zellda's

notes on Linux

Experimenting With IPv6. Part I - SixXS and Aiccu

I thought I’d start my first post on how to get IPv6 working by putting the cart before the donkey. By that I mean I’ll first describe how to connect with aiccu - a smart little program - to the IPv6 provider SixXS before demonstrating how to subscribe to SixXS. Both is not a worldshaking task, but installing aiccu and using it is much more fun and easy peasy. After that I hope you won’t shy the hassle applying to SixXS for an address.

Let’s start!

Installing Aiccu

The nice thing about aiccu is it’s in most distro’s repositories.

Debian / Ubuntu / Mint:

Terminal
1
sudo apt-get install aiccu

Fedora / Red Hat / CentOS / Suse Linux:

Terminal
1
sudo yum install aiccu

Arch Linux:

Terminal
1
yaourt -S aiccu

That simple!

We’ll have a look at how it looks like in Linux Mint (it works the same in any other distribution except Arch where a little more work is needed).

So after you issued

Terminal
1
sudo apt-get install aiccu

your terminal will become blue and ask you for your SixXS username:

After you typed in your username it will ask you for your password for SixXS. Type that in too and hit enter.

The installation will finish and all is good and well. Aiccu is even started for you.

Aiccu is not started at boot from that moment on. It needs to be launched manually like this:

Terminal
1
sudo aiccu start

or stopped:

Terminal
1
sudo aiccu stop

Aiccu is installed. What now?

To check if you really have IPv6 up and running you can do the following things:

A) Check for a new network interface

Fire up a terminal. Hammer in ifconfig.

Terminal
1
ifconfig

Ifconfig should result in something like this (alongside your other interfaces like eth0/eth1 or wlan0/wlan1 and so on):

If you can see your virtual SixXS adapter this is a good sign.

B) Ping an IPv6 address

Now issue the following:

Terminal
1
ping6 ipv6.google.com

Let it run a while and hit Ctrl+c. You should see something like this:

The first time you used the IPv6 protocol! Nice hm?

C) Visit an IPv6 test site

Fire up your internet browser. Type into the address bar:

browser address bar
1
http://ipv6test.google.com/

Voila:

Superb! Next go to the Kame project and see the turtle swim and wag its head! (Without IPv6 you only have a static pic.)

browser address bar
1
http://www.kame.net/

Isn’t this amazing? And did I promise too much? With aiccu and SixXS it really is a piece of cake to get started with IPv6!

Now you can surf to

browser address bar
1
http://www.sixxs.net/misc/coolstuff/

and figure out what else you can do with IPv6.

Get your IPv6-address from SixXS

So. Now that you know how simple it is to install aiccu it is about time to know how to apply for an IPv6 address.

You will have to do two things:
1) Apply for a user account at SixXS.
2) Apply for getting a tunnel assigned (aka an IPv6 address).

Nr. 1) Apply for a user account

With your internet browser go to:

browser address bar
1
http://www.sixxs.net

Klick on ‘Signup for new users’. You’ll be presented with the following form:

As you can see you are supposed to give away personal information such as where you live, phone number and e-mail address. Beyond that you should be able to name a reason why you want to sign up. This information is mainly for SixXS making sure their network is not abused. After all they are your internet service provider (ISP) even if you don’t pay them.

Your name and address is also available on the whois-server. If you don’t want that this is nothing for you.

After you have submitted your input and confirmed that your e-mail address is verified (the usual: you get an e-mail from SixXS and have to klick a conformation link) you’ll have to wait some time. Sometimes several days. Eventually you get something along the lines of this:

Dear … … ,

You have successfully completed the user registration at SixXS.
Your account has been verified and SixXS have approved the
information you have supplied. You can now log in to the website
with the following credentials:

Username : Something-SIXXS
Password : yourpassword
URL : http://www.sixxs.net/home/

Note that the secure version of our website requires one to install
the CACert certificate. Follow the links on the website for more
details on this subject.

You should change your password on a regular
basis (now is a good time to change it). Please look carefully at your
information supplied on the website, and change anything that seems out
of order. You can contact us by replying to this email.

Regards,
The SixXS tunnelrobot.

SixXS tunnelrobot

Nr. 2) Apply for a tunnel

Now, with your username and your password, you can log in to SixXS and apply for a tunnel (I know, a bit tedious). Applying for a tunnel means you apply for your IPv6 address so that you can install and use aiccu. Aiccu then creates an IPv6-tunnel to SixXS from where your IPv6 traffic is passed on to other IPV6-network-isles.

