Differences between version 53 and predecessor to the previous major change of 6to4.
Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History
| Newer page: | version 53 | Last edited on Friday, May 13, 2005 2:09:12 pm | by SamHathaway | Revert |
| Older page: | version 49 | Last edited on Friday, January 14, 2005 2:55:27 am | by MartinKiselkov | Revert |
@@ -6,9 +6,9 @@
This gives you a /48 to play around with, great if you have to put up with [NAT], now all the boxes behind your firewall will have realworld [IPv6] addresses at no extra cost!
Why would you want to use 6to4 instead of [FreeNet] addresses? The major advantage is that 6to4 addresses will set up tunnels automagically to other 6to4 addresses. This means you don't have to be constrained to the 6bone routing which can be rather inefficient (especially from NewZealand). The advantage of using FreeNet addresses is that they are static even if your [IPv4] address is dynamic.
-If you exclusively use 6to4 addresses, then you can use the 192.88.99.1 AnyCast address to get onto the 6bone which is probably far more efficient than using a 6bone tunnel, as the AnyCast address is likely to be far closer to you than FreeNet. (In fact, in NewZealand this isn't true, the nearest AnyCast is in gemany
, and FreeNet is "only" in America)
+If you exclusively use 6to4 addresses, then you can use the 192.88.99.1 AnyCast address to get onto the 6bone which is probably far more efficient than using a 6bone tunnel, as the AnyCast address is likely to be far closer to you than FreeNet. (In fact, in NewZealand this isn't true, the nearest AnyCast is in Germany
, and FreeNet is "only" in America)
(If you're in Australia or NewZealand, you could try AARNET's endpoint, at 192.231.212.5. Sometimes the routing tables seem to direct 192.88.99.1 to this address, but more often than not they're broken at the moment).
!!!How does it work?
The idea is that you create an IPv6 tunnel, (in these examples we call it tun6to4) where you route all your 6to4 packets to. This tunnel has a "remote" of "any" which means that the kernel will figure out the remote point by looking at the 6to4 address, it will encapsulate the packet and send it to the IPv4 address embedded in the packet.
@@ -19,35 +19,41 @@
Packets that transverse your machine are normally __not__ deencapsulated. You need a tunnel with "remote any local any". sit0 exists and has these charactoristics, but it's not up. If you want packets to transverse your machine you should bring this tunnel up.
!!!Configuration Under Linux
-!How do I get a 6to4 addres
?
+!How do I get a 6to4 address
?
You don't need to 'get' one - if you have an IPv4 addresss (even a dynamic one) you can get a 6to4 address.
To figure out your 6to4 address based on your IPv4 address:
- printf "2002:%02x%02x:%02x%02x::1/16
\n" `echo $IPV4ADDR | tr . ' '`
+ printf "2002:%02x%02x:%02x%02x::1\n" `echo $IPV4ADDR | tr . ' '`
Where $IPV4ADDR is your IPv4 address. Eg, if your IPv4 address is 192.0.2.3, then:
- printf "2002:%02x%02x:%02x%02x::1/16
\n" `echo 192..2.23 | tr . ' '`
- 2002:c000:0217::1/16
-
+ printf "2002:%02x%02x:%02x%02x::1\n" `echo 192..2.23 | tr . ' '`
+ 2002:c000:0217::1
+The network should be "
/16".
There are two cases for setting this up under linux: if your IPv4 address is a static IP, or if its dynamic.
In either case you'll need to know what your 6to4 address is. The script mentioned above will help here.
-See http://www.be
.itu.edu.tr/LDP
/HOWTO/Linux+IPv6-HOWTO/configuring-ipv6to4-tunnels.html for more information.
+See http://www.tldp
.org
/HOWTO/Linux+IPv6-HOWTO/configuring-ipv6to4-tunnels.html for more information.
