Friday 1 May 2009

Just setup Time Capsule as my IPv6 gateway

So Apple have taken a lead in the drift towards IPv6 adoption (though it seems we really are getting to the end IPv4 as we know it) - their Time Capsule (TC) uses IPv6 out of the box for administration when using the AirPort Utility (Using a proprietary encrypted protocol AACP). It also has facilities for setup of an IPv6 [6in4] tunnel using IPv6 in IPv4 encapsulation (specifically IP protocol 41) as specified in RFC4213.

So to get connected to the Global IPv6 Internet (such as it is...) you need to go get a free tunnel endpoint from Hurricane Electric (or others) then use the AirPort Utility and select 'Manual Setup', then go to 'Advanced' and 'IPv6' then select 'IPv6 mode:' as tunnel and select 'Configure IPv6:' as Manually. The enter the addresses as given by your IPv6 tunnel provider. In the LAN IPv6 Address enter an address that has the same IPv6 prefix as the others but with a different host id - the bit after the "::/64" - just choose a number (well up to 8 hex digits separated by ':'s - no "::" prefix used if exactly 8 digits are used for host_id) which will form your TC's [Global] IPv6 address (e.g. your_prefix::FE:ED:CO:FF:EE). It's probably best to disable incoming connections as you could open your machine to IPv6 attacks.

If you're on a public IP address space then you're all set, however if like most of us your TC is behind a DSL router/NAT then you'll need to make hole in your firewall/NAT so Porotocol 41 gets in and out. If you're lucky enough to have a Linux based DSL router then this how to do it - login to you router. If you've got a Netgear router then you can enable telnet access by going to http://your_router/setup.cgi?todo=debug. And then telnet to the router and type the following (which I found here) - given your TC has the address 192.168.0.2:
iptables -t nat -A PREROUTING -i ppp0 -p 41 -j DNAT --to 192.168.0.2
iptables -t filter -A FORWARD -i ppp0 -p 41 -d 192.168.0.2 -j ACCEPT

You may not need to do the above on some routers - all tht may be necessary is enable pings on the external interface.

[update 2aug09]: If you've got a Thompson router then see my new blog entry.

And you should now be able to access the world of IPv6.... Check out these for starters ipv6.google.com, the old Kame dancing turtle, and quite a few others...oh and these too...

[updated/corrected 6in4 - 18nov09]

3 comments:

  1. OK, I'm playing with my TC and HE IPv6 Tunneling, and have populated the:
    Remote IPv4 Address
    Remote IPv6 Address
    Local IPv6 Address

    with the information provided by HE; however, there is one more field on my TC IPv6 Tunneling page still blank. It's the:

    LAN IPv6 Address

    field. What is supposed to be populated there? Anything?

    Thanks for putting up this blog entry!

    Jeff G.

    ReplyDelete
  2. Did this work after you upgraded your TC to 7.4.2?

    Thanks,

    Jeff G.

    ReplyDelete
  3. Hi Jeff - Yes it works after upgrade to 7.4.2. I've also updated my post to explain the LAN IPv6 address.

    ReplyDelete