IPV6 Tunneling with FC9

Posted by Miguel Sarmiento Wed, 31 Dec 2008 21:31:00 GMT

I have been running an IPV6 tunnel from Freenet6 for about 3 years now on my Fedora box through my cable provider. Of course I do this because Comcast does not support IPV6 yet and I wanted to see what the fuzz was all about. So here it is my setup.

Get an ipv6 Account on Freenet6

Get a free IPV6 access from Freenet6. Register and obtain a username and password. The reason for registering is that you get an assignment out of the range /64. In my case I had 3 nodes plus some virtual servers I test stuff on thus I needed addresses for several servers just not one, of course a /64 is more that anyone will ever need.

Install Radvd

Enable IPV6 support on your servers.
Install radvd using Yum.
chkconfig radvd off
Configure radvd.conf with the prefix given to you by Freenet6, below is an example:

      	interface eth0
	{
	AdvSendAdvert on;
	prefix 2001:05c0:xxxx:::/64
	{
	AdvOnLink on;
	AdvAutonomous on;
	};
	};

Radvd will allow other IPV6 enabled servers on your network to automatically obtain an IPV6 address.

Install the Gateway6 client

Most distributions of Linux come with the tspc client strangely enough Fedora 9 does not.

Download the Gateway6 client, unpack it and follow the INSTALL instructions to install it.
Locate the gw6c.conf (it will be on the directory you chose to install the client).
Add or replace the following::

	userid=USERNAME-provided-by-freenet6
	passwd=PASSWORD-provided-by-freenet6
	if_prefix=interface-that-will-advertise-prefixes #(i.e. eth0)
	server=broker.freenet6.net
	host_type=router
	prefixlen=56 #It used to be /48
	log_file=3
	syslog_facility=USER
	log_filename=gw6c.log

You may want to set log_file=0 for no error logging after you get your tunnel working.

Create a startup script for the Client

Download the attached startup script. Change it to suit your needs in particular the name of the client configuration file and location of the binary. Named it start-ipv6-tunnel and make it executable.

Start the IPV6 Tunnel.

Start the tunnel: start-ipv6-tunnel start

Check the log file, if everything worked the tunnel should be up. If you encounter any errors check the configuration files first for anything obvious then the IPV6 forum.

Issue ip addr at a command prompt you should see a new interface sit1 that contains the IPV6 address (a /128) allocated to you. In addition if eth0 is the interface to dish prefixes it should contain your /64 prefix. Other servers in your network should now have an IPV6 address also.

To stop the tunnel just simply issue: start-ipv6-tunnel stop

Final Thoughts

You should have now a working IPV6 tunnel that allows you to connect to IPV6 enabled sites, www.ipv6.org for example. Of course browsing is not the end of the game, if you have Apache installed enabled IPV6 and voila you could access it via IPV6.

Apache and IE support IPV6 addressing, of course not many registrars out there support it thus you may need to host your own DNS sever for that which I do and also do not forget to firewall yourself which I also do. Remember that if you were running a firewall before it was only for IPV4, now you have opened access to your IPV6 network via the tunnel interface!

I guess my next posts will be on running an IPV6 DNS server and a simple IP6TABLES configuration to secure your network.

Enjoy!

Attached Files:

start-ipv6-tunnel.txt (1 KB)

Meta no trackbacks, no comments, permalink, rss, atom

Trackbacks

Use the following link to trackback from your own site:
http://blog.miguelsarmiento.com/trackbacks?article_id=6

Babaloo's Blog

Musings from beyond