Post 

Howto

Enable IPv6 on Mac OS X, the tunnelbroker.net way

Paul, January 28, 2009

As a follow up to my earlier teredo howto, here i want to show you how to use the Tunnelbroker provided by Hurricane Electric on OS X 10.5, Leopard, behind a NAT Router that passes protocol41 (e.g. Fritz!box Fon WLAN 7170).

I did not want to make rocket-science out of this, so i did the easiest and simpliest possible way to achieve my goal, which means that it might not be the 100% correct way to do things. Also, it's not going in to details about IPv6, so if you are new to this topic, the tutorial may be a bit difficult for you.

How all this will work: Once you have finished this tutorial, you will have a Launchd script checking every 30 mins for IP changes, if your IP has changed, it will reset your IPv6 configuration. That means, in worst case, your IPv6 will be down for 30 minutes, but in best case you won't notice the script at all.

Step 1, Register with Hurricane Electric's tunnelbroker.net
Just go to http://tunnelbroker.net and get your free account.

Step 2, Create a new tunnel

Click on Create Regular Tunnel, and enter your current public IPv4 there (see You are viewing from IP: <that's your ip>)

Next, pick the closest location to you. You can also ping each of the IPs shown there and pick the fastest one, since - at least in Germany - the closest geographical location not always is the fastest one.

When you are finished, you will get your tunnel details displayed, which should be similar to the screenshot below. You will need some values from this screen and the account overview screen in the script in the next step.

Tunnel Details.jpgStep 3, The IPv6 Script

This is the IPv6 script, it is documented inside, so follow the steps there and then come back here :-)

#!/bin/bash
#######################################################################
# Update the HE (Hurricane Electric) ipv6-tunnel
#######################################################################
# Interface to use: en1 = Airport, en0 = Ethernet
MYIF="en1"

# leave as is
IPCACHE="/Library/Caches/ipv6scriptIP"

# Your Tunnel settings start here
# 1. get HEUSER hash from the website, "UserID"
# 2. get HEPASS hash: echo -n YourPass|md5
# 3. get HETUNNEL from the website, "Global Tunnel ID"
# 4. get other settings from the website

HEUSER=fb3f06c821388858cafe95cea24895d3
HEPASS=420cc447758fe38e9df69a3a17c77c33
HETUNNEL=123456

HETUNEND=216.66.00.00
HEYOUR6END=2001:0123:123a:1234::2
HETHEIR6END=2001:0123:123a:1234::1
HEPREFIX=64

# This is some IP from the "Routed /64" pool, used for outgoing connections from your Mac.
# Should it get blocked by anyone, you can simply change it to any other IP from the pool
# without having to apply for a new tunnel. e.g. if your Routed /64 pool is 
# 2001:0123:123b:1234::/64, you can use this for your IP:

HEMY64IP=2001:0123:123b:1234::0bad:cafe

#######################################################################
# Config end
#######################################################################
# sometimes this script will get executed twice at the same time, not good, so:
if [ -f $IPCACHE.lock ] ; then
  echo A copy already running!
  exit 0
else
 touch $IPCACHE.lock
fi
# This is faster if your router sets a dyndns entry:
#NEW_IP=`dig mycomp.myvnc.com|grep "^mycomp"| grep -Eo "\<[[:digit:]]{1,3}(\.[[:digit:]]{1,3}){3}\>"`
NEW_IP=`curl -s "http://www.networksecuritytoolkit.org/nst/cgi-bin/ip.cgi"`

# Wait for the network...
while [ ! -n "$NEW_IP" ]
do
	sleep 10
  #NEW_IP=`dig mycomp.myvnc.com|grep "^mycomp"| grep -Eo "\<[[:digit:]]{1,3}(\.[[:digit:]]{1,3}){3}\>"`
  NEW_IP=`curl -s "http://www.networksecuritytoolkit.org/nst/cgi-bin/ip.cgi"`
done


OLD_IP=`cat $IPCACHE`
if [ "$NEW_IP" = "$OLD_IP" ] ; then
	CURCONF=`ifconfig |grep $HETUNEND`
   if [ -n "$CURCONF" ] ; then
		echo Nothing to do
		rm $IPCACHE.lock
		exit 0
	fi
fi

echo -n $NEW_IP > $IPCACHE

# if you need to use your public ip address, use LOCAL_IP=$NEW_IP instead
LOCAL_IP=`ifconfig $MYIF |grep -E 'inet.[0-9]' | grep -v '127.0.0.1' | awk '{ print $2}'`

# let's delete a pre-existing gif0, ignore any errors
ifconfig gif0 deletetunnel
ifconfig gif0 down
ifconfig gif0 inet6 delete $HEYOUR6END
ifconfig gif0 inet6 delete $HEMY64IP
route delete -inet6 default -interface gif0

# update the tunnel
curl -k -s "https://ipv4.tunnelbroker.net/ipv4_end.php?ipv4b=$NEW_IP&pass=$HEPASS&user_id=$HEUSER&tunnel_id=$HETUNNEL"
echo " "

sleep 1
ifconfig gif0 tunnel $LOCAL_IP $HETUNEND
ifconfig gif0 inet6 $HEMY64IP/64 alias
ifconfig gif0 inet6 $HEYOUR6END $HETHEIR6END prefixlen /$HEPREFIX
route -n add -inet6 default $HETHEIR6END

rm $IPCACHE.lock
exit 0
[download]

