As a follow up to my earlier teredo howto, here i want to show you how to use the Tunnelbroker provided by Hurricane Electric on OS X 10.5, Leopard, behind a NAT Router that passes protocol41 (e.g. Fritz!box Fon WLAN 7170).

I did not want to make rocket-science out of this, so i did the easiest and simpliest possible way to achieve my goal, which means that it might not be the 100% correct way to do things. Also, it's not going in to details about IPv6, so if you are new to this topic, the tutorial may be a bit difficult for you.

How all this will work: Once you have finished this tutorial, you will have a Launchd script checking every 30 mins for IP changes, if your IP has changed, it will reset your IPv6 configuration. That means, in worst case, your IPv6 will be down for 30 minutes, but in best case you won't notice the script at all.

Step 1, Register with Hurricane Electric's tunnelbroker.net
Just go to http://tunnelbroker.net and get your free account.

Step 2, Create a new tunnel

Click on Create Regular Tunnel, and enter your current public IPv4 there (see You are viewing from IP: <that's your ip>)

Next, pick the closest location to you. You can also ping each of the IPs shown there and pick the fastest one, since - at least in Germany - the closest geographical location not always is the fastest one.

When you are finished, you will get your tunnel details displayed, which should be similar to the screenshot below. You will need some values from this screen and the account overview screen in the script in the next step.

Step 3, The IPv6 Script

This is the IPv6 script, it is documented inside, so follow the steps there and then come back here :-)

#!/bin/bash
#######################################################################
# Update the HE (Hurricane Electric) ipv6-tunnel
#######################################################################
# Interface to use: en1 = Airport, en0 = Ethernet
MYIF="en1"

# leave as is
IPCACHE="/Library/Caches/ipv6scriptIP"

# Your Tunnel settings start here
# 1. get HEUSER hash from the website, "UserID"
# 2. get HEPASS hash: echo -n YourPass|md5
# 3. get HETUNNEL from the website, "Global Tunnel ID"
# 4. get other settings from the website

HEUSER=fb3f06c821388858cafe95cea24895d3
HEPASS=420cc447758fe38e9df69a3a17c77c33
HETUNNEL=123456

HETUNEND=216.66.00.00
HEYOUR6END=2001:0123:123a:1234::2
HETHEIR6END=2001:0123:123a:1234::1
HEPREFIX=64

# This is some IP from the "Routed /64" pool, used for outgoing connections from your Mac.
# Should it get blocked by anyone, you can simply change it to any other IP from the pool
# without having to apply for a new tunnel. e.g. if your Routed /64 pool is 
# 2001:0123:123b:1234::/64, you can use this for your IP:

HEMY64IP=2001:0123:123b:1234::0bad:cafe

#######################################################################
# Config end
#######################################################################
# sometimes this script will get executed twice at the same time, not good, so:
if [ -f $IPCACHE.lock ] ; then
  echo A copy already running!
  exit 0
else
 touch $IPCACHE.lock
fi
# This is faster if your router sets a dyndns entry:
#NEW_IP=`dig mycomp.myvnc.com|grep "^mycomp"| grep -Eo "\<[[:digit:]]{1,3}(\.[[:digit:]]{1,3}){3}\>"`
NEW_IP=`curl -s "http://www.networksecuritytoolkit.org/nst/cgi-bin/ip.cgi"`

# Wait for the network...
while [ ! -n "$NEW_IP" ]
do
	sleep 10
  #NEW_IP=`dig mycomp.myvnc.com|grep "^mycomp"| grep -Eo "\<[[:digit:]]{1,3}(\.[[:digit:]]{1,3}){3}\>"`
  NEW_IP=`curl -s "http://www.networksecuritytoolkit.org/nst/cgi-bin/ip.cgi"`
done


OLD_IP=`cat $IPCACHE`
if [ "$NEW_IP" = "$OLD_IP" ] ; then
	CURCONF=`ifconfig |grep $HETUNEND`
   if [ -n "$CURCONF" ] ; then
		echo Nothing to do
		rm $IPCACHE.lock
		exit 0
	fi
fi

echo -n $NEW_IP > $IPCACHE

# if you need to use your public ip address, use LOCAL_IP=$NEW_IP instead
LOCAL_IP=`ifconfig $MYIF |grep -E 'inet.[0-9]' | grep -v '127.0.0.1' | awk '{ print $2}'`

# let's delete a pre-existing gif0, ignore any errors
ifconfig gif0 deletetunnel
ifconfig gif0 down
ifconfig gif0 inet6 delete $HEYOUR6END
ifconfig gif0 inet6 delete $HEMY64IP
route delete -inet6 default -interface gif0

# update the tunnel
curl -k -s "https://ipv4.tunnelbroker.net/ipv4_end.php?ipv4b=$NEW_IP&pass=$HEPASS&user_id=$HEUSER&tunnel_id=$HETUNNEL"
echo " "

sleep 1
ifconfig gif0 tunnel $LOCAL_IP $HETUNEND
ifconfig gif0 inet6 $HEMY64IP/64 alias
ifconfig gif0 inet6 $HEYOUR6END $HETHEIR6END prefixlen /$HEPREFIX
route -n add -inet6 default $HETHEIR6END

rm $IPCACHE.lock
exit 0

[download]

After adapting the values to your needs, you need to save it in the right place:
sudo vi /usr/local/bin/ipv6script
Paste your script, and save it with :wq

