WAS... Re: pTLA request for RMNET - review closes 23 April 2002

Dave Burgess burgess@mitre.org
Mon, 15 Apr 2002 09:08:10 -0500


We recently finished an IPSec tunnelled VPN between 3 locations using non-routable addresses, NAT, and shared secrets.  The
current IPSec implementation didn't hinder us, but the FreeBSD instructions we used didn't work completely right with our
NetBSD 1.5.3 system.  Let me say publically that the software worked exactly as needed for this 3 way VPN.

We will be typing the instructions we are using as a thought piece and will forward it to the list for review and comments.

Dave Burgess

Feico Dillema wrote:

> On Thu, Apr 11, 2002 at 05:00:14PM +1000, Merlin wrote:
> > So in conclusion - I suspect that very few people actually understand about esoteric details like latency on pure IPv6
> > machines. But I could point at a user group who I'm sure would love to get their teeth into setting up any number of
> > hosts, even virtual hosts, behind their one assigned IPv4 address. If someone could come up  with something that was
>
> Here 's the package (a perl script) that does it all for you on
> NetBSD:
>
> ftp://ftp.netbsd.org/pub/NetBSD/packages/pkgsrc/net/6to4/README.html
>
> Step 0: man 6to4 and read the instructions or alternatively:
>
> Step 1: edit 6to4.conf (basically, uncomment the relay you want to use)
> Step 2: run: `6to4 start`
> Step 3: ping6 www.kame.net
>
> Probably the same works on the other *BSDs. I don't think it get's
> more simple than that. Not much anyway.
>
> > If IPv6 is to be rolled out and not forgotten, people need to be able to implement it on their existing networks.
> Well, people can and people do. We've run IPv6 only in our lab and at
> home for more than 2 years now, and things simply work and I've almost
> forgotten how to split a 3bit IPv4 net in 2 subnets just to add
> wireless connectivity to my home e.g. ;-}
>
> My IPv6 (only!) home router says:
>
> 1 dillema@spam.dillema.net:~> uptime
> 10:43PM  up 359 days,  7:34, 0 users, load averages: 0.32, 0.14, 0.10
>
> and I've almost forgotten were it is. I'll find it (and take it down.
> snif) when I move house soon.
>
> We have many such homerouters around, used to give faculty members
> and students wavelan connectivity from university to the home. Many of
> them hardly new what a netmask was, but all managed to set up
> their own NetBSD IPv6 router by following the instructions in e.g.
> http://www2.no.netbsd.org/Documentation/network/ipv6/
>
> I bet on some other OSes there's is or will be some button to press to
> simply enable or disable IPv6 and/or 6to4, or maybe it will `just be
> there'. Most people won't care. Those that do and are in the business
> of setting up routers, may be required to read and follow some
> instructions. Soon, I expect some router configuration protocol will
> also make that unecessary for regular clients of ISPs.
>
> In short, I do not think IPv6 has a problem here. Quite the contrary.
> When handing out 2bit IPv4 nets to people at home, we typically ended
> up configuring things for them. With IPv6 saying: ``follow the
> instructions of the FAQ'' typically works out just fine.
>
> Feico Dillema.
>  - Almost but not quite entirely a problem.