FreeNet6 provides people who have static IPv4 addresses with a convenient way to connect to the 6Bone , a worldwide IPv6-only network; by using an IPv6-over-IPv4 tunnel. My case is slightly different though – my computer is on a large 255.255.0.0 network, and I’m assigned a static 172.16.x.y address, and all my connections have to travel to and from the Internet via the gateway server, a computer running GNU/Linux and having a globally static IPv4 address.
My aim was to get a global, static IPv6 address which directly references my computer inside the LAN, and thus become a static member on the 6bone.
The below howto is what I wrote down while I set up the FreeNet6 tunnel. FreeNet6’s website does not explicitly mention a step-by-step procedure that a person in my situation should use – it just points the user to an old webpage that has the instructions for an old version of FreeNet6’s software. I have created this howto for their latest software version.
I hope it helps.
I connect to the Internet via a NAT. I have a private static IP address (say) 172.16.10.20, my gateway is (say) 172.16.0.1, and the gateway’s globally static IP address is (say) 22.214.171.124. I use galeon and connect to KAME . I see a turtle that isn’t swimming😦. In other words, the connection I made to KAME was IPv4-only.
I first made my own kernel. I couldn’t get make xconfig to work for the latest beta kernel at the time (2.5.53) (Reason: xconfig relies on QT in 2.5.x!) , so I used the latest stable kernel (2.4.20) instead.
To enable IPv6, I had to say yes to the first option in Code Maturity Level Options. The IPv6 protocol comes under the subheading “Networking Options”. I also had to choose a driver for my network card under “Network Device Support”. I also enabled iptables here.
In a few minutes, I had a new kernel image installed. Let me take this opportunity to plug for Debian GNU/Linux – it’s make-kpkg option is fantastic – creating a new kernel required just three commands::
make xconfig make-kpkg kernel_image –revision=xxx dpkg -i ../linux-2.4.20xxx.deb
Booting into the new kernel, I used the command:
ifconfig | grep inet6
to get the output as automagically assigned IPv6 addresses:
inet6 addr: fe80::200:21ff:feaa:bbcc/10 Scope:Link [eth0] inet6 addr: ::1/128 Scope:Host [lo]
You will notice that the inet6 address my eth0 has been assigned is a mangled 64-bit version of my 48-bit MAC address (00:00:21:AA:BB:CC). This has been done using an IETF specification for conversion of 48- to 64-bit MAC addresses, and then appending it to an fe80:: prefix.
I then proceeded to download the freenet6 Linux source
which was followed by the command:
tar -zxvf freenet6-0.9.7.tgz
The README file included asked me to run the lines:
make all target=linux make install target=linux installdir=$INSTALLDIR
I warn you that this may overwrite your /etc/radvd.conf – make a backup of it first.
I recommend $INSTALLDIR==/usr/local/tsp as the default tspc.conf that comes with the source, contains that as default (i.e. the line tsp_dir=/usr/local/tsp). In any case, I will assume it to be true for now.
I now had the freenet6 package ready. (Note: Debian users are advised that after an apt-get install freenet6, you may have to manually write your radvd.conf. In my case, I still don’t have a radvd.conf on my box.)
On recommendation from freenet6.net, I then visited this site
. It is an old page that talks about connecting to Freenet6 from behind a NAT (exactly my situation), and refers to a very old freenet6 package and old IPFilter rules.
The new freenet6 kit contains a configuration file (/usr/local/tsp/bin/tspc.conf) and an executable (/usr/local/tsp/bin/tspc).
In short, the page told me to modify /usr/local/tspc/bin/tspc.conf, and specifically change the following lines to the right values:
username=xxxxx passwd=yyyyy client_v4=<your gateway's public IPv4 address>
Both the username and password can be received from freenet6.net by filling a form there; you can also achieve anonymous logins by default.
I then ran:
/usr/local/tsp/bin/tspc -vf /usr/local/tsp/bin/tspc.conf
and got the output:
tspc - Tunnel Server Protocol Client Loading configuration file Connecting to server Send request Process response from server TSP_HOST_TYPE host TSP_TUNNEL_INTERFACE sit1 TSP_HOME_INTERFACE TSP_CLIENT_ADDRESS_IPV4 126.96.36.199 TSP_CLIENT_ADDRESS_IPV6 3ffe:abcd:0001:dcba:0000:0000:0000:0002 TSP_SERVER_ADDRESS_IPV4 188.8.131.52 TSP_SERVER_ADDRESS_IPV6 3ffe:abcd:0001:dcba:0000:0000:0000:0001 TSP_TUNNEL_PREFIXLEN 128 TSP_VERBOSE 1 TSP_HOME_DIR /usr/local/tsp --- Start of configuration script. --- Script: linux.sh sit1 setup Setting up link to 184.108.40.206 This host is: 3ffe:abcd:0001:dcba:0000:0000:0000:0002/128 Adding default route --- End of configuration script. --- Closing, exit status: 0 Exiting with return code : 0 (0 = no error)
which you should too, if everything goes well.
Note that the command:
suddenly showed a THIRD device: sit1 (the IPv4 tunnel for the locally generated and locally bound IPv6 packets). The rest of the steps are very easy. Here is the general idea:
eth0 has the v6 address fe80::200:21ff:feaa:bbcc sit1 is the tunnel connecting you to the glorious v6 Internet. The tunnel has the (permanently static! globally accessible! free!) address 3ffe:abcd:0001:dcba:0000:0000:0000:0002
Now all that is left is to route all outgoing packets from lo/eth0 to sit1, and all incoming packets from sit1 to lo/eth0. I used the tool ip6tables (a v6 version of iptables) to do this.
This was done with the commands:
sudo ip6tables -I OUTPUT -s fe80::200:21ff:feaa:bbcc -d 3ffe:abcd:1:dcba::2 sudo ip6tables -t filter -I INPUT -d fe80::200:21ff:feaa:bbcc -s 3ffe:abcd:1:dcba::2
for outgoing and incoming packets respectively.
- I ping6 http://www.kame.net.
- I access http://www.kame.net with an IPv6-enabled web browser. A dancing turtle is visible – IPv6 communication has occurred!
… and that’s it!
A simple sequel for dialup users. I don’t know if you are assigned globally static IP addresses during the course of you dialing up. If so, things become much simpler – no ip6tables is involved…. I think. If not, you just have to find your gateway’s IP address out, and use your local IP as the equivalent of 172.16.10.20, and do the whole process above. By my reckoning, it should work.
Try it out, and correct me if I am wrong.