[afripv6-discuss] Configuring Teredo Server/Relay in Linux and *BSD
JORDI PALET MARTINEZ
jordi.palet at consulintel.es
Wed Jun 20 08:51:00 SAST 2007
This info provides the steps required in order to configure your Linux or
*BSD box as a Teredo Server/Relay.
In order to proceed, you need to have a public IPv4 address (two for the
Server) on that box, your own IPv6 prefix (provided by AfriNIC in this case)
and IPv6 transit.
The box need to have IPv6 support and IPv6 routing enabled.
If you need help in order to acquire your IPv6 prefix from AfriNIC, let us
know and we can help even with the request form.
Similarly, we are able to help in making sure you have the right
configuration for IPv6 in your box and you can get IPv6 transit (native or
tunneling) either from your upstream, or alternatively, if that's not
possible, we will be able to provide free IPv6 transit from third party
networks.
Regards,
Jordi
A) Verifying the Linux or *BSD platform
========================================
We suggest to use the Teredo implementation "Miredo" available at
http://www.remlab.net/miredo/, which supports the following Operating
Systems:
- Linux (kernel 2.4 or 2.6)
It is necessary to use the kernel modules TUNTAP and IPv6. So you need
to have a kernel compiled with support for both (options CONFIG_TUN and
CONFIG_IPV6 at .config)
- FreeBSD
Only FreeBSD 5.5 and newer versions. Version 4.11 is too old for this.
- OpenBSD
Recommended OpenBSD 3.7 or newer versions.
- NetBSD:
Required NetBSD 4.0 or newer.
B) Steps for the Miredo installation
=====================================
B.1) Download the source from http://www.remlab.net/files/miredo/?C=N;O=D
B.2) From a shell, extract the source code:
tar xjf miredo-X.Y.Z.tar.bz2
(where X.Y.Z is the laters version available)
B.3) Compile the source code as usual:
B.3.1) cd miredo-X.Y.Z
B.3.2) ./configure
B.3.3) make
B.3.4) make install
C) Configuration of the Teredo Relay
=====================================
In order to confiture the Teredo Relay, the file /usr/local/etc/miredo.conf,
has to be configured with the following parameters:
RelayType relay
InterfaceName teredo
BindAddress DIR_IPv4_PUBLIC
BindPort 3545
Prefix 2001:0::
InterfaceMTU 1280
Where DIR_IPv4_PUBLIC is the public IPv4 address of the host that will work
as the Teredo Relay.
D) Starting the Teredo Relay
=============================
In order to start the Teredo Relay there are certain requirements:
- Have one public IPv4 address
- Have IPv6 connectivity in the host to be used as the Teredo Relay
- Enable IPv6 routing in the hosts that will be used as Teredo Relay
- Announce the Teredo prefix (2001::/32) to Internet by means of BGP from
the network where the Teredo Relay is located
The steps to start the Teredo Relay will be then:
D.1) Load the TUNTAP module (only for linux)
modprobe tun
D.2) Enable IPv6 routing in the host to be used as Teredo Relay
sysctl -w net.ipv6.conf.all.forwarding=1
D.3) Start as root the Teredo Relay
/usr/local/sbin/miredo
After steo D.3), a new interface is created in the host, and it should have
the following or similar info (use ifconfig):
teredo Link encap:Point-to-Point Protocol
inet6 addr: fe80::ffff:ffff:ffff/64 Scope:Link
UP POINTOPOINT RUNNING NOARP MTU:1280 Metric:1
RX packets:2755 errors:0 dropped:0 overruns:0 frame:0
TX packets:3720 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:10
RX bytes:351404 (343.1 Kb) TX bytes:804965 (786.0 Kb)
E) Configuration of the Teredo Server
======================================
In order to forward trafic in between the IPv6 network and the Teredo
clients (those using the Teredo prefix, 2001::/32), it is not required to
install a Teredo Server, just the Teredo Relay, as described above.
The Teredo Server is used only in order to provide the Teredo IPv6 address
(belonging to the prefix 2001::/32), to the Teredo clients, and also to help
in the start of the IPv6 communications in between the Teredo clients and
other IPv6 nodes.
The advantage of having a Teredo Server in our network is that avoid all the
signaling traffic to go outside when a Teredo client try to establish a
communication with other IPv6 nodes.
The disadvantage is that the Teredo clients need to be configured to use
"this" Teredo Server, instead the default one, located at Microsoft. However
this is a very simple step.
To configure the Teredo Server, the file /usr/local/etc/miredo-server.conf
needs to have the following parameters:
Prefix 2001:0::
InterfaceMTU 1280
ServerBindAddress DIR_IPv4_PUBLIC_1
ServerBindAddress2 DIR_IPv4_PUBLIC_2
(where DIR_IPv4_PUBLIC_1 and DIR_IPv4_PUBLIC_2 are IPv4 public addresses
that NEED to be consecutive, in order to get the Teredo Server working)
F) Starting the Teredo Server
===============================
In order to start the Teredo Server it is required to have two public and
consecutive IPv4 addresses. This is due to the way the Teredo Client
implementations contact with the Teredo Server in order to confirm if the
client is located behind a NAT and to guess what kind of NAT.
It is not required to have two different network interfaces in order to get
the Teredo Server working. It is possible to use "alias" in order to
configure the second public IPv4 address in the same interface as the first
one. For example, if our interface is eth0:
eth0 Link encap:Ethernet HWaddr 00:0e:18:05:26:38
inet addr:XX.YY.ZZ.12 Bcast:XX.YY.ZZ.255 Mask:255.255.255.0
Then to configure the second public IPv4 address in the same interface, we
need:
ifconfig eth0:0 XX.YY.ZZ.13 broadcast XX.YY.ZZ.255 netmask 255.255.255.0
After this, the new interface will show:
eth0:0 Link encap:Ethernet HWaddr 00:0e:18:05:26:38
inet addr:XX.YY.ZZ.13 Bcast:XX.YY.ZZ.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:10 Base address:0xe400 Memory:f8200000-f8200038
If you prefer to use two network interfaces, then you don't need to use the
above alias configuration.
The final step to start the Teredo Server is:
F.1) Start as root the Teredo Server
/usr/local/sbin/miredo-server
**********************************************
The IPv6 Portal: http://www.ipv6tf.org
Bye 6Bone. Hi, IPv6 !
http://www.ipv6day.org
This electronic message contains information which may be privileged or confidential. The information is intended to be for the use of the individual(s) named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, including attached files, is prohibited.
More information about the afripv6-discuss
mailing list