• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Main Menu

IPv6 over an IPv4 VPN?

Started by dclough, January 06, 2010, 03:35:26 AM

Previous topic - Next topic

dclough

I have a Cisco 2621 set up as a tunnel endpoint to HE.net.  If I set up an IPv4 VPN to that router from a remote host, will the remote host do neighbor discovery and autoconfiguration as if it were physically on the network?

Long story short, when I'm away from my home network (for days and weeks at a time) I want to keep my existing IPv6 address on my laptop.

jimb

Quote from: dclough on January 06, 2010, 03:35:26 AM
I have a Cisco 2621 set up as a tunnel endpoint to HE.net.  If I set up an IPv4 VPN to that router from a remote host, will the remote host do neighbor discovery and autoconfiguration as if it were physically on the network?

Long story short, when I'm away from my home network (for days and weeks at a time) I want to keep my existing IPv6 address on my laptop.
You would have to do some layer 2 tunneling through IPSEC ESP or something for this to work.  Otherwise your VPN client would need to do IPv6 over ESP and the server side could assign IPv6s via its own mechanisms and do "proxy ND" for the IPv6 it assigns you, similar to how some IPv4 IPSEC remote access stuff works.

I've actually wondered if there are IPSEC remote access solutions out there for IPv6, and how they work on a packet level.  Do they do it like IPv4 and encapsulate IPv6 packets in an IPv4 ESP tunnel?  Or do they use the IPv6 IPSEC options?

dclough

#2
Well, turns out that even if I could do native IPv6 over the VPN, I'm still out of luck as my 2621 doesn't have VPN capabilites in its current image (IP/FW/IDS PLUS IPSEC 3DES BASIC).  I don't have some of the commands needed to set up a VPN.

If I were to set up a manual tunnel on my 2621, and just static-route two IPv6s through it (one IPv6 for the other router and of course my autoconfigured IPv6 for my laptop) would that work?

jimb

If you have the RAM and flash, you might be able to upgrade the router by DLing the appropriate image if your Cisco account allows it (Cisco used to have very open access to images, but have gotten a lot more stingy over the years).

You could likely manually configure a GRE tunnel or perhaps a 6in4 tunnel on the Cisco and you should be able to link your windows box that way.  I'm not sure if windows does GRE outside of PPTP, but it definitely does 6in4.

dclough

Unfortunately the only CCO access I have isn't on a SMARTnet contract so I'm pretty much stuck with the current image.  From the viewpoint of the router, the remote tunnel endpoint would be an Airport Extreme base station which has a public IPv4 address and full support for a manual IPv6 tunnel.  Here's my idea:

-Manually configure a tunnel on the 2621 to the AEBS.  Gve the WAN interface on the 2621 ::2/64 and give the remote endpont ::3/64.
-Create a static route for ::3/64 through the tunnel, and create a static route for my laptop's IPv6 address through (prefix)::3 to the AEBS.

Theoretically it sounds doable... theoretically.  ;)  Does anyone have practical experience that could prove otherwise?

dclough

Okay, it sounded good in theory but it failed in application:

Router2621#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router2621(config)#interface tunnel 1
Router2621(config-if)#ipv6 address 2001:470:1f0f:15b::2/64
% Prefix 2001:470:1F0F:15B::2/64 overlaps with another prefix
Router2621(config-if)#