Configuring An IPv6 Router And Client

General Information

This is part 1 of our upcoming series on IPv6. cheap ffxiv gil buy bns gold In this article we will explain how to setup and configure a FreeBSD router and client for IPv6. In upcoming articles you will learn how to configure and setup Windows Clients as well as OpenBSD routers and clients.

What is IPv6?

By now, you’ve probably heard of the next generation Internet Protocol, IPv6. bottes timberland While it provides many improvements and new capabilities, the driving force behind its adoption is likely to be the much larger (and more flexible) address space that it defines. Continuing growth in the population of IP enabled devices has already put severe stress on address allocation and the routing infrastructure. The roll out of new enabling technologies, such as 3G wireless and broadband to the home, will predictably create a new wave of demand. Now the scope of this article is just going to cover how to setup IPv6 on various BSD platforms. This is going to be a very basic how-to on getting it setup and properly working.

Now let’s learn a little bit about IPv6. Here’s what the FreeBSD Handbook has to say:

“IPv6 (also know as IPng “IP next generation”) is the new version of the well known IP protocol (also known as IPv4). Like the other current *BSD systems, FreeBSD includes the KAME IPv6 reference implementation. So your FreeBSD system comes with all you will need to experiment with IPv6. new balance homme This section focuses on getting IPv6 configured and running.”

In the early 1990s, people became aware of the rapidly diminishing address space of IPv4. new balance mrl996 Given the expansion rate of the Internet there were two major concerns:

  1. Running out of addresses. Today this is not so much of a concern anymore since private address spaces (,, etc.) and Network Address Translation (NAT) are being employed.
  2. Router table entries were getting too large. This is still a concern today.

IPv6 deals with these and many other issues:

  1. 128 bit address space. In other words, theoretically there are 340,282,366,920,938,463,463,374,607,431,768,211,456 addresses available. This means there are approximately 6.67 * 1027 IPv6 addresses per square meter on our planet.
  2. Routers will only store network aggregation addresses in their routing tables thus reducing the average space of a routing table to 8192 entries.

There are also lots of other useful features of IPv6 such as:

  1. Address autoconfiguration (RFC2462)
  2. Anycast addresses (“one-out-of many”)
  3. Mandatory multicast addresses
  4. IPsec (IP security)
  5. Simplified header structure
  6. Mobile IP
  7. IPv4-to-IPv6 transition mechanisms

IPv6 Background Information

There are different types of IPv6 addresses: Unicast, Anycast and Multicast.

Unicast addresses are the well known addresses. A packet sent to a unicast address arrives exactly at the interface belonging to the address.

Anycast addresses are syntactically indistinguishable from unicast addresses but they address a group of interfaces. The packet destined for an anycast address will arrive at the nearest (in router metric) interface. Anycast addresses may only be used by routers.

Multicast addresses identify a group of interfaces. A packet destined for a multicast address will arrive at all interfaces belonging to the multicast group.

Note: The IPv4 broadcast address (usually is expressed by multicast addresses in IPv6.

Reserved IPv6 addresses:

ipv6-address prefixlength(bits) Description Notes
:: 128 bits Unspecified cf. in IPv4 address
::1 128 bits Loopback address cf. in IPv4
::00:xx:xx:xx:xx 96 bits Embedded IPv4 the lower 32 bits are the address IPv4 address.  Also called “IPv4 compatible IPv6 address.”
::ff:xx:xx:xx:xx 96 bits IPv4 mapped the lower 32 bits are the IPv6 address IPv4 address.  For hosts which do not support IPv6.
fe80:: – feb:: 10 bits Link-local cf. loopback address in IPv4
fec0:: – fef:: 10 bits Site-local
ff:: 8 bits Multicast
001 (base 2) 3 bits Global unicast.  All global unicast addresses are assigned from this pool.  The first 3 Bits are “001.”

