Setting up an IPv6 tunnel (was: Re: static IP & DHCP problems on LAN)
Karl Auer
kauer at biplane.com.au
Tue Mar 12 13:39:48 UTC 2013
On Tue, 2013-03-12 at 11:53 +0000, Colin Law wrote:
> On 12 March 2013 11:31, Karl Auer <kauer at biplane.com.au> wrote:
> > Set up an IPv6 tunnel on your home server, set up another one on your
> > laptop, and it will be as if NAT had never existed. Don't forget to put
> > appropriate filters on the tunnel interfaces. Some tunnel providers even
> > put the tunnel endpoint address in the DNS for you - all of them give
> > you the same addresses every time, so you can put it in your own DNS or
> > just in your /etc/hosts file.
>
> Do you have a link to a guide on how to do this? Google showed a
> number of hits but none I saw addressed exactly how to do this.
Do you mean how to set up a tunnel, or how to edit /etc/hosts?
Assuming the first, there are two main ways. One way is to go to
Hurricane Electric (www.he.com) and get an account (free), then request
a tunnel. They will give you details of what to do at your end to set up
the tunnel. It's a bit geeky, but it works. BIG proviso, you if you are
behind NAT you have to be able to forward protocol 41 (that's Internet
protocol 41, not port 41!) through your routers. Told you it was
geeky ;-) And every time the outside address changes, you need to
rebuild the tunnel and tell the HE end of it what your new address is.
So to be honest, I don't see this as much good for the average home user
non-geek trapped behind NAT. And HE is not on all continents, so if you
are in Australia, like me, the flagfall latency of around 160ms can be a
bit wearing. Sixxs (www.sixxs.net) also does free tunnels, but they
request heaps of information and the process and tunnel setup seems
unduly complicated to me. But I haven't tried it and your mileage may
well vary.
The other way is to use a TSP client to build the tunnel for you. This
typically works through NAT without any difficulty at all, and requires
no port-forwarding. You arrange a tunnel account with a TSP-capable
provider. Freenet6 is one; or in Australia look at
www.ipv6now.com.au/try6.php. Then you install a TSP tunnel client - by
FAR the best known one is gogoc, from Gogo6, which very conveniently can
be installed using apt-get :-) Edit /etc/gogoc/gogoc.conf and put in the
correct broker name, username and password for your tunnel account and
possibly the correct authentication method (e.g. IPv6Now requires an
encrypted method) and restart the tunnel client. It will bring up the
tunnel and hold it up forever, unless you stop it. It will bring it up
automatically after a reboot, too. It's a great deal easier to do than
to describe.
The Freenet6 tunnels are free and prefixed (/48). IPv6Now charges for
prefixes, but their singleton tunnels (which put just one host on the
IPv6 Internet) are free, and you can set up as many as you like. If you
are in Australia and want a prefixed tunnel for free you could try the
AARNet broker (broker.aarnet.edu.au) but it is completely unsupported.
It's entirely possible to get seriously geeky with the gogoc client,
too, but that's for another time. let me know if you need to do this.
Once your tunnel is up, your host is directly addressable at its IPv6
address. Repeat the process on the laptop you carry around the world,
and wherever you have IPv4 access, the tunnel will come up
automagically, and you will enjoy direct communication with your home
server. So can anyone else who is IPv6-connected, so make sure you have
appropriate defences on any IPv6-reachable hosts. For Linux, look at
ip6tables or one of the friendlier firewall front-ends, like ufw.
Regards, K.
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)
http://www.biplane.com.au/kauer
http://www.biplane.com.au/blog
GPG fingerprint: B862 FB15 FE96 4961 BC62 1A40 6239 1208 9865 5F9A
Old fingerprint: AE1D 4868 6420 AD9A A698 5251 1699 7B78 4EEE 6017
More information about the ubuntu-users
mailing list