Monday, January 05, 2009

IPv6 Tunnel on Windows XP Using Freenet6

Almost two years ago I described testing IPv6 using Freenet6 on FreeBSD. This morning I decided to try the same on Windows XP and document the process here.

I needed to use a tunnel method like Freenet6 because the test host is behind NAT.

First, visit go6.net and click "Free IPv6 Connectivity with Freenet6". Register yourself a user account. To install on my Windows XPSP3 32-bit system I downloaded "Gateway6 Client 6.0-BETA4 Windows Installer 32-bit". I installed and accepted the defaults:



When I first tried installing the software I got an error which denied installing the TUN driver. I had to back out of the installation and change this local group policy key using gpedit.msc:



I changed "Do not allow installation" to "Warn but allow installation" under Local Computer Policy -> Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> Devices: Unsigned driver installation behavior.



Once The Freenet6 client was running I configured it with the username and password I registered, and I set broker.freenet6.net as my Gateway6 address. Once I connected I could visit ipv6.google.com, and even check my IPv6 address online.



You may notice I installed the ShowIP Firefox addon. I learned about that from Command Information. It's a good way to try to keep track of the IP address you're using to access IPv4 or IPv6 sites.

I was also able to access sites from cmd.exe, using ping6 to ping ipv6.google.com and ftp to connect to the IPv6-only FTP server at ftp6.netbsd.org.



I think the Freenet6 client is a good way for people behind NAT (or in the case of the test VM here, two NATs) to access IPv6-enabled sites.


Richard Bejtlich is teaching new classes in DC and Europe in 2009. Register by 1 Jan and 1 Feb, respectively, for the best rates.

8 comments:

Victor Julien said...

Thanks for pointing me at the ShowIP Firefox plugin. It looks very useful!

Btw, I wrote about getting Freenet6 running in Debian/Ubuntu here.

Cheers,
Victor

Richard said...

Richard,

I think you have this bit backwards
"Once I connected I could not visit ipv6.google.com"

Remove the work "not" and it makes sense.

Thanks,
Richard T

Richard Bejtlich said...

Richard T, fixed -- thanks!!

Erik said...

Great, I'm now running IPv6 from a NAT'ed network. Thanks!

Now, is there some way to attach a WinPcap adapter to the virtual NIC created for my IPv6 connection? It would be nice to be able to sniff it.

It seems as if I can use Raw sockets to sniff the interface though. I am however not sure which application is best to use if I wanna dump the Raw sockets traffic to a pcap file.

Jeroen said...

ShowIP only does a AAAA and A record lookup and displays the first one found, as such it does NOT tell you what is actually being used for connecting.... that would require quite some hooks deep inside firefox for that to work.

Richard Bejtlich said...

Jeroen,

Yes, I know. I should have said something about that. The Command Information guys were clear about that but I didn't say it in my post.

Erik said...

I just noticed that all I needed to do, after having installed the Gateway6 Client, in order to sniff my IPv6 traffic was to reboot my computer. This way WinPcap mapped the virtual IPv6 interface as "Hexago".

So I can now sniff my traffic with proper IPv6 frames. Thanks Richard!

Windows for XP said...

Hey Victor. I really enjoy reading your page. I put a link to it on my blog at: http://www.windows-for.xp.blogspot.com

I like your blog, and I was wondering if you were interested in a link exchange. All the best!

Dillon