Slashdot Mirror
IPv6 Over OpenBSD
darkuncle writes: "While doing some research into setting up an OpenBSD box as a firewall/NAT box/DHCP server for my home network, I ran across a cool writeup at 2600 Australia about how to implement IPv6 on OpenBSD. For anybody that's been thinking about exploring IPv6, this article (along with the FAQ linked above) provides some good starting points. "
All they have to do is to mandate that all U.S. routers use IPv6, keep full logs of all connections, and make these logs accessible at will, in real time.
In the past, people didn't believe that this would come to pass. Unfortunately, there are two key reasons why this will now happen. The first is the existing example of the phone companies, who were mandated by Congress to implement wiretapping of digital technology. They balked at the cost, until Congress last year gave them a few hundred million of our tax dollars to shut up and implement it.
The ISPs will balk too; until they're given enough cash to do it. A Billion dollars would certainly smooth over a lot of ruffled feathers, and probably get them chomping at the bit for a piece of that action.
And second, technology keeps getting more powerful and cheaper every year. It's only a matter of time now before realtime tracking is putforward by the FBI to assist with "protecting" us from Terrorists, Child Porn, Drugs, and what not.
Sure wish someone would protect us from the thugs at the FBI.
Actually, with this "feature", market research companies could use this to keep track of your viewing habits like never before. And pay the ISPs for this information. This is a revenue generating product for the company which buys into it; the amount needed for funding the right lobbiests to get this law passed is chicken feed.
And given that some Cisco employees had the gaul to stand up at a recent IETF and announce that they'd be implementing a wiretapping protocol for the FBI (and the IETF could go to hell), you can bet Cisco would jump at the chance to screw your privacy any way they could.
How silly the fools who created the IPv6 standard now seem. Unless this was their original intention; and it's hard to believe that they were complete idiots and missed all of this.
Great developers are *NOT* generally known for their highly refined people skills. Let them call it as they see it, and if you should become offended, well... then your propensity to become easily offended is a problem you should address. Perhaps you never witnessed a "spontaneous expression of strong feelings" from Linus Torvalds? Eric Raymond? Richard Stallman? even (gasp) Bill Gates?
In the final analysis, the only measurement that counts is the results achieved. All we should ask of Theo (and every other developer of leading/bleeding edge work) is that he "keep on keeping on". The world needs more egotists just like him! There are enough sheep/lemmings/whatever in the world.
Henry David Thoreau (1817-1862) once said: I find it wholesome to be alone the greater part of the time. To be in a company (corporation?), even with the best, is soon wearisome and dissipating. I love to be alone. I never found a companion that was so companionable as solitude.
I suspect that Henry David Thoreau and operating system developers have much in common.
Please! This drivel about *BSD has nothing to do with IPv6, or even OpenBSD. It's a fight over who said what to whom, when, how, why, and whether the cow delivered a three-headed calf afterwards.
If you want to fight about BSD, become one of those showman wrestlers on TV, or a professional boxer. Who knows? It might even make you rich. You might still be a dork, but you'll be a rich dork, rather than a rather bland, boring one.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Of course, there's nothing to stop an ISP from installing GateD 3.6-ipv6, MRT or Zebra in the meantime, and tunnel to the 6bone. Don't see many ISPs doing this, though. Maybe I'm just being cynical, but ISPs are not doing that much to encourage router companies to bring out the goods. Threats of taking their business elsewhere would do it, and probably would save the ISPs money in the process. Cisco knows all this, but it doesn't worry them, as the ISPs are preferring to stay dormant.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Oof. Actually many ISPs do really really want to switch to IPv6. ISPs hate people who spoof ips just like everyone else.
There are several things blocking the path to IPv6. One of the major things that is blocking the movement to IPv6 is lack of support in Switches and Routers. Hell, all of Cisco's releaces of IOS that are IPv6 compliant are all Beta. Now would you like to sign up with an ISP who's uptime is far short of 99.99%?
IPv6 is comming and it is comming fast. I figure it'll be about 2 years before most top level providers start implementing it.
The only part of this that isn't obvious is why to use IPv6. Actually, that's obvious, too--it's fun to play with new things.
There's a little more to it than that. IPv6 has a much bigger address space - which won't affect you directly - and also has much-enhanced security features and the ability to set up links with predictable real-time performance (IOW it's ideal for Quake).
--
Life's a bitch but somebody's gotta do it.
The primary goal of OpenBSD is security. Hence, it is the obvious choice for a firewall system. In the home environment, the firewall system will also need to provide other services, such as NAT and DHCP.
While my experience is that Linux is faster than BSD, that shouldn't be an issue here.
