Tunnel IPv4 over IPv6

Page content

let’s do the opposite. you have some ipv6 connectifity and need to transport ipv4

Host A (IPv6 only)

root@hosta ~# ifconfig vio0
vio0: flags=208843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,AUTOCONF6> mtu 1500
        lladdr 56:00:02:e7:9d:e5
        index 1 priority 0 llprio 3
        groups: egress
        media: Ethernet autoselect
        status: active
        inet6 fe80::5400:2ff:fee7:9de5%vio0 prefixlen 64 scopeid 0x1
        inet6 2a05:f480:1400:7b6:a9e0:6a15:217:cc5c prefixlen 64 autoconf pltime 604627 vltime 2591827
        inet6 2a05:f480:1400:7b6:446d:acb7:5fe4:450f prefixlen 64 autoconf autoconfprivacy pltime 86046 vltime 172537

root@hosta ~# i3
IPv4: !NETWORK
IPv6: 2a05:f480:1400:7b6:446d:acb7:5fe4:450f

Host B (Ipv6 only)

root@hostb ~# ifconfig vio0
vio0: flags=208843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,AUTOCONF6> mtu 1500
        lladdr 56:00:02:e7:9d:f4
        index 1 priority 0 llprio 3
        groups: egress
        media: Ethernet autoselect
        status: active
        inet6 fe80::5400:2ff:fee7:9df4%vio0 prefixlen 64 scopeid 0x1
        inet6 2001:19f0:6801:1e3b:7982:92b4:5c8d:edfb prefixlen 64 autoconf pltime 604403 vltime 2591603
        inet6 2001:19f0:6801:1e3b:e6f:24db:27f7:de37 prefixlen 64 autoconf autoconfprivacy pltime 85502 vltime 171928

root@hostb ~# i3
IPv4: !NETWORK
IPv6: 2001:19f0:6801:1e3b:e6f:24db:27f7:de37

Configure GIF Interfaces

Host A

ifconfig gif0 inet6 tunnel 2a05:f480:1400:7b6:a9e0:6a15:217:cc5c 2001:19f0:6801:1e3b:7982:92b4:5c8d:edfb
ifconfig gif0 inet alias 10.0.0.1 10.0.0.2

Host B

ifconfig gif0 inet6 tunnel 2001:19f0:6801:1e3b:7982:92b4:5c8d:edfb 2a05:f480:1400:7b6:a9e0:6a15:217:cc5c
ifconfig gif0 inet alias 10.0.0.2 10.0.0.1

or make them persistent

Host A gif0

cat << 'EOF' > /etc/hostname.gif0
mtu 1420
tunnel 2a05:f480:1400:7b6:a9e0:6a15:217:cc5c 2001:19f0:6801:1e3b:7982:92b4:5c8d:edfb
inet 10.0.0.1 255.255.255.255
dest 10.0.0.2
up
EOF

sh /etc/netstart gif0

Host B gif0

cat << 'EOF' > /etc/hostname.gif0
mtu 1420
tunnel 2001:19f0:6801:1e3b:7982:92b4:5c8d:edfb 2a05:f480:1400:7b6:a9e0:6a15:217:cc5c
inet 10.0.0.2 255.255.255.255
dest 10.0.0.1
up
EOF

sh /etc/netstart gif0

Enable IPv4 and IPv6 Forwarding

you know, the sysctl stuff and so ..

