1

I tried to use HE's TunnelBroker service and the IANA's 192.88.99.1 service, both setup with the following script:

#!/bin/sh
modprobe
# replace {remote_ip} with HE endpoint or 192.88.99.1
ip tunnel add 6to4 mode sit remote {remote_ip} local 221.xxx.xxx.xxx ttl 255
ip link set 6to4 up
ip addr add 200x:xxxx:xxxx::2/64 dev 6to4 # for 192.88.99.1 it is 2002:abcd:abcd::1/16
ip route add ::/0 dev 6to4
ip -f inet6 addr

When I do curl to dual-stack address to lookup my ip, without -4 or -6, using he-ipv6 6to4 will return an ipv6 address, using 192.88.99.1 6to4 will return ipv4 address (forcing ipv6 by using -6 works)

How can I force it to return ipv6 address by default?

hlx98007
  • 338
  • 1
  • 4
  • 11
  • 6to4 and 6in4 are not the same thing. – kasperd Jan 09 '17 at 20:02
  • @kasperd which one is which? – hlx98007 Jan 09 '17 at 21:14
  • If your address starts with `2002:` it is 6to4 otherwise it is not 6to4. If your address starts with `2001:0:` it is Teredo. Last I checked the only protocol offered by HE's tunnelbroker service was 6in4. HE also happens to be the largest provider of public Teredo relays and I think they also have public 6to4 relays. There also exists a hybrid between 6to4 and 6in4 called 6rd. The IP addresses used for native IPv6, 6in4, and 6rd all look the same. – kasperd Jan 09 '17 at 21:59

1 Answers1

4

6to4 using 192.88.99.1 has been deprecated and should not be used anymore. Because it is very unreliable the source address selection mechanism (RFC 6724) specifies that a system should prefer IPv4 over 6to4 if possible.

It is possible to change this in /etc/gai.conf but I would strongly recommend not using 6to4 at all.

Community
  • 1
Sander Steffann
  • 7,712
  • 19
  • 29
  • 1
    And also remember that simply _naming_ a connection "6to4" does not necessarily make it 6to4. – Michael Hampton Jan 09 '17 at 19:50
  • If both endpoints are using 6to4 it is more reliable than running IPv4 through a NAT. The problem is the cases where communication between 6to4 and native IPv6 goes through third party relays. It is good advice to avoid 6to4, unfortunately that advice is sometimes misinterpreted in ways that will make communication with other parties who do use 6to4 less reliable than it had to be. – kasperd Jan 09 '17 at 20:36
  • The question explicitly mentions 192.88.99.1, so it's definitely about the deprecated 6to4 using anycast relays. – Sander Steffann Jan 10 '17 at 00:20
  • Without the actual useful bit of 6to4 which is not using a relay when contacting other 6to4 routers... – Sander Steffann Jan 10 '17 at 00:30
  • @SanderSteffann Sending traffic to 192.88.99.1 doesn't make it 6to4 either. You can send traffic with a source address outside of 2002::/16 to 192.88.99.1 and it might go through. Not saying that is a good idea, just saying we don't know if that is how it was configured. – kasperd Jan 10 '17 at 08:03
  • @kasperd It was configured with a source address within 2002::/16. See the example included in the question, it explicitly mentions using a 2002: address with tunnel endpoint 192.88.99.1. And the question also mentions it works when forcing the client software to use IPv6. Effectively the OP is configuring a pseudo-6to4. The only thing real 6to4 adds compared to 6in4 with a fixed tunnel endpoint of 192.88.99.1 is that traffic to other 6to4 sites doesn't go through the anycast relay. So what the OP is doing is basically 6to4 + forcing all traffic through the relay. – Sander Steffann Jan 10 '17 at 11:36
  • The original question isn't about getting 6to4 or this 6to4 look-alike to work though. The OP explicitly mentions that "forcing ipv6 by using -6 works". The question is about why clients prefer IPv4 source addresses instead of IPv6 addresses from the 6to4 `2002::/16` prefix, and that is all from RFC 6724... – Sander Steffann Jan 10 '17 at 11:39
  • 1
    @SanderSteffann I think you are right. The way it is written in the question had me a bit confused. And I agree that clients should prefer IPv4 communication over communication between 6to4 and native IPv6 addresses. If both client and server happened to be using 6to4 I would recommend the client to prefer 6to4 over IPv4, but that would imply that a 6to4 address was used in an AAAA record which cannot be recommended. – kasperd Jan 10 '17 at 20:11