Step 3 – Local setup
Click for full-size image
When the tunnel’s been created, you’ll see a summary screen showing the endpoints, with an IPv6 address for each end of the tunnel, as well as a routed /64, which you can use to assign IPv6 addresses to your own network. In the example here, you can see the client IPv6 address - my end of the tunnel - is 2001:470:1f08:19a4::2 and the prefix for my LAN is 2001:470:1f09:19a4. Note the difference in the third section of the address. The tunnel endpoints are using 1f08 and the local LAN uses 1f09.
Click for full-size image
You should also make a note of the IPv6 nameserver address. On some systems, this isn’t picked up automatically. For example, Mac OS X can auto-configure, but can’t pick up the DNS server address via DHCP6, so you’ll have to enter it manually in the Network preferences panel.
Once you’ve noted your specific addresses, click the Example configurations tab and select your operating system from the drop-down menu. You’ll see a list of commands that you need to copy and paste into a command window with administrator privileges. On Windows XP Pro this starts with the command:
ipv6 install
The next two commands – yes, that really is all there is to it – include the addresses for your system, so just copy and paste them one at a time from the example config on TunnelBroker. In theory, you can now head to IPv6 test site test-ipv6.com and you’ll receive confirmation that everything’s working correctly. That’s the theory. XP users may not always be so successful, thanks to Windows update KB978338, which is a hotfix designed to stop some potential security issues with IPv6 tunnelling, and has the side effect of breaking the setup on XP.
There are some workarounds – for example, some sites suggest adding an extra record to your DNS will fix it, as the fix uses that to check the tunnel is set up correctly. That didn’t work for me, and I used the alternative method of simply uninstalling KB978338. That’s not really recommended, though it solves the problem in the short term if you simply want to try things out using XP.
Next page: What next?
COMMENTS
RE: What's in it for HE?
I too have been pondering that for a while.
My best guess is that's a combination of altruism and marketing - they get a lot of publicity, world wide, for what is probably a very limited expenditure. Given that they'll be doing a lot of work internally anyway, adding the tunnelbroker service has probably cost them very little, while also increasing significantly the number of IPv6 connected users. All these users will generate real IPv6 traffic which will allow them to further analyse how things are working in their own network, and fix any problems they might find.
All this means that a) lots more people will have heard of them, and b) anyone looking for native IPv6 connectivity will have heard of them, and c) such users will know that HE do IPv6 in a world where so many carriers/ISPs still have their head stuck in the sand about it (or stuck up their backsides).
As for those "why should I bother, I'm fine right now" types. Well sit tight, but don't complain when IPv6 only services start appearing. It'll be a while yet, but it will happen sooner or later. IPv6 now is not as hard as IPv4 was when I first got online, and once vendors (especially the consumer electronics ones) and ISPs extract their digits from their fundaments then it will become even easier and transparent to users.
As for security, there is ZERO reason why a firewall cannot be equally effective on IPv6 as IPv4 - zero reason that is except that too many people have their heads in the sand and are still pretending it's not going to happen. I have my entire home network IPv6 enabled, and it's no less secure than the IPv4 side because I use a decent firewall that has proper IPv6 support.
If your firewall doesn't do IPv6 properly, then that's not the fault of IPv6, it's the fault of the firewall developer and you should be asking them why - or just switching to a decent firewall.
And finally ... NAT IS NOT A FIREWALL, NAT is a fundamentally f***ed up cludge that breaks lots of stuff. Working around all the stuff NAT f***s up wastes a huge amount of development and support effort that would be better spent making stuff better.
no IPv6?
well, I've had it for years, I'm bored of people mistaking NAT for a firewall, it just isn't. if the router supports IPv6, it also has a firewall, and will stop the traffic. the chances of anything finding you on IPv6 are so incredibly slim anyway, it's not actually a huge issue yet, anyway.
What baffles me, is ElReg putting up an article, 5 pages long about IPv6, and yet. they don't have it..... Why not ElReg, it really isn't that difficult at all! even if it's tunneled!
Boring !
Isnt Pippa's rear more importnat than this ipv6 thingy for us Brits?
On World IPv6, will the reg be taking their own advice?
Is the register going to be adding IPv6 to their network on that day or have they done it already?
apply clue with extreme force
for fuck's sake!
1) there are roughly twice as many people on this planet than there are ipv4 addresses. before you ever say anything about ip addressing again, come up with a viable solution that will give everyone just one ipv4 address. of course there will be a billion or two people who might never get connected but there will be at least that number who will each need more than one address.
2) nat is not the answer. it breaks too many things. like sip or video/audio streaming. try getting two or more people playing the same game over the internet at the same time when they all go through the same nat device.
3) even if nat was the answer and was guaranteed to work perfectly for every application and internet protocol forever, including the ones that have still to be invented, see 1).
4) net 10/8 is big enough for 16 million devices. the biggest telcos and cable companies have more than that number of customers already. this is why comcast, a us cable company, is all ipv6 now. they need ~300 million ip addresses: roughly 10-12 per customer (household). they have around 25 million customers today. they just can't hope to meet this with ipv4 address. vodaphone must be getting close to 16 million customers in england. if they're using nat, their network managers must be shitting themselves.
5) things like smart metering simply cannot work with nat. see 4). there are around 25 million gas meters in this country, most of them served by british gas. these won't fit into 10/8. the situation isn't quite as bad with electricity or water meters. oh, and you'll be seriously fucked because the meter will have to be renumbered (ie a site visit) whenever you switch providers => moving to a new utility company's wan. a nat solution (if it worked) would have that delightful property.
6) the intelligent grid will require end-to-end connectivity. nat breaks that. energy-hungry devices will have to be able to contact the power company to get real-time info about the cheapest and dearest times to power up. good luck making that work across the country with nat. or expecting everyone to reconfigure this mythical nat box in their house or office every time they plugged in a new kettle or telly.
7) anyone sitting on excess ipv4 space is unlikely to hand it back. now that those addresses are a scarce and almost exhausted commodity, carbon-based life-forms with a functioning brain will want to sell their spare addresses if they can. besides even once that ipv4 market starts, there still won't be enough addresses to go round. see 1).
8) the best thing vendors could do with nat is eliminate it. and apply clue to any fuckwits who think nat is the answer.
9) how many devices will be connected to the internet next year? more? less? same as now? what about in 5 years or 10 years? nat isn't going to save us. it will make things worse because all that nat shit will have to be ripped out and replaced with ipv6 some day. might as well have one migration to do instead of two.
10) every land-line will need a unique ip address at the exchange when the telcos switch to their next generation nets. incumbents like bt are already doing this. mobile operators won't be far behind. but they'll be connecting tablets and fondleslabs that sometimes get used to make phone calls. once you have 10+ million customers, network 10/8 and nat is just not going to do it. see 4).
11) iana handed out /8s to the regional internet registries. so it isn't worth handing back anything smaller than that to iana. and anyway, smaller chunks of free ipv4 space will be up for sale on ebay soon if they're not there already.
12) proper uptake of ipv6 puts a stop to all this nat fuckwittedness forever. and kills the trade in v4 addresses. it'll provide more than enough headroom for what we already expect we want to do on the internet for the next decade or two. and still leave vast amounts of unused space for whatever happens on the internet after our great-great grandchildren are long dead,
