We noticed some of you have problems configuring IPv6 and need some instructions in how to set it up with ASG v8. Therefore we decided to write a little howto that you can use to get IPv6 internet access up and running even without the need for a native IPv6 provider. First of all: Windows Vista and Windows 7 are IPv6 enabled by default. These OSes are preconfigured for the Teredo Tunnel Broker, so you should already have a public IPv6 address if the system has IPv4 internet access and DST Port UDP 3544 can passthrough. You get an address from the Teredo Subnet (2001:0000::/32). This behaviour can be overridden simply by providing "Prefix Advertisements" at the ASG. For auto-assigning DNS within Windows, you also have to make use of DHCPv6! Second: With IPv6, each enabled interface has a so-called "link-local" address (subnet FE80::/10) which is not routeable (Similar to private IPv4 addresses) and is auto-assigned via zeroconfig (Similar to IPv4 APIPA). So, for IPv6 inter-connectivity, you have to assign an additional and "public" or "site-local" address. Third: With IPv6, the IP auto-configuration has changed significantly. It is now split into "Prefix Advertisements" and "DHCPv6" instead of DHCP only. The prefix advertisements are used for assigning IP addresses whereas DHCPv6 is for additional configuration like DNS. The exact behaviour depends on the OS, though. ASG v8 offers two options for IPv4 users that want to additionally use IPv6: 6to4 (/48 subnet, needs static public IPv4 address) Tunnel Broker (subnet size depends on broker, works behind NAT, possible to register your own IPv6 range) Both options provide you a complete IPv6 subnet that you can use to assign addresses to your clients behind the ASG. 6to4 6to4 maps each IPv4 address to a /48 IPv6 subnet. That means with a single IPv4 address, you can have *many* IPv6 hosts behind the gateway. Make sure you have internet access via a static public IPv4 address at the ASG. Enable the IPv6 feature. Enable the 6to4 feature for the interface with the static public IPv4 address. Please also read *common* steps described below. Tunnel Broker Register at one of the two supported Tunnel Brokers and apply for a personal IPv6 subnet. Wait for the registration process to complete. This can take several days, depending on the broker (gogo6 is fastest and less complicated). Make sure the ASG has IPv4 internet access (can reside behind a NAT). Enable the IPv6 feature. Enable the "Tunnel Broker" feature with user authentication and the chosen broker together with the credentials. Please also read *common* steps described below. Common - Configure the internal interface for IPv6 (take an IP-Address from the assigned IPv6 range displayed at the IPv6 "Global" tab) using a /64 subnet mask (this is important!). - Enable the IPv6 "Prefix Advertisements" feature for the internal interface. The "Other config" checkbox additionally enables DHCPv6 in one step. - Define your IPv6 packet filters. - Bring up your clients with enabled IPv6 protocol and auto-configuration enabled. Besides the preconfigured link-local address, they should get an additional address from the IPv6 /64 subnet and now be able to natively use IPv6.

IPv6 Howto

We noticed some of you have problems configuring IPv6 and need some instructions in how to set it up with ASG v8. Therefore we decided to write a little howto that you can use to get IPv6 internet access up and running even without the need for a native IPv6 provider.

First of all: Windows Vista and Windows 7 are IPv6 enabled by default. These OSes are preconfigured for the Teredo Tunnel Broker, so you should already have a public IPv6 address if the system has IPv4 internet access and DST Port UDP 3544 can passthrough. You get an address from the Teredo Subnet (2001:0000::/32). This behaviour can be overridden simply by providing "Prefix Advertisements" at the ASG. For auto-assigning DNS within Windows, you also have to make use of DHCPv6!

Second: With IPv6, each enabled interface has a so-called "link-local" address (subnet FE80::/10) which is not routeable (Similar to private IPv4 addresses) and is auto-assigned via zeroconfig (Similar to IPv4 APIPA). So, for IPv6 inter-connectivity, you have to assign an additional and "public" or "site-local" address.

Third: With IPv6, the IP auto-configuration has changed significantly. It is now split into "Prefix Advertisements" and "DHCPv6" instead of DHCP only. The prefix advertisements are used for assigning IP addresses whereas DHCPv6 is for additional configuration like DNS. The exact behaviour depends on the OS, though.

ASG v8 offers two options for IPv4 users that want to additionally use IPv6:

6to4 (/48 subnet, needs static public IPv4 address)
Tunnel Broker (subnet size depends on broker, works behind NAT, possible to register your own IPv6 range)

Both options provide you a complete IPv6 subnet that you can use to assign addresses to your clients behind the ASG.

