Apple Airport

From SixXS Wiki
Revision as of 14:39, 16 December 2011 by MJT1-SIXXS (Talk | contribs)

Jump to: navigation, search

Below are two methods for configuring the Airport Aiport to connect to use IPv6. Note that only the Airports supporting 802.11N have support for IPv6.

Automatic Tunnel

The simplest approach to getting IPv6 connectivity with the Apple Airport is simply to use the automatic setting. To do this open 'Advanced -> IPv6' and then set IPv6 mode to 'tunnel' and configure IPv6 to 'automatically'.

Optionally check 'block incoming Ipv6 connections' and then configure the exceptions in the IPv6 Firewall tab.

SixXS Tunnel

The instructions in this section are based on a forum posting, and document how to configure the Apple Airport so that it can connect to Sixxs and have a pingable IPv6 tunnel established. The local LAN gets RA. LAN clients get IPv6 connectivity.

The first thing to do is ensure that the Sixxs.net tunnel setting (via your home page) is set to "6in4-static", since this is the only option supported by the Airport at this time. This will require you having a static IPv4 address.

One caveat: With Airport firmware >= 7.5.0 you have to 'fix' your IPv4 address. With your Internet connection configured with IPv4 on DHCP, you will be able to enter all information for IPv6 as listed, but nothing will work.

The IPV6 settings are as follows:

(thumbnail)
IPv6 configuration pane
(thumbnail)
IPv6 Firewall Setup Assistant
          IPv6 Mode: Tunnel
(checked) Block incoming IPv6 Connections (i.e. run IPv6 Firewall)
     Configure IPv6: Manually
Remote IPv4 Address: PoP IPv4
   WAN IPv6 Address: Your IPv6
IPv6 Defatult Route: PoP IPv6
   LAN IPv6 Address: Subnet Prefix as xxx:xxx:xxx:: (i.e. not '/48' at the end)

Note: Older versions of the Apple Airport Software (prior to 7.4.2) had different nomenclature for configuration under the Advanced > IPv6 tab.

IPv6 Mode: Tunnel
(checked) Block incoming IPv6 Connections (i.e. run IPv6 Firewall)
Configure IPv6: Manually
(entering in my info for my SIXXS 6in4-Static tunnel and subnet)
Remote IPv4 Address: [my SIXXS tunnel 'PoP IPv4']
Remote IPv6 Address: [my SIXXS tunnel 'PoP IPv6']
Local IPv6 Address: [my SIXXS tunnel 'Your IPv6']
LAN IPv6 Address: [my SIXXS subnet 'Prefix', as xxxx:xxxx:xxx::]

Then, in the IPv6 Firewall section, I added an entry:

Description: Tunnel Public Interface
IPv6 Address: [my SIXXS tunnel 'PoP IPv6']
Allow: All services and ports


The only drawback appears to be is that the firewall entry for the tunnel public interface is limited to either "Allow Specific TCP and UDP ports" or "All services and ports" -- so to open up ICMP, you have to allow all TCP and UDP as well.

Note: There appears to be a bug in 7.4.2 of the Airport firmware that prevents it from working properly in IPv6 mode, unless it is using Ethernet/manual for the connection to the WAN, so it would appear you are out of luck if you are using PPPoE. -- is this still the case in the later firmware, or 7.4.2 if the tunnel is correctly set at Sixxs?


Note: Newer versions of the Apple Airport Software (7.4.2 and later) have new nomenclature for configuration under the Advanced > IPv6 tab. The new configuration settings, with mappings to the SIXXS tunnel approval email details:

IPv6 Mode: Tunnel
Block incoming IPv6 Connections: Checked
Configure IPv6: Manually
Remote IPv4 Address: [SixXS IPv4]
WAN IPv6 Address: [Your IPv6]
IPv6 Default Route: [SixXS IPv6]
LAN IPv6 Address:  [Your SIXXS subnet 'Prefix', as xxxx:xxxx:xxx::]

I do not have a subnet as of yet, as I'm new to SIXXS as of the change, but will update the "LAN IPv6 Address" once I have an assigned subnet and have fully tested, which will take several weeks while I reup my ISK credits. I assume it won't change from the previous version.

Apple Airport 7.5.2 Software

With Apple Airport version 7.5.2 the tunnel does not come up unless there is a LAN subnet assigned. As I did not initially have a subnet available I manually configured a fake subnet which allowed the tunnel to come up. Using the Automatic IPv6 Tunnel Configuration option did not succeed at all.

It is also not required to configure the IPv4 address statically but they could be left on DHCP.