[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: IPv6 for machines behind NAT
Thank you very much for your kind responses.
* Gary Duzan (gary%duzan.org@localhost) wrote:
> I have two setups working. At home I use Hurricane Electric as
> a tunnel broker and configure my NAT router to forward all gif
> packets (proto 41) to one machine which acts as an IPv6 router and
> provides IPv6 autoconfig to my internal network. If ever my endpoint
> changes, HE has an scheme where a visit to a URL will update the
> tunnel config. This only requires a gif interface on the NetBSD
I have no access permission to the router.
On FreeBSD, I only use gateway6 (tspc) from freenet6.net.
It works very well without forwarding from the router.
> When on the road with no control over the network, I have used
> SiXXS as a tunnel broker with their aiccu (net/aiccu) software,
> which handles the NAT by tunneling using UDP. Seems to work fine,
> though I've had more trouble with SiXXS PoPs than HE's, so I stick
> to HE when possible for the reliability.
I shall have a look at net/aiccu and SiXXS.
It will be my solution, if I can do it without v6 forwarding from the router.
How often are servers down?
* Greg Troxel (gdt%ir.bbn.com@localhost) wrote:
> I have used aiccu with sixxs. As far as I can tell, the server half
> (for which aiccu is the client) is not open source or available.
There should be no problem as long as the client side is open source.
> NetBSD has no kernel support for UDP encap. Forwarding v6 to tun0 and
> writing a program to take the datagrams from /dev and put them in UDP
> would not be hard. (aiccu does this, I'm 99.9% sure)
I also have a patch for gateway6 (aka. net/tspc in NetBSD).
But updating pkgsrc each quarter requires patching everytime.
> That's basically right, but if you can set up your nat box to send v6
> direct to the netbsd box, you may be able to get things to work
> (similarly for a regular gif tunnel). Still, 6to4 is deprecated.
Yes it is deprecated.
> My biggest suggestion is to replace the NAT box with a small netbsd
> system, which can than do NAT for you and do v6 without nat. Failing
> that, you can set up NAT to send proto-41 to the netbsd system; the
> outer headers will get NATed but that should be ok.
As said I have no control over NAT box.
> It should be possible to get miredo to work. But you'll have to dig in
> with tcpdump and debuggers, and have a remote server. I haven't tried
> this, because I have a fixed tunnel for home, and aiccu/sixxs on a
> notebook for mobile use.
I don't know mechanism of miredo.
It is very difficult to find resources of miredo (teredo).
net/aiccu and SiXXS should be my solution.
Thank you very much.
"UNIX is basically a simple operating system,
but you have to be a genius to understand the simplicity."
-- Dennis M. Ritchie
Main Index |
Thread Index |