Reading IPv6 Addresses

The canonical form is represented as: x:x:x:x:x:x:x:x, each “x” being a 16 Bit hex value. For example, FEBC:A574:382B:23C1:AA49:4592:4EFE:9982

Often an address will have long substrings of all zeros; therefore, each such substring can be abbreviated by “::”. adidas ultra boost new balance femme For example, fe80::1 corresponds to the canonical form fe80:0000:0000:0000:0000:0000:0000:0001

A third form is to write the last 32-bit part in the well known (decimal) IPv4 style with dots “.” as separators. For example, 2002:: corresponds to the (hexadecimal) canonical representation 2002:0000:0000:0000:0000:0000:0a00:0001 which in turn is equivalent to writing 2002::a00:1

By now the reader should be able to understand the following:

 # ifconfig rl0: flags=8943 mtu 1500?inet netmask 0xffffff00 broadcast inet6 fe80::200:21ff:fe03:8e1%rl0 prefixlen 64 scopeid 0x1 ether 00:00:21:03:08:e1 media: Ethernet autoselect (100baseTX ) status: active 

fe80::200:21ff:fe03:8e1%rl0 is an auto-configured link-local address. It includes the enscrambled Ethernet MAC as part of the auto configuration.

For further information on the structure of IPv6 addresses see RFC2373.

Picking Your Broker

Ok so now this is where things get fun. First of all, let’s talk for a second about your choices of tunnel brokers. You’re going to need one of these to get your IPv6 connection going.

Freenet6 is a quick and easy way to get an IPv6 address and establish a tunnel. nike roshe run 2017 What makes it so easy is its Tunnel Setup Protocol (TSP) client. The program, available here, automatically gets your IPv6 address and establishes a tunnel with the Freenet6 servers. The program can be run without registering, but registration lets you get a /48 prefix (anonymous connections are given /64 addresses), and it lets you keep the same address, regardless of IPv4 address changes. tunnel service runs by a Business ISP with 24 x 7 staff at multiple locations and a national US backbone (to find out more about IPv6 at Hurricane Electric visit Gain the ability to get your own /64 prefix once your tunnel is up and get a full view of the IPv6 BGP4+ routing table.

Now I’ve played around with both of these tunnel providers. adidas superstar femme Although Freenet6 offers a /48 prefix has much better tools. chaussure adidas They also offer usage graphs on their site. ugg soldes So in this article were going to utilize the service.

So, let’s get our account shall we? Head over to and register down there on the bottom. Ugg 2017 adidas stan smith Pas Cher Don’t forget to tell them you heard about us on Once you get your email back, log back into their servers and you need to tell them your IPv4 address. nike air max classic bw soldes This is important since IPv6 is not the current standard you’re going to need to embed your 6 packets inside 4 packets. Once you get your email around the next day or two saying your tunnel is approved you can continue on. And don’t forget to sign up for the /64 prefix. Your going to need that if you wish to do any kind of routing.


Know Your Network

We’re going to make a basic 2 computer network here: Your server and your client. bottes ugg australia Now we’re going to setup the gateway as a nice friendly FreeBSD box and the client we’re going to go over setting it up as a FreeBSD client. ugg men ugg pour homme In later articles I will cover how to do this in OpenBSD and also setup a Windows 2000 client.

First here’s our tunnel information given to us from tunnelbroker:

Server IPv4 address:
Server IPv6 address: 2222:222:2222::222/127
Client IPv4 address: 333.333.333.333
Client IPv6 address: 4444:444:4444:444::444/127
Assigned /64: 5555:555:5555:555::/64

Configuring the Gateway on FreeBSD

Now let’s start with the fun. ffxiv gil Let’s go and edit our /etc/rc.conf so our system knows about our new toy.

 #Your Gateway's Hostname Here hostname="" #The Network Cards in your box network_interfaces="xl0 xl1 lo0" ##Loopback Interface ipv6_ifconfig_lo0="::1 prefixlen 128" ##External Interface ipv6_ifconfig_xl0="4444:444:4444:444::444 prefixlen 128" ipv6_prefix_xl0="5555:555:5555:555::" ##Internal Interface ipv6_ifconfig_xl1="5555:555:5555:555::1 prefixlen 64" #Extra Stuff ipv6_enable="YES" ipv6_network_interface="xl0 xl1" ipv6_default_router="2222:222:2222::222" rtadvd_enable="YES" rtadvd_interfaces="xl1" ipv6_gateway_enable="YES" ipfilter_rules="/etc/ipf.rules" ipv6_ipfilter_rules="/etc/ipf6.rules" 

Now are you confused yet? I hope not. Things only get more fun from here. chaussure timberland homme Let’s go ahead and create a script to start the tunnel over to our broker. adidas ultra boost Go ahead and edit your /etc/rc.local and add something like this:

 echo -n " Establishing HE.NET Tunnel " /sbin/ifconfig gif0 create /sbin/ifconfig gif0 tunnel 333.333.333.333 /sbin/ifconfig gif0 inet6 4444:444:4444:444::444 2222:222:2222::222 prefixlen 128 /sbin/route -n add -inet6 default 2222:222:2222::222 /sbin/ifconfig gif0 up 

