Do you use let's encrypt?





6369 votes ~ 21 comments

 

Easy IPv6 connections with miredo

Posted by Steve on Mon 1 Dec 2008 at 19:36

Tags: ,

Many services are starting to become available over IPv6, including this site, but the majority of home users cannot access them. If you'd like to see the IPv6 internet chances are it won't be difficult for you though.

One of the most common ways of gaining IPv6 access is via 6to4. This works beautifully if you have a static IP address. The setup is pretty simple too:

The setup described there is simple enough to automate, and you can add the following to /etc/init.d/ipv6 if you have a suitable system:

#!/bin/sh
#
#  Auto-configure IPv6 support for the current host via
# 6to4 tunnels
#
# Steve
# --
#




#
#  The local addresses
#
ipv4=$(ifconfig eth0  | grep "inet addr" | awk '{print $2}' | awk -F: '{print $2
}')

#
#  The IPv6 address we generate
#
ipv6="$(printf "2002:%02x%02x:%02x%02x::1" `echo $ipv4 | tr "." " "`)"


#
#  Make sure we get an argument we recognise
#
if [ -z "$1" ]; then
    echo "$0 [show|status|start|stop|test]"
    exit
fi

case "$1" in
    show)
        echo "IPv4: $ipv4"
        echo "IPv6: $ipv6"

        ;;
    start)
        echo "Starting .."
        /sbin/ip tunnel add tun6to4 mode sit ttl 30 remote any local $ipv4
        /sbin/ip link set dev tun6to4 up
        /sbin/ip -6 addr add $ipv6/16 dev tun6to4
        /sbin/ip -6 route add 2000::/3 via ::192.88.99.1 dev tun6to4 metric 1
        /sbin/ip -6 route add 2000::/3 via 2002:c058:6301::1 dev tun6to4 metric 1
        ;;
    stop)
        echo "Stopping .."
        /sbin/ip -6 route flush dev tun6to4
        /sbin/ip link set dev tun6to4 down
        /sbin/ip tunnel del tun6to4

        ;;
    test)
        echo "Testing .."
        ping6 -c 4 $ipv6

        ;;
    status)
        if ( ip link |grep tun6to4 2>/dev/null >/dev/null ) ; then
            echo "ipv6 seems to be up"
        else
            echo "ipv6 seems to be down"
        fi
        ;;
     *)
        echo "$0 [show|status|start|stop|test]"
        ;;
esac

But this solution, as well as requiring a static IP address is more complex than it needs to be. It should be possible to easily gain access to the IPv6 internet and thats what the miredo package offers.

miredo is a Unix daemon program which mostly implements the Teredo: Tunneling IPv6 over UDP through NAT Internet proposed standard (RFC 4380) - in short it turns your home connection into an IPv6 client.

To get started install the package:

gold:~# apt-get install miredo

Once you've done that wait a few seconds and you should find that you'll have a new tap device:

gold:~# /sbin/ifconfig 
br0       Link encap:Ethernet  HWaddr 00:1c:25:36:5f:f2
...
...

eth0      Link encap:Ethernet  HWaddr 00:1c:25:36:5f:f2
...
...

teredo    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
...

Here you can see the tunnel end-point, and we can test it out easily enough:

skx@gold:~$  ping6 -c 3 www.debian-administration.org
PING www.debian-administration.org(2002:5910:a162::1) 56 data bytes
64 bytes from 2002:5910:a162::1: icmp_seq=1 ttl=56 time=169 ms
64 bytes from 2002:5910:a162::1: icmp_seq=2 ttl=56 time=167 ms
64 bytes from 2002:5910:a162::1: icmp_seq=3 ttl=56 time=167 ms

--- www.debian-administration.org ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2010ms
rtt min/avg/max/mdev = 167.446/168.201/169.509/1.042 ms

Now for fun you can point your web browser at http://ipv6.google.com or any other IPv6 enabled website.

 

 


Re: Easy IPv6 connections with miredo
Posted by Anonymous (64.81.xx.xx) on Mon 1 Dec 2008 at 20:58
Typo : apt-get install mirendo


apt-get install miredo

Package name is mirEDo


Nice article.

[ Parent | Reply to this comment ]

Re: Easy IPv6 connections with miredo
Posted by Steve (82.41.xx.xx) on Mon 1 Dec 2008 at 21:02
[ View Steve's Scratchpad | View Weblogs ]

Thanks, I've fixed this now.

