No internet access and SPI router incompatibility

[Guest]

Does anyone have anymore information about the issue with Vista's
incompatibility with routers that utilise SPI protection?

I'm unable to disable SPI on my router (but then I'm led to believe that
this may still not fix it), so Vista is currently completely useless for me.
I'm not going to replace a 2 month old router, just so a new OS will work
with it, so while I appreciate this is still just a Beta, lets hope it gets
fixed for the final release.

For reference, I'm referring to the issue described in this article:
http://blogs.zdnet.com/Bott/?p=10.

Still, at least I can use Google sites, bizarrely!

 

[Zack Whittaker]

Hmmm... it does sound strange. If you can, try a direct modem connection
(without using your router) - there are plenty of "free" dialup, no
subscription internet services out there to dial up to local rate.

If you manage to connect and access all the sites - it then determines that
the router is the problem, and not any settings within Vista )

Clever eh? P

--
Zack Whittaker
» ZackNET Enterprises: www.zacknet.co.uk
» MSBlog on ResDev: www.msblog.org
» Vista Knowledge Base: www.vistabase.co.uk
» This mailing is provided "as is" with no warranties, and confers no
rights. All opinions expressed are those of myself unless stated so, and not
of my employer, best friend, Ghandi, my mother or my cat. Glad we cleared
that up!

--: Original message follows :--

 

[Guest]

I have a Linksys RV016 router and I had to turn the firewall off completely
(not just SPI) in order to get Vista to work.

If anyone knows of a better solution, I'm all ears.

 

[Guest]

I feel your pain. I recently bought a Linksys WRT54GX2 with SPI but I have a
slightly different manifestation of the problem. I can actually get to
several web pages just fine. Then, some web pages partially load but don't
load the picture (e.g. Microsoft.com), then some web pages don't load at all.
Windows Messenger will not sign in either. If I take the router out of the
loop and connect the Vista computer directly to the modem, all is well. If I
reconnect the router, all other computers on my home network work fine, but
Vista will not. If I disable the Spi Firewall - it still does not work
properly. I have tried disabling other settings in the router as well to no
avail. Anyway, I am eagerly awaiting a fix for this one as well. Thanks for
the input. -Philip

 

[Guest]

Same here i have a Linksys RV082 with newest firmware and 4 win xp pro rigs,
one win 2003 rc2, and 2 linux rigs all ok to browse... vista is a no-go. I
need to disable the firewall to allow vista to work, and I am not about to do
that based on microsoft's record on security so far. This is a major issue,
and I am unable to use vista if i cannot access the internet. A previous
beta I tried did not have this issue.

 

[Guest]

Thanks for the reply, and I have just tried to connect directly via a modem,
and sure enough it works directly. For reference, I'm using a Speedtouch
716WL ADSL router (with the latest firmware), and previous versions of Vista
worked (pre-Beta 2), XP works, Server 2003, etc.

I don't know what MS have changed in the TCP stack, that's causing this
problem, but I'm seeing the following types of errors in my firewall log when
accessing sites from Vista Beta 2:

Jun 12 11:12:36 FIREWALL fast tcp seqnr check (1 of 2): Protocol: TCP Src
ip: 206.24.172.30 Src port: 80 Dst ip: my.ip.address Dst port: 60433

Error Jun 12 11:10:12 FIREWALL fast tcp seqnr check (1 of 6): Protocol: TCP
Src ip: 206.24.172.30 Src port: 80 Dst ip: my.ip.address Dst port: 60433

Error Jun 12 11:08:57 FIREWALL fast tcp seqnr check (1 of 6): Protocol: TCP
Src ip: 206.24.172.62 Src port: 80 Dst ip: my.ip.address Dst port: 60425

Error Jun 12 11:07:24 FIREWALL fast tcp seqnr check (1 of 24): Protocol:
TCP Src ip: 206.24.172.62 Src port: 80 Dst ip: my.ip.address Dst port: 60425

It looks to me as though the SPI on the router doesn't believe that the
return packets are genuine and originated from the LAN, so it blocks them.

