Community discussions

MikroTik App
 
pe1chl
Forum Guru
Forum Guru
Topic Author
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

IPv6 problems with Windows 10 machines

Thu Sep 29, 2022 4:32 pm

Maybe someone can chime in to share some experiences as I can't find what is wrong here...
We have several VLANs used on internal networks, each of them with a IPv6 /64 network configured with RA. RouterOS 6.49.6 on a CCR.
Many machines are connected to those networks and their IPv6 works just fine (Android, iPhone, Chromebook etc).
But now we are rolling out some Windows devices (stupid move, I know...) and I encounter difficulties with IPv6:
Just after boot I get IPv6 connectivity. Can ping IPv6 addresses internal and external to the company just fine.
There is one exception: I cannot ping the local router address on the network the Windows PC is connected to. But I can ping other addresses of the router.
However, when I leave the system at rest for only a couple of minutes, IPv6 connectivity dies. Cannot ping any address that was OK before.
At first it simply does not work anymore, but after waiting some more time I often see the default route (::/0) disappear from "route print".

What can be going on here? I have fiddled with the different times in /ipv6 nd but it has not changed a thing, and the time until it fails is nowhere
near any of those times. And it works perfectly on Linux/Android and BSD(Apple) devices!
 
pe1chl
Forum Guru
Forum Guru
Topic Author
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: IPv6 problems with Windows 10 machines

Thu Sep 29, 2022 6:09 pm

More research shows that it likely is a Windows firewall issue. Probably it is blocking ND.
The affected devices are deployed using Autopilot/Intune, as a test I installed a device from a plain Windows DVD image and it works OK...
So now the next task is to find what Intune setting is destroying IPv6...
 
pe1chl
Forum Guru
Forum Guru
Topic Author
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: IPv6 problems with Windows 10 machines

Fri Sep 30, 2022 4:00 pm

It for sure is a Windows firewall problem.
The Windows machine cannot perform ND on the local network, when the firewall has been set via INTUNE... even after resetting the firewall settings in INTUNE to defaults.
But with the default firewall as shipped with the Windows 10 DVD it works OK.
The route table has the fe80: address on the default route so it can route packets to other networks, but when a packet is sent to the 2001: local network address it is always unreachable.
(including the address of the router itself)
The Windows firewall settings are as clear as mud so it is difficult to find what is exactly responsible for this.
 
pe1chl
Forum Guru
Forum Guru
Topic Author
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: IPv6 problems with Windows 10 machines

Mon Oct 03, 2022 2:16 pm

Apparently in intune the insane behavior of "block all ICMP" (v4 and v6) is back again as a default...
It seems it has been fixed in the default Windows firewall but not in the ruleset that intune users (which cannot easily be displayed).
I have added a custom rule to allow ICMP (protocol 1) and ICMPv6 (protocol 58) and the issue is fixed.
Never let people without detailed protocol knowledge near a firewall configuration program that works using profiles and hides all details!
(we all know the trouble Steve Gibson has caused...)
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: IPv6 problems with Windows 10 machines

Mon Oct 03, 2022 8:07 pm

You know, safety. They should just provide scissors to cut the cable. :)

Who is online

Users browsing this forum: arebelo, baragoon, Bolendox, GoogleOther [Bot], jaclaz, maciejl and 83 guests