Closed nrarend closed 3 months ago
Greetings and welcome to our community! As this is the first issue you opened here, we wanted to share some useful infos with you:
Hey @nrarend, thanks for the report.
I've looked into this a couple times already, but haven't yet found the issue.
Can you send me all the details you have about the TCPIP error (Event ID 4199) you are seeing? Maybe it can shed some light on this.
Also, can you try if it works if you disable SPN?
Something else I just noticed here and in a similar issue - https://github.com/safing/portmaster/issues/1443
I see there is some other network firewall active. Do you maybe run "Dell NetWorker Data-Protection-Software"? (I am looking for the software that registers in the firewall as "NSR".)
I had the same problem, and the process was similar to the description above. There is no other protection software except simplewall and Windows defender.
log: 240229 12:46:13.579 olver-mdns:114 > WARN 001 intel(mdns): failed to create udp6 listen multicast socket: listen udp6 [ff02::fb]:5353: setsockopt: not supported by windows
240229 12:46:25.316 pat/module:108 > ERRO 003 compat: self-check #3: dns integration check failed: failed to receive test response: lookup a9b1a5bf0c3e12073a817d67b5c1bdccdb.self-check.portmaster.home.arpa.: no such host
240229 12:48:38.431 i/database:190 > WARN 005 api: websocket connection error with 127.0.0.1:59136: read tcp 127.0.0.1:817->127.0.0.1:59136: wsarecv: An existing connection was forcibly closed by the remote host.
240229 13:07:04.891 v/location:303 > WARN 007 netenv: failed to get IPv4 device location from traceroute: failed to send icmp packet: write ip4 0.0.0.0->1.1.1.1: wsasendto: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full.
I had the same problem, and the process was similar to the description above. There is no other protection software except simplewall and Windows defender.
log: 240229 12:46:13.579 olver-mdns:114 > WARN 001 intel(mdns): failed to create udp6 listen multicast socket: listen udp6 [ff02::fb]:5353: setsockopt: not supported by windows
240229 12:46:25.316 pat/module:108 > ERRO 003 compat: self-check #3: dns integration check failed: failed to receive test response: lookup a9b1a5bf0c3e12073a817d67b5c1bdccdb.self-check.portmaster.home.arpa.: no such host
240229 12:48:38.431 i/database:190 > WARN 005 api: websocket connection error with 127.0.0.1:59136: read tcp 127.0.0.1:817->127.0.0.1:59136: wsarecv: An existing connection was forcibly closed by the remote host.
240229 13:07:04.891 v/location:303 > WARN 007 netenv: failed to get IPv4 device location from traceroute: failed to send icmp packet: write ip4 0.0.0.0->1.1.1.1: wsasendto: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full.
The Windows Event Viewer has two events about the network: TCPIP warn (Event ID 4204) https://learn.microsoft.com/en-us/archive/technet-wiki/23982.event-id-4202-tcpip-network-interface-configuration TCPIP error (Event ID 4199) https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc727689(v=ws.10)
I had the same problem
How did you resolve it?
Can you tell me what the given parameters of the errors were? Do you have a DELL?
My computer is a DIY PC. I tried adding the following rule to Protmaster's rules. Testing the computer sleeping, shutting down and turning it back on didn't cause the problem, but due to my personal time constraints I've only done limited testing.
rule:
Thanks for testing, I will continue to look into this soon. Please report when you know if this solved the issue, or not.
This rule doesn't solve the problem. However, I found a problem in debugging that the link-local ipv6 address keeps changing while Portmaster is on, and the address doesn't change until I stop Portmaster.
Same problem for months, IPv6 is lost if any changes happen to the network and only returns if the adapter is restarted I don't use any firewall other than Windows Defender
Log Name: System Source: Tcpip Date: 03/16/2024 10:09:56 Event ID:4199 Task Category:None Level: Error Keywords:Classic User: N/A Computer: Cartman Description: The system has detected an address conflict between the IP address 2804:187c:8366:1400:5ff:621d:835a:523a and the system that has the network hardware address 00-00-00-00-00-00. As a result of this conflict, network operations on this system may be disrupted. Event XML:
After restarting the adapter and IPv6 works again
events log Log Name: Microsoft-Windows-Dhcpv6-Client/Admin Source: Microsoft-Windows-DHCPv6-Client Date: 03/16/2024 12:25:13 Event ID:1005 Task Category:Address Configuration State Event Level: Warning Key words: User: LOCAL SERVICE Computer: Cartman Description: The computer has detected that the Network Card IP address 2804:187c:8368:6900::2 with network address 0xA8A15914FDF5 is already being used on the network. The computer will automatically try to obtain a different address. Event XML:
This issue has been automatically marked as inactive because it has not had activity in the past two months.
If no further activity occurs, this issue will be automatically closed in one week in order to increase our focus on active topics.
This issue has been automatically closed because it has not had recent activity. Thank you for your contributions.
If the issue has not been resolved, you can find more information in our Wiki or continue the conversation on our Discord.
What happened?
IPv6 is blocked with Portmaster upon starting into Windows with Portmaster running. IPv6 is enabled in system network adapter and router. If I shut down the Portmaster service, restart the network adapter, and restart Portmaster service, IPv6 connections work fine. In Event Viewer, I can see the TCPIP error (Event ID 4199) about conflicting addresses with system having address of 00-00-00-00-00-00.
What did you expect to happen?
I expect IPc6 connections to work fine without any extra steps.
How did you reproduce it?
This happens almost every time I start into Windows. On the rare occasion, IPv6 connections seem to be allowed for a short period of time before being broken. Very rarely, the problem doesn't occur at all until rebooting the system again. It can also be reproduced if I restart the adapter while Portmaster service is running, even if IPv6 connections had been working before. The only truly reproduceable event involves getting IPv6 working by suspending the Portmaster service, restarting the network adapter, and restarting Portmaster. There seems to be rare exceptions to everything else.
Additional information
Debug-Info: https://support.safing.io/privatebin/?1ae7b9c7c2a989cd#3FNQkQ9MNSpXAqS4mkyk4Gbr5ZLuXH4Jpq9yvASyCzu2