Make it executable by typing
sudo chmod +x /usr/local/bin/ipv6script

Step 4, Launchd

Now we need to create a LaunchDaemon in Launchd, to do so:
sudo vi /Library/LaunchDaemons/net.pugio.myipv6script.plist
Paste:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Label</key>
        <string>net.pugio.myipv6script</string>
        <key>ProgramArguments</key>
        <array>
                <string>/Users/pk/Applications/ipv6script</string>
        </array>
        <key>RunAtLoad</key>
        <true/>
        <key>StartInterval</key>
        <integer>1800</integer>
        <key>WatchPaths</key>
        <array>
                <string>/Library/Preferences/SystemConfiguration/com.apple.network.identification.plist</string>
        </array>
</dict>
</plist>

[download]

This will tell Launchd to execute the script on Login, all network changes and every 30 minutes, in case your router gets a new IP. If you are on static IPs, you can remove that timer, just delete these two lines from the file:
<key>StartInterval</key>
<integer>1800</integer>

Finally you have to activate your Lauchd Agent by executing following:
sudo launchctl load /Library/LaunchDaemons/net.pugio.myipv6script.plist

You should now be able to ping6 pugio.net - congratulations.

Bug hunting

Should something go wrong, execute the script by hand:
sudo /usr/local/bin/ipv6script

This should hopefully show you the error.

If you find this howto useful, or have anything to contribute to it, please leave a comment or link to this tutorial, thank you :-)

Enabling IPv6 on your PC is not as difficult as you think. This is a quick Teredo/Miredo Howto for the most popular operating systems allowing you to penetrate most NATs and Firewalls and most likely allowing you to bypass any blocking or censorship happening at your place. As a free bonus, i will will show you where to access tons of Usenet posts, including binaries over ipv6 for free.
Nota bene: Since Teredo also works from China, you can use it together with the *.sixxs.org proxy to read any of your favourite, blocked sites.

I also have a tutorial for IPv6 with tunnelbroker.net from HE for Mac OS X.

Windows XP
WARNING: Whatever you do, make sure you have all the latest security patches for remote exploits and your Windows firewall is up, if you use 3rd party, ensure it supports IPv6. Enabling IPv6 will put you on the net, losing any protection you may have had behind your router's NAT. At the moment there are not many attacks over ipv6, but this may change any time.

Install
Open the Terminal with Start -> Run -> cmd

netsh interface ipv6 install
netsh interface ipv6 set teredo client

Wait for few moments.

Uninstall

netsh interface ipv6 uninstall

Windows Vista
Install
IPV6 and Teredo is enabled per default. You can get into the settings by going into the preferences for an network interface. "Obtain an IPv6 address automatically" should do the trick. However, Teredo will disable itself if you have "edge traversal" or outgoing udp packets blocked in your firewall or if your router is a symmetric-nat router (e.g. Speedtouch 780). In that case you have to use a tunnel broker, see comments below.
If you can go to http://www.ipv6.sixxs.net/, everything works well, if not... well, good luck. I never really got Teredo to work on Vista Business reliably, sometimes it works, most of the time it does not.

Uninstall
Add this registry value ("DWORD") set to 0xFF (long line, double-click, and copy):

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\DisabledComponents

Or save the two lines in a .reg file and double-click it:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters]
"DisabledComponents"=dword:000000ff


You can also go to the interface properties of an network interface and deselect the IPv6 protocol for that interface. To enable IPv6 again, replace dword:000000ff above with dword:00000000.

Debian, Ubuntu
Install
On Ubuntu IPv6 is enabled per default, but not configured.

sudo apt-get install miredo

Because the default server did not work for me, I had to change it to another one:

sudo vi /etc/miredo.conf
ServerAddress teredo.ipv6.microsoft.com
sudo /etc/init.d/miredo restart

Uninstall

sudo apt-get remove miredo

Fedora, Redhat
Install
About the same as on Ubuntu. On Fedora Core 6 & 7 IPv6 is enabled per default, but not configured. You need to get miredo rpm from the Dries RPM repository.

sudo rpm -Uvh miredo-*.rpm

Uninstall

sudo rpm -e miredo

Mac OS X
Install
Get the Miredo installer from Miredo-Osx, and install it. If you are lucky, that's it. if not, try changing the server, see Debian howto above.

Uninstall
If you want to uninstall, execute the uninstall-miredo.command script, located in the /Applications/Utilities folder.

Checking if everything is working

On the terminal type:

ping6 pugio.net

In browser come back to this page, there should be a pin-up girl in lower right corner telling you that you have IPv6 and give you some more info if you click her... If you can ping6 but can't visit ipv6 websites, check your Firefox network.dns.disableIPv6 setting, did you set it to true previously?

Cool stuff

• Getting details about your IPv6 connection
• Accessing blocked, censored Websites or just for fun:

  http://en.wikipedia.org.sixxs.org/
  http://slashdot.org.sixxs.org/

  (You can access any Website over ipv6 by appending .sixxs.org to the domain)
• "Cool stuff" to do with IPv6 I like the part about Usenet over IPv6

Should I ever need to detect with PHP if a user has IPv6, this code snipplet should do the job:

<?php
$ip = getenv ("REMOTE_ADDR");
if (substr_count($ip,":") > 0
    && substr_count($ip,".") == 0) {
 echo 'You are using <a '
  .'href="http://www.dnsstuff.com/tools/whois.ch?ip='
  . $ip . '"> IPv6 </a>';
} else {
  echo "You are using IPv4";
}
?>

• Howto: OpenVPN IPv6 Tunnel Broker Guide
  (tags: ipv6 openvpn)
• Fighting for air: frontline of war on global warming | Waste and pollution | Guardian Unlimited Environment
  In the most polluted city on earth, the smog is so thick that it seems to consume its source.
  (tags: articles china environment)
• Highlights from the 2007 Quality of Living Survey
  Canadian, European and Australian cities continue to dominate the rankings this year...
  (tags: survey life)