• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

In search of a complete guide for setting up an IPv6 Tunnel in Windows

Started by huerte, July 25, 2009, 02:16:41 PM

Previous topic - Next topic

huerte

Hey guys,
I'm pretty green to the IPv6; in fact, all I know is from reading, and I have no applicable experience.  I'm looking to create or to be pointed to a complete how-to guide for setting up an IPv6 tunnel from my network to the outside world.
In this forum I see a hodge-podge of posts that assume you already know or have completed an unknown series of steps.  I'd like to make guide that assumes nothing.
At home I have a pretty basic setup:
1 Windows XP PC
2 Windows 7 (64bit) PCs
All of these are behind a typical retail router connected to a cable modem.  I'm guessing my setup at home isn't unique.

From what I read, I'll need to install a DNS server on one of my PCs, but that's about all I have.

Any ideas for this n00b?

Thanks,

Jeff


yorick

You need a tunnel method that is NAT-friendly, or a router that can set the tunnel for you. Proto41 tunnels do not survive NAT.

I have a series of blog posts at yorickdowne.wordpress.com that go into this. I haven't gotten round to describing Hexago, and that's likely the easiest to set up - you may want to use the blog to get an understanding, and then go with the Hexago tunnel.

If you do use a tunnel that is terminated on an individual machine, it'll be for that machine only. Windows can route ipv6 to others machines on your LAN, but so far, I haven't been able to set that up and describe it.

Alternatively, replace your home router with something ipv6-capable - Cisco, Juniper, what-have-you - and set up a proto41 tunnel to HE.

brad

Quote from: yorick on August 04, 2009, 04:30:23 AM
You need a tunnel method that is NAT-friendly, or a router that can set the tunnel for you. Proto41 tunnels do not survive NAT.

It depends on the NAT implementation. I've done 6in4 tunnels just fine through NAT. Its just that usually the crappy little routers that are typical of residential CPE have awful network stacks and NAT implementation.

jimb

IMHO it's always best to configure a permanent NAT entry for this sort of thing.  Relying on a outbound traffic to set up a connection/NAT table entry for your tunnel traffic typically works, but isn't the most reliable way to do it.  

Connection/NAT table entries time out if there is no traffic for a period of time which varies from router to router (whatever the default TTL for the router is).  So, if the entry times out and you get some incoming tunnel traffic, it will be blocked, and continue to be blocked until some outgoing traffic triggers a new connection/NAT entry.  And of course if your router is rebooted/power cycled, the same thing applies.  If you have a static NAT in there, this will never happen.  

Also, if any other host on your inside net happens to generate IP proto-41 traffic, it could cause problems.  Depending on the router, it might swing the NAT to that box, or do some undefined thing that could cause lots of headaches.

yorick

Quote from: brad on August 05, 2009, 01:30:04 AM
It depends on the NAT implementation. I've done 6in4 tunnels just fine through NAT. Its just that usually the crappy little routers that are typical of residential CPE have awful network stacks and NAT implementation.

Truth. That being the case, I'd stand by my original recommendations: If one has a router that has a decent NAT implementation, it's likely v6 capable, and might as well be used for terminating the tunnel. If it's a simple home router, trying to get a HE tunnel through its NAT reliably is likely to cause premature baldness.

Apple Airport Extreme does v6 tunnels, and works with HE tunnels as per these forums. That might be the easiest way to go for a home user who doesn't want to fiddle around with Hexago, wants an easy way to bring v6 to several machines, and has no desire to buy or learn how to configure a "business-class" router.

jimb

My current edge device is a bit old, and although it supports IPv6, I don't want to terminate the IPv6 tunnel on that box.  It's old/slow hardware (P133 LOL) and I want to replace it with my current IPv6 router, which is inside behind a NAT.  But it's one of those "when I get to it" things which I never seem to get to.  :P