new pc can't access dotnet.microsoft.com ?ipv6
-
I have a weird problem that I have spent HOURS on chatgpt with multiple angles and scenarios.
I setup a new (used) gaming computer for video processing. Win11 Pro. It is connected to my LAN via Ethernet.
Initialy I had trouble authenticating and conneccting to microsoft in general and ultimately connected by using WiFi and my phone's hotspot.
After that the PC seems to perform properly.But one of the services that I need to install requiires visiting the web address dotnet.microsoft.com
This PC will not reach that address
nslookup gives DNS
but I cannot reach the address by multiple browsersChatGPT seems to think it has to do with ipv6 - I use a route64 ipv6 tunnel broker since my ISP does not provide ipv6
Any ideas on how to fix or troubleshoot?
-
@ahole4sure well it would typically be
Firewall rule
DNS
block by something else (ISP, server)
You can disable IPv6 and try, for instance Firefox has a setting to force a hostname to v4.
-
Would love to figure out what the problem is and be able to fix it!
I did finally find out that if I disable the ipv6 traffic in pfsense then all my microsoft problems go away - I can connect to the dotnet site
BUT it is has the trade off of my Scrypted app not using ipv6 and "failing " it's validation.I am using a route64 tunnel broker -- any thoughts on what I need to do within pfsense to get ipv6 fully working? So it won't cause microsoft to fail (it wouldn't be so bad but in the new PC I setup it even make connecting to office365 email sooo slow (and even authenticating windows was almost impossible)
-
@ahole4sure I can say that when I used an HE tunnel there were specific sites that blocked it.
️ -
So really the only reason I setup ipv6 ( used the tunnel broker because my Frontier fiber internet does not have ipv6) is for Scrypted
There is a system validation plugin that fails or notes that you don’t have ipv6 functioning. After the tunnel it passed validation wellHowever, had some weird networking issues that now only in retrospect I think were due to ipv6 problems. My son would come home from his college and not be able to reach certain websites on his MacBook. And strangely could not play Minecraft
Then I setup this new PC and it could get to the login server nor open dotnet.microsoft.com all because of IPv6Wonder if I should nix the IPv6 tunnel? Or just keep my pfsense blocking ipve6
Or its there any other alternatives that actually work properly for IPv6 on my Frontier fiber?If I nix IPv6 how do I shutdown IPv6 dhcp properly?
Thanks
-
@ahole4sure My interpretation was, the sites see Hurricane Electric as a VPN. I ran into some pretty specific things like "this content not available in your region" type of stuff like they blocked access from non-US IPs or whatever. Also I found HE was not that fast. Though of course it's free bandwidth so what should one expect.
You should be able to just disable IPv6 on LAN. May need to disable Router Advertisement or DHCPv6 first. The LAN devices may need a restart to clear out IPv6 IPs though that will drop off eventually.
-
@ahole4sure A Plan B exists.
Make a list with known sites that don't want you to use (your) IPv6. The issue is known for years and as already mentioned reasons above, some sites don't 'like' the he.net IPv6s
If you have pfBlockerng installed, go here :
Firewall > pfBlockerNG > DNSBL
First, be sure you use Python mode, not the unbound mode.
Next :
Check 'No AAAA', and fill in thelist with host names (site) that you do'nt want to visit using IPv6.
After all, before one of your devices connects to a site, it will resolve the destination host name first.
As most if not all devices prefer AAAA (IPv6) they will ask that first, and if needed, to fall back, the A record (IPv4).
If there is a AAAA (Ipv6) addresses, that's what gets used.
Now comes the trick : pfBlockerng does DNSBL, so it can block AAAA for listed sites.
You device will fall back to IPv4 - and all is well.In the past, Netflix was one of those sites : it didn't want you to use the he.net IPv6 networks.
Plan A would be of course :
Frontier fiber internet does not have ipv6
Break your commercial relations with this frontier ISP. If they ask for a reason, tell them.
