• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Providing IPv6 Access During a Class IPv6 Presentation

Started by dummptyhummpty, October 29, 2009, 07:23:04 PM

Previous topic - Next topic

dummptyhummpty

For my Business Data Communications and Networking class, a group of us are doing a presentation on IPv6 (and PNRP). We thought it would be great to provide IPv6 access using a modified wireless router during the presentation to those who have laptops. Before we talk to the University to see if we can even hook anything up to their wired network, what type of issues might we encounter trying to get IPv6 over their network. What should be asking them or looking into? Of course if we can get this working, we would be happy to mention HE. Thanks!

cholzhauer

You're going to need to make sure that they will pass you the protocol 41 traffic, if you're doing a 6in4 tunnel. 

If you'll be hooking their gear to the router, make sure their firewalls and AV programs know what IPv6 is and what to do with it;  Products that don't know what IPv6 is will often discard it.

dummptyhummpty

Thanks. I was hoping they would be able to just stick us on a DMZ or something. Is there any info we will need to give HE?

cholzhauer

You'll need to give them your public IP address (in the tunnel config) which also means that IP has to be ping-able from the outside.

dummptyhummpty

Ok great. Sounds like next we need to talk to the University. Is there going to be an issue with NAT or anything like that if our wireless router is behind another router or firewall? I'm not sure if we will be able to get a direct IP address on the 'net.

cholzhauer

Nat will work, but they will need to forward protocol 41 to whatever address you're at.  No proc41 = no tunnel. 

dummptyhummpty

Ok. Thank you for all your help. Hopefully the University lets us plug in.

cholzhauer

You're welcome.  There might be something I've over looked, but I'm sure one of the other people on here will correct me.

dummptyhummpty

Just thought I'd update this. I never heard back from the University about plugging in. I did notice that if I create a VPN connection from my laptop to their network, I get a public IP (130.x.x.x). I tried to setup a IPv6 tunnel, but it looks like they are blocking ICMP (can't ping it). Is that a deal breaker?

cholzhauer


jimb

Quote from: dummptyhummpty on November 17, 2009, 11:17:46 AM
Just thought I'd update this. I never heard back from the University about plugging in. I did notice that if I create a VPN connection from my laptop to their network, I get a public IP (130.x.x.x). I tried to setup a IPv6 tunnel, but it looks like they are blocking ICMP (can't ping it). Is that a deal breaker?
Have you just tried a 6in4 tunnel from the network in question?  Most firewalls will simply pass it and set up a temporary connection/nat table entry which forwards incoming proto 41 traffic back to you.  As long as no one else is doing 6in4 behind that device (firewall), it should work.  And in the case of an HE tunnel, the nat device would have to respond to pings on the public.

Other alternatives include establishing some other sort of tunnel to the outside and using that as a conduit.  You could do a GRE tunnel, or establish your own 6in4 tunnel to an outside router you control and statically route part of a HE /48 to your university net (since this wouldn't require ping, but of course depends on the firewall passing 6in4).  You could establish a UDP encapsulated IPSEC tunnel to some router on the outside, and run GRE though that, then run 6in4 through that (EDIT: actually, you could just run ipv6 straight over GRE I think, I've never tried that though).  Lots of ways to sneak through a firewall.  Just requires some creativity and work on your part.  :P

cholzhauer

Another option would be to use a tunnel from sixxs;  They offer dynamic tunnels that do not require the firewall to pass proto41

jimb

Quote from: cholzhauer on November 17, 2009, 12:36:16 PM
Another option would be to use a tunnel from sixxs;  They offer dynamic tunnels that do not require the firewall to pass proto41
What do they use to pass the data?


jimb

Quote from: cholzhauer on November 17, 2009, 12:55:15 PM
Take a look at this

http://en.wikipedia.org/wiki/Anything_In_Anything

Ah ok.  It looks like it provides a generic tunnel using UDP (EDIT: well it can also use TCP, etc).  So that'd do a good job of FW traversal.

There's actually a Perl script under linux called nat-traverse which implements a similar strategy, employs UDP hole punching, and allows you run say, a ppp session over IPv4-UDP, on which ppp interface one could add IPv6 addresses, or even run 6in4 through its IPv4 connectivity.  :)  That'd work if you wanted to DIY and not use SIXXS.  IIRC, SIXXS makes you wait to get an IPv6, and jump through some hoops?  Been a while since I looked into them.