The only part of this that isn't obvious is why to use IPv6. Actually, that's obvious, too--it's fun to play with new things.
Sorry, but no go. Amazon has the biggest selection of books and a score of helpful reviews with each one.
Hint: You don't have to pay for the searches, and you're not required to buy the books.
This is about Openbsd (obsd) and the fact that it's implemented and can be used. I'm a freebsd user and advocate. I like IPv6 support in my bsd, but please don't be so overzealous to say that fbsd did it already. It's not about that.
---
-
ping -f 255.255.255.255 # if only
I'm the maintainer of (one of) the Linux port of the ftpd from OpenBSD. Since version 0.3.0 (of my port, taken from OpenBSD 2.7) it has had IPv6 support (this has been a pain to port, as a matter of fact).
(I'm still a bit short of confirmations that the IPv6 part works correctly. It would be nice if more people with IPv6 connectivity could try it out and tell me.)
Also check out my "sock" program (instructions for use: see comments at the start of the source) for an IPv6-aware equivalent of netcat/socket that uses the spiffy getaddrinfo() function from libc.
Besides this, I think Linux is still wanting in IPv6-aware tools. Now that the kernel supports it and the libc supports it, I think all distributions could afford to ship with a fully IPv6-aware environment. Not having ping6 and all by default is rather ridiculous.
It seems to me that historically it has been the "underground" that has utilized cutting-edge technologies first. BBS's first became popular (at least among the people I hung out with) whenever you could trade warez and txt files. The internet was popular with geeks and Phrack types way before .com mania shook the world, and John Carmack is definately not mainstream. All of these examples show that the edges are where innovation and application of new technologies takes place.
So I vote "yay" to implementing some sort of pseudo-proprietary net using IPv6, expecially IPsec just to piss of the MPAA attorneys. Could Gnutella be ported to IPv6?
FreeBSD has had IPV6 support for several years now. It was an option with FreeBSD 3.x and ships by default with 4.0.
Substantial development of IPV6 and IPSEC were actively developed under FreeBSD versions as far back as 2.x
It's too bad the IPV6 deployment will remain stunted (we won't see ISPs rolling out support) until M$ decides to implement it in their operating systems...
-p.
MS ain't gonna commit resources to IPv6 until they see demand for it, and it ain't *really* gonna take off until they do.
Have fun making things up?...seeing as it's about Microsoft and how evil they are, you'll probably get moderated up as 'insightful'.
Technical (Public) Beta
Direct from Microsoft's research group working on ipv6
Yes, it is much better to have six different machines...
The BSD section is red. Other sections have various other colors. Most just use the default green-and-white scheme though.
Those who can't do, teach. Those who can't teach either, do tech support.
FreeBSD 4.0 has IPV6 support right out of the box (or FTP install, whatever the case may be). In fact, if you goto www.freenet6.net you can hook yourself up with an IPV6 tunnel and start playing around with it immediately.
There are more OpenBSD IPv6 stacks.
One is the KAME IPv6 project wich is a stack for FreeBSD/NetBSD/BSD/OS.
Another IPv6 stack for FreeBSd/NetBSD is made by INRIA IPv6.
Another interesting site is the Alternate Queueing (ALTQ) for queue and bandwidth management use under *BSDs.
And once you got this all working, why not play with OpenBSD and PGPnet VPN support.
Erik
FreeBSD: most popular. Wants to be the best for x86. Until reciently didn't care at all about any other platform. Still doesn't care much. Probably the best choice though if your system is x86
NetBSD: try to run on all useful platforms. If it is a comptuer netBSD wants to run on it. An excellent choice if you have many different comptuers with different strenghts. They all look the same from an admin point of view.
OpenBSD: orginally netBSD+, but not different enough. Doesn't care as much about portability (but has more supported platforms then freeBSD and can probably support all of netBSD's platforms with a little work) Wants to be the most secure OS possibal, and in fact it has been years since someone found a remotly exploitable security hole in default install. (You can of course configure it to be insecure.) Best choice if your not sure who will be attacking your system. (The others react quickly to problems, openBSD tends to proactivly avoid them)
However despite the above, the *BSDs are not much different. Pick one. Theo and his openBSD deservies a lot of criticism, but nobody will claim that openBSD is not technically excellent in their area. I should note too that most of openBSD's changes have filtered back into freeBSD and netBSD over time. I'm sure that linux devolpers have looked them over too. And of course it runs in the other way.
The best thing to do is have an infiniate amount of machines and time, so that you can run all 3 *BSDs, every linux distribution, and whatever else you can get your hand on. Then decide for yourself.
