October 5, 2004

IPv6 tunneled subnets with MacOS X

At SANE last week they were giving out cool T-shirts promoting IPv6. I wasn't quick enough to get one on the Thursday (but was quick enough to watch Dónal apply his +15 Diplomacy Modifier when persuading them to let him have the last one on someone else's behalf), and on the Friday you had to produce the IPv6 prefix of your network in order to get one. Unfortunately, it had been a while since I'd touched IPv6 - the last time was at TCD a few years ago (NetBSD router with KAME and two network cards) and I couldn't remember our old prefix off the top of my head.

Stung by having missed out on a cool T-shirt (something that's guaranteed to kick a geek into action) I decided to see about getting an IPv6 tunnel into my home network. Now, my main home machine runs MacOS X, so I wasn't entirely certain whether this would be easy or, indeed, at all possible. 6to4 is usually the easier solution for home networks and has a fairly well-hidden GUI in MacOS 10.2 and 10.3, but NAT breaks it, so a tunnel it had to be. Besides, playing with tunnels and routing your own prefixes has more hack value.

The BT Labs tunnel broker provided an IPv6 subnet and a tunnel endpoint and mailed me setup scripts for a FreeBSD box. Happily, these scripts only required a very very few changes to make them work - I'd been expecting a struggle which didn't materialise. The only differences were, for the record:

  • Replace "gifconfig" with "ifconfig gif0 tunnel your-ip remote-ip"
  • It seemed necessary to use the globally-allocated IPv6 default gateway (local end of the tunnel) rather than the fe80::%gif0 syntax for referencing the link-local interface address .
  • Replace "fxp0" with the name of your LAN interface - in the case of the Airport interface on my G5, en1.
  • If you're using NAT, specify your IP inside the gateway as the local end of the gif tunnel and make sure your gateway knows what to do with incoming traffic.

And that was, to my surprise, about it - traffic was flowing. After turning on rtadvd(8) on the G5 my Powerbook noticed there was a v6 router present and quietly reconfigured itself to use it. Miraculous! Total time taken - about half an hour, mostly my working out how to configure a gif tunnel when the evil NAT is between the machine and the big wide world. Apart from that, as with most things Mac everything Just Worked as it should.

Too easy, you think? You want proof? Okay, here's proof - a screenshot from Safari talking IPv6 to a web server. It takes a bit of Debug menu hackery to make Safari prefer v6 addresses where available, but it can be done.

[Safari does v6] Posted by mpk at October 5, 2004 11:01 PM | TrackBack
Comments
Post a comment









Remember personal info?