About Jeroen
Contact
FAQ
Status
Todo in my life
His Blog
Articles
Photo Gallery
Outdoor:
  Recumbing
  Running
Software:
  jnitodo
  squidefender
  Wormwarner
Latest books read:
  • Lincoln Child - Deep Storm
  • Lee Child - The Hard Way
  • Mike Lawson - Dead on Arrival
  • Preston & Child - Still Life with Crows
Latest movies seen:
  • Death Race
  • The Objective
  • Deception
  • Hellboy - The Golden Army


23 September 2008

yellowbullet 20:55: Today it is 5 years ago that I registered the jeroen.se domain.
more

25 August 2008

yellowbullet 17:46: Since a few weeks I use the jnitodo todo list manager for managing my todo list. jnitodo was written by myself, so it matches my requirements quite well and it might match yours!
more

13 August 2008

yellowbullet 12:51: Yesterday I ran into a bug in my Samsung S1060 digital camera. If you press the view photos button while the red-eye flash pictogram is flashing white and red it hangs and becomes unresponsive.
more

11 August 2008

yellowbullet 12:59: While migrating my account to another machine which uses openldap authentication I ran into the problem that cron were not working on the new machine. A quick look in the logs revealed the following error:
more

29 July 2008

yellowbullet 17:50: I often get the question how I manage to survive my long commute time during the week. This question is often raised when in a conversation it becomes clear that I travel over 4 hours per day by train. In this blog post I will try to give a small insight in how I manage this.
more

09 July 2008

yellowbullet 13:23: Just a quick blog post about how to run a command like uptime in more than one screen window. Just do crtl-a then
:at "#" stuff "uptime\015"
more

28 June 2008

yellowbullet 21:58: I just reached the 1000 kilometer mark with my recumbent bike. It took me 46 hours and 24 minutes, averaging a 21.55 km/h speed. The last month however my average cycling speed is increasing, so I should do the next 1000 kilometer in less time.
more

Setting up IPv6 at home

By Jeroen van Nieuwenhuizen

I wanted to experiment with IPv6 for a long time. However I never had the time and thought it would involve changing a lot of settings. Then I found out about Sixxs an IPv6 Deployment & Tunnel Broker where you can sign up for free.

Signing up

First of all I had to sign up with Sixxs. First I created a 6BONE handle to be able to sign-up. After that I went through the sign-up process of Sixxs. When my sign up was approved I logged in to the secure website and requested a tunnel, which was assigned in a very short time. Because Heimdall my core router (I do have a backup router at home) gets its IP address by DHCP I decided to choose a tunnel with heartbeat.

Setting up the router

The first thing I had to do when configuring the router (OpenBSD 3.3) was to create a tunnel over IPv4. This was done by the following command:
ifconfig gif0 tunnel <localip> <remoteip>

After that IPv6 IPs needed to be assigned to this tunnel which was still straightforward:
ifconfig gif0 inet6 <localipv6ip> <remoteipv6ip> prefixlen 128

Now I had created the tunnel. But of course I also need a default route for the IPv6 packets. Hence route add -inet6 default <remoteipv6ip> was entered at the prompt which gave me the needed default route.

Now the only thing needed to do was to configure heartbeat. First I downloaded the source and ran a make. After that I downloaded the configuration file from my tunnel settings page. The only thing needed to be adjusted was the OS type, which by default is set to Linux. After changing this to OpenBSD I ran heartbeat-client heartbeat.conf as root, which should activate the tunnel.

Checking the IPv6 tunnel with ping6 proved that the setup had succeeded. Now the only thing left to do is setting up a subnet on my local network. But before you can get a subnet from sixxs you first have to have a IPv6 tunnel for 1 week, hence at this point I was forced to wait.

Unexpected problems

Well a few weeks later my credits still had not increased, so I decided to take a look in my firewall logs. I found out that I blocked incoming ipv6 echo requests. So time to search why. I expected that my firewall did allow icmp6 packets. But because I am tunneling ipv6 over ipv4 that is not the case. So I had to change my firewall to allow ipv6 traffic from my POP to reach gif0 (note ne1 is my external interface). This was done by adding the following 2 rules to my firewall configuration
pass in on ne1 inet proto ipv6 from <POP.IPV4> to (ne1) keep state
pass out on ne1 inet proto ipv6 from (ne1) to <POP.IPV4> keep state

Of course we need to filter on gif0 after that to have a firewall on IPV6. This was done by adding the following firewall rules:
block drop in on gif0 all
pass out on gif0 all
pass in on gif0 inet6 proto ipv6-icmp all keep state

Setting up the subnet

After having received a subnet (2001:838:3c6::/48) I had to start using it on my internal network. The first step was configuring my router to act as a routing advertising daemon. After that I needed to configure the hosts.

The router

This was done by first giving the router an IPv6 address on the internal interface by issueing
ifconfig ne0 inet6 2001:838:3c6::1 prefixlen 48
After that I had to enable IPv6 forwarding and disable the acccept_rtadv. This was done by
sysctl net.inet6.ip6.forwarding=1
and
sysctl net.inet6.ip6.accept_rtadv=0
After that I had to edit /etc/rtadvd.conf.

ne0: \
:addrs#1:\
:addr="2001:838:3c6::":prefixlen#48:tc=default:
After that it was only a matter of starting rtadvd with the ne0 option (rtadvd ne0).

Supplemental: After a reboot this did not work anymore. The problem was that rtadvd can not advertise IPv6 ips with a prefixlen op 48. Setting it to 64 using only a part of my IPv6 space solves this problem.

The hosts

Setting up the FreeBSD hosts is simple. Adding ipv6_enable="YES" and ipv6_network_interfaces="auto" to /etc/rc.conf does the trick. Furthermore you have to issue sysctl net.inet6.ip6.forwarding=0
and
sysctl net.inet6.ip6.accept_rtadv=1
on the hosts in the internal network. The only thing left to do now was run rtsold <interface> to avoid a reboot.

Troubles

Although the above looks very simple, I ran into problems on one host with messages like network not available and no route to host. After an hour or so I found out that this was caused by the default block policy of the firewall of this host. After accepting ipv6 icmp packets in the firewall configuration this problem was solved and this host had an ipv6 address also.

Picture of me

...setting up IPv6 was easier than I expected...

Everything I say on these pages are opinions, they are not necessarily the truth.
Commercial use of the data on this site without permission is strictly prohibited.
Unique number: fc38fc2c1347a9824cef263d20748ced
6:42AM up 40 days, 21:10, 4 users, load averages: 0.01, 0.01, 0.00 		XML
Powered by FreeBSD Generated by a bunch of M4 macros on Wed Oct 1 03:09:02 CEST 2008
$Id: ipv6.m4 2194 2008-06-27 20:09:03Z jnieuwen $
© 2002 - 2008 Ir. Jeroen van Nieuwenhuizen
I know I'm not perfect but I can smile.