-----BEGIN PGP SIGNED MESSAGE----- Marc Singer [mailto:[EMAIL PROTECTED] wrote:
> On Wed, Jan 21, 2004 at 02:34:07AM +0100, Jeroen Massar wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > > > Marc Singer [mailto:[EMAIL PROTECTED] wrote: > > > > > On Tue, Jan 20, 2004 at 08:46:33PM +0100, Jeroen Massar wrote: > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > > > > > > John Goerzen [mailto:[EMAIL PROTECTED] wrote: <BIG SNIP> > Not exactly. > > > [6to4 anycast relay] > ^ > | > [Internet] > | > v > [Router] <---> [AP] <---> [Wireless Host] > ^ > | > v > [Wired Host] That is indeed much easier. Let the router do 6to4 and announce the prefixes using radvd directly or over a tunnel. Done(tm) > > And then you