Welcome to michiel.vanbaak.[(eu)|(info)] - Documentation - XS4ALL IPv6 with OpenBSD

michiel.vanbaak.[(eu)|(info)]

contact

Loading enum info ...

XS4ALL IPv6 with OpenBSD

This document will describe how to setup the IPv6 tunnel you can get for free from XS4ALL.
There are a lot of tutorials out there to setup your OpenBSD box for IPv6, but none worked very good for XS4ALL.
You can use this document and copy paste the lines, all you have to do is alter the ip addresses.

XS4ALL gives you all the information you need. In my case they gave me:

XS4ALL's IPv4 tunnel endpoint: 194.109.5.241
vanbaak's IPv4 tunnel endpoint: 80.196.97.112
XS4ALL's tunnel IPv6 adres: 2001:888:10:52c::1/64
vanbaak's tunnel IPv6 adres: 2001:888:10:52c::2/64
vanbaak's IPv6 prefix: 2001:888:152c::/48

Those numbers/ip's will be used in this document, find your own settings in the XS4ALL service centre.

On the OpenBSD machine I had, before IPv6, the following interfaces and their hostname.if files:

/etc/hostname.rl0 external interface

dhcp
!ifconfig $if 192.168.1.2 alias
!route add default 192.168.1.254
!ifconfig $if description WAN

/etc/hostname.wb0 internal interface

inet 192.168.2.1 255.255.255.0 192.168.2.255 media 100baseTX description LAN

Now in order to get IPv6 we need to make a new file in the same category, /etc/hostname.gif0
If you already have a gif interface, use /etc/hostname.gif1
Put the following 2 lines in it, replacing the IPv4 addresses with your own and XS4ALL's endpoint, same with the IPv6 addresses on the second line:

up giftunnel 80.126.97.112 194.109.5.241
up inet6 2001:888:10:52c::2 2001:888:10:52c::1 prefixlen 128

I know they are talking about prefixlen 64 on the XS4ALL site and examples, but that is not working, and this is.

Now add the following line at the bottom of your /etc/rc.local:

route -n add -host -inet6 default 2001:888:10:52c::1

This is the XS4ALL tunnel endpoint, and also the second ip in the second line of the /etc/hostname.gif0 file.

If you are running pf, you will need to allow traffic from and to XS4ALL's IPv4 endpoint.

pass out on $ext_if inet proto ipv6 from $ext_if to 194.109.5.241 keep state
pass in on $ext_if inet proto ipv6 from 194.109.5.241 to $ext_if keep state
pass out on gif0 inet6 all keep state
pass in  on gif0 inet6 all keep state

This allows all IPv6 traffic. Keep it this way untill everything works.
Note that IPv6 traffic is filtered on gif0 and NOT on $ext_if and you have to pass 'proto ipv6' on $ext_if(this is the encapsulated IPv6-over-IPv4 packet stream). Failing one of those requirements make the tunnel non-working.

If all you want is to have the OpenBSD box on IPv6, reboot now. You are done.
It should be able to activate the changes without a reboot, but I cannot figure out the exact flags for ifconfig etc.
Besides that you want everything to work when the machine has to be rebooted (power failure, hardware upgrades etc).

If you want your internal machines to connect to IPv6 too, there are some more things to do before a reboot.

Allow IPv6 routing on the OpenBSD box by adding the following 2 lines to /etc/sysctl.conf:

net.inet6.ip6.forwarding=1
net.inet6.ip6.accept_rtadv=0

The first line enables routing of IPv6 packets, and the second line tells our machine to never accept Autoconfigure packets to change IPv6 settings. Routers need static configuration.

Add an IPv6 address in your prefix to the internal network. Do this by adding a line to /etc/hostname.wb0:

inet6 alias 2001:888:152c::1

This makes the complete file look like:

inet 192.168.2.1 255.255.255.0 192.168.2.255 media 100baseTX description LAN
inet6 alias 2001:888:152c::1

You can choose this address inside your prefix. I chose to simply add a 1 infront of the 3rd block.

Now configure the machine to advertise the router settings over the internal network. This way every machine with IPv6 support will pick a free address in the space and route traffic through your OpenBSD box.
Add this line to /etc/rc.conf.local:

rtadvd_flags=wb0

And create the file /etc/rtadvd.conf with the content:

wb0:
  :addrs#1:addr="2001:888:152c::1":prefixlen#64:tc=ether:

Now you are ready to issue the reboot command. When the machine is rebooted and you followed all the steps above you can enjoy the IPv6 network.

Some commands to test your connection:

$ ping6 www.kame.net
$ traceroute6 www.kame.net
$ ping6 michiel.vanbaak.info

Open the website http://www.kame.net in a browser. You should see a dancing turtle on top of the page.

Feedback on this page or article:

This article has no feedback yet

This article has no feedback yet

Give feedback:

To give feedback on this article, click here

Copyright (c) 2006-2008 Michiel van Baak.
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License, Version 1.2
or any later version published by the Free Software Foundation;
with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.
A copy of the license is included in the section entitled "GNU Free Documentation License".

< back | print | text | XS4ALL IPv6 with OpenBSD