Part two of my IPv6 certification walkthrough for Hurricane Electric: Become an IPv6 Sage!
IPv6: Explorer Level Certification
Need help on a different IPv6 certification level?
I have walkthroughs for all of them! These walkthroughs are for OS X.
Conceptual Overview of Earning the Explorer-Level Certification
Your task at this level is to access IPv6-only content from Hurricane Electric. This level can be very frustrating or very simple depending on your situation. If your router is IPv6-capable, you should pass this level without much trouble. However, if your router is not IPv6-capable, it will be more difficult. I will walk through these steps in a later post–for now, you should be using a router with IPv6 capabilities. Originally, I used a TP-LINK WD8970.
- Create an IPv6 tunnel on tunnelbroker.net
- Access an IPv6 Website: ipv6.he.net to pass the certification
Using an IPv6-compatible Router is the Best Way to Pass This Level
In many people’s home network setup, it is common that either the network router does not forward protocol 41 over NAT (Network Address Translation) because many people still are using a router from many years ago. Your router needs to be able to forward this protocol in order to access an IPv6 Website. This can be solved easily by purchasing a newer router. With IPv6 advancing faster, many of the new routers support it be default. The one pictured below is one of my favorites.
Protocol 41 signifies an IPv6 packet inside of a IPv4 packet, but protocol 41 is not the same as port 41. This confused me quite a bit until I eventually figured out the difference: port 41 is a port value that you could forward to a computer on your network but protocol 41 is a flag inside the IPv4 header that indicates it is an encapsulated IPv6 packet.
Some home network routers are already set up to run IPv6 or pass protocol 41 through to the local network without you having to do anything. If this is the case, after creating an IPv6 tunnel, by simply visiting the HE site, you will pass the certification. If your router is not IPv6-compatible, then things will be a little more challenging for you..
Create an IPv6 Tunnel at Tunnelbroker.net
Copy your IP address. You will need it in step 3. Your IP is:
- Create an account at tunnelbroker.net
- Click Create Regular Tunnel on the left sidebar
- Paste your external-IPv4 address into the field labeled IPv4 Endpoint
- Choose a server close to your physical location
- Name your tunnel once it is created
Configure Your Mac to Connect to the Tunnel
Run the following commands on your Mac (these are also available on the tunnelbroker site after you create the tunnel). It is important to note that you should use the local IP address of your computer provided by DHCP, not your eternal IP address.
sudo ifconfig gif0 create ifconfig gif0 tunnel <your_client_ipv4_dhcp_address> <tunnelbroker_server_ipv4_address> ifconfig gif0 inet6 <your_client_ipv6_address> <tunnelbroker_server_ipv6_address> prefixlen 128 route -n add -inet6 default <tunnelbroker_server_ipv6_address>
If you enter your external IP address instead of your locally-assigned DHCP address, the tunnel will not work.
Retry the Explorer-level Certification
If you made a mistake or want to re-do the test after passing, you can reset your account to the Explorer level (but you need to reach the Administrator-level first). This is useful if you want to try a different tunneling technology to use throughout the rest of the certifications, or just want to get really good at setting up an IPv6 tunnel. Repetition is one of the best ways to learn!
Still Confused? Understanding What an IPv6 Tunnel Is
Here is how I would simplify what an IPv6 tunnel is in one sentence: IPv6 tunneling is a tool to aid in the transition to IPv6 by allowing the two protocols, IPv4 and IPv6, to co-exist.
This is Way More Complex Than it Needs to Be!
This is true. This is because IPv4 was not able to handle and extreme growth of the Internet. Because of this, technologies like NAT and CIDR were introduced to help ease the pain of the diminishing address space. Unfortunately, NAT also causes a lot of compatibility problems. So when trying to move to a new protocol, things get even more complex.