(usagi-users 02751) Re: IPv6/Ipv4 tunnel behind NAT

["Jeroen Massar" <jeroen@xxxxxxxxx>]

-----BEGIN PGP SIGNED MESSAGE-----

Qiang Zhang [mailto:qzhang@xxxxxxxxxxxxx] wrote:

> Jeroen and Stig,
> 
> Thank you for the reply, I am able to start the tunnel 
> now....after swapping out my cheap "NAT router", it is a 40$ netgear :)
> 
> Basically to summarize 1. need to tweak the end point IP with 
> the tunnel:
> use the private v4 IP as the tunnel device local point, then 
> need to also satisfy the TSP's requirement (use the v4 Public IP for registration related)

The Heartbeat protocol (draft in private review atm) does it
somewhat different. Users request a 'dynamic heartbeat' tunnel
in the SixXS system (http://www.sixxs.net/heartbeat/). The user
then uses the heartbeat (or soon ssacc) tool to setup their tunnel.
The tool sends the heartbeat to the Tunnel Server. When the user
is behind a NAT they can flick the 'nat' option on the heartbeat
protocol uses a special 'sender' key instead of the outer IPv4
address of the tunnel. The POP sees the 'sender' keyword and
uses the source IPv4 address as the endpoint for the tunnel.
Configured tunnels are always set to a static IPv4 endpoint
thus the user is aware of that, website automatically fills
it in when requesting a tunnel and the user is coming from
a IPv4 or 6to4 address.

Fortunatly there are quite a number of transition methods
one will work in the end ;)

>   2. make sure the NAT box understand the IP 
> protocol 41 so it can correctly set up the NAT state

That is indeed al that there is too it.

Greets,
 Jeroen

-----BEGIN PGP SIGNATURE-----
Version: Unfix PGP for Outlook Alpha 13 Int.
Comment: Jeroen Massar / http://unfix.org/~jeroen

iQA/AwUBP/60KSmqKFIzPnwjEQKrOgCgqbubrDMsTSH6NxNdQlgf3b+7KXsAmgOS
cYa8ZuZD3UHyVYBZptH6d9uF
=6q8H
-----END PGP SIGNATURE-----