You can also check out:
These are routers with support for IPv6 routing protocols, such as RIPng, OSPFv6 and BGP4+. (For GateD, you want the GateD 3.6-ipv6 snapshot.)
Last, but by no means least, there's a wealth of information at the "principle" IPv6 sites:
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
To anyone who doesn't regularly read the BSD section this will seem like a fresh new post.
In reality its been cut 'n pasted so many times its beyond belief. Someone really has it out for *BSD.
There are few worthy projects out there that DO NOT have interesting characters and wild political battles. Please take into consideration the technical merits of these operating systems, and remember that some people hate *BSDs for political reasons that are just as lowly as the not so nice stuff that goes on in the OS battles.
Well, then you haven't been doing your homework. A quick search at amazon shows a couple of books of interest, like this:
Caveat: as I am only a Linux user at home and stuck on WinNT at work, and have not even tried connecting to a 6 bone yet or doing IPv6 tunneling with IPv4, I can't vouch for how well the instructions work, but they look right, AFAICT.
...Open Source isn't the only answer -- but it's almost always a better value than the alternatives...
I would like to propose an IPv6 day, in which all Slashdot readers sign up with an IPv6 tunnel provider and spend the day -just- using IPv6.
Whilst it might have absolutely no effect on outside opinion, it might give IPv6 a much-needed injection of interest. And that might pave the way for IPv6 to move out of obscurity and into general awareness.
If there is interest in this idea, I'd like to propose June 4th as our own Independence Day. In this case, independence from IPv4.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Books...
Ipv6 : The Next Generation Internet Protocol Stewart S. Miller; Paperback
IP Addressing & Subnetting Including IPv6 Syngress Media; Paperback
Ipv6 Networks Marcus Goncalves, Kitty Niles; Paperback
And of course IPv6.org is an excellent source of info on the next generation for the internet.
Its already here as a networking technology and for many areas its increased security model enables things that couldn't previously be done. Big privacy question marks over it though.
An Eye for an Eye will make the whole world blind - Gandhi
Yes folks, you read it here first on Slashdot. OpenBSD, a Canadian operating system written by Theo deRaadt while he was a grad student in Finland, is officially supporting the IPv6 so-called "standard". I ask you, what is wrong with the current IPv4 implementation? Our fine, American protocols have dragged this network out of a mess of ivory towers and into the lives of all hard-working people around the world. And no these "hackers" want to just up and destroy it, replacing it with some insiduous software developed in Japan, which has already brought about the total degredation of American youth through the Satanic influences of its "Pokemon" cult. Have we forgotten December 7th, 1941, "A day that will live in infamy", my friends?
So what, you might be asking yourself, is so special about IPv6 that these Canadians and Japanese would be investing so much time in it? Let me tell you. In IPv4, there are only a few IP addresses to go around, and this creates the supply and demand reactions that fuel the machines of Capitalism. Not everyone can have one, and certainly few can hold on to them forever. But in this new system, the range of addresses in increased exponentially: everyone will be forced to have one by the government. You thought social security, FDR's plot to control the citizens by reducing them to numbers, was bad? Wait till the government outlaws naming children with good, Christian names. That's right folks, if those fat cats in Washington have their way, your next child may well be designated, by the government, as being "3ffe:b00:c18:1fff:0:0:0:2d9". Try singing those sweet lullabies to children with that name. No doubt it will inspire many normally-godfearing women to murder their unborn children at the slaughtering "clinics", which is what liberals, with their hatred of all that is human, really want.
And don't think that you'll walk away scot-free either. You're new, government-assigned IP address will be used to identify you on the new government work farms. Think you like your cushy job as a Visual Basic programmer? Wait till Washington has you picking tomatoes on a desert farm in Mexico. I've never been wrong before, folks, so I know I'm right this time. IPv6 is a tool of the Illuminati, and it's branch organizaions like the Jewish Banking Interests and the Democratic Party, to control the hearts and minds of decent, Christian Americans. Don't let these Japanese "researchers", or their partner in crime, Theo deRaadt, infiltrate into your network. America's future depends on it.
A.K.A. Windows NT, unrelated to the other BSDs, this one stands for Blue Screen of Death.
Some people claim that MS can't produce a stable operating sytem, but winBSD is the ultimate in stability. Once you manage to boot winBSD (inexplicably, there is no official option to boot directly into it, but there are many ways to start it), it will run forever, disregarding anything short of a power outage.
Some may complain that there is no software for winBSD, but people make the same complaint about Linux, and the same answer applies: that doesn't make the OS bad. You can already enjoy such entertaining games as "Swear at the Screen" and "Ignore all Inputs". So start developing for winBSD today!