WIndows Updates Fail Via IPv6
bjorn at mork.no
Tue Nov 13 11:40:37 UTC 2018
John Von Essen <john at essenz.com> writes:
> I recently go a Linksys home wifi router, by default it enables ipv6
> on the LAN. If there is no native IPv6 on the WAN side (which is my
> case since FiOS doesnt do v6 yet) the Linksys defaults to a v6 tunnel.
Could this be a 6RD tunnel requested by your ISP using DHCP with
OPTION_6RD? Ref RFC5969
Setting up any tunnel to some pre-configured endpoint by default does
not sound like a good idea.... But DHCP on the WAN side is "trusted",
so configuring a DHCP requested tunnel by default is reasonable.
> For the first few weeks of using the router, I had no idea alot of my
> traffic was going out via the v6 tunnel.
> Then I started getting random reachability and availability
> issues. Google would not load, but Bing and Yahoo would, and so on. I
> thought it was a FiOS issue, but after digging, I discovered the v6
> tunnel, disabled it and all my issues went away.
> I dont know what Linksys uses for the v6 tunnel because its buried in
> the firmware, but any tunnel service is vulnerable to a variety of
> issues that could effect access. Its odd that it always effects
> Windows update all the time, but who knows.
It would be great to have more details about this default tunnel setup.
Can't you sniff the traffic?
Anyway: Thanks for yet another argument for native dual-stack.
Avoiding such unwanted tunnels is really simple:
If you're an ISP:
Offer native dual-stack to your Internet access customers.
If you're an Internet access customer:
Request native dual-stack from your ISP
More information about the NANOG