Understanding 6to4 addressing
Using an Airport Extreme with 6to4 connected to Comcast's cable modem system, I have an IPv6 address of 2002:473a:314d::219:e3ff:fed4:5512. How did this address get generated?
The network prefix:
2002 - the 6to4 prefix reserved by the IETF
4731:314d - my IPv4 address (188.8.131.52) represented in hex
The host prefix:
My MAC address is 00:19:e3:d4:55:12. This is split down the middle, with ff:fe inserted between the two halves, to form the host component of my IPv6 address.
- 3rox is running a 6to4 gateway. It appears that 6to4 traffic going into PSU comes in over the I2 interface.
On-campus, wireless 6to4
6to4 tunneling does not work with when a user is connected through the VPN. It appears that the VPN concentrator is blocking the 6to4 packets.
6to4 tunneling works over 802.1X. However, since PSU is not running a 6to4 relay router, traffic must flow through 3rox, which is the closest relay router. Perhaps PSU (TNS?) should look into running a relay router for PSU hosts?
Mac OS X-provided 6to4 tunneling
Mac OS X has built-in 6to4 tunneling. However, when enabled, many apps won't use AAAA records. v6 connections will work if you specify the address.
Access control issues
Commonly, 6to4 addresses won't be nameserved (since the addresses are (self)assigned dynamically. This can break some access control lists, such as TCP wrappers or NFS shares.
For example, a server might restrict SSH access to uses on campus or in State College (on Comcast cable modems, for example). You might see this in
If that server is dual-stacked, and a 6to4-enabled client attempts to connect, the user will see this error message:
In this case, the user must force a connection over IPv4. This can be done with OpenSSH's
-4 option, for example.
Alternatively, the sysadmin could modify the ACL to include 6to4 addresses with PSU and State College Comcast IPs.