Steve

[ Parent | Reply to this comment ]

Re: Easy IPv6 connections with miredo
Posted by madduck (2001:0xx:0xx:0xxx:0xxx:0xxx:xx) on Mon 1 Dec 2008 at 22:19
Teredo is a bad idea for many reasons, among them the heavy dependency on third-party infrastructure. From what I know, Teredo needs to keep track of every connection going across it, which makes it highly brittle. It's foolproof to set up, but that's about it, everything else is a shortcoming.

I suggest AYIYA instead, if proto-41 or 6to4 aren't options for you. AYIYA is a lot more lightweight and reliable. http://madduck.net/docs/ipv6 documents how to do it with Debian.

[ Parent | Reply to this comment ]

Re: Easy IPv6 connections with miredo
Posted by Steve (2001:0xx:0xx:0xxx:0xxx:0xxx:xx) on Mon 1 Dec 2008 at 22:47
[ View Steve's Scratchpad | View Weblogs ]

I've found it to be pretty stable setup I've not had any outage in the few weeks it has been running.

But AYIYA looks interesting, so thanks for bringing it up.

Steve

[ Parent | Reply to this comment ]

Re: Easy IPv6 connections with miredo
Posted by Anonymous (200.60.xx.xx) on Tue 2 Dec 2008 at 02:03
And .. Is this something new ?

I found this blog post and the date is 2006 !!!

http://cquispe.blogspot.com/2006/09/conectadonos-ipv6-via-adsl-co n-teredo.html

[ Parent | Reply to this comment ]

Re: Easy IPv6 connections with miredo
Posted by Anonymous (82.41.xx.xx) on Tue 2 Dec 2008 at 11:24
This isn't new, lots of things here aren't. But still useful.

[ Parent | Reply to this comment ]

Re: Easy IPv6 connections with miredo
Posted by jeroen (145.94.xx.xx) on Tue 2 Dec 2008 at 09:27
You can also do 6to4 with ifupdown instead of using that ipv6 init.d script, see http://wiki.debian.org/DebianIPv6#head-8ac1393ab7d3c0018ab40ce6aa e0b3f6a077c32d

[ Parent | Reply to this comment ]

Spanish translation
Posted by Anonymous (85.87.xx.xx) on Fri 12 Dec 2008 at 22:59

[ Parent | Reply to this comment ]

Re: Easy IPv6 connections with miredo
Posted by JulienV (2001:0xx:0xx:0xxx:0xxx:0xxx:xx) on Fri 16 Jan 2009 at 18:19
[ View Weblogs ]

I have set up Miredo which works great with many websites, including DA. However, most of the time, I cannot access my Linode using IPv6:

$ ping6 -c3 2001:470:1f06:ccf::2
PING 2001:470:1f06:ccf::2(2001:470:1f06:ccf::2) 56 data bytes

--- 2001:470:1f06:ccf::2 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2001ms

My Linode uses a tunnelbroker.net's tunnel, as recommended on Linode wiki

Sometimes, however, I can ping6 my Linode, and browse my website using IPv6, but it stops after a while, until I ping my Miredo address from the Linode again...

What could explain this behaviour?

Cheers,
Julien

[ Parent | Reply to this comment ]

Re: Easy IPv6 connections with miredo
Posted by Steve (2001:0xx:0xx:0xxx:0xxx:0xxx:xx) on Fri 16 Jan 2009 at 19:06
[ View Steve's Scratchpad | View Weblogs ]

Hard to say, I'd guess running a traceroute would show whether the problem was with the tunnel or linode. Perhaps contact the linode support people too?

Steve

[ Parent | Reply to this comment ]

Re: Easy IPv6 connections with miredo
Posted by JulienV (2001:0xx:0xx:0xxx:0xxx:0xxx:xx) on Fri 16 Jan 2009 at 19:38
[ View Weblogs ]
Hi Steve,

I will contact Linode and tunnelbroker's support, but would like to try and understand on which side the problem is.

