Signs of Triviality

Opinions, mostly my own, on the importance of being and other things.
[homepage] [index] [jschauma@netmeister.org] [@jschauma] [RSS]

Using an IPv6 tunnelbroker on NetBSD/EC2

I've run into this before, and so in the hopes that this might be useful for somebody else (and for me to remember), let me quickly jot this down here.

If you want to run a NetBSD instance on Amazon's Elastic Compute Cloud (EC2), you can pick one of the AMIs listed here:

$ ec2-run-instances -t t1.micro ami-68ff4101
RESERVATION	r-53b7b02a	393287865111	default
INSTANCE	i-8ff3ecf0	ami-68ff4101			pending
ec2-laptop	0		t1.micro	2012-12-02T23:20:11+0000
us-east-1a	aki-805ea7e9			monitoring-disabled
ebs					paravirtual	xen	
$ 

This will get you a shiny new NetBSD/EC2 instance in a matter of minutes, but sadly EC2 remains an IPv4-only environment. In order to get your instance onto the IPv6 internet, you will need a tunnelbroker. I happen to like Hurricane Electric's Tunnelbroker service, so the information on this page is based on their configuration.

Once you log in at tunnelbroker.net, follow the link to "Create Regular Tunnel" to get to this page:

Tunnelbroker
screenshot

Here, you enter the public IPv4 address of your newly created instance. Select a suitable geographical location for your tunnel server and continue. You should end up with a configured tunnel looking like this:

Tunnelbroker
screenshot

Now, to configure your instance, select the "Example Configurations" tab, and pick "NetBSD/Mac OS X":

Tunnelbroker
screenshot

Now this is the part where I've made the mistake of following HE.net's directions literally. Their configuration commands are entirely correct, given what they know: the IPv4 address of the host in question would have to be configured for the tunnel device, but: EC2 uses NAT for their instances, and so your actual IPv4 address on your VM is an RFC1918 address, so you need to substitute that address. That is, you'd end up running:

# ifconfig gif0 create
# ifconfig gif0 tunnel 10.195.122.108 209.51.161.14
# ifconfig gif0 inet6 2001:470:1f06:1a3::2 2001:470:1f06:1a3::1 prefixlen 128
# route -n add -inet6 default 2001:470:1f06:1a3::1
add net default: gateway 2001:470:1f06:1a3::1
# 

With that, you should be in business:

# ping6 -c 3 www.netbsd.org
PING6(56=40+8+8 bytes) 2001:470:1f06:1a3::2 --> 2001:4f8:3:7:2e0:81ff:fe52:9a6b
16 bytes from 2001:4f8:3:7:2e0:81ff:fe52:9a6b, icmp_seq=0 hlim=56 time=77.154 ms
16 bytes from 2001:4f8:3:7:2e0:81ff:fe52:9a6b, icmp_seq=1 hlim=56 time=76.848 ms
16 bytes from 2001:4f8:3:7:2e0:81ff:fe52:9a6b, icmp_seq=2 hlim=56 time=76.963 ms

--- www.netbsd.org ping6 statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 76.848/76.988/77.154/0.155 ms
# traceroute6 www.netmeister.org
traceroute6 to panix.netmeister.org (2001:470:30:84:e276:63ff:fe72:3900)
from 2001:470:1f06:1a3::2, 64 hops max, 12 byte packets
 1  jschauma-2.tunnel.tserv4.nyc4.ipv6.he.net  13.427 ms  12.834 ms 11.977 ms
 2  gige-g3-8.core1.nyc4.he.net  8.214 ms  7.15 ms  14.408 ms
 3  public-access-network.gigabitethernet0-2.switch2.nyc4.he.net  7.09 ms 7.078 ms  7.191 ms
 4  2001:470:30::a654:4203  8.443 ms  9.445 ms  7.853 ms
 5  panix.netmeister.org  8.593 ms  8.492 ms  8.632 ms
# 

December 2nd, 2012


[Sharing Secrets using SSH Keys] [Index] [Things I Remember]