Step 2 – Remote setup
Click for full-size image
This is the main page of the TunnelBroker site, once you’ve logged in. The next step is to create a tunnel, so click the ‘Create Regular Tunnel’ link in the User Functions panel at the left.
Click for full-size image
On the next page, enter the public IP address of your local machine. The Tunnel Broker site will check to see if it’s reachable and if – like my system – it’s not, you’ll see a warning message asking you to allow 66.220.2.74 through your firewall. When you’ve got that sorted correctly, you’ll see a message in a green box telling you it’s a potential endpoint.
Click for full-size image
One thing to remember here is that this check is not necessarily from the default endpoint at Hurricane Electric. If, like me, you’ve selected a different location, like London, then you’ll need to ensure that you set up your firewall to allow the tunnel to work to that address too. Forget that and you’ll spend ages scratching your head and wondering why things aren’t working. So, make sure you jot down the IP address of the tunnel server that you choose. You may also have to configure your firewall to allow protocol number 41 to pass through it, which is ‘IPv6 encapsulated in IPv4’
Scroll down the page and click ‘Create tunnel’.
Next page: Step 3 – Local setup
COMMENTS
RE: What's in it for HE?
I too have been pondering that for a while.
My best guess is that's a combination of altruism and marketing - they get a lot of publicity, world wide, for what is probably a very limited expenditure. Given that they'll be doing a lot of work internally anyway, adding the tunnelbroker service has probably cost them very little, while also increasing significantly the number of IPv6 connected users. All these users will generate real IPv6 traffic which will allow them to further analyse how things are working in their own network, and fix any problems they might find.
All this means that a) lots more people will have heard of them, and b) anyone looking for native IPv6 connectivity will have heard of them, and c) such users will know that HE do IPv6 in a world where so many carriers/ISPs still have their head stuck in the sand about it (or stuck up their backsides).
As for those "why should I bother, I'm fine right now" types. Well sit tight, but don't complain when IPv6 only services start appearing. It'll be a while yet, but it will happen sooner or later. IPv6 now is not as hard as IPv4 was when I first got online, and once vendors (especially the consumer electronics ones) and ISPs extract their digits from their fundaments then it will become even easier and transparent to users.
As for security, there is ZERO reason why a firewall cannot be equally effective on IPv6 as IPv4 - zero reason that is except that too many people have their heads in the sand and are still pretending it's not going to happen. I have my entire home network IPv6 enabled, and it's no less secure than the IPv4 side because I use a decent firewall that has proper IPv6 support.
If your firewall doesn't do IPv6 properly, then that's not the fault of IPv6, it's the fault of the firewall developer and you should be asking them why - or just switching to a decent firewall.
And finally ... NAT IS NOT A FIREWALL, NAT is a fundamentally f***ed up cludge that breaks lots of stuff. Working around all the stuff NAT f***s up wastes a huge amount of development and support effort that would be better spent making stuff better.
no IPv6?
well, I've had it for years, I'm bored of people mistaking NAT for a firewall, it just isn't. if the router supports IPv6, it also has a firewall, and will stop the traffic. the chances of anything finding you on IPv6 are so incredibly slim anyway, it's not actually a huge issue yet, anyway.
What baffles me, is ElReg putting up an article, 5 pages long about IPv6, and yet. they don't have it..... Why not ElReg, it really isn't that difficult at all! even if it's tunneled!
Boring !
Isnt Pippa's rear more importnat than this ipv6 thingy for us Brits?
On World IPv6, will the reg be taking their own advice?
Is the register going to be adding IPv6 to their network on that day or have they done it already?
apply clue with extreme force
for fuck's sake!
1) there are roughly twice as many people on this planet than there are ipv4 addresses. before you ever say anything about ip addressing again, come up with a viable solution that will give everyone just one ipv4 address. of course there will be a billion or two people who might never get connected but there will be at least that number who will each need more than one address.
2) nat is not the answer. it breaks too many things. like sip or video/audio streaming. try getting two or more people playing the same game over the internet at the same time when they all go through the same nat device.
3) even if nat was the answer and was guaranteed to work perfectly for every application and internet protocol forever, including the ones that have still to be invented, see 1).
4) net 10/8 is big enough for 16 million devices. the biggest telcos and cable companies have more than that number of customers already. this is why comcast, a us cable company, is all ipv6 now. they need ~300 million ip addresses: roughly 10-12 per customer (household). they have around 25 million customers today. they just can't hope to meet this with ipv4 address. vodaphone must be getting close to 16 million customers in england. if they're using nat, their network managers must be shitting themselves.
5) things like smart metering simply cannot work with nat. see 4). there are around 25 million gas meters in this country, most of them served by british gas. these won't fit into 10/8. the situation isn't quite as bad with electricity or water meters. oh, and you'll be seriously fucked because the meter will have to be renumbered (ie a site visit) whenever you switch providers => moving to a new utility company's wan. a nat solution (if it worked) would have that delightful property.
6) the intelligent grid will require end-to-end connectivity. nat breaks that. energy-hungry devices will have to be able to contact the power company to get real-time info about the cheapest and dearest times to power up. good luck making that work across the country with nat. or expecting everyone to reconfigure this mythical nat box in their house or office every time they plugged in a new kettle or telly.
7) anyone sitting on excess ipv4 space is unlikely to hand it back. now that those addresses are a scarce and almost exhausted commodity, carbon-based life-forms with a functioning brain will want to sell their spare addresses if they can. besides even once that ipv4 market starts, there still won't be enough addresses to go round. see 1).
8) the best thing vendors could do with nat is eliminate it. and apply clue to any fuckwits who think nat is the answer.
9) how many devices will be connected to the internet next year? more? less? same as now? what about in 5 years or 10 years? nat isn't going to save us. it will make things worse because all that nat shit will have to be ripped out and replaced with ipv6 some day. might as well have one migration to do instead of two.
10) every land-line will need a unique ip address at the exchange when the telcos switch to their next generation nets. incumbents like bt are already doing this. mobile operators won't be far behind. but they'll be connecting tablets and fondleslabs that sometimes get used to make phone calls. once you have 10+ million customers, network 10/8 and nat is just not going to do it. see 4).
11) iana handed out /8s to the regional internet registries. so it isn't worth handing back anything smaller than that to iana. and anyway, smaller chunks of free ipv4 space will be up for sale on ebay soon if they're not there already.
12) proper uptake of ipv6 puts a stop to all this nat fuckwittedness forever. and kills the trade in v4 addresses. it'll provide more than enough headroom for what we already expect we want to do on the internet for the next decade or two. and still leave vast amounts of unused space for whatever happens on the internet after our great-great grandchildren are long dead,