From home to linode when not working:
$ traceroute6 2001:470:1f06:ccf::2
traceroute to 2001:470:1f06:ccf::2 (2001:470:1f06:ccf::2), 30 hops max, 80 byte packets
 1  2001:0:53aa:64c:2c29:6807:a37d:37e2 (2001:0:53aa:64c:2c29:6807:a37d:37e2)  0.066 ms !H  0.060 ms !H  0.059 ms !H


From Linode to home:
$ traceroute6 2001:0:53aa:64c:2c29:6807:a37d:37e2
traceroute to 2001:0:53aa:64c:2c29:6807:a37d:37e2 (2001:0:53aa:64c:2c29:6807:a37d:37e2), 30 hops max, 40 byte packets
 1  JulienV-1.tunnel.tserv4.nyc4.ipv6.he.net (2001:470:1f06:ccf::1)  17.205 ms  19.652 ms  22.253 ms
 2  gige-g3-8.core1.nyc4.he.net (2001:470:0:5d::1)  23.290 ms  23.270 ms  23.272 ms
 3  10gigabitethernet1-2.core1.lon1.he.net (2001:470:0:3e::2)  91.743 ms  91.868 ms  91.846 ms
 4  10gigabitethernet1-1.core1.ams1.he.net (2001:470:0:3f::2)  99.611 ms  99.681 ms  99.659 ms
 5  amsix-501.xe-0-0-0.jun1.kelvin.network.bit.nl (2001:7f8:1::a501:2859:2)  100.223 ms  100.351 ms  100.330 ms
 6  teredo.bit.nl (2001:7b8:3:27:87:251:43:68)  100.347 ms  80.329 ms  95.304 ms
 7  2001:0:53aa:64c:2c29:6807:a37d:37e2 (2001:0:53aa:64c:2c29:6807:a37d:37e2)  375.204 ms  379.675 ms  382.140 ms


And then from home to Linode when working (ie just after the previous traceroute6):
$ traceroute6 2001:470:1f06:ccf::2
traceroute to 2001:470:1f06:ccf::2 (2001:470:1f06:ccf::2), 30 hops max, 80 byte packets
 1  teredo.bit.nl (2001:7b8:3:27:87:251:43:68)  298.818 ms  298.804 ms  298.789 ms
 2  teredo-gw.jun1.kelvin.network.bit.nl (2001:7b8:3:27::2)  349.530 ms  349.522 ms  349.510 ms
 3  linx.he.net (2001:7f8:4::1b1b:1)  371.854 ms  371.847 ms  371.835 ms
 4  10gigabitethernet2-3.core1.nyc4.he.net (2001:470:0:3e::1)  491.051 ms  491.041 ms  491.029 ms
 5  1g-bge0.tserv4.nyc4.ipv6.he.net (2001:470:0:5d::2)  349.111 ms  346.930 ms  344.158 ms
 6  nix.kirya.net (2001:470:1f06:ccf::2)  351.527 ms  140.178 ms  142.217 ms


Does it help someone?

Cheers,
Julien

[ Parent | Reply to this comment ]

Re: Easy IPv6 connections with miredo
Posted by JulienV (92.130.xx.xx) on Tue 20 Jan 2009 at 04:30
[ View Weblogs ]
I was advised by HE support to use an IPv6 NTP server as a keepalive on my Linode, which seems to make things working correctly.

Cheers,
Julien

[ Parent | Reply to this comment ]

Re: Easy IPv6 connections with miredo
Posted by banchieri (2001:0xx:0xx:0xxx:0xxx:0xxx:xx) on Sat 25 Apr 2009 at 14:54
[ View Weblogs ]

Thanks for the hint. I always looked for an easy way to get IPv6 connectivity and miredo seems to be it.

I'll integrate it into my router setup pretty soon.

[ Parent | Reply to this comment ]

Re: Easy IPv6 connections with miredo
Posted by Anonymous (70.90.xx.xx) on Thu 10 Sep 2009 at 16:29
Hi all IPv6 aficionado

I am having difficulty connecting two ubuntu machines using Miredo. I have successfully installed Miredo on both boxes. Both the boxes are located behind separate cone NAT routers. IPv4 Internet can be accessed from both the boxes. The NAT routers for both the machines are different. From each box, I can ping well known IPv6 sites like ipv6.google.com, and many others. Both boxes can be pinged from outside websites which provide a facility to do ping6 on any globally IPv6 address. I am using following websites to do IPv6 ping.

http://www.berkom.blazing.de/tools/ping.cgi
http://www.subnetonline.com/pages/ip...-ipv6-ping.php

Both the boxes respond well to these ping probes.