I'm not sure if MS are that aware of this issue, or if it's causing issues
so widely, but they need to be made aware.

 

[Barb Bowman]

This is a known issue. It will be fixed for RC1.

On Fri, 9 Jun 2006 06:06:02 -0700, Tim Spence <Tim

 

[Guest]

i also have a linksys rv016 router and had to completely disable the firewall
to be able to get outbound traffic working on my vista cpp beta 2 to work as
well.

 

[Reko Turja]

Hmmm... it does sound strange. If you can, try a direct modem
connection (without using your router) - there are plenty of "free"
dialup, no subscription internet services out there to dial up to
local rate.

If you manage to connect and access all the sites - it then
determines that the router is the problem, and not any settings
within Vista )

Clever eh? P

Not clever at all, as the problem in question seems to be somewhere in
Vista's IP stack and circumventing it just masks the real problem
underneath. Your method of cleverness is comparable of telling someone
to shoot themselves to get rid of the flu

I don't have a DSL router on my home network as I have RJ-45 ethernet,
but I do NATting and stateful firewalling using a FreeBSD box running
PF as the firewall. If I connect the machine running Vista into my LAN
it can ping and traceroute other machines quite well - so physical and
link layer of the IP stack are working, right?

DNS functionality works as well (I do have a caching name server in my
LAN though ) so everything should be working right up to
application layer. SecureCRT can connect just fine to any host in the
internet using FTP, SSH or SFTP as protocols behind the firewall. But
then comes the problem: IE (or Opera), Mail or messenger do not
connect to any host on the internet, even if the IP stack works
correctly up to application layer with other software.

If I connect the box running Vista directly to the net, the problem
goes away. So the problem seems to be that part of the network stack,
or some applications can't cope with stateful inspection of packets
and NAT - Then considering that almost every corporate network is
behind stateful NAT firewall these days, makes Vista a bit
problematic - of course the inability to connect to internet (or even
intranet in these circumstances) can be seen as added bonus by the
management

From the symptoms I'd think there's well meaning attempt to match the
packets in Vistas IP stack and trying to ascertain their legality in
there, and the stateful inspection isn't playing with it nicely, as it
tampers with the packet headers (and yes, it *should* tamper with
them. Sadly Vista's IP stack misses a checkbox where you could turn
that feature off (Actually I've read from somewhere - shame I can't
remember the exact reference, that this is a known bug and will be
corrected for RC1)

-Reko

 

[Guest]

It's not fixed as of Pre-RCI 5536

 

[B. K. Barley]

try this

To fix the TCP/IP issue try the following command in a command prompt.

netsh int tcp set global autotuninglevel=disabled

Thanks to tom in the general news group

 

[Guest]

I have tried this and this does not work for me.

try this

To fix the TCP/IP issue try the following command in a command prompt.

netsh int tcp set global autotuninglevel=disabled

Thanks to tom in the general news group

 

[Guest]

I had the same problem after installing rc1 5536.

I have a sonicwall firewall attached to my dsl modem.

I went in under "outbound access under "rules"

fragmented packets were not allowed but all my other computers had full
internet access and had always been set this way.

I changed this setting to "allow" fragmented packets and now my vista rc1
5536 can now surf freely.

 

[Guest]

This is still an issue with windows Vista RTM
using my Linksys RVo16 router, i must completely disable the Firewall on the
router for any connection to the internet.

has there been anymore fixes for this as of yet?

 

[Jane C]

Try this:
- Click start
- Type: cmd
- Right-click cmd.exe when it appears under Applications
- Click Run As Administrator
- Type the following: netsh int tcp set global autotuninglevel=disabled
- Press enter
- Restart your computer

 

[cody fawcett]

using that command has solved my problem. thank you very much.

do you by chance know what causes the issue? and how this command solves it?

thanks a ton