Penguin
Recent Changes
Annotated edit history of 6to4 version 62, including all changes. View license author blame.
Rev Author # Line
52 ToniMarsh 1 !!!What is 6to4
58 MattBrown 2 6to4 addressing is a type of [IPv6] address created by your IPv4 address. It allows you to set up tunnels over the [IPv4] Internet automatically.
52 ToniMarsh 3
4 The range for this is 2002:<first two bytes of an ipv4 address>:<second two bytes of an ipv4 address>::/16.
5
6 This gives you a /48 to play around with, great if you have to put up with [NAT], now all the boxes behind your firewall will have realworld [IPv6] addresses at no extra cost!
7
8 Why would you want to use 6to4 instead of [FreeNet] addresses? The major advantage is that 6to4 addresses will set up tunnels automagically to other 6to4 addresses. This means you don't have to be constrained to the 6bone routing which can be rather inefficient (especially from NewZealand). The advantage of using FreeNet addresses is that they are static even if your [IPv4] address is dynamic.
9
10 If you exclusively use 6to4 addresses, then you can use the 192.88.99.1 AnyCast address to get onto the 6bone which is probably far more efficient than using a 6bone tunnel, as the AnyCast address is likely to be far closer to you than FreeNet. (In fact, in NewZealand this isn't true, the nearest AnyCast is in Germany, and FreeNet is "only" in America)
11 (If you're in Australia or NewZealand, you could try AARNET's endpoint, at 192.231.212.5. Sometimes the routing tables seem to direct 192.88.99.1 to this address, but more often than not they're broken at the moment).
12
13 !!!How does it work?
14 The idea is that you create an IPv6 tunnel, (in these examples we call it tun6to4) where you route all your 6to4 packets to. This tunnel has a "remote" of "any" which means that the kernel will figure out the remote point by looking at the 6to4 address, it will encapsulate the packet and send it to the IPv4 address embedded in the packet.
15
16 Packets that arrive at your machine that are encapsulated arrive through that tunnel and are deencapsulated.
17
18 Apparently you need a 2002:ip:v4::1 address somewhere on your gateway, although I'm not sure why.
19
20 Packets that transverse your machine are normally __not__ deencapsulated. You need a tunnel with "remote any local any". sit0 exists and has these charactoristics, but it's not up. If you want packets to transverse your machine you should bring this tunnel up.
21
22 !!!Configuration Under Linux
23 !How do I get a 6to4 address?
24
25 You don't need to 'get' one - if you have an IPv4 addresss (even a dynamic one) you can get a 6to4 address.
26
27 To figure out your 6to4 address based on your IPv4 address:
57 NickClifford 28 <pre>
52 ToniMarsh 29 printf "2002:%02x%02x:%02x%02x::1\n" `echo $IPV4ADDR | tr . ' '`
57 NickClifford 30 </pre>
58 MattBrown 31 Where $IPV4ADDR is your IPv4 address. Eg, if your IPv4 address is 192.0.2.23, then:
57 NickClifford 32 <pre>
52 ToniMarsh 33 printf "2002:%02x%02x:%02x%02x::1\n" `echo 192.0.2.23 | tr . ' '`
34 2002:c000:0217::1
57 NickClifford 35 </pre>
52 ToniMarsh 36 The network should be "/16".
37
38 There are two cases for setting this up under linux: if your IPv4 address is a static IP, or if its dynamic.
39 In either case you'll need to know what your 6to4 address is. The script mentioned above will help here.
40
41 See http://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/configuring-ipv6to4-tunnels.html for more information.
42
43 !!Static IP
44
45 Static IP is obviously preferable, as you can set up DNS properly for it. Thats another issue entirely however :)
46 The following commands should set up a 6to4 tunnel for you:
57 NickClifford 47 <pre>
52 ToniMarsh 48 ip tunnel add tun6to4 mode sit remote any local __''your-ipv4-address''__
49 ip link set dev tun6to4 mtu 1472 up
50 ip -6 addr add __''your-6to4-address''__/16 dev tun6to4
57 NickClifford 51 </pre>
52 ToniMarsh 52 So for our example IP above:
57 NickClifford 53 <pre>
58 MattBrown 54 ip tunnel add tun6to4 mode sit remote any local 192.0.2.23
52 ToniMarsh 55 ip link set dev tun6to4 mtu 1472 up
56 ip -6 addr add 2002:c000:0217::1/16 dev tun6to4
57 NickClifford 57 </pre>
52 ToniMarsh 58 If you don't have the 6bone configured, run the following two commands:
57 NickClifford 59 <pre>
60 MattBrown 60 ip -6 route add ::/96 dev tun6to4 metric 1 # setup route for v4mapped IPv6 addresses via the tunnel device.
52 ToniMarsh 61 ip -6 route add 2000::/3 via ::192.88.99.1 dev tun6to4 metric 1
57 NickClifford 62 </pre>
52 ToniMarsh 63 192.88.99.1 is an AnyCast address for places that provide connectivity to non-6to4 addresses to 6to4 hosts.
