Table of Contents
The freenet6.lrp package provides
tspc - tunnel setup protocol client - used by the ipv6
tunnel broker freenet6 to
give you access to 6bone. It will allow you to connect to 6bone with an
ipv6 address for your LEAF router or a complete ipv6 subnet for your
network. It will also setup a tunnel from your LEAF router to the ipv6
network. This works with fixed as well as with dynamic ipv4 addresses
(Dial-up links, ADSL links etc...)
tspc has been outlined in the Internet draft draft-vg-ngtrans-tsp-01, another explanation and test of this approach can be found here.
A very good introduction, setup instruction for Debian packages and
recommended reading is available from Jean
Marc Liotier - Jim's insignificant LAN IPv6 global connectivity
HOWTO. Because we just adapted the Debian package for LEAF
Bering-uClibc, almost everything fit's to the
freenet6.lrp as well.
Download the freenet6.lrp package and copy the package to your Bering-uClibc diskette.
Boot a Bering-uClibc floppy image. Once the LEAF menu appears get
access to the linux shell by (q)uitting the menu. Edit the
lrpkg.cfg (pre Bering-uClibc-2.2.0) or
leaf.cfg (Bering-uClibc-2.2.0 onwards) file and add
freenet6.lrp in the list of packages to be loaded at
boot. Check the Bering-uClibc Installation
Guide to learn how to do that.
If you just need an ipv6 address for LEAF router, you don't have to do anything and can skip step 4. But in most cases you like to have an authenticated tunnel (esp. with dynamic ipv4 adddress) or obtain a /48 prefix delegation for your LAN and probably to subnet a few more ipv6 networks.
To get an authenticated tunnel or a /48 prefix delegation, go to www.freenet6.net/register.shtml and create an account. Accounts are mandatory on Freenet6 if you want an authenticated tunnel or a /48 IPv6 prefix delegation. The authenticated tunnel provides one single and permanent IPv6 address to a node in spite of Ipv4 address changes. The /48 IPv6 prefix delegation is how you get a bunch of addresses for those hosts inside your LAN.
Please note that the "username" on the registration page is misleading - it will be the name of your machine/router.
After registration you will receive an email with your "username" and password form freenet6.net.
Edit /etc/freenet6/tspc.conf: Make sure that
the values assigned to userid and passwd are the ones that you got by mail
from Freenet6. Also add the following options if you need a /48 prefix
delegation:
host_type=router prefixlen=48
and in our example we changed
if_tunnel=tunFN
Change is due to a remark from Dr. Peter Bieringer: (see: http://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/configuring-ipv6to4-tunnels.html
[This is now deprecated because using the generic tunnel device sit0 doesn't let specify filtering per device.]
see: http://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/configuring-ipv6to4-tunnels.html
Backup freenet6.lrp.
You need to allow the 6to4 tunnel traffic from the Bering-uClibc Firewall to the tunnelbroker freenet6.org. This traffic uses IP protocol 41.
With Shorewall 1.4.3 and later you can add a 6to4 tunnel
definition in the /etc/shorewall/tunnels file. In
the examples below it is assumed that your firewall zone is called "fw"
and the Internet zone "net". The gateway address in 6to4tunnel is your
tunnel end-point at freenet6.org.
#TYPE ZONE GATEWAY GATEWAY ZONE (...) 6to4 net 206.123.31.115 (...)
More information on Shorewall and 6to4 tunnels can be found in the Shorewall documentation.
Additionally you have to open port 3653 for tspc used with
freent6.org in /etc/shorewall/rules:
# tspc - tunnel setup protocol ACCEPT fw net:206.123.31.115 tcp 3653 ACCEPT net:206.123.31.115 fw tcp 3653
Backup shorwall.lrp.
Add the tunnel interface to 6wall
/etc/6wall/interfaces6:
#ZONE INTERFACE OPTIONS # net tunFN nositelocal loc eth1 #
For more information about 6wall please look at:
http://leaf.sourceforge.net/devel/dorus/sixwall.html
Backup 6wall.lrp.
freenet6 is supposed to take care of configuring
radvd by writing radvd.conf
for you and restarting radvd automatically. Andreas
Rottmann, the Debian maintainer of radvd, decided that it should not let
freenet6 rewrite the entire radvd configuration file lest manual
modifications by the administrator be overwritten. He asked if it would
be possible to have a way for freenet6 to change the advertised prefix
of radvd without rewriting the whole config file. But Nathan Lutchansky
(radvd programmer) answered in substance that administrators, who do not
want to risk their modifications overwritten should handle radvd.conf
manually. In typical Debian fashion Andreas Rottman probably believes he
is better safe than sorry, and so he commented out the parts of
/etc/freenet6/setup.sh that deal with rewriting radvd.conf - and we
decided to follow his approach - just to be on the safe side as
well.
If you think you have an easy-to-use setup you can uncomment the
section in /etc/freenet6/setup.sh shown in the
screenshot below - at least we saw no problems with that automatic
rewriting and restart of radvd in a freenet6 only setup.
# Display 1 "Create new $rtadvdconfigfile"
# echo "##### rtadvd.conf made by TSP ####" > "$rtadvdconfigfile"
# echo "interface $TSP_HOME_INTERFACE" >> "$rtadvdconfigfile"
# echo "{" >> "$rtadvdconfigfile"
# echo " AdvSendAdvert on;" >> "$rtadvdconfigfile"
# echo " prefix $TSP_PREFIX:0001::/64" >> "$rtadvdconfigfile"
# echo " {" >> "$rtadvdconfigfile"
# echo " AdvOnLink on;" >> "$rtadvdconfigfile"
# echo " AdvAutonomous on;" >> "$rtadvdconfigfile"
# echo " };" >> "$rtadvdconfigfile"
# echo "};" >> "$rtadvdconfigfile"
# echo "" >> "$rtadvdconfigfile"
# /etc/init.d/radvd stop
# if [ -f $rtadvdconfigfile ]; then
# KillProcess $rtadvdconfigfile
# Exec $rtadvd -C $rtadvdconfigfile
# Display 1 "Starting radvd: $rtadvd -C $rtadvdconfigfile"
# else
# echo "Error : file $rtadvdconfigfile not found"
# exit 1
# fiYou need to install mawk.lrp to use
automatic radvd configuration.
For a manual configuration of radvd you need
to know the subnet assigned to you by freenet6. After you have
configured freenet6 and rebooted you'll find the assigned subnet
with:
# ip -6 addr show | grep 3ffe
The result will look like:
inet6 3ffe:bc0:b40:1::1/64 scope global inet6 3ffe:bc0:8000::3497/128 scope global
The first line must be added to radvd.conf as
prefix - like here:
interface eth1
{
AdvSendAdvert on;
prefix 3ffe:0bc0:0b40:0001::/64
{
AdvOnLink on;
AdvAutonomous on;
};
};Save radvd.lrp and restart
/etc/init.d/radvd.