The arrow of time

Ivan Voras' blog

Home · Freenet6

Freenet6

I was talking with a friend about IPv6 and I remembered hearing about public IPv6 gateways. 6bone is gone but go6 (or is it freenet6?) is apparently its public successor.

It's really so extremely simple to set up I was actually kind of dissapointed at having nothing intelligent to do except simple config file editing.

ursaminor:~> ping6 www.freebsd.org
PING6(56=40+8+8 bytes) 2001:5c0:8fff:fffe::d019 --> 2001:4f8:fff6::21
16 bytes from 2001:4f8:fff6::21, icmp_seq=0 hlim=55 time=218.891 ms
16 bytes from 2001:4f8:fff6::21, icmp_seq=1 hlim=55 time=241.844 ms
^C
--- www.freebsd.org ping6 statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 218.891/230.368/241.844/11.476 ms

The results speek for themselves (including the latency).

Everyone who's interested can easily get a fully functional IPv6 address. Here's how:

  1. (optionally) go to go6.net and register
  2. Install ports/net/freenet6
  3. Copy /usr/local/share/examples/freenet6/gw6c.conf to /usr/local/etc and edit it - absolutely nothing unusual here. Optionally, the registered user account can be used here.
  4. Add freenet6_enable="YES" to /etc/rc.conf
  5. Run "/usr/local/etc/rc.d/freenet6 start"

I actually feel silly typing all these steps, all of them are so generic. The end result of all this will be a tunnel interface (e.g. tun0) with an automatically assigned IPv6 address and configured routes - that's it.

Configuration for a simple router is a bit more complicated but nothing extreme. This utility (freenet6) can be used on many other operating systems: freebsd | netbsd | openbsd | linux | windows | darwin | cisco | solaris.

If course, all this does is tunnel IPv6 traffic over regular IPv4, which introduces significant overheads in the network traffic (two sets of headers) and increased latency. On the other hand, it works:

ursaminor:# csup /etc/ports-supfile
Connected to 2001:738:0:402::2
Updating collection ports-all/cvs
 Edit ports/MOVED
 Edit ports/Mk/bsd.database.mk
...

Almost all FreeBSD infrastructure is available also through IPv6.

The FreeBSD base system is ready for IPv6. For example, firewalls process IPv6 traffic just fine:

# ipfw show
00100  4774242  1896381782 allow ip from any to any via lo0
00200        0           0 deny ip from any to 127.0.0.0/8
00300        0           0 deny ip from 127.0.0.0/8 to any
00350        0           0 deny ip from table(0) to me
00370      713      234659 allow udp from any 67,68 to any dst-port 67,68
00490    17630     1614655 allow icmp from any to any
00495       10         688 allow ipv6-icmp from any to any
00500  5996073  4982467995 allow tcp from me to any setup keep-state
00510   444977    64084053 allow udp from me to any keep-state
00553    95167    18120698 allow udp from any to me dst-port 53 keep-state
00600      275      213162 allow tcp from me6 to any setup keep-state
00610        0           0 allow udp from me6 to any keep-state
01022 16991971  1941700043 allow tcp from any to me dst-port 22 setup keep-state
01025     1254       82491 allow tcp from any to me dst-port 25 setup keep-state
01080    10576      906793 allow tcp from any to me dst-port 80 setup keep-state
02000      675       67710 allow udp from 10.0.0.0/24 to me keep-state
02001 35585144 28185259769 allow tcp from 10.0.0.0/24 to me setup keep-state
04022        0           0 allow tcp from any to me6 dst-port 22 setup keep-state
04080       10        1562 allow tcp from any to me6 dst-port 80 setup keep-state
12706  3976735  2743433348 allow tcp from any to me dst-port 2706-2710 setup keep-state
65535   601824    40510100 deny ip from any to any

 

Posted on 2008-12-06T01:02 by ivoras

Also check out sixxs

Added on 2008-12-06T04:32 by Dan Smith

I have been using sixxs for about five years, and it has a similar setup. I find it works very well, even from behind a nat.

http://www.freshports.org/net/sixxs-aiccu/

sixxs

Added on 2008-12-11T17:59 by fli

I'm on sixxs as well. Their signup process is a lot more cumbersome but their regional PoPs does wonders for the latency.

I have my endpoint configured at co-located machine on a well-connected network and then use gif-tunnels and ospf6 to route subnets to my home.

Round-trip time to my PoP from my endpoint is about ~2ms.

--- www.freebsd.org ping statistics ---
10 packets transmitted, 10 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 181.785/182.703/183.659/0.549 ms

--- www.freebsd.org ping6 statistics ---
10 packets transmitted, 10 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 178.908/179.802/183.071/1.179 m

No, that's not a mistake. I actually have lower latency (at the endpoint) over IPv6 than over IPv4. Though, I have to admit that www.freebsd.org is an exception but the latency is usually good and only about 2-10ms larger than IPv4.

Re: sixxs

Added on 2008-12-12T01:14 by Ivan Voras

Thanks for mentioning sixxs - it looks like it has many PoPs in Europe!

I'd like to use IPv6 at home but I'm connected via ADSL and of course my IP isn't really interested in IPv6 (and even if it was, my ADSL modem+router isn't). So for now my home access IPv6 packets will have to be burdened with 16 bytes of UDP headers, + 40 bytes for IPv6 + whatever TCP takes, + whatever (PPoE?) the ISP uses for transport - and I have to pay for it all :(

IPv6 brokers

Added on 2008-12-12T01:19 by Ivan Voras

http://en.wikipedia.org/wiki/List_of_IPv6_tunnel_brokers

6to4 is even easier

Added on 2008-12-16T12:29 by Lapo Luchini

If you've got a static IPv4 you might prefer even easier 6to4: see stf(4) man but basically it boils down to two lines in rc.conf:

ipv6_defaultrouter="2002:c058:6301::"
stf_interface_ipv4addr=$YOUR_PUBLIC_IPV4

6to4

Added on 2008-12-16T13:35 by Ivan Voras

I have trouble configuring 6to4 - I've read other documentation (for example http://www.kfu.com/~nsayer/6to4/) and it agrees with your suggestion, but every attempt to ping things results in:

 

# ping6 www.freebsd.org
PING6(56=40+8+8 bytes) 2002:a135:4879::1 --> 2001:4f8:fff6::21
ping6: sendmsg: Permission denied
ping6: wrote www.freebsd.org 16 chars, ret=-1
ping6: sendmsg: Permission denied
ping6: wrote www.freebsd.org 16 chars, ret=-1
^C
--- www.freebsd.org ping6 statistics ---
2 packets transmitted, 0 packets received, 100.0% packet lo

I've added an "allow ipv6 from any to any" rule to ipfw and the packet count from it looks ok (but only in a single direction) so it doesn't look like a firewall problem.

6to4 under NAT?

Added on 2008-12-18T10:40 by Lapo Luchini

Is by any chance your wannabe-6to4-router under a NAT-ted address instead of directly using a global IPv4 address?

My home server is and I had a similar error, that I solved thru this patch and a "

Is by any chance your wannabe-6to4-router under a NAT-ted address instead of directly using a global IPv4 address?

My home server is and I had a similar error, that I solved thru a "sysctl net.link.stf.no_addr4check=1" and this patch:

http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/123858

 

re: 6to4 under NAT?

Added on 2008-12-18T10:51 by Ivan Voras

The machine on which I'm trying it has a fixed globally accessible IPv4 address.

indirect denial (?)

Added on 2008-12-18T16:19 by Lapo Luchini

https://www.sixxs.net/forum/?msg=setup-471329

That thread suggests the message might be not the denial to send IPv6, but rather the denial to send protocol-41 IPv4 packets the tunneling uses to work. Hope it helps you =)

re: indirect denial

Added on 2008-12-19T00:33 by Ivan Voras

Yes, that was exactly it! Proto 41 in IPv4.

Post your comment here!

Your name:
Comment title:
Text:
Type "xxx" here:

Comments are subject to moderation and will be deleted if deemed inappropriate. All content is © Ivan Voras. Comments are owned by their authors (who agree to basically surrender all rights by publishing them :) )..