Curious situation - not urgent, but I'd like to know more

Kurt Buff kurt.buff at gmail.com
Sat Mar 5 01:06:07 CET 2016 

Reviving an old thread, with a new twist.

I've currently got a similar problem with another user, but with two
differences:
     - The connection in this case is ATT, not Comcast
     - The machine this time is running Win8.1 and not Win7

What I've zeroed in on is two stanzas from ipconfig /all:

On my test machine (Also Win8.1), sitting outside of my corporate
firewall on a public IP address, I see the following:

Tunnel adapter 6TO4 Adapter:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2002:4332:7632::4332:7632(Preferred)
   Default Gateway . . . . . . . . . : 2002:4332:7626::4332:7626
   DHCPv6 IAID . . . . . . . . . . . : 268435456
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-45-38-94-00-26-2D-FA-9F-EF
   DNS Servers . . . . . . . . . . . : 8.8.8.8
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . :
2001:0:4332:7626:2803:8c2:bccd:89cd(Preferred)
   Link-local IPv6 Address . . . . . : fe80::2803:8c2:bccd:89cd%9(Preferred)
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 285212672
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-45-38-94-00-26-2D-FA-9F-EF
   NetBIOS over Tcpip. . . . . . . . : Disabled

On her machine, which is on a wireless connection at her home on ATT,
I see this:

Tunnel adapter 6TO4 Adapter:

   Connection-specific DNS Suffix  . : attlocal.net
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2002:100:69::100:69(Preferred)
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 553648128
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-CC-30-DE-34-E6-D7-13-7E-02
   DNS Servers . . . . . . . . . . . : 1.0.0.1
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes



She's able to get an IPv4 connection at her location using our SSL
VPN, and she states that when at her local coffee shop her
DirectAccess connection works, though I haven't been able to confirm
that yet.

I'm going to see next week if I can take a peek at her router/firewall
configuration and glean any clues from it, and also see if she's
willing to make a trip to the coffee shop to do some work with me from
there.

I'm not certain if prefix policies have anything to do with this
problem, as I'm not seeing the relevant IPv6 addresses for
DirectAccess anywhere in her ipoconfig output.

Any thoughts or comments would be appreciated.

Kurt

On Sat, Dec 19, 2015 at 1:37 PM, Kurt Buff <kurt.buff at gmail.com> wrote:
> All,
>
> I ran into an interesting situation some months ago which still
> baffles me, and though I was able to work around it, I expect it will
> happen again.
>
> We implemented MSFT DirectAcess at our company quite some time ago
> (using 2008R2 and Forefront 2010), and it works extremely well.
>
> At least it worked well for everyone until one of the employees got
> his Comcast connection upgraded, and then DirectAccess didn't work for
> that employee any more.
>
> We proved that if he tethered to his cell phone, that would work, and
> if he used an SSL VPN client while on his Comcast connect that would
> work, but DirectAccess would not work at home.
>
> Finally, I discovered that his Comcast-installed router was handing
> our IPv6 addresses on his home LAN. Turning that off enabled
> DirectAccess to work again.
>
> We do not have an assigned IPv6 block from our ISP, though of course
> MSFT OSes use it, and auto-assign themselves addresses, but for now
> we're ignoring it.
>
> Has anyone run into this problem and solved it - not by turning off
> iIPv6 address assignment for the home LAN, but really solved it? If
> so, how did you do that?
>
> Would getting and implementing an IPv6 assignment from our ISP cure
> the problem, or make it worse?
>
> I've found little guidance from MSFT about DirectAccess in an IPv6
> environment, though I admit I haven't been terribly diligent in my
> searches.
>
> Kurt

More information about the ipv6-ops mailing list