RE: More Quick 'n' Easy IPv6 for Debian, Wireless

To: "'Marc Singer'" <elf@buici.com>
Cc: <debian-ipv6@lists.debian.org>
Subject: RE: More Quick 'n' Easy IPv6 for Debian, Wireless
From: "Jeroen Massar" <jeroen@unfix.org>
Date: Wed, 21 Jan 2004 12:08:46 +0100
Message-id: <[🔎] 003501c3e00e$f0bdcb40$210d640a@unfix.org>
In-reply-to: <[🔎] 20040121030028.GA3045@buici.com>

-----BEGIN PGP SIGNED MESSAGE-----

Marc Singer [mailto:elf@buici.com] wrote:

> On Wed, Jan 21, 2004 at 02:34:07AM +0100, Jeroen Massar wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > 
> > Marc Singer [mailto:elf@buici.com] wrote:
> > 
> > > On Tue, Jan 20, 2004 at 08:46:33PM +0100, Jeroen Massar wrote:
> > > > -----BEGIN PGP SIGNED MESSAGE-----
> > > > 
> > > > John Goerzen [mailto:jgoerzen@complete.org] wrote:

<BIG SNIP>

> Not exactly.
> 
> 
> [6to4 anycast relay]
>       ^
>       |
>   [Internet]
>       |
>       v
>    [Router] <---> [AP] <---> [Wireless Host]
>       ^
>       |
>       v
>  [Wired Host]  

That is indeed much easier. Let the router do 6to4 and announce
the prefixes using radvd directly or over a tunnel. Done(tm)

> > And then you want to do 6to4 from the router to the anycast address.
> 
> That already works.
> 
> > Assuming that you are using NAT you can't use 6to4 unless you map
> > it directly onto one internal host in the AP and properly let the
> > router think that it has the public IP, as RFC1918 addresses don't
> > route onto the internet. If that is done you can
> > indeed create either a tunnel or possibly even native IPv6 between
> > the Router and the Wireless Host. I would try native btw. 
> If you want
> > it to be secure indeed go for the ipsec tunnel.
> 
> In the picture above, the Wire Host (s) all work fine.  radvd gives
> them address and they have immediate access to the 6bone.
> 
> My plan is to form a bridge between the Wireless Host (or any of
> several) and the Router and then let the router carry ipv6 traffic to
> the Anycast Relay when necessary.  
> 
>   1) If I get another tunnel, I'd like to change it in only one place,
>      though I know that I may have to renumber everything if I get a 
>       bonafide network delegation.

In the above setup that should be no problem.

>   2) I'd really like to let there be a radvd server for the Wireless
>      Hosts, but I don't see how I can do this unless I can get one of
>      the Router's interfaces to appear in the collision domain of the
>      wireless network. 

The AP will probably have a "bridge" mode, thus extending the interface.
I guess you have currently set it to make a seperate network of it.

>   3) The next best thing is to for an IPSEC tunnel from the Wireless
>      Host to the Router since this kind of tunnel is recognized by the
>      AP.  As an aside, the AP is really dumb in this respect.  It
>      requires that the IPSEC tunnel use ISAKMP because of the port 500
>      exchange that triggers the special super secret pass-through
>      mode. I'd use another kind of tunnel, but I don't think there is
>      one that will work with the AP.

tinc/openvpn etc all use normal tcp and udp thus should not pose
a problem. I actually wonder why the AP is needing to know about L4 stuff.

Greets,
 Jeroen

-----BEGIN PGP SIGNATURE-----
Version: Unfix PGP for Outlook Alpha 13 Int.
Comment: Jeroen Massar / http://unfix.org/~jeroen

iQA/AwUBQA5dvimqKFIzPnwjEQJvcgCfaXRCFK+Tm20jzfroTFjO6v6IhiwAn3PL
pjRgRllgVc5DuMdK/Mkt6Ntu
=SLB4
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Re: More Quick 'n' Easy IPv6 for Debian, Wireless
  - From: Marc Singer <elf@buici.com>

References:
- Re: More Quick 'n' Easy IPv6 for Debian, Wireless
  - From: Marc Singer <elf@buici.com>

Prev by Date: Re: More Quick 'n' Easy IPv6 for Debian, Wireless
Next by Date: Re: More Quick 'n' Easy IPv6 for Debian, Wireless
Previous by thread: Re: More Quick 'n' Easy IPv6 for Debian, Wireless
Next by thread: Re: More Quick 'n' Easy IPv6 for Debian, Wireless
Index(es):
- Date
- Thread