Archive

Archive for the ‘ipv6’ Category

EDPnet goes IPV6

april 5th, 2012 4 comments

So, about one year after the first announcement, The Belgian DSL provider EDPnet has started a test-group for native ipv6.

Their ipv6 does not work on the standard (by Belgacom issued) Sagem modems.
You will need to place a router behind the Sagem, which bridges PPPoE perfectly through.

I placed a Mikrotik RB1200 firmware version 5.12.

The IPV6 is enabled through DHCPv6 and you are given an /48 or /56 range, depending if you have static or dynamic ip contract.

I will post here how to have a basic setup to get ipv6 working on your MikroTik.

I assume you already have set up PPPoE. If you don’t know how to initially use the router, please read the documentation first.

The configuration example here is done over the MikroTik terminal.


/ipv6 dhcp-client
add disabled=no interface=pppoe-edpnet-v6 pool-name=DSL pool-prefix-length=48

The interface is the PPPoE interface you created to connect.
The pool-prefix-length is depending on what kind of contract you have, dynamic ip’s = 56, static = 48
Now for the lan-side:

/ipv6 address add from-pool=DSL interface=BR-LAN advertise=yes

The pool was defined in the DHCP-Client
the interface is the LAN interface you have.
advertise will make sure the devices on the lan get router advertisement, so they will obtain a IPV6 IP.
Now the firewall settings

/ipv6 firewall filter
add action=accept chain=input comment="Router - Allow IPv6 ICMP Traffic" disabled=no protocol=icmpv6
add action=accept chain=input comment="Router - Accept established connections" connection-state=established \
 disabled=no
add action=accept chain=input comment="Router - Accept related connections" connection-state=related disabled=\
 no
add action=drop chain=input comment="Router - Drop invalid connections" connection-state=invalid disabled=no
add action=accept chain=input comment="Router- UDP" disabled=no protocol=udp
add action=accept chain=input comment="Router - From our LAN" disabled=no in-interface=BR-LAN
add action=log chain=input comment="Router - Log everything else" disabled=no log-prefix="DROP IP6 INPUT"
add action=drop chain=input comment="Router - Drop everything else" disabled=no
add action=drop chain=forward comment="Lan - Drop invalid Connections" connection-state=invalid disabled=no
add action=accept chain=forward comment="Lan - Accept UDP" disabled=no protocol=udp
add action=accept chain=forward comment="LAN - Accept ICMPv6 " disabled=no protocol=icmpv6
add action=accept chain=forward comment="Lan - Accept established Connections" connection-state=established \
 disabled=no
add action=accept chain=forward comment="Lan - Accept related connections" connection-state=related disabled=\
 no
add action=accept chain=forward comment="Lan - From our Lan" disabled=no in-interface=BR-LAN
add action=log chain=forward comment="Lan - Log everything else" disabled=no log-prefix="Log IPv6"
add action=reject chain=forward comment="Lan - Drop everything else" connection-state=new disabled=no \
 in-interface=pppoe-edpnet-v6 reject-with=icmp-no-route

If more details are needed how to set up mikrotik for DSL, leave a comment, i’ll try to update this post then to help out.

Note this is an example and will not guarantee to work with everybody.

I’m not responsible if you fail miserably.

Categories: ipv6 Tags:

semi-native ipv6 on telenet line for linux

december 26th, 2010 2 comments

Deze post is in het engels omdat dit toch internationaal mag gelezen worden.

So a friend of my send me a little howto how to setup semi-native ipv6 on my internet connection to my cable provider (Telenet).
Although Telenet has Docsis 3, they haven’t yet implemented the native ipv6 support.

So, the solution Thomas gave me was quick, dirty, but it works!

We’ll setup an 6to4 tunnel.
Wait would you think, isn’t this another tutorial to install an tunnel-broker like siXXs?

NOPE!

You’ll have to generate an ipv6 ip adress based on your ipv4 ipadress with the 2002: prefix
This prefix defines it’s an 6to4 semi-native ip.

So this is the script to enable ipv6 on your machine (connected to direct wan connection, so to the modem, not an router)

I got some commands from Thomas how to get 2002 ip, the rest i wrote myself.

Note: wan side needs to be on eth0 for this script, you should be able to change the script if your connection is different.

#!/bin/bash

ipv4=$(ifconfig eth0 | grep inet | cut -d : -f 2 | cut -d \  -f 1)
id="1"
ipv6=$(printf "2002:%02x%02x:%02x%02x::$id\n" `echo $ipv4 | tr "." " "`)
ip tunnel add tun6to4 mode sit remote any local $ipv4
ip link set dev tun6to4 up
ip -6 addr add $ipv6/16 dev tun6to4
ip -6 route add 2000::/3 via ::192.88.99.1 dev tun6to4 metric 1

So, why the 192.88.99.1 ip?
This is the ip of 6TO4-RELAY-ANYCAST this means, any 6to4 provider in the neighborhood of the network of your provider can give you ipv6 connectivity.
So this ip is reserved by default for this functionality.

He also send me an config example for cisco routers + to have an subnet.
I did some tuning on it to make it work dynamically.

Note: Outside (WAN) is FastEthernet0/0, inside (LAN) is FastEthernet0/1 in this example.

ipv6 unicast-routing
ipv6 general-prefix 6TO4PREFIX 6to4 FastEthernet0/0
ipv6 cef

interface Tunnel6
 description 6TO4-TUNNEL
 no ip address
 no ip redirects
 ipv6 address 6TO4PREFIX ::0:0:0:0:1/128
 ipv6 enable
 ipv6 mtu 1472
 tunnel source FastEthernet0/0 tunnel mode ipv6ip 6to4

interface FastEthernet0/1
 ipv6 address 6TO4PREFIX ::1:0:0:0:1/64
 ipv6 nd ra-interval 10
 ipv6 nd ra-lifetime 180
 ipv6 nd prefix default 180 120
 ipv6 enable
ipv6 route 2002::/16 Tunnel6
ipv6 route ::/0 2002:C058:6301::

in this case 2002:C058:6301:: is the 6to4 relay anycast ip.

Some interesting links:

http://wiki.nil.com/IPv6_over_IPv4_tunneling (some help i found to optimize cisco script)
http://www.coris.org.uk/cgi-bin/ip6addr (ipv6 adress calculator)

UPDATE: I’ve seen a lot of video’s on youtube this week of conferences, google techtalks, etc and i’ve learned a lot.

http://www.youtube.com/watch?v=AmjlptEva4Y&feature=channel they state that this 6to4 tunneling method is not the best, cause of major latency issue’s non-correct routing etc.
With this in mind, i’ll recommend, if your provider doesn’t have native v6, the time is now to start bugging them, since ip’s will run out by february 2011 and they probably just have an reserve for about 6 month’s.

Extra note: i have router-advertised both sixxs and 6to4 on my lan, and since i added the 6to4, my mac refuses to prefer ipv6 to connect, so that is an other reason to get back to brockers or get native v6.

Categories: ipv6, linux Tags: , , , , , ,

SIXXS AICCU on Mac OS X

oktober 23rd, 2010 No comments

So i wanted to run sixxs IPV6 on my mac through aiccu but i had a lot of work making it work..
Therefor i post this on my blog to help people enjoy the ipv6  provided by in my case sixxs

Note: I posted this before on the sixxs forum

Download and install
http://tuntaposx.sourceforge.net/
pretty easy, is a package

i found a special build (sixxs staff should add this patch to there repo!(ps. 2nd part of patch is wrong/outdated, so DO NOT DO THAT))
the patch: https://fit.nokia.com/lars/software/aiccu.patch
the site i found it: https://fit.nokia.com/lars/appletv-ipv6-router.html
you also can download a build of the patched version from me (md5: 288b553550fc2cd30343766fac481c80)

If you want to be safe for backdores, you want to build it yourself, this is how:

From here if you want to patch yourself

Get XCode free from the macsite:

for the not programmers under us:
download the aiccu tar.gz from this site:
https://www.sixxs.net/tools/aiccu/
the source:
https://www.sixxs.net/archive/sixxs/aiccu/unix/aiccu_current.tar.gz

just unpack it by double clicking on the file
go to the folder: aiccu
go to the folder common
open the file: aiccu_darwin.c
go to line 32
under: /* Bring the interface up */
remove: aiccu_exec(
“ifconfig %s up”,
g_aiccu->ipv6_interface);

Add:char tun[256] = “/dev/”;
open(strcat(tun, g_aiccu->ipv6_interface), O_RDONLY);

save and close the file.

open a terminal (applications/some directory i don’t know the name in english/Terminal.app) or (via spotlight)

From here on, if you want to build

go to the map (DONT TYPE THE #):
# cd Downloads/aiccu
then compile it:
# make
you will get some warnings, they can be ignored..
now in the map unix-console there will be the aiccu binary.
copy this binary to a place you need it like /usr/sbin/
then you can run the aiccu from everywhere you want
——
Config:
MAKE SURE YOU CHANGE IPV6_INTERFACE TO tun0 ; that’s tun zero!!!
edit the outher info from the example config found on the site.

you can start from terminal
# sudo aiccu start aiccu.conf
from the directory where the config is, probably your homedir (that’s the dir where your terminal opens in)

your tunnel is working ^^

been 2 hours for me to find out..
in our language there is an saying: (de aanhouder wint!)
dno the decent translation right now 😉

i hope this works for you.. it did for me 😉

PS: you will need to restart you aiccu everytime you reboot your mac, don’t know the fix.. to lazy to find out right now 😉
if you just go to sleep, there is no problem, it will reconnect on wake-up.

Categories: ipv6, Mac Tags: , , , , ,