stoege@nerd ...nolink.ch$ cat /etc/sysctl.conf
cat << 'EOF' > /etc/sysctl.conf
net.inet.ip.forwarding=1
net.inet6.ip6.forwarding=1
EOF

sysctl net.inet.ip.forwarding=1
sysctl net.inet6.ip6.forwarding=1

Let’s try

Host A

root@hosta ~# ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 32768
        index 3 priority 0 llprio 3
        groups: lo
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
        inet 127.0.0.1 netmask 0xff000000
vio0: flags=208843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,AUTOCONF6> mtu 1500
        lladdr 56:00:02:e7:9d:e5
        index 1 priority 0 llprio 3
        groups: egress
        media: Ethernet autoselect
        status: active
        inet6 fe80::5400:2ff:fee7:9de5%vio0 prefixlen 64 scopeid 0x1
        inet6 2a05:f480:1400:7b6:a9e0:6a15:217:cc5c prefixlen 64 autoconf pltime 604482 vltime 2591682
        inet6 2a05:f480:1400:7b6:446d:acb7:5fe4:450f prefixlen 64 autoconf autoconfprivacy pltime 85357 vltime 171848
enc0: flags=0<>
        index 2 priority 0 llprio 3
        groups: enc
        status: active
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33136
        index 4 priority 0 llprio 3
        groups: pflog
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
        index 6 priority 0 llprio 3
        encap: txprio payload rxprio payload
        groups: gif
        tunnel: inet6 2a05:f480:1400:7b6:a9e0:6a15:217:cc5c -> 2001:19f0:6801:1e3b:7982:92b4:5c8d:edfb ttl 64 nodf ecn
        inet6 fe80::5400:2ff:fee7:9de5%gif0 ->  prefixlen 64 scopeid 0x6
        inet 10.0.0.1 --> 10.0.0.2 netmask 0xff000000

Ping Host B

root@hosta ~# fping -l 10.0.0.2
10.0.0.2 : [0], 84 bytes, 11.3 ms (11.3 avg, 0% loss)
10.0.0.2 : [1], 84 bytes, 11.4 ms (11.4 avg, 0% loss)
10.0.0.2 : [2], 84 bytes, 11.4 ms (11.4 avg, 0% loss)

Capture Host B

root@hostb ~# tcpdump -n -i vio0 not port 22
tcpdump: listening on vio0, link-type EN10MB
16:29:31.809261 2001:19f0:6801:1e3b:e6f:24db:27f7:de37.16424 > 2606:4700:f1::1.123: v4 client strat 0 poll 0 prec 0 [flowlabel 0xd28a9]
16:29:31.810618 2606:4700:f1::1.123 > 2001:19f0:6801:1e3b:e6f:24db:27f7:de37.16424: v4 server strat 3 poll 0 prec -26 [flowlabel 0x1eedd]
16:29:33.107576 fe80::fc00:2ff:fee7:9df4 > 2001:19f0:6801:1e3b:e6f:24db:27f7:de37: icmp6: neighbor sol: who has 2001:19f0:6801:1e3b:e6f:24db:27f7:de37
16:29:33.107651 fe80::5400:2ff:fee7:9df4 > fe80::fc00:2ff:fee7:9df4: icmp6: neighbor adv: tgt is 2001:19f0:6801:1e3b:e6f:24db:27f7:de37
16:29:36.674610 10.0.0.1 > 10.0.0.2: icmp: echo request (encap) [flowlabel 0x1a9]
16:29:36.674755 10.0.0.2 > 10.0.0.1: icmp: echo reply (encap) [flowlabel 0x1b4]
16:29:37.492707 arp who-has 95.179.215.9 tell 45.63.112.117
16:29:37.681587 10.0.0.1 > 10.0.0.2: icmp: echo request (encap) [flowlabel 0x1a9]
16:29:37.681647 10.0.0.2 > 10.0.0.1: icmp: echo reply (encap) [flowlabel 0x1b4]
16:29:38.548657 arp who-has 95.179.215.9 tell 45.63.112.117
16:29:38.691564 10.0.0.1 > 10.0.0.2: icmp: echo request (encap) [flowlabel 0x1a9]
16:29:38.691642 10.0.0.2 > 10.0.0.1: icmp: echo reply (encap) [flowlabel 0x1b4]

have fun !


Any Comments ?

sha256: 90c77ca2cd90bdf9d5ab54361e129e535d32f77e369b4afa3d0d9b0125bd514b