tc-dtcp-setup-20050217-KuntzR.txt
Configure DTCP 
v1.3 - Last updated 2006-12-14
------------------------------

Romain KUNTZ
kuntz(at)sfc.wide.ad.jp

In this document we will explain how to setup an IPv6-over-IPv4 tunnel
on NetBSD, statically first, then dynamically using DTCP (Dynamic
Tunnel Configuration Protocol).


Table of Content
----------------

1. Topology
2. Static Tunnel
3. Dynamic tunnel
   a. Install the server on HOST B
   b. Install the client on HOST A
   c. Multiple sessions
Appendix A: Network topology example


1. Topology
-----------

  HOST A    -----[Internet]-----   HOST B
 IPv4 only                       IPv4 + IPv6

HOST A is an IPv4-only host and would like to get IPv6 connectivity.
HOST B is a dual-stack host, that has both an IPv4 address and an IPv6
address. We can then create an IPv6-over-IPv4 tunnel between both nodes,
so that HOST A can get an IPv6 address, send sends its IPv6 packets into 
the tunnel. HOST B receives the tunnelled packet and forward the IPv6
packet to the IPv6 Internet.


2. Static Tunnel
----------------

If HOST A has a static IPv4 Address, you can create a static and
permanent tunnel between both nodes in few command lines.

Note that both nodes MUST have an public and static IPv4 address!
The following commands have been tested on NetBSD 1.6.2 and 1.6.1

On HOST A:
HOST A# ifconfig gif0 create
HOST A# ifconfig gif0 tunnel <HOST-A-ipv4-address> <HOST-B-ipv4-address>
HOST A# ifconfig gif0 inet6 <HOST-A-ipv6-address> <HOST-B-ipv6-address> prefixlen /128
HOST A# route add -inet6 default <HOST-B-ipv6-address>

On HOST B:
HOST B# ifconfig gif0 create
HOST B# ifconfig gif0 tunnel <HOST-B-ipv4-address> <HOST-A-ipv4-address>
HOST B# ifconfig gif0 inet6 <HOST-B-ipv6-address> <HOST-A-ipv6-address> prefixlen /128

Note:
- <HOST-A-ipv6-address> is an IPv6 address that you assigned to HOST A.
  This address must be routable to HOST B. See Appendix A for an example 
  of topology configuration.
- You can test that the tunnel works fine with:
  # ping6 ff02::1%gif0
  You should see HOST A and HOST B's link local addresses.

Now HOST A can enjoy IPv6 connectivity !


3. Dynamic tunnel
-----------------

If HOST A does not have a static IPv4 address and configures its 
address with DHCP for example, you cannot use the above solution, 
otherwise you will have to update the tunnel on HOST B each time that
HOST A's IPv4 address changes.

One solution is DTCP (Dynamic Tunnel Configuration Protocol). We 
will explain how to setup it.

First visit this page as it contains DTCP packages and a lot of 
informations to configure DTCP:
http://www.imasy.or.jp/~ume/dtcp/

DTCP is composed of a server and client in ruby:
http://www.imasy.or.jp/~ume/ipv6/dtcp-20060109.tar.gz

You can also use a client written in C:
http://www.imasy.or.jp/~ume/ipv6/dtcpclient-20060111.tar.gz


a. Install the server on HOST B
-------------------------------

- Install qpopper. You can get it here:
ftp://ftp.netbsd.org/pub/NetBSD/packages/distfiles/qpopper4.0.5.tar.gz
It will be used for user authentication. Untar, go to the qpopper
directory, then execute:
# useradd pop
# ./configure --enable-apop=/usr/local/etc/pop.auth --enable-popuid=pop
# make && make install
# chown pop /usr/local/sbin/popauth
# chmod u+s /usr/local/sbin/popauth

- Download the DTCP server:
http://www.imasy.or.jp/~ume/ipv6/dtcp-20060109.tar.gz

We installed in on NetBSD 1.6.1. Unpack and go to the newly created
directory: 
# tar zxvf dtcp-20060109.tar.gz
# cd dtcp-20060109
# make && make install

- Register the DTCP clients on you server:
# useradd my_user
# popauth -init
# popauth -user my_user
  (enter a password for this user)

- dtcps can run in three modes:
  host: to connect one host. One IPv6 address is assigned to a client. 
  tunnelonly: provides only IPv6 over IPv4 tunnel. You need to configure
              routes and an IPv6 address separately from DTCP. 
  network: to connect a network. An IPv6 prefix is assigned to a client.

We will explain here how to use the "host" mode. For the other modes, 
please refer to http://www.imasy.or.jp/~ume/dtcp/

- Launch dtcps on the server in host mode:
# dtcps [-D -d] -i gif0 beef:feed:deef:faad:: 
  -D prevents dtcps from daemonizing on invocation.
  -d puts dtcps into debug mode.
  gif0 is the virtual interface you want to use.
  beef:feed:deef:faad:: is the prefix used to assign an IPv6 address 
  to HOST A. This prefix length must be /64. See Appendix A 
  for an example.

