IPv6 to go: PPTP VPN Cisco – Mac Book and an IPv6 tunnel

[Orginally posted Sep 2, 2012 10:53 AM by Antti Uitto   [ updated Sep 2, 2012 11:40 AM ]]

This article assumes that  you have a (Cisco) router that you can administer and that router is connected to both IPv4 and IPv6 networks.

It’s ok if you don’t have IPv5 yet.

We are going to make a PPTP VPN from a Mac to the router and then, using IPv4 address pair gained from VPN client pool, tunnel some IPv6. This way you can have your IPv6 address with you where ever you go.

First configure PPTP VPN service in your router.

configure terminal
vpdn enable
vpdn-group 1
accept-dialin
protocol pptp
virtual-template 1
exit
exit
interface Virtual-Template1
ip address 192.168.34.1 255.255.255.0
peer default ip address pool PPTP-Pool
no keepalive
ppp encrypt mppe 128
ppp authentication ms-chap ms-chap-v2
exit
ip local pool PPTP-Pool 192.168.34.200 192.168.34.210

Create a PPTP VPN user.

username usr1 password PASSWORD

Insert these lines to ensure that usr1 always gets address 192.168.34.200

aaa new-model
aaa authentication ppp default local
aaa authorization network default local

username usr1 aaa attribute list usr1
aaa attribute list usr1
attribute type addr 192.168.34.200 service ppp protocol ip mandatory

Create a tunnel interface for this user

interface Tunnel200
description IPv6 tunnel to MAC
no ip address
ipv6 address 2001:98:1:49:FFFF:FFFF:FFFF:FFFD/126
ipv6 enable
tunnel source 192.168.34.1
tunnel destination 192.168.34.200
tunnel mode ipv6ip
end

Those lines make a tunnel between PPTP VPN addresses (IPv4). This tunnel will be given IPv6 address from your resources.

Next configure your Mac.

Create a normal PPTP VPN connection using the OSX’s network configuration.

Then create a file called ipv6-tunnel-up on Mac, with this in it:

sudo route delete -inet6 default
sudo ifconfig gif200 create
sudo ifconfig gif200 tunnel 192.168.34.200 192.168.34.1
sudo ifconfig gif200 inet6 alias 2001:98:1:49:FFFF:FFFF:FFFF:FFFE  prefixlen 126
sudo route add -inet6 default -interface gif200

Make this file executable by saying
chmod +x ipv6-tunnel-up

You can make things even nicer by creating a similar file ipv6-tunnel-down that kills gif200 and removes ipv6 default route.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s