6IN4(8)6IN4(8)

NAME

6in4, ayiya - configure and run automatic or manual tunnel of IPv6 through IPv4

SYNOPSIS

ip/6in4 [ -ag ] [ -m mtu ] [ -x netmtpt ] [ -o outnetmtpt ] [ -i local4 ] [ local6[/mask] [ remote4 [ remote6 ] ] ]
ip/ayiya [ -g ] [ -m mtu ] [ -x netmtpt ] [ -k secret ] local6[/mask] remote4 remote6

DESCRIPTION

6in4 sets up and maintains a 6to4 tunnel of IPv6 traffic through an IPv4 connection. Ayiya is similar, but uses the UDP based Anything In Anything protocol to tunnel IPv6 traffic.

Local6 and mask define the IPv6 address and subnet of the near end of the tunnel (mask defaults to /128 for a single-host tunnel). If local6 is missing or -, it defaults to

2002:aabb:ccdd::1/48  

where aa, bb, cc and dd are the hexadecimal equivalents of the bytes a.b.c.\c d in this host’s primary IPv4 address.

Remote4 is the IPv4 address of the far end of the tunnel (must be given explicitly for a configured tunnel, or defaults to the anycast address 192.88.99.1 for 6to4).

Remote6 is the IPv6 address of the far end of the tunnel (used as the point-to-point destination for routing, and defaults to a link-local address constructed from remote4).

The program forks a pair of background processes to copy packets to and from the tunnel.

Options are:

-a

for 6in4, permit any remote IPv4 address as the far end of a tunnel. This is likely to be useful for the server side of a tunnel.  

-i

for 6in4, define what is the local IPv4 address, otherwise it takes the first non-loopback address of the outside IP stack.  

-g

use the tunnel as the default route for global IPv6 addresses  

-m

mtu specifies the outside MTU in bytes from which the inside tunnel MTU is derived. Deaults to 1500 - 8 (Ethernet - PPPoE).  

-x

use the network mounted at netmtpt instead of /net for binding the tunnel interface and sending/receiving IPv4 packets.  

-o

for 6in4, use outnetmtpt for the IPv4 packets but bind the IPv6 interface on /net or netmtpt when specified by a previous -x option.  

-k

for ayiya, use the shared secret key secret to authenticate messages on the tunnel.  

EXAMPLES

If your primary IPv4 address is public, you can start a 6to4 tunnel simply with

 

ip/6in4 -g

Similarly, you can start a server for 6to4 tunnels with

 

ip/6in4 -ag

If you use a tunnel broker at address 5.6.7.8, configured to give you a /64 subnet with address 2001:1122:3344:5566::, you can start the tunnel with

 

ip/6in4 -g 2001:1122:3344:5566::/64 5.6.7.8

FILES

/net/ipmux

access to IPv6-in-IPv4 packets  

/net/ipifc

packet interface to IPv6 network  

SEE

bridge(3), ipmux in ip(3), linklocal in ipconfig(8)
/lib/rfc/rfc3056
/lib/rfc/rfc3068
http://tools.ietf.org/id/draft-massar-v6ops-ayiya-02.txt

BUGS

Needs a kernel with an ipmux driver.

The tunnel client filters addresses fairly conservatively in both directions. However it’s not watertight, and may be flakey in other ways so don’t put too much trust in it.