When your request for a tunnel is approved you get an e-mail like this:

Dear … … ,

SixXS have honored your request for a tunnel with the following
specifications:
——-
Tunnel Id : T123456
PoP Name : decgn01 (de.netcologne [AS8422])
TIC Server : tic.sixxs.net (which is the default in AICCU)
Your Location : Berlin, de
SixXS IPv6 : 2001:abcd:abcd:abcd::1/64
Your IPv6 : 2001:abcd:abcd:abcd::2/64
SixXS IPv4 : 123.123.123.123
Tunnel Type : Dynamic (ayiya)
——-

The SixXS PoP at AS8422 will set up the tunnel automatically
in the next hour. Please be patient and do not be alarmed if the tunnel
does not ping after you enabled it.
Check the tunnelinfo pages for configuration examples.

Install the AICCU client software as per instructions on:
http://www.sixxs.net/tools/aiccu/

Note: Keep your machine NTP synced, if the timestamp difference
is bigger than 120 seconds the heartbeat will be silently dropped.
The AICCU client will not work when it detects a large time difference.

Regards,
The SixXS tunnelrobot.

SixXS tunnelrobot

After you received this e-mail you can finally install aiccu like shown above.

Arch Linux

A note on Arch Linux.

I first tried aiccu on Arch Linux which worked perfectly. But I had to manually configure the aiccu.conf file. You wont’t be asked for your credentials during installation.

This is how my /etc/aiccu.conf config file looks like:

/etc/aiccu[.]conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
# AICCU Configuration

# Login information (defaults: none)
username SOMETHING-SIXXS
password mypassword

# Protocol and server to use for setting up the tunnel (defaults: none)
protocol tic
server tic.sixxs.net

# Interface names to use (default: aiccu)
# ipv6_interface is the name of the interface that will be used as a tunnel interface.
# On *BSD the ipv6_interface should be set to gifX (eg gif0) for proto-41 tunnels
# or tunX (eg tun0) for AYIYA tunnels.
ipv6_interface aiccu

# The tunnel_id to use (default: none)
# (only required when there are multiple tunnels in the list)
tunnel_id T123456

# Be verbose? (default: false)
verbose true

# Daemonize? (default: true)
# Set to false if you want to see any output
# When true output goes to syslog
#
# WARNING: never run AICCU from DaemonTools or a similar automated
# 'restart' tool/script. When AICCU does not start, it has a reason
# not to start which it gives on either the stdout or in the (sys)log
# file. The TIC server *will* automatically disable accounts which
# are detected to run in this mode.
#
daemonize true

# Automatic Login and Tunnel activation?
automatic true

# Require TLS?
# When set to true, if TLS is not supported on the server
# the TIC transaction will fail.
# When set to false, it will try a starttls, when that is
# not supported it will continue.
# In any case if AICCU is build with TLS support it will
# try to do a 'starttls' to the TIC server to see if that
# is supported.
requiretls false

# PID File
pidfile /var/run/aiccu.pid

# Add a default route (default: true)
defaultroute true

# Script to run after setting up the interfaces (default: none)
#setupscript /usr/local/etc/aiccu-subnets.sh

# Make heartbeats (default true)
# In general you don't want to turn this off
# Of course only applies to AYIYA and heartbeat tunnels not to static ones
makebeats true

# Don't configure anything (default: false)
#noconfigure true

# Behind NAT (default: false)
# Notify the user that a NAT-kind network is detected
behindnat true

# Local IPv4 Override (default: none)
# Overrides the IPv4 parameter received from TIC
# This allows one to configure a NAT into "DMZ" mode and then
# forwarding the proto-41 packets to an internal host.
# 
# This is only needed for static proto-41 tunnels!
# AYIYA and heartbeat tunnels don't require this.
#local_ipv4_override

It’s slightly different from when it is automatically configured on Mint/Ubuntu/Debian. It works though.

That’s it for now.

Next time we’ll have a look at Hurricane Electric. Another tunnelbroker (SixXS is a tunnelbroker too). With Hurricane Electric you have another provider from which you can get an IPv6 address. We’ll manually set up Ubuntu/Mint to connect to Hurricane Electric. The drawback is without aiccu you either have to configure port forwarding if your’e behind a NAT or you mustn’t be behind a NAT. Otherwise it won’t work.

I will only demonstrate how it works when you have a public IPv4-address though. This is more for servers or when you have the rare opportunity to get a public IP-address assigned as is the case at my working place.

See yea.

Comments