6to4
6to4 maps each IPv4 address to a /48 IPv6 subnet. That means with a single IPv4 address, you can have *many* IPv6 hosts behind the gateway.

Make sure you have internet access via a static public IPv4 address at the ASG. Enable the IPv6 feature. Enable the 6to4 feature for the interface with the static public IPv4 address.

Please also read *common* steps described below.

Tunnel Broker
Register at one of the two supported Tunnel Brokers and apply for a personal IPv6 subnet. Wait for the registration process to complete. This can take several days, depending on the broker (gogo6 is fastest and less complicated).

Make sure the ASG has IPv4 internet access (can reside behind a NAT). Enable the IPv6 feature. Enable the "Tunnel Broker" feature with user authentication and the chosen broker together with the credentials.

Please also read *common* steps described below.

Common
- Configure the internal interface for IPv6 (take an IP-Address from the assigned IPv6 range displayed at the IPv6 "Global" tab) using a /64 subnet mask (this is important!).
- Enable the IPv6 "Prefix Advertisements" feature for the internal interface. The "Other config" checkbox additionally enables DHCPv6 in one step.
- Define your IPv6 packet filters.
- Bring up your clients with enabled IPv6 protocol and auto-configuration enabled. Besides the preconfigured link-local address, they should get an additional address from the IPv6 /64 subnet and now be able to natively use IPv6.

Parents

0 Monarch over 16 years ago

Hm, I don't really understand much of this how-to (Teredo tunnel?!) *g*

Will read some IPv6 chapters in my Cisco books the next days [:P]
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 RFCat_vk_01 over 16 years ago in reply to Monarch

Hi Mario,
I am trying to understand where my PC picks up its IPv6 addressing info from because there is a vlan switch which is only setup for IPv4 between the PC and the ASG.

Ian M[:)]
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 trollvottel over 16 years ago in reply to RFCat_vk_01

Hi Mario,
I am trying to understand where my PC picks up its IPv6 addressing info from because there is a vlan switch which is only setup for IPv4 between the PC and the ASG.

Ian M[:)]

A VLAN Switch does not care about IPv4 or IPv6. A switch works at OSI layer 2 - which is below IP.

Your PC picks up its "link-local" address (fe80::/10) on his own by doing zero-config (Similar to IPv4 APIPA). The address also consists of the physical MAC address of the interface. This is normal - As soon as you enable the IPv6 protocol for the OS, every interface gets such an address. But for Inter-IPv6-Connectivity, you have to assign an additional (public) address.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 utm_kid over 15 years ago in reply to trollvottel

how to use /64 subnet mask

at present 6to4 over Internal: 2002:C0A8:264::1/48

is it 48 bit (?)subnet mask ?
i try many times to make it 64 in internal interface but it always goes to 48 (bug ?)
how to configure ipv6 dhcp ?
is linux commands are updated to handle ipv6p like ip ,arp,route if yes how to use arp and route ?
which applcation in asg support ipv6 (p2p/irc,web,proxy,ftp,voip ?)
thx

update:2010:01:31-18:07:13 acenn dhcp6s[7154]: get_duid: extracted an existing DUID from /var/db/dhcp6s_duid: 00:01:00:01:12:f5:9f[:D]b:00:1c:c0:aa:21:8c

why its mix of ipaddress and mac address and why ip in 00:01 foam it suppose to be :c0a8:this foam

sorry i really dont know ,please please correct me ,thanks i am just thinking

thanks
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 da_merlin over 15 years ago in reply to utm_kid

6to4 on Internal interface is useless and will not work.
Use 6to4 only if you have a static public IPv4 address.
See Wikipedia 6to4

DHCPv6 uses a DUID instead of MAC addresses as in DHCPv4.
The DUID is generated from the first network interface card and is valid
for all network interfaces, e.g. the same DUID is sent via Ethernet and WLAN.

Please do some basic google search before asking general IPv6 questions.
There is a nice basic IPv6 Presentation, also the Wikipedia IPv6 site is very informative.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 da_merlin over 15 years ago in reply to utm_kid

6to4 on Internal interface is useless and will not work.
Use 6to4 only if you have a static public IPv4 address.
See Wikipedia 6to4

DHCPv6 uses a DUID instead of MAC addresses as in DHCPv4.
The DUID is generated from the first network interface card and is valid
for all network interfaces, e.g. the same DUID is sent via Ethernet and WLAN.

Please do some basic google search before asking general IPv6 questions.
There is a nice basic IPv6 Presentation, also the Wikipedia IPv6 site is very informative.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

No Data