Signs of Triviality

Opinions, mostly my own, on the importance of being and other things.
[homepage] [index] [] [@jschauma] [RSS]

Using an IPv6 tunnelbroker on NetBSD/EC2

I've run into this before, and so in the hopes that this might be useful for somebody else (and for me to remember), let me quickly jot this down here.

If you want to run a NetBSD instance on Amazon's Elastic Compute Cloud (EC2), you can pick one of the AMIs listed here:

$ ec2-run-instances -t t1.micro ami-68ff4101
RESERVATION	r-53b7b02a	393287865111	default
INSTANCE	i-8ff3ecf0	ami-68ff4101			pending
ec2-laptop	0		t1.micro	2012-12-02T23:20:11+0000
us-east-1a	aki-805ea7e9			monitoring-disabled
ebs					paravirtual	xen	

This will get you a shiny new NetBSD/EC2 instance in a matter of minutes, but sadly EC2 remains an IPv4-only environment. In order to get your instance onto the IPv6 internet, you will need a tunnelbroker. I happen to like Hurricane Electric's Tunnelbroker service, so the information on this page is based on their configuration.

Once you log in at, follow the link to "Create Regular Tunnel" to get to this page:


Here, you enter the public IPv4 address of your newly created instance. Select a suitable geographical location for your tunnel server and continue. You should end up with a configured tunnel looking like this:


Now, to configure your instance, select the "Example Configurations" tab, and pick "NetBSD/Mac OS X":


Now this is the part where I've made the mistake of following's directions literally. Their configuration commands are entirely correct, given what they know: the IPv4 address of the host in question would have to be configured for the tunnel device, but: EC2 uses NAT for their instances, and so your actual IPv4 address on your VM is an RFC1918 address, so you need to substitute that address. That is, you'd end up running:

# ifconfig gif0 create
# ifconfig gif0 tunnel
# ifconfig gif0 inet6 2001:470:1f06:1a3::2 2001:470:1f06:1a3::1 prefixlen 128
# route -n add -inet6 default 2001:470:1f06:1a3::1
add net default: gateway 2001:470:1f06:1a3::1

With that, you should be in business:

# ping6 -c 3
PING6(56=40+8+8 bytes) 2001:470:1f06:1a3::2 --> 2001:4f8:3:7:2e0:81ff:fe52:9a6b
16 bytes from 2001:4f8:3:7:2e0:81ff:fe52:9a6b, icmp_seq=0 hlim=56 time=77.154 ms
16 bytes from 2001:4f8:3:7:2e0:81ff:fe52:9a6b, icmp_seq=1 hlim=56 time=76.848 ms
16 bytes from 2001:4f8:3:7:2e0:81ff:fe52:9a6b, icmp_seq=2 hlim=56 time=76.963 ms

--- ping6 statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 76.848/76.988/77.154/0.155 ms
# traceroute6
traceroute6 to (2001:470:30:84:e276:63ff:fe72:3900)
from 2001:470:1f06:1a3::2, 64 hops max, 12 byte packets
 1  13.427 ms  12.834 ms 11.977 ms
 2  8.214 ms  7.15 ms  14.408 ms
 3  7.09 ms 7.078 ms  7.191 ms
 4  2001:470:30::a654:4203  8.443 ms  9.445 ms  7.853 ms
 5  8.593 ms  8.492 ms  8.632 ms

December 2nd, 2012

See also:

[Sharing Secrets using SSH Keys] [Index] [Things I Remember]