64
65 To take the tunnel down again, run
57 NickClifford 66 <pre>
52 ToniMarsh 67 /sbin/ip -6 route flush dev tun6to4
68 /sbin/ip link set dev tun6to4 down
69 /sbin/ip tunnel del tun6to4
57 NickClifford 70 </pre>
52 ToniMarsh 71
72 !Static IP under Debian:
73
74 Add the following stanza to /etc/network/interfaces, making obvious substitutions. It should "just" work.
75
76 If you are using woody (stable) then you'll need a backport of ifupdown from testing/unstable; available from http://debian.zugschlus.de/zg/pool/main/ifupdown/ifupdown_0.6.4-4.5zg6_i386.deb
57 NickClifford 77 <pre>
52 ToniMarsh 78 auto tun6to4
79 iface tun6to4 inet6 v4tunnel
80 address __''your-6to4-address''__
81 netmask 16
82 endpoint any local __''your-ipv4-address''__
83 up ip -6 route add ::/96 dev tun6to4 metric 1
84 up ip -6 route add 2000::/3 via ::192.88.99.1 dev tun6to4 metric 1
85 down ip -6 route flush dev tun6to4
86 mtu 1472
87 ttl 255
57 NickClifford 88 </pre>
52 ToniMarsh 89 !!Dynamic IP
90
91 This is a bit of a hassle. You need to update your 6to4 configuration every time you change IP. If your dynamic IP address isn't terminated on your Linux box (that is, you have a DSL router or similar, which handles NAT and so on for you), this might be tricky.
92
93 The best way to do this is to put a script in /etc/ppp/ip-up.d/ or whatever is most appropriate for your system
94
95 An example ip-up.d script.
57 NickClifford 96 <pre>
52 ToniMarsh 97 #!/bin/bash
98 # Kill any existing tunnels
99 /sbin/ip -6 route flush dev tun6to4
100 /sbin/ip link set dev tun6to4 down
101 /sbin/ip tunnel del tun6to4
102
103 # Create the new tunnel
104 ip tunnel add tun6to4 mode sit remote any local $4
105 ip link set dev tun6to4 mtu 1472 up
106
107 # Route outgoing 6to4 addresses out via the tunnel
108 ip -6 route add 2002::/16 dev tun6to4
109
110 # Add an IPv6 address to eth0
111 ip -6 addr add $(printf "2002:%02x%02x:%02x%02x::1/64" $(echo $4 | tr '.' ' ')) dev eth0
112
113 # Uncomment the following lines if you want non 6to4 IPv6 addresses to be routed over
114 # the 6to4 anycast address
115 #
116 # You DO want this if this is your only connection to the IPv6 backbone
117 # You DO NOT want this if you have some other way of connecting to the IPv6 backbone (eg: Freenet6)
61 StephaneAlnet 118 # ip -6 route add ::/96 dev tun6to4 metric 1 # Obsolete "IPv4-compatible", See RFC4291 paragraph 2.5.5.1
62 StephaneAlnet 119 # ip -6 route add 0:0:0:0:0:ffff::/96 dev tun6to4 metric 1 # IPv4-mapped, see RFC4291 paragraph 2.5.5.2
53 SamHathaway 120 # ip -6 route add 2000::/3 via ::192.88.99.1 dev tun6to4 metric 1
52 ToniMarsh 121
122 # Restart radvd (if you have it running)
123 killall -1 radvd
57 NickClifford 124 </pre>
52 ToniMarsh 125
126 ! Dynamic IP under Debian
127
128 I have prepared a (hackish, I'll admit) init script for Debian.
129
130 * Copy [this init script|http://www.wlug.org.nz/archive/6to4/6to4.init] to /etc/init.d/6to4
131 * Read over it to make sure you understand it, and make note of any suggested changes that might work better for you
55 CraigBox 132 * Copy [this default config|http://www.wlug.org.nz/archive/6to4/6to4.default] to /etc/default/6to4 and then edit it appropriately. (Like using 192.88.99.1 as the default router as stated higher up.)
52 ToniMarsh 133 * Copy these [ip-up|http://www.wlug.org.nz/archive/6to4/ipv6-6to4-up] and [ip-down|http://www.wlug.org.nz/archive/6to4/ipv6-6to4-down] fragments to /etc/ppp/ip-up.d/ and /etc/ppp/ip-down.d/, respectively
134 * If you use freenet6 as well, you might want to make sure freenet drops on [ip-down|http://www.wlug.org.nz/archive/6to4/freenet6-down] as well. It doesn't do this by default, but I suspect it causes issues.
135
136 To start your 6to4 tunnel, run /etc/init.d/6to4 start, to stop it run /etc/init.d/6to4 stop. These should be run automatically whenever your ppp connection starts and stops.
