Hamnet : Gateway / Passerelle IPv6

Introduction.

As we know, the future of IP (internet protocol) is pushing towards exclusive usage from IP version 4 to IP version 6. This is a much different and newer technology than the previous version 4 was especially in regards to packet radio. In trying to keep up with the forward motion of newer technologies it's essential that we also keep up. To date, the only way we're able to route IP version 6 (IPv6) is with the usage of HamLan/Wan systems that natively support IPv6. Classic packet natively is NOT designed to handle IPv6.

What's the secret?

It took me a while to figure out a method in engineering just how to do this but once a good solid theory was in place it was a matter of testing it out. As we know, to route IP versioin 4, we must create an ARP statement that links the remote host's IPv4 IP to their callsign-ssid. An example of this on a linux system would be:
arp -i ax0 -H ax25 -s 44.68.88.1 K2PUT-13
which looks like:
Address HWtype HWaddress Flags Mask Iface
k2put.ampr.org ax25 K2PUT-13 CM ax0

when viewing the local arp table. Then you can set your route table to push
the IP and it's full block accordingly:

44.68.88.0/27 via 44.68.88.1 dev ax0 src 44.88.4.1 onlink
44.68.88.1 dev ax0 scope link src 44.88.4.1


So now we have a path to 44.68.88/27 via the host's main IP of 44.68.88.1 which will use device ax0 (an ax25 interface) to encapsulate (or tunnel) IP under ax25 via the ARP statement to K2PUT-13 so when K2PUT receives a frame it will know how to handle the IPv4 properly. Our issue with IP version 6 is that it does NOT use ARP! So how do we do this? The secret is already in this paragraph!

Establish your IPv6 block.

You will obviously need an IPv6 block or a single IPv6 address from someone so you can get proper routing. I suggest finding or creating a gateway with a block brokered from someone such as Hurricane Electric (https://www.he.net). They will be happy to grant you a /64 IPv6 block for your gateway and they also provide instructions as to how to set up your system. If you need a larger block (why I don't know!) you can get a /48 IPv6 block from them. This will give you more IPs than you'll know what on earth to do with! Once you set up your IPv6 gateway you can then pass off IPv6 IPs to remote sites using RF by configuring SIT tunnels under your existing amprnet paths.

Setting up a Router.

I suggest when you configure your routing to a broker such as HE.net that you make it a separate script called either with your main ax25 loader script or called via rc.local. From there you may add to your script for those you intend to broker IPv6 via packet for. In my case for K2PUT I create a SIT tunnel I call "put6" and put the proper tunneling to it's amprnet IP in there. Example:
# K2PUT
ip tunnel add put6 mode sit remote 44.68.88.1 ttl 64 # create the tunnel and map it to K2PUT's amprnet IP
ip link set put6 up # this is like ifconfig up
ip -6 address add 2001:470:8a1e::1 dev put6 # assign my main gateway IPv6 IP to the SIT interface
ip -6 route add 2001:470:8a1e::20 dev put6 # push the /128 IP out the interface

the gateway side is now complete and acts as a router for K2PUT's IPv6 IP.

Configure the remote end.

I have a script on https://uronode.n1uro.com under "broker an ip from n1uro" that you can modify for your usage. The working sample that gets loaded at K2PUT is below:
modprobe ipv6 # Load the kernel module
ip tunnel add ampr6 mode sit remote 44.88.0.1 local any ttl 64 # Configure the tunnel to use the existing amprnet path to my gateway
ip link set ampr6 up # Bring the interface up
ip -6 address add 2001:470:8a1e::20 dev ampr6 # Assign the IP to the interface
ip -6 route add 2001:470:8a1e::1 dev ampr6 # Set a route to the gateway
ip -6 route add default via 2001:470:8a1e::1 dev ampr6 # Set an IPv6 default route to our gateway host

Once saved, then you need to insure you have allowed your system to handle the IPv6 routing.

Setting your system for IPv6.

There's not much left for you to do before you start your script load, you just need to allow your system to handle the IPv6 routing. This will require a minimum of 2 things:
1. Allow for IPv6 forwarding
2. Allow in your firewall IP -protocol- 41 (IPv6)
In /etc/sysctl.conf you may achieve #1 by uncommenting (if it is commented out) net.ipv6.conf.all.forwarding=1 and then run as root sysctl -p. This will reset your interfaces to allow for forwarding of your IPv6. As for the second thing you need to do, you'll need to consult your firewall config instructions on how to do this. Keep in mind, this is a second network to your system so any firewall rules you may have for IPv4 you'll most likely want to duplicate them for IPv6 as well.

Test the Routing.

Insure you have ping (I prefer fping) and try to "fping6 ipv6-ip". If you're using (ax)listen you should see something like this:
ax0: fm K1YON-13 to K2PUT-13 via K1YON-2* K2PUT* ctl I47^ pid=CC(IP) len 124
IP: len 124 44.88.0.1->44.68.88.1 ihl 20 ttl 63 DF prot 41
0000 `....@:? ..p............ ..p........... ..â–’â–’Fâ–’......{â–’.ZNZ......
0040 ........................................
ax0: fm K2PUT-13 to K1YON-13 via K2PUT K1YON-2 ctl I04^ pid=CC(IP) len 124
IP: len 124 44.68.88.1->44.88.0.1 ihl 20 ttl 64 prot 41
0000 `....@:@ ..p........... ..p..............â–’â–’Fâ–’......{â–’.ZNZ......
0040 ........................................


You'll notice on the IP line at the end it says "prot 41" for IPv6. The final results show properly:
n1uro@n1uro:~$ fping6 k2put
k2put is alive
n1uro@n1uro:~$ telnet6 k2put node
Trying 2001:470:8a1e::20...
Connected to k2put.ampr.org.
Escape character is '^]'.
(k2put.ampr.org:uronode) login: n1uro

[URONode v2.8]
Welcome n1uro to the k2put.ampr.org packet shell.
This is copy of URONode is located at Mount Ninham, Putnam,
Putnam County, New York [FN31dl]
Type "?" for commands or H for more detailed help on a command.


n1uro@k2put.ampr.org-IPv6: u
Current users:
Telnet6 (n1uro @ IPv6) -> Idle (0:00:00:00)
n1uro@k2put.ampr.org-IPv6: b
Thank you n1uro, for connecting to the
k2put.ampr.org URONode IPv6 packet shell.
Connection closed by foreign host.


As you see, IPv6 is working just fine!

Final notes.

A few final notes in regards to IPv6 on classic packet:
- Since this is encapsulating/tunneling another protocol within the protocol layers, I suggest that you don't use it on links slower than 9600 baud as you see in the trace there's additional protocol overhead thus taking up data space within the limitations of the 256 byte MTU of ax25 specifications. Of course you're welcome to try it if you wish on slower speeds. I'm not at all suggesting it wouldn't work, it just may be slower than expected or desired.
- As of this writing, the only node software known that can handle incoming IPv6 telnets natively is URONode. This is verified within the sample of a telnet6 session to K2PUT.
- You don't *need* amprnet/44-net IPs to accomplish this either, you may use any RFC-1918 (private) space such as 10/8 or 192.168/16 to accomplish point to point tunneling for IPv6.
That's all I can think of for now... 73!

Source https://uronode.n1uro.com/linux/ipv6.html