The only problem is, these two boxes just won't talk to each other. When I try to ping box 1 from box 2, I get the error

ping6 2001:0:53aa:64c:142a:465f:ba07:6d2
PING 2001:0:53aa:64c:142a:465f:ba07:6d2(2001:0:53aa:64c :142a:465f:ba07:6d2) 56 data bytes
From 2001:0:53aa:64c:204b:7240:b9a5:ecae icmp_seq=11 Destination unreachable: Address unreachable
From 2001:0:53aa:64c:204b:7240:b9a5:ecae icmp_seq=12 Destination unreachable: Address unreachable
From 2001:0:53aa:64c:204b:7240:b9a5:ecae icmp_seq=13 Destination unreachable: Address unreachable


Here is the miredo.conf for both the machines.

cat /etc/miredo.conf
# Please refer to the miredo.conf(5) man page for details.
InterfaceName teredo

# Pick a Teredo server:
#ServerAddress teredo.ipv6.microsoft.com
ServerAddress teredo-debian.remlab.net

# Some firewall/NAT setups require a specific UDP port number:
#BindPort 3545

This cofiguration is same on both machines. As one can see, I am using teredo-debian.remlab.net as my teredo server.


Here is the relevent portion of the ifconfig output from one of the machine

teredo Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet6 addr: fe80::ffff:ffff:ffff/64 Scope:Link
inet6 addr: 2001:0:53aa:64c:204b:7240:b9a5:ecae/32 Scope:Global
UP POINTOPOINT RUNNING NOARP MTU:1280 Metric:1
RX packets:1290 errors:0 dropped:0 overruns:0 frame:0
TX packets:1816 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:1036085 (1011.8 KB) TX bytes:222821 (217.5 KB)


I have tried everything, including replacing one machine with a windowsXP + teredo setup, and then replacing XP+ teredo as both IPv6 nodes, and the behavior is unchnaged. In every configuration, individual IPv6 nodes will talk to outside machines, but will not talk to each other.

What could be wrong here. Can anybody help me here please.

2001:0:53aa:64c:204b:7240:b9a5:ecae is the node which I always keep up. So can anybody please ping to this machine and see if it is reachable from their end.

Thanks all
Tarkshya

[ Parent | Reply to this comment ]

Re: Easy IPv6 connections with miredo
Posted by Anonymous (67.86.xx.xx) on Thu 22 Apr 2010 at 01:30
I am having the same problem as Tarkshya. Any insight would be appreciated.

Thanks,
Michael

[ Parent | Reply to this comment ]

Re: Easy IPv6 connections with miredo
Posted by Anonymous (62.226.xx.xx) on Sat 16 Oct 2010 at 11:39
Hello,

i have installed the miredo package on my debian lenny and got an ipv6 address, but i don't get any traffic thru the tunnel. I tried different teredo servers, but allways the same problem.

~# ping6 -c 3 www.debian-administration.org
PING www.debian-administration.org(2001:41c8:10:62::1) 56 data bytes

--- www.debian-administration.org ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2012ms

Any hints?

[ Parent | Reply to this comment ]

Re: Easy IPv6 connections with miredo
Posted by Steve (2001:0xx:0xx:0xxx:0xxx:0xxx:xx) on Sat 16 Oct 2010 at 12:08
[ View Steve's Scratchpad | View Weblogs ]

Things seem to be working for me:

skx@birthday:~$  ping6 -c 3 www.debian-administration.org 
PING www.debian-administration.org(2001:41c8:10:62::1) 56 data bytes
64 bytes from 2001:41c8:10:62::1: icmp_seq=1 ttl=60 time=174 ms
64 bytes from 2001:41c8:10:62::1: icmp_seq=2 ttl=60 time=69.8 ms
64 bytes from 2001:41c8:10:62::1: icmp_seq=3 ttl=60 time=83.8 ms

--- www.debian-administration.org ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 69.893/109.494/174.783/46.515 ms

So my first suggestion would be to narrow things down - does it fail globally or just for this site? Try pining ipv6.google.com...

If globally I probably can't help you without a lot more details. If just for this site I might have more of a chance to help.

Steve

[ Parent | Reply to this comment ]

Re: Easy IPv6 connections with miredo
Posted by Anonymous (62.226.xx.xx) on Sat 16 Oct 2010 at 12:10
ok, problem found:

13:09:13.203203 IP 10.0.0.21.57337 > 216.66.80.250.60341: UDP, length 40

So i had to open udp port 60341 too, and now it works.

[ Parent | Reply to this comment ]

Re: Easy IPv6 connections with miredo
Posted by Anonymous (2001:0xx:0xx:0xxx:0xxx:0xxx:xx) on Sat 16 Oct 2010 at 12:47
oh dear, there are many different ports depending on the destination, so i have to open hole udp. Thats not nice...

[ Parent | Reply to this comment ]