spf-discuss
[Top] [All Lists]

Re: [spf-discuss] IPv6 tunnels (was: Am I wrong here?)

2006-05-22 13:19:48
On Mon, 2006-05-22 at 17:25 +0000, Julian Mehnle wrote:
Stuart D. Gathman wrote:
On Sat, 20 May 2006, Julian Mehnle wrote:
I could offer you an account on an IPv6-connected machine.

Or you could try SixXS[1], a free IPv6 tunnel broker.  Although
they're Euro-centric, they do have a few public points of presence[2]
in the USA.

Any ISP can join up as per http://www.sixxs.net/pops/requirements/
There is some work being done on other PoPs in the US though:
http://www.occaid.org/initiatives.php?node=sixxs
But it all relies on the good will of the community for these and maybe
other ISP's to provide a box and connectivity for it to be available.

References:
 1. http://www.sixxs.net/main/
 2. http://www.sixxs.net/pops/

OK, I have a linux system with IPv6 support.  Presumably, I can set up
an IP6 tunnel to one of these free tunnel brokers, and get IP6 email?

The mail you have to do yourself of course, just make your SMTP setup
IPv6 capable ;)

They will assign me a static IP6 IP?

Both Hexago's Freenet6 and SixXS provide you with a permanent IPv6 address, 
and even a prefix (subnet) of your own so you can equip an entire network 
with IPv6 connectivity.  They also delegate you reverse DNS for your IPv6 
addresses.

Most IPv6-over-IPv4 tunneling protocols (6in4, 6over4, 6to4) use IPv1 
protocol number 41 (IPv6-in-IPv4 encapsulation), so your router(s)/NAT(s) 
must be able to forward those packets, which many aren't.

Many actually can do it, some simply don't. It depends on the
implementation of the box. It seems that having a heartbeat running next
to usually already helps a lot. In some cases one can configure the box
to let one host, the one where the tunnel ends, to act as 'DMZ' which
also resolves the issue. Otherwise one indeed ends up with:

If you have 
such a crippled router (as I do), you should probably try SixXS -- they 
offer the AYIYA (anything in anything) tunneling protocol which supports 
IPv6-in-UDP encapsulation.

Hexago has the 4udp6 protocol for that, which is spoofing-prone but does
allow for larget MTU's. It's definition is sort of hidden in
http://ietf.cnri.reston.va.us/internet-drafts/draft-blanchet-v6ops-tunnelbroker-tsp-03.txt
but it is simply IPv6 in IPv4 UDP, no auth except for TSP.
AYIYA on the other side has a per-packet signature and allows per-packet
changing of the tunnel endpoint which IMHO is quite a bit better,
especially from a security standpoint, than 4udp6. But in the end both
work and that is what it is all about I guess.

  Otherwise Freenet6 is probably a bit easier to 
sign up to than SixXS.

Blame the privacy laws, but when you forfeit that part it is simple:
http://www.sixxs.net/signup/create/

Don't forget to put in the signup that one is a SPF developer and on
what part one is working on for bonus credits ;)

Greets,
 Jeroen

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com

Attachment: signature.asc
Description: This is a digitally signed message part

<Prev in Thread] Current Thread [Next in Thread>