137
138 If you don't use freenet6, then make sure that ONLYCONN in /etc/default/6to4 is set to 'yes' - this will enable a gateway route for non-6to4 addresses out via your 6to4 tunnel.
139
140 !!Testing
141 Use the __ping6__ program. (On Debian, you need to install the iputils-ping package to get the ipv6 version of ping).
142
58 MattBrown 143 The WLUG server has 6to4 set up, so you should be able to do:
57 NickClifford 144 <pre>
58 MattBrown 145 $ ping6 2002:3cea:4272::1
146 PING 2002:3cea:4272::1(2002:3cea:4272::1) 56 data bytes
147 64 bytes from 2002:3cea:4272::1: icmp_seq=1 ttl=53 time=0.203 ms
148 64 bytes from 2002:3cea:4272::1: icmp_seq=2 ttl=53 time=0.077 ms
149 64 bytes from 2002:3cea:4272::1: icmp_seq=3 ttl=53 time=0.080 ms
57 NickClifford 150 </pre>
52 ToniMarsh 151
152
153 !!Using 6to4 addresses on your internal network
154
155 First you need to configure radvd. Zebra is not recommended as it cannot handle dynamic 6to4 address advertising (as radvd can) and also has a bug where it will write out a configuration to it's file that is invalid and then die when it tries to reload it again.
156
157 Your config file should look something like:
57 NickClifford 158 <pre>
159 interface eth0
52 ToniMarsh 160 {
59 JohnMcPherson 161 ~AdvSendAdvert on;
52 ToniMarsh 162 prefix fec0::/64
163 {
164
165 };
166 prefix 3ffe:''your-freenet-allocation'':1::/64
167 {
168 };
169 prefix 0:0:0:0::/64
170 {
171 Base6to4Interface ppp0;
172
173 };
174 prefix 0:0:0:0::/64
175 {
176 Base6to4Interface lo:1;
177 };
178 };
57 NickClifford 179 </pre>
59 JohnMcPherson 180
52 ToniMarsh 181
182 You can omit any of the prefix stanza's you don't like.
59 JohnMcPherson 183 In the config above the timers have been turned down in anticipation that you are advertising a 6to4 address generated from a dynamic IP on ppp0. Note that if you do this you __must__ turn down the retransmit time on the unsolicited announcements. In particular ensure that ''~MaxRtrAdvInterval'' and ''~AdvPreferredLifetime'' are less than ''~AdvValidLifetime''. If you don't understand why this is important then you can just go with what is shown above.
52 ToniMarsh 184
185 You also need at least one SIT tunnel with a "remote any local any". It doesn't need an ipv6 (or ipv4) address associated with it. This is used for transpanret deencapsulation of IPv6 packets that are forwarded to your internal network.
186
187 If you've done all this, it should just work. In practise, it requires some tinkering.
188
189 !!!Other Notes
190
56 MattBrown 191 See also:
192 * RFC:3056 (Connection of IPv6 Domains via IPv4 Clouds)
193 * RFC:3068 (An Anycast Prefix for 6to4 Relay Routers)
194 * RFC:3964 (Security Considerations for 6to4)
52 ToniMarsh 195
196 For information about setting up 6to4 under FreeBSD see http://www.nevada.net.nz/~pmurray/6to4.html (someone feel free to import that if you want to comment about it)
197
198 For information about setting up windows see http://research.microsoft.com/msripv6/docs/6to4.htm
199
200 Instead of using the 6to4 anycast address, you can use one of the addresses listed on http://www.kfu.com/~nsayer/6to4/ (the aarnet relay is highly recommended)
201
202 An howto on how to get this working under Fedora Core 2 is available here: http://yyz.us/ipv6-fc2-howto.html
203
204 !!!Problems
205 !!I'm getting ~400ms pings to places
206 You're using a non-2002 space address as your source address so the return route is going via freenet and adding 350ms to your [RTT].
207 This seems to occur semi-randomly, and is probably to do with the order in which your machine obtains its 6to4 and freenet6 addresses.
208
209 !!I can ping via 6to4 fine, but I cant view webpages?
210 This almost definitely means you have an MTU issue. If you can ping to a site (such as hoiho.wlug.org.nz) and can get a small file via HTTP (eg,
211 GET /robots.txt HTTP/1.0) but not the main index page, then your MTU is wrong.
212 I'm pretty sure this can be fixed by making sure the MTU on tun6to4 is set to 1472 bytes. I tested this on my link at home, where I was seeing this, and it worked fine (after I changed hoiho's MTU as well)
213
214 !!I can ping to a 6to4 host fine, but I can't ping a native IPv6 speaker
215 This means you don't have a gateway for 6to4 to non-6to4 addresses set up. You need to add a route for one of the AnyCast gateways. Re-read the above notes on 6to4 to see which lines you missed.

PHP Warning

lib/blame.php:177: Warning: Invalid argument supplied for foreach() (...repeated 3 times)