Pick a Free OS

Routing Windows 2000 IPv6 traffic

Note that I've written most of this document from memory. It appears to be

correct; if I've missed something or if you have any questions or comments,

feel free to

href="mailto:rjmooney@aboveground.cx">drop me a note

.

Described Network

Here's my network setup:

(( Internet ))

|

------------------

| OpenBSD firewall |

------------------

|

( Windows 2000 )


I will describe the setup on the OpenBSD firewall, and the Windows 2000 desktop

machine.

Initial Setup

To start, make sure you are running a recent version of OpenBSD. The latest available

at the time of this writing is 2.9-current. OpenBSD natively supports IPv6 and

the generic interface ( gif(4) ), required for tunneling.

You'll need to download and install the IPv6 Technology Preview from Microsoft

for Windows:

href="http://msdn.microsoft.com/downloads/sdks/platform/tpipv6.asp">http://msdn.microsoft.com/downloads/sdks/platform/tpipv6.asp

Remember to bind the IPv6 protocol to the NIC. This is discussed in the Technology

Preview install docs.

For the purposes of this discussion, the router's external addresses are 10.1.1.1

and 1:1:1:1::2, and the internal addresses are 10.2.1.1 and 1:2:1:1::1. The

Windows external addresses will be 10.2.1.2 and 1:2:1:1::2.

Turning on IPv6 Routing

Make sure the router will forward IPv6 packets:

sysctl -w net.inet6.ip6.forwarding=1

You can turn this option on permanently by adding "net.inet6.ip6.forwarding=1"

to /etc/sysctl.conf.

Requesting a Tunnel

There are a number of IPv6 brokers. See

href="http://www.hs247.com/">http://www.hs247.com/

for a list. I use

href="http://ipv6tb.he.net/">Hurricane Electric

. Most require you to register

for an account.

When prompted, enter your firewall's external IP. Hurricane will provide you

with information similar to the following:

Broker IPv4 tunnel address: 64.71.128.26

Broker IPv6 link address: 1:1:1:1::1/127



Your IPv4 tunnel address: 10.1.1.1

Your IPv6 link address: 1:1:1:1::2/127

Next, you'll want to request a /64. This is a bit of an overkill, but it's fun

to look at.