!!Static IP
Static IP is obviously preferable, as you can set up DNS properly for it. Thats another issue entirely however :)
The following commands should set up a 6to4 tunnel for you:
- ip tunnel add tun6to4 mode sit remote any local ''your-ipv4-address''
+ ip tunnel add tun6to4 mode sit remote any local __
''your-ipv4-address''__
ip link set dev tun6to4 mtu 1472 up
- ip -6 addr add ''your-6to4-address'' dev tun6to4
+ ip -6 addr add __
''your-6to4-address''__/16
dev tun6to4
-If you don't have the 6bone configured:
+So for our example IP above:
+
+ ip tunnel add tun6to4 mode sit remote any local 192..2.3
+ ip link set dev tun6to4 mtu 1472 up
+ ip -6 addr add 2002:c000:0217::1/16 dev tun6to4
+
+
If you don't have the 6bone configured, run the following two commands
:
ip -6 route add ::/96 dev tun6to4 metric 1 # This line is never mentioned anywhere, but it appears critical.
ip -6 route add 2000::/3 via ::192.88.99.1 dev tun6to4 metric 1
192.88.99.1 is an AnyCast address for places that provide connectivity to non-6to4 addresses to 6to4 hosts.
@@ -65,11 +71,11 @@
If you are using woody (stable) then you'll need a backport of ifupdown from testing/unstable; available from http://debian.zugschlus.de/zg/pool/main/ifupdown/ifupdown_0.6.4-4.5zg6_i386.deb
auto tun6to4
iface tun6to4 inet6 v4tunnel
- address ''your-6to4-address''
+ address __
''your-6to4-address''__
netmask 16
- endpoint any local ''your-ipv4-address''
+ endpoint any local __
''your-ipv4-address''__
up ip -6 route add ::/96 dev tun6to4 metric 1
up ip -6 route add 2000::/3 via ::192.88.99.1 dev tun6to4 metric 1
down ip -6 route flush dev tun6to4
mtu 1472
@@ -104,9 +110,9 @@
# You DO want this if this is your only connection to the IPv6 backbone
# You DO NOT want this if you have some other way of connecting to the IPv6 backbone (eg: Freenet6)
# ip -6 route add ::/96 dev tun6to4 metric 1 # This line seems necessary, but I've never
# found documented anywhere. Try without if you can.
- # ip -6 route add 2000::/3 via ::192.88.91
.1 dev tun6to4 metric 1
+ # ip -6 route add 2000::/3 via ::192.88.99
.1 dev tun6to4 metric 1
# Restart radvd (if you have it running)
killall -1 radvd
@@ -122,8 +128,19 @@
To start your 6to4 tunnel, run /etc/init.d/6to4 start, to stop it run /etc/init.d/6to4 stop. These should be run automatically whenever your ppp connection starts and stops.
If you don't use freenet6, then make sure that ONLYCONN in /etc/default/6to4 is set to 'yes' - this will enable a gateway route for non-6to4 addresses out via your 6to4 tunnel.
+
+!!Testing
+Use the __ping6__ program. (On Debian, you need to install the iputils-ping package to get the ipv6 version of ping).
+
+If this webserver (Hoiho) has its 6to4 set up correctly, you should be able to do:
+ $ ping6 2002:cb61:a32::1
+ PING 2002:cb61:a32::1(2002:cb61:a32::1) from ::1 : 56 data bytes
+ 64 bytes from 2002:cb61:a32::1: icmp_seq=1 ttl=64 time=0.203 ms
+ 64 bytes from 2002:cb61:a32::1: icmp_seq=2 ttl=64 time=0.077 ms
+ 64 bytes from 2002:cb61:a32::1: icmp_seq=3 ttl=64 time=0.080 ms
+
!!Using 6to4 addresses on your internal network
@@ -150,9 +167,9 @@
Base6to4Interface lo:1;
};
};
-You can ommit
any of the prefix stanza's you don't like.
+You can omit
any of the prefix stanza's you don't like.
In the config above the timers have been turned down in anticipation that you are advertising a 6to4 address generated from a dynamic IP on ppp0. Note that if you do this you __must__ turn down the retransmit time on the unsolicited announcements. In particular ensure that ''!MaxRtrAdvInterval'' and ''!AdvPreferredLifetime'' are less than ''!AdvValidLifetime''. If you don't understand why this is important then you can just go with what is shown above.
You also need at least one SIT tunnel with a "remote any local any". It doesn't need an ipv6 (or ipv4) address associated with it. This is used for transpanret deencapsulation of IPv6 packets that are forwarded to your internal network.
