<< December 2008 | Home | February 2009 >>

IPv6 tunnel endpoints

To my surprise I just discovered that Hurricane Electric is offering free IPv6 tunnels also in Hongkong.

Tags : ,

IPv6 day

Our Apple Time Capsule can be setup as an IPv6 router at the end of a tunnel. So I decided to scrap my OpenVPN solution to IPv6 connectivity in the office (just for my Mac) and set it up properly so that any host in the network behind the Time Capsule automatically picks it up.

We get our connectivity (2001:5c0:1102:a300::/56 for the technically inclined) through a tunnel from Freenet6 in Canada (unfortunately there was a run-in with Sixxs which would be closer to home when they insisted that I cannot use my Macao mobile phone number with the more reliable German snail mail address). The tunnel terminates on a Linux machine in Germany.

On this machine, create a sit device and redirect an entire /64 that way (nota bene: this entry for /etc/network/interfaces hasn't been tested through a reboot yet #-):

iface sit0 inet6 v4tunnel
        address 2001:5c0:1102:a300::2000:1
        netmask 128
        endpoint X.X.X.X
        ttl 64
        post-up route --inet6 add 2001:5c0:1102:a300::2001:1 dev sit0
        post-up route --inet6 add 2001:5c0:1102:a301::/64 dev sit0

Google about "IPv6 ttl" if you want to know why/if you also need to set the time-to-live. Manually, you can manipulate all this data with the ip route/tunnel commands.

You can see the two management addresses ::2000:1 and ::2001:1, the IPv4 endpoint address of my workplace (kind of) where this tunnel terminates, and the /64 that should we routed that way.

On the Time Capsule, set IPv6 Mode to "Tunnel", throw in the dual data for the tunnel — IPv4 address of the machine with the sit0 device above, remote and local IPv6 management addresses as above in inverse order, and the /64 that the Time Capsule should advertise: 2001:5c0:1102:a301::1/64 (LAN IPv6 Address/LAN Prefix Length). The trailing ::1 here is probably bogus, but I don't want to reconfigure the Time Capsule again; you can't ping it.

IPv6 autoconfig will use the ...:a301-prefix and the MAC address of your machine (which doesn't have to be a Mac) to compute a unique address. And voila: Charles and I now have working, slow IPv6. Even works like a charm although we are behind a NAT. Oh, and my wireless (even IPv4!) will seize up when tcpdumping "enough" IPv6 traffic on the Airport. It's slightly different from some strange phenomenon that I've been seeing with trafshow breaking Airport for ages.

Since our Time Capsule is used in the internal network, it seems it will only redistribute IPv6 on the wireless port, and not on the (bridged) WAN-port, which saves me some worries about the rest of the network, but doesn't help tying my Solaris 10 box in there either.

Wäre natürlich auch schöner gewesen, wenn unser Hoster es nicht so schwierig machen würde...

Tags : , ,