Re: More Quick 'n' Easy IPv6 for Debian, Wireless
On Tue, Jan 20, 2004 at 01:23:18PM -0600, John Goerzen wrote:
> On Tue, Jan 20, 2004 at 10:46:52AM -0800, Marc Singer wrote:
> > What I'm not finding is how to get this working where there are hosts
> > behind NAT'ing routers. In this case, a wireless AP that provides
> > limited configurability and no ipv6 support. Using the already
>
> If you can configure it to let protocol 41 (ipv6) through, you may be
> able to make things work. (I have been able to do that going through a
> Shorewall IPV4-only NAT box.)
>
> However, you may not be able to do that on your AP. You may need a more
> powerful router.
The router has a VPN passthrough feature which, I believe, is a hack
in the AP that recognizes an ipsec setup sequence and will pass the
ipsec packets through the AP.
>
> > What I've deduced is that there is a need for another kind of tunnel,
> > either ipip or ipsec. Am I on the right track?
>
> Well, that depends on what you're trying to do. If you're trying to
> join the global IPv6 network, that won't help. However, AFAIK, you'll
> run into the same issues with IPSec.
That's an interesting wrinkle. I was figuring that I could setup
routes on the ipv6 connected host that will make this work.
Let's say that I am using 192.0.2.1/28 as my public address and
192.0.2.250/24 as the unroutable wireless network.
The router is called Robin, the wireless note is called Wendy.
Robin is given 192.0.2.1, 192.0.2.251 and 2002:c000:201:1::1.
Wendy is given 192.0.2.252 and 2002:c000:201:2::1.
With some hand waving, I bridge Robin and Wendy through the AP using
IPSEC such that each can ping the other's 192.0.2.250/28 address. A
static route is added to each of them such that the 2002:c000:201:1::1
and 2002:c000:201:2::1 networks are ping6'able. Finally, the default
-6 route for Wendy is set to Robin. I'd have more results, but I'm
working to get the ipsec tunnel running.
Am I missing something?
>
> -- John
Reply to: