In Part 1, I described the creation of a small internal IPv6 network. Since then, I have done some more research and even received clarification for one of our issues from Microsoft's IPv6 Program Manager. It is by design that Vista doesn't respond to pings to a multi-cast address, which is probably a good design decision.
Now that we had the basics figured out, it was time to connect to the IPv6 Internet. It is important to apply all patches to your machines before connecting to the Internet, and even more so when connecting to IPv6 networks. I configured the external interface on the test router by creating /etc/hostname.xl0 with only one line in it (certain numbers replaced by X to hide my real identity):
inet 216.220.XXX.XXX 255.255.255.128 NONE
I also put the address of my gateway in /etc/mygate, put the IP address of a DNS server in /etc/resolv.conf, and then ran "sh /etc/netstart" to bring up the network.
My ISP doesn't support IPv6, so I had to use a "Tunnel Broker" to reach the global IPv6 network. The tunnel sends your IPv6 packets inside IPv4 traffic to the broker, where they are "unwrapped" and then continue on their way as normal IPv6 packets. I chose Hurricane Electric's free Tunnelbroker.net service. After giving them the public IPv4 address of my test router, I copied their example tunnel configuration for OpenBSD and created my gif0 tunnel interface by adding the following to /etc/hostname.gif0:
tunnel 216.220.XXX.XXX 64.71.XXX.XX !ifconfig gif0 inet6 alias 2001:470:1F03:XXX::2 2001:470:1F03:XXX::1 prefixlen 128 !route -n add -inet6 default 2001:470:1F03:XXX::1
After a restart (I know, I could have used /etc/netstart), I was able to "ping6 2001:470:1F03:XXX::1" the other end of the tunnel. With a functioning tunnel to the global IPv6 network, it was now time to create my internal network. One of the promises of IPv6 is cheap and plentiful addresses, and I was able to get a free /64 network from Tunnelbroker.net with the click of a button. To make sure IPv6 was really working on the clients, I checked /etc/sysctl.conf to make sure IPv4 forwarding was disabled, and IPv6 forwarding was enabled. I configured my internal interface with the first address in my block of IPs by creating /etc/hostname.url0 with only one line in it:
inet6 2001:470:1F01:XXX::1 64
I then had to make sure the router advertising daemon was enabled on only the url0 interface, which is done by removing the "xl0" parameter from the rtadvd line in /etc/rc.conf.local that was created in Part 1. The url0 internal interface was connected to a hub, a Vista machine was connected and powered on, and the OpenBSD test router restarted. After a short wait, the Vista workstation had picked up a global unicast address, and a ping to the far end of the IPv6 tunnel confirmed that it was now part of the global IPv6 network.
To provide some basic security for my internal network, I created /etc/pf.conf with the following rules:
block in on egress pass out on egress keep state pass in on egress proto icmp
I then enabled pf at boot by adding "pf=YES" to /etc/rc.conf.local. These basic rules give similar protection to a NAT router.
The Internet isn't very useful if you have to type in numeric addresses, so it was time to set up name resolution. There are a few ways to configure clients for DNS on an IPv6 network, and Microsoft has chosen to implement the "well known site local unicast address" solution by default. Vista clients default to using three site-local addresses for IPv6 DNS queries: fec0:000:0000:ffff::1, fec0:000:0000:ffff::2, and fec0:000:0000:ffff::3. I was able to find more information about these addresses in this Internet Draft. All I needed to do was configure a DNS server to listen on one of these addresses. As usual, setup on OpenBSD was easy. I added "named_flags=" to /etc/rc.conf.local to enable BIND at boot, and added "inet6 alias fec0:000:0000:ffff::1 64" to the /etc/hostname.url0 interface configuration file. After a lazy admin's reboot, it was time to experience the joys of surfing the IPv6 internet from a Vista workstation. Or not.
You quickly discover that the IPv6 Internet isn't very fun because very few web sites have IPv6 addresses. I stared in disbelief when google and yahoo failed to load. Luckily, you can find a IPv6-IPv4 website gateway and other "Cool IPv6 Stuff" at sixxs.
So in the end, it was easy to create an IPv6 network with OpenBSD in a way that requires no changes to the default Vista settings. Configure the WAN interface as usual, create a tunnel, assign a LAN IPv6 gateway address and site local DNS address, allow IPv6 forwarding, enable the router advertising daemon, enable the BIND named, and presto: you can visit seven web sites. :)