FreeBSD-IPv6-Hartbeat
From SixXS Wiki
This page describes the way I enabled IPv6 on my FreeBSD 7.2 router/server that is on an ISP connection with DHCP
If your ISP does not provide you with an IPv6 connection then you'll need an IPv6 tunnel broker
Contents |
Get an IPv6 tunnel
Apply for a tunnel e.g. at SixXS, in my case a Hartbeat tunnel
- If you have a static IPv4 address, use a static tunnel
- If you have a dynamic IPv4 address, use a Hartbeat tunnel
- If you need to go outside using NAT, use an AYIYA tunnel
The request is a 2 phase approach, both steps take hours to one week max for SixXS to process
- Request an account
- Request a tunnel
The Tunnel has some information you'll need later in the configuration
Tunnel Name My First Tunnel PoP Name xxyyy01 PoP Location City, Country PoP IPv4 <PoP-IPv4> Your Location City, Country Your IPv4 Heartbeat, currently <My-Public-IPv4> IPv6 Prefix <My-IPv6>/64 PoP IPv6 <PoP-IPv6> Your IPv6 <My-IPv6> Created 2009-07-01 01:23:45 DST Last Alive 2009-07-17 18:17:05 DST State Heartbeat (automatically enabled on the fly)
Set up your FreeBSD system
Make sure your kernel is IPv6 enabled, you can see that by checking for the line
OPTIONS INET6
in your kernel configuration (or in GENERIC if you use the kernel from the distribution) and make sure it is enabled in your /etc/rc.conf
ipv6_enable="YES"
Create the Tunnel Interface
Create a gif tunnel interface
ifconfig gif0 create
and don't forget to add it to your /etc/rc.conf
gif_interfaces="gif0"
Guess you could name it ipv6 if you'd like to :D
Set up your firewall
Explained here for using ipfw, modify to suit your needs in the firewall of your choice.
This is a very minimalistic config, you'll need to treat gif0 like any other external interface!
Allow IPv6 traffic internally
00006 allow ip6 from any to any via gif0
Allow traffic from and to the PoP IPv4 (the IPv4 is in the tunnel detail page, see example in #Get an IPv6 tunnel
00010 allow ip4 from <PoP-IPv4> to me 00010 allow ip4 from me to <PoP-IPv4>
Configure AICCU
For a Hartbeat tunnel you need to use AICCU to configure your tunnel. If you're not using SixXS then you may not be able to use AICCU but may need to use TSP which is not described here.
For a static tunnel, follow the documentation from SixXS
install the net/sixxs-aiccu port Edit /usr/local/etc/aiccu.conf
Only info I have in aiccu.conf is
username <username> password <password> protocol tic server tic.sixxs.net ipv6_interface gif0 verbose false daemonize true automatic true requiretls false
Test aiccu using the command
sixxs-aiccu test <configfile>
NB testing aiccu will modify gif0, so you need to restart aiccu after testing!
For me the ipv4 traceroute test fails, but that's not a problem.
If all is well, all 10 tests will be OK, so enable sixxs in /etc/rc.conf.local
sixxs_aiccu_enable="YES"
and start aiccu using
/usr/local/etc/rc.d/sixxs-aiccu start
AICCU will now configure your gif0 interface, check the resulting configuration using
ifconfig gif0
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1280
tunnel inet <my-external-ipv4> --> <PoP's-ipv4>
inet6 <my-assigned-ipv6> prefixlen 64