After adapting the values to your needs, you need to save it in the right place:
sudo vi /usr/local/bin/ipv6script
Paste your script, and save it with :wq

Make it executable by typing
sudo chmod +x /usr/local/bin/ipv6script

Step 4, Launchd

Now we need to create a LaunchDaemon in Launchd, to do so:
sudo vi /Library/LaunchDaemons/net.pugio.myipv6script.plist
Paste:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Label</key>
        <string>net.pugio.myipv6script</string>
        <key>ProgramArguments</key>
        <array>
                <string>/Users/pk/Applications/ipv6script</string>
        </array>
        <key>RunAtLoad</key>
        <true/>
        <key>StartInterval</key>
        <integer>1800</integer>
        <key>WatchPaths</key>
        <array>
                <string>/Library/Preferences/SystemConfiguration/com.apple.network.identification.plist</string>
        </array>
</dict>
</plist>
[download]

This will tell Launchd to execute the script on Login, all network changes and every 30 minutes, in case your router gets a new IP. If you are on static IPs, you can remove that timer, just delete these two lines from the file:
<key>StartInterval</key>
<integer>1800</integer>


Finally you have to activate your Lauchd Agent by executing following:
sudo launchctl load /Library/LaunchDaemons/net.pugio.myipv6script.plist

You should now be able to ping6 pugio.net - congratulations.

Bug hunting

Should something go wrong, execute the script by hand:
sudo /usr/local/bin/ipv6script

This should hopefully show you the error.

If you find this howto useful, or have anything to contribute to it, please leave a comment or link to this tutorial, thank you :-)

Tags:

| | Comments (9) Howto

9 Comments

heigo | April 7, 2009 7:46 AM | Reply

Hello!

Thanks for howto!
But i got errors:

bash-3.2# ping6 pugio.net
ping6: nodename nor servname provided, or not known
bash-3.2# sudo /usr/local/bin/ipv6script
ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
route: writing to routing socket: No such process
delete net default: gateway gif0: not in table
That IPv4 endpoint is already in use.
ifconfig: : bad value
add net default: gateway 2001:470:1f14:XXXX::1


what i'm doing wrong, i cant figure it out.
But when i start script manually, it gives me these errors, but ipv6 working.
Have tested it on kame.net and hexago.com

I'd like to get rid of these errors.

Thanks for your help.
PS! Sorry about my bad english
----
H

Paul | April 7, 2009 8:02 AM | Reply

> But i got errors:

> bash-3.2# ping6 pugio.net
> ping6: nodename nor servname provided, or not known

That's strange - or you did not have ipv6 active

> bash-3.2# sudo /usr/local/bin/ipv6script
> ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
> ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
> route: writing to routing socket: No such process
> delete net default: gateway gif0: not in table

Everything until here can be ignored, the script is deleting any old settings and returns errors if there's nothing to remove

> That IPv4 endpoint is already in use.

That's ok

> ifconfig: : bad value

That's not ok :-)

> add net default: gateway 2001:470:1f14:XXXX::1

That's ok.


Check that your $HEMY64IP has no space behind it, it's from the range you got from TB and that it's a valid ipv6 address.

If that does not fix it, send me the output of: ifconfig gif0

Jack | May 23, 2009 3:31 PM | Reply

Not sure what's wrong here..
I think the first script has gone by fine:

sudo /usr/local/bin/ipv6script
A copy already running!

But, when I use:

sudo launchctl load /Library/LaunchDaemons/net.pugio.myipv6script.plist

I get:

launchctl: propertyList is NULL
launchctl: no plist was returned for: /Library/LaunchDaemons/net.pugio.myipv6script.plist
launchctl: no plist was returned for: /Library/LaunchDaemons/net.pugio.myipv6script.plist
nothing found to load


What do I need to do in order to fix this?
And thanks for the tutorial by the way!

Jack

Jack | May 23, 2009 7:37 PM | Reply

Hi, just thought I'd give an update.

Well, i think i've solved the last issue, but I don't think I've replaced everything I've needed to in the script since it's not working.
I'll give it another try and tell you how I get on.

Thanks again!

Jack | May 24, 2009 12:34 PM | Reply

Just want to say thank you! Working now, much appreciated!

Will | October 28, 2009 3:05 AM | Reply

Woo, just want to say thanks, the script worked perfectly, I've been trying to get IPV6 working for ages under 10.6 and I've finally done it.

sieja | December 16, 2009 8:19 PM | Reply

Hello,

I try to do everything like on the page but from some reason when i write sudo ipv6script i can see message Nothing to do

Thanks for any help

sieja | December 16, 2009 8:29 PM | Reply

"bash$ ip6 -u gif0
ip6: Error -1 encountered attaching interface gif0.
"

maybe that's reason?

Paul | December 19, 2009 4:33 PM | Reply

Hi sieja,

"Nothing to do", means nothing changed from last check and everything seems to be setup properly.

does "ping6 pugio.net" work?

You can force the script execution by executing:

sudo rm /Library/Caches/ipv6scriptIP

Leave a comment

Categories

Creative Commons License
This weblog is licensed under a Creative Commons License.
Powered by Movable Type 4.31-en