Now we need set a couple of kernel options. asics france Now edit your /etc/sysctl.conf and add these lines in there:

 net.inet6.ip6.accept_rtadv=0 net.inet6.ip6.forwarding=1 

This allows you to be a router for IPv6 as you can only be a router or a client. timberland pas cher adidas tubular shadow So, on your other systems these options will be in reverse. Next in line we need to create our /etc/rtadvd.conf and file it should contain something like the following:

 default: :raflags#0:rltime#3600: :pinfoflags#64:vltime#360000:pltime#360000:mtu#1500: ether: :mtu#1280:tc=default: # interfaces. xl1: :addrs#1: :addr="5555:555:5555:555::":prefixlen#64:tc=ether: 

Ok.. nike internationalist Now we have the networking information setup we still need to tell our firewall what to do with this. Since IPv6 is a completely different stack we need a second firewall on our box: 1 for IPv4 and 1 for IPv6.

Inside your /etc/ipf.rules you should have a pass our in and out rule for each interface to allow the IPv6 packets.

 pass out quick on xl0 proto ipv6 all pass in quick on xl0 proto ipv6 all 

and the same for your internal nic. ugg grise Next were going to create a very basic set of rules for our 6 stack. Create and edit /etc/ipf6.rules

 pass out quick all pass in quick all 

Now another important aspect is your /etc/hosts file. Here we have something like this:

 ::1 localhost localhost 5555:555:5555:555::1 server 333.333.333.333 server 5555:555:5555:555::aaaa client client 

Notice how our IPv6 addresses go before the IPv4. adidas superstar There is a reason for this. timberland femme When your system reads the hosts file it’s going to take the first address for that host in it. Since we have our IPv6 address for our client if we try to do something like ssh into the client it will try IPv6 before IPv4. buy ff14 gil Now reboot and you should be all configured and ready to go.

When your system comes back online, try pinging and if you get a return response your good to go. nike air max 1 You should see something similar to this:

 # ping6 PING6(56=40+8+8 bytes) 4444:444:4444:444::444 --> 3ffe:b00:c18:1::10 16 bytes from 3ffe:b00:c18:1::10, icmp_seq=0 hlim=61 time=175.393 ms 16 bytes from 3ffe:b00:c18:1::10, icmp_seq=1 hlim=61 time=179.547 ms 16 bytes from 3ffe:b00:c18:1::10, icmp_seq=2 hlim=61 time=204.748 ms --- ping6 statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max/std-dev = 175.393/186.563/204.748/12.970 ms 

Congratulations you now have a router. Now onto the client.

Configuring A FreeBSD IPv6 Client

Now the hard part is done you have a routing IPv6 stack. So we just need to tell our clients there is an address available and to use it. nike flyknit cheap ffxiv Items First, we need to tell our client to accept RA broadcasts. nike air force 1 nike internationalist Go and edit your /etc/sysctl.conf file and add in the following:

 net.inet6.ip6.accept_rtadv=1 net.inet6.ip6.forwarding=0 

Next run the following command as root:

 # rtsol -D xl0 

Note: Replace xl0 with whatever your NIC is.

You should be presented with an output something like:

 checking if xl0 is ready... xl0 is ready set timer for xl0 to 0:184944 New timer is 0:00184701 timer expiration on xl0, state = 1 send RS on xl0, whose state is 2 set timer for xl0 to 4:0 New timer is 4:00001235 received RA from XXXX::XXX:XXXXXXXX:XXXX on xl0, state is 2 stop timer for xl0 there is no timer 

Congrats, you should now be able to ping6 from the client. Now I would suggest you add the rtsol command to your /etc/rc.local to avoid future headache’s. new balance femme Some other configurations you will need to do are (these are not required but nice to have):

 ifconfig_lo0="inet" ipv6_ifconfig_lo0="::1 prefixlen 128" ipv6_ifconfig_xl0="YOUR GIVEN IPV6 ADDRESS FROM THE GATEWAY prefixlen 64" ipv6_prefix_xl0="5555:555:5555:555::" ipv6_default_router="5555:555:5555:555::1" ipv6_enable="YES" ipv6_network_interface="xl0" 

Reboot and you should have a fully functional IPv6 client.

Speak Your Mind