Routing Windows 2000 IPv6 traffic
Note that I've written most of this document from memory. It appears to be
correct; if I've missed something or if you have any questions or comments,
feel free to
href="mailto:firstname.lastname@example.org">drop me a note
href="mailto:email@example.com">drop me a note.
Here's my network setup:
(( Internet ))
| OpenBSD firewall |
( Windows 2000 )
I will describe the setup on the OpenBSD firewall, and the Windows 2000 desktop
To start, make sure you are running a recent version of OpenBSD. The latest available
at the time of this writing is 2.9-current. OpenBSD natively supports IPv6 and
the generic interface ( gif(4) ), required for tunneling.
You'll need to download and install the IPv6 Technology Preview from Microsoft
Remember to bind the IPv6 protocol to the NIC. This is discussed in the Technology
Preview install docs.
For the purposes of this discussion, the router's external addresses are 10.1.1.1
and 1:1:1:1::2, and the internal addresses are 10.2.1.1 and 1:2:1:1::1. The
Windows external addresses will be 10.2.1.2 and 1:2:1:1::2.
Turning on IPv6 Routing
Make sure the router will forward IPv6 packets:
sysctl -w net.inet6.ip6.forwarding=1
You can turn this option on permanently by adding "net.inet6.ip6.forwarding=1"
Requesting a Tunnel
There are a number of IPv6 brokers. See
href="http://www.hs247.com/">http://www.hs247.com/ href="http://ipv6tb.he.net/">Hurricane Electric
href="http://www.hs247.com/">http://www.hs247.com/for a list. I use
href="http://ipv6tb.he.net/">Hurricane Electric. Most require you to register
for an account.
When prompted, enter your firewall's external IP. Hurricane will provide you
with information similar to the following:
Broker IPv4 tunnel address: 220.127.116.11 Broker IPv6 link address: 1:1:1:1::1/127 Your IPv4 tunnel address: 10.1.1.1 Your IPv6 link address: 1:1:1:1::2/127
Next, you'll want to request a /64. This is a bit of an overkill, but it's fun
to look at.