- A script is also located in the DTCP archive (dtcps.sh), edit it 
  (especially the prefix information) and launch the server with:
# ./dtcps.sh start

- If you want to launch dtcps on boot:
Copy the following script in /etc/rc.d, and rename it "dtcps", with 
the execution bit set:
http://www.imasy.or.jp/~ume/dtcp/dtcps.sh.netbsd

Edit the /etc/rc.conf file and add the following information:
# vi /etc/rc.conf
dtcps_enable="YES"
dtcps_tunif="gif0"
dtcps_prefix="beef:feed:deef:faad::" 


b. Install the client on HOST A
-------------------------------

- We have installed the client written in C on NetBSD 1.6.2.
Get it here: 
http://www.imasy.or.jp/~ume/ipv6/dtcpclient-20060111.tar.gz

- Install the client: untar the archive, go to the dtcpclient
directory and execute:
# make && make install

- Create a configuration file:
# vi /usr/local/etc/dtcpclient_script.conf
tunif='gif0'
static_routes='default'

- Create a password file:
# vi /usr/local/etc/dtcpclient.auth
my.dtcp.server.org:username:password

Prevent people from reading it:
# chmod 600 /usr/local/etc/dtcpclient.auth

"my.dtcp.server.org" is the address of HOST B
"username"/"password" is the username/password you choosed when you 
registered the client on the server.

- Launch the client in host mode:
# dtcpclient -t host -u username -D -l my.dtcp.server.org
  -d is for debug mode
  -l to reconnect automatically
  -D for daemon mode

- If you want to launch dtcpclient on boot:
Copy the following script in /etc/rc.d, and rename it dtcpclient, with
the execution bit set: 
http://www.imasy.or.jp/~ume/dtcp/dtcpclient.sh.netbsd

Edit the /etc/rc.conf file and add the following information:
# vi /etc/rc.conf
dtcpclient_enable="YES"
dtcpclient_server="my.dtcp.server.org"
dtcpclient_username="username"
dtcpclient_flags="-t host -Dl"

- If you connect to the internet using ppp, you can launch dtcpclient
when your connection becomes up, by editing /etc/ppp/ip-up:
# vi /etc/ppp/ip-up
#!/bin/sh
dtcpclient -t host -u username -D -l my.dtcp.server.org

- To stop DTCP client:
# kill -2 `cat /var/run/dtcpclient.pid`


c. Multiple sessions
--------------------

You can have multiple IPv6-over-IPv4 tunnels if you use multiple 
instances of dtcpclient. But you will also need to have one DTCP server 
per tunnel!

- Modify the password file:
# vi /usr/local/etc/dtcpclient.auth
my.first.dtcp.server.org:user1:password1
my.second.dtcp.server.org:user2:password2

- Modify the configuration file:
# vi /usr/local/etc/dtcpclient_script.conf
first_tunif='gif0'
first_static_routes='default'
second_tunif='gif1'
second_static_routes='default'

Here "first" and "second" can be replaced with another words, just keep
consistency when you will launch dtcpclient with the -e option

The DTCP client does not allow to give an interface name on top of which 
you would like to build the tunnel. 
So before launching the DTCP clients, you have to add a route for each of
your DTCP servers towards a different ppp interface. For example:
# route add $DTCP_SERVER_1 $PPP0_ENDPOINT
# route add $DTCP_SERVER_2 $PPP1_ENDPOINT

This will allow each ppp interface to request for a tunnel.
Once the route are correctly setup, launch both clients:
# dtcpclient -t host -u user1 -e first -f /var/run/dtcpclient_first.pid my.first.dtcp.server.org
# dtcpclient -t host -u user2 -e second -f /var/run/dtcpclient_second.pid my.second.dtcp.server.org

The "-f" options allows to indicate the location of the pidfile.
You have to use it to avoid conflicts. 


Appendix A: Network topology example
------------------------------------

As an example, here is a sample network topology:

   ------------------------------------- 2001:beef:feed:aa90::/64
                                 |
                      2001:beef:feed:aa90::1/64                      
                               HOST B
                           XXX.XXX.XXX.12
                      2001:beef:feed:aa80::1/64
                                 |
    ------------------------------------
       |
   [Internet]
       |
    ------------------------------------
                             |
			   HOST A
                       YYY.YYY.YYY.23
		  2001:beef:feed:aa90::beef

- For a static configuration you can do:

On HOST A:
HOST A# ifconfig gif0 create
HOST A# ifconfig gif0 tunnel YYY.YYY.YYY.23 XXX.XXX.XXX.12
HOST A# ifconfig gif0 inet6 2001:beef:feed:aa90::beef 2001:beef:feed:aa80::1 prefixlen /128
HOST A# route add -inet6 default 2001:beef:feed:aa80::1

On HOST B:
HOST B# ifconfig gif0 create
HOST B# ifconfig gif0 tunnel XXX.XXX.XXX.12 YYY.YYY.YYY.23
HOST B# ifconfig gif0 inet6 2001:beef:feed:aa80::1 2001:beef:feed:aa90::beef prefixlen /128

- With DTCP you can launch the server on HOST B like this: 
# dtcps -i gif0 2001:beef:feed:aa90:: 

HOST A will obtain an address built from 2001:beef:feed:aa90::


--
Any questions ? Please mail me:
kuntz(at)sfc.wide.ad.jp