graphical User Interface Edition [version 2006-..-..] (requires [TAP 8] driver)
Ecklige Klammern wren dann Links.
---------------------
(Bug 3) Bzgl unntiger Fehlermeldung "behindnat":
Da die alte GUI von 2006 eine Configfile schreibt die auch die neue CLI von 2012 liest, wre es ja bld, wenn ein weggefallener Wert zu einer Fehlermeldung fhrt. Das verwirrt nur. Eine Software soll - ausnahme verbose mode - nur so wenig Fehlermeldungen wie mglich ausgeben. Der Wegfall von "behindnat" fhrt nicht zu einer Fehlfunktion der Verbindung oder der Software. Wieso dem Nutzer daher eine Fehlermeldung prsentieren? Anders wre es, wenn der User einen ungltigen Befehl in die CONF eingetragen htte. Hier kann man ihn darauf hinweisen dass die Konfigurationseinstellung nicht anerkannt wird. Hier ist es aber so, dass es einmal (2006) ein gltiges Argument war und in der Zwischenzeit weggefallen ist.
Da der Wert in alten Versionen bekannt war, die Funktionalitt nicht einschrnkt und nicht mehr bentigt wird, empfehle ich diese Meldung nur im verbose Mode anzuzeigen.
---------------------
(Bug 4) Bzgl der (unntigen) Registry-Fehlermeldung:
Es scheint, dass das Networkinterface 0000 bei WinXP Out-Of-Box keine ComponentId hat. Ich mchte jetzt aber nicht meine VM nochmal neu installieren um das zu verifizieren.
Das Interface schaut bei mir (WinXP SP3) so aus:
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0000\Linkage]
"Export"=\Device\{54C7D140-09EF-11D1-B25A-F5FE627ED95E}
"Bind"=\Device\{54C7D140-09EF-11D1-B25A-F5FE627ED95E}
"UpperBind"=Tcpip
Der Fehler ist aber nicht nur bei mir so. Ich habe einige Screenshots von AICCU im Netz gefunden, wo man genau diese Fehlermeldung auch sieht.
Da dieser Registry-Wert nur bei einer SUCHE durch alle Netzwerkadapter erscheint und keinen endgltigen oder fatalen Fehler darstellt, empfehle ich diese Meldung nur im verbose Mode anzuzeigen.
---------------------
(Bug 5) Bug bzgl der falschen MTU-Syntax:
Ich schtze diesen Bug als kritisch ein, da die Syntax weder auf WinXP, noch auf Vista, noch auf Win7 funktioniert und ohne die manuelle Einrichtung der MTU ist die IPv6-Verbindung ein Fall fr die Tonne, wie oben beschrieben...
VON AICCU VERWENDET UND IN WINXP und WIN7 FALSCH:
netsh set interface "aiccu" mtu=1280
-- bei welcher Windows-Version hat diese Syntax bei Ihnen funktioniert?
RICHTIG FR WINDOWS 2000:
Die Syntax msste die selbe sein wie fr WinXP. (werde ich spter nochmal prfen)
RICHTIG FR WINDOWS XP:
netsh bietet scheinbar keine Funktionalitt. Es muss ein Registry-Schlssel bearbeitet werden...
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0008
wobei "0008" in meinem Falle der Schlssel mit ComponentId=tap0901 ist.
Wert MTU=1280
RICHTIG FR WINDOWS VISTA/7:
netsh interface ipv4 set subinterface interface=aiccu mtu=1280 store=persistent
bzw.
netsh interface ipv6 set subinterface interface=aiccu mtu=1280 store=persistent
---------------------
(Bug 6) Bug bzgl der falschen ICMPSetting-Syntax:
AKTUELL VON AICCU GENUTZT - sowohl in WinXP als auch in Win7 FALSCH.
netsh firewall set icmpsetting aiccu enable all
-- bei welcher Windows-Version hat diese Syntax bei Ihnen funktioniert?
RICHTIG FR WINDOWS 2000:
Die Syntax msste die selbe sein wie fr WinXP. (werde ich spter nochmal prfen)
RICHTIGE SYNTAX FR WINDOWS XP ( Syntax: http://www.colorconsole.de/cmd/en/Windows_XP/netsh/firewall/set/icmpsetting.htm ):
netsh firewall set icmpsetting type=ALL mode=enable interface=aiccu
RICHTIGE SYNTAX FR WINDOWS VISTA ( Syntax: http://www.colorconsole.de/cmd/en/Windows_Vista/netsh/firewall/set/icmpsetting.htm ):
netsh firewall set icmpsetting type=ALL mode=enable
=> ACHTUNG! "interface=" existiert ab Windows Vista nicht mehr. Daher gilt die ICMPSetting dann fr alle Interfaces. Es ist mglicherweise nicht gut dass AICCU dann die globalen Firewallrichtlinien verndert.
RICHTIGE SYNTAX FR WINDOWS 7:
Die Syntax von WinVista geht zwar noch, wird aber nicht mehr empfohlen, da "set icmpsetting" deprecated ist.
Ab Win7 soll "advfirewall" verwendet werden:
netsh advfirewall firewall add rule name=All ICMP V4 protocol=icmpv4:any,any dir=in action=allow
Hier bin ich mir nicht sicher ob icmpv4 oder icmpv6 verwendet werden soll. Laut http://support.microsoft.com/kb/947709/en-us ist dieser Befehl das quivalent zu dem vorherigen
netsh firewall set icmpsetting type=ALL mode=enable
---------------------
Wenn Sie fragen bzgl Kompatibilitt fr Win2000 oder WinXP haben, stehe ich zur Verfgung. Ich habe hier gengend vMs und alte Computer, da ich bei meiner Software sehr auf Abwrtskompatibilitt achte.
Posting is only allowed when you are logged in. |