RE: More Quick 'n' Easy IPv6 for Debian, Wireless
-----BEGIN PGP SIGNED MESSAGE-----
Marc Singer [mailto:elf@buici.com] wrote:
> On Wed, Jan 21, 2004 at 02:34:07AM +0100, Jeroen Massar wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> >
> > Marc Singer [mailto:elf@buici.com] wrote:
> >
> > > On Tue, Jan 20, 2004 at 08:46:33PM +0100, Jeroen Massar wrote:
> > > > -----BEGIN PGP SIGNED MESSAGE-----
> > > >
> > > > John Goerzen [mailto:jgoerzen@complete.org] wrote:
<BIG SNIP>
> Not exactly.
>
>
> [6to4 anycast relay]
> ^
> |
> [Internet]
> |
> v
> [Router] <---> [AP] <---> [Wireless Host]
> ^
> |
> v
> [Wired Host]
That is indeed much easier. Let the router do 6to4 and announce
the prefixes using radvd directly or over a tunnel. Done(tm)
> > And then you want to do 6to4 from the router to the anycast address.
>
> That already works.
>
> > Assuming that you are using NAT you can't use 6to4 unless you map
> > it directly onto one internal host in the AP and properly let the
> > router think that it has the public IP, as RFC1918 addresses don't
> > route onto the internet. If that is done you can
> > indeed create either a tunnel or possibly even native IPv6 between
> > the Router and the Wireless Host. I would try native btw.
> If you want
> > it to be secure indeed go for the ipsec tunnel.
>
> In the picture above, the Wire Host (s) all work fine. radvd gives
> them address and they have immediate access to the 6bone.
>
> My plan is to form a bridge between the Wireless Host (or any of
> several) and the Router and then let the router carry ipv6 traffic to
> the Anycast Relay when necessary.
>
> 1) If I get another tunnel, I'd like to change it in only one place,
> though I know that I may have to renumber everything if I get a
> bonafide network delegation.
In the above setup that should be no problem.
> 2) I'd really like to let there be a radvd server for the Wireless
> Hosts, but I don't see how I can do this unless I can get one of
> the Router's interfaces to appear in the collision domain of the
> wireless network.
The AP will probably have a "bridge" mode, thus extending the interface.
I guess you have currently set it to make a seperate network of it.
> 3) The next best thing is to for an IPSEC tunnel from the Wireless
> Host to the Router since this kind of tunnel is recognized by the
> AP. As an aside, the AP is really dumb in this respect. It
> requires that the IPSEC tunnel use ISAKMP because of the port 500
> exchange that triggers the special super secret pass-through
> mode. I'd use another kind of tunnel, but I don't think there is
> one that will work with the AP.
tinc/openvpn etc all use normal tcp and udp thus should not pose
a problem. I actually wonder why the AP is needing to know about L4 stuff.
Greets,
Jeroen
-----BEGIN PGP SIGNATURE-----
Version: Unfix PGP for Outlook Alpha 13 Int.
Comment: Jeroen Massar / http://unfix.org/~jeroen
iQA/AwUBQA5dvimqKFIzPnwjEQJvcgCfaXRCFK+Tm20jzfroTFjO6v6IhiwAn3PL
pjRgRllgVc5DuMdK/Mkt6Ntu
=SLB4
-----END PGP SIGNATURE-----
Reply to: