FreeBSD-IPv6-Heartbeat
This page describes the way I enabled IPv6 on my FreeBSD 7.2 router/server that is on an ISP connection with DHCP
If your ISP does not provide you with an IPv6 connection then you'll need an IPv6 tunnel broker
Contents
Get an IPv6 tunnel
Apply for a tunnel e.g. at SixXS, in my case a Heartbeat tunnel
- If you have a static IPv4 address, use a static tunnel
- If you have a dynamic IPv4 address, use a Heartbeat tunnel
- If you need to go outside using NAT, use an AYIYA tunnel
The request is a 2 phase approach, both steps take hours to one week max for SixXS to process
- Request an account
- Request a tunnel
The Tunnel has some information you'll need later in the configuration
Tunnel Name My First Tunnel PoP Name xxyyy01 PoP Location City, Country PoP IPv4 <PoP-IPv4> Your Location City, Country Your IPv4 Heartbeat, currently <My-Public-IPv4> IPv6 Prefix <My-IPv6>/64 PoP IPv6 <PoP-IPv6> Your IPv6 <My-IPv6> Created 2009-07-01 01:23:45 DST Last Alive 2009-07-17 18:17:05 DST State Heartbeat (automatically enabled on the fly)
Set up your FreeBSD system
Make sure your kernel is IPv6 enabled, you can see that by checking for the line
OPTIONS INET6
in your kernel configuration (or in GENERIC if you use the kernel from the distribution) and make sure it is enabled in your /etc/rc.conf
ipv6_enable="YES"
On FreeBSD 9 (maybe on 8 too) ipv6_enable is deprecated, the recommended way to enable IPv6 for network interfaces is
ipv6_enable_all_interfaces
Or
ifconfig_<interface>_ipv6
to configure a single interface for IPv6. For AICCU the ipv6_enable_all_interfaces is preferred.
Create the Tunnel Interface
Create a gif tunnel interface
ifconfig gif0 create
and don't forget to add it to your /etc/rc.conf
gif_interfaces="gif0"
Guess you could name it ipv6 if you'd like to :D
Set up your firewall
ipfw(4)
Explained here for using ipfw, modify to suit your needs in the firewall of your choice.
This is a very minimalistic config, you'll need to treat gif0 like any other external interface!
Allow IPv6 traffic internally
00006 allow ip6 from any to any via gif0
Allow traffic from and to the PoP IPv4 (the IPv4 is in the tunnel detail page, see example in #Get an IPv6 tunnel
00010 allow ip4 from <PoP-IPv4> to me 00010 allow ip4 from me to <PoP-IPv4>
pf(4)
If you're using pf(4) as the firewall, here are some guidelines to filtering on gif0.
Allow all IPv4 on gif0.
pass quick on gif0 inet all
Allow all icmp6 on gif0.
pass quick on gif0 inet6 proto icmp6 all
Allow all outgoing IPv6 on gif0.
pass out quick on gif0 inet6 all
Selectively allow incoming IPv6 connections.
pass quick on gif0 inet6 proto tcp from any to $host port ssh
Configure AICCU
For a Heartbeat tunnel you need to use AICCU to configure your tunnel. If you're not using SixXS then you may not be able to use AICCU but may need to use TSP which is not described here.</br> For a static tunnel, follow the documentation from SixXS
install the net/sixxs-aiccu port Edit /usr/local/etc/aiccu.conf
Only info I have in aiccu.conf is
username <username> password <password> protocol tic server tic.sixxs.net ipv6_interface gif0 verbose false daemonize true automatic true requiretls false
Test aiccu using the command
sixxs-aiccu test <configfile>
NB testing aiccu will modify gif0, so you need to restart aiccu after testing!
For me the ipv4 traceroute test fails, but that's not a problem.
If all is well, all 10 tests will be OK, so enable sixxs in /etc/rc.conf.local
sixxs_aiccu_enable="YES"
and start aiccu using
/usr/local/etc/rc.d/sixxs-aiccu start
AICCU will now configure your gif0 interface, check the resulting configuration using
ifconfig gif0
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1280
tunnel inet <my-external-ipv4> --> <PoP's-ipv4>
inet6 <my-assigned-ipv6> prefixlen 64
