Re: IPv6 for machines behind NAT

[Pongthep Kulkrisada <ptkrisada%gmail.com@localhost>]

Thank you very much for your kind responses.

* Gary Duzan (gary%duzan.org@localhost) wrote:
>    I have two setups working. At home I use Hurricane Electric as
> a tunnel broker and configure my NAT router to forward all gif
> packets (proto 41) to one machine which acts as an IPv6 router and
> provides IPv6 autoconfig to my internal network. If ever my endpoint
> changes, HE has an scheme where a visit to a URL will update the
> tunnel config.  This only requires a gif interface on the NetBSD
> end.
I have no access permission to the router.
On FreeBSD, I only use gateway6 (tspc) from freenet6.net.
It works very well without forwarding from the router.

>    When on the road with no control over the network, I have used
> SiXXS as a tunnel broker with their aiccu (net/aiccu) software,
> which handles the NAT by tunneling using UDP. Seems to work fine,
> though I've had more trouble with SiXXS PoPs than HE's, so I stick
> to HE when possible for the reliability.
I shall have a look at net/aiccu and SiXXS.
It will be my solution, if I can do it without v6 forwarding from the router.
How often are servers down?

* Greg Troxel (gdt%ir.bbn.com@localhost) wrote:
> I have used aiccu with sixxs.  As far as I can tell, the server half
> (for which aiccu is the client) is not open source or available.
There should be no problem as long as the client side is open source.

> NetBSD has no kernel support for UDP encap.  Forwarding v6 to tun0 and
> writing a program to take the datagrams from /dev and put them in UDP
> would not be hard.   (aiccu does this, I'm 99.9% sure)
I also have a patch for gateway6 (aka. net/tspc in NetBSD).
But updating pkgsrc each quarter requires patching everytime.

> That's basically right, but if you can set up your nat box to send v6
> direct to the netbsd box, you may be able to get things to work
> (similarly for a regular gif tunnel).  Still, 6to4 is deprecated.
Yes it is deprecated.

> My biggest suggestion is to replace the NAT box with a small netbsd
> system, which can than do NAT for you and do v6 without nat.  Failing
> that, you can set up NAT to send proto-41 to the netbsd system; the
> outer headers will get NATed but that should be ok.
As said I have no control over NAT box.

> It should be possible to get miredo to work.  But you'll have to dig in
> with tcpdump and debuggers, and have a remote server.  I haven't tried
> this, because I have a fixed tunnel for home, and aiccu/sixxs on a
> notebook for mobile use.
I don't know mechanism of miredo.
It is very difficult to find resources of miredo (teredo).

net/aiccu and SiXXS should be my solution.
Thank you very much.

-- 
Pongthep Kulkrisada
 
"UNIX is basically a simple operating system,
but you have to be a genius to understand the simplicity."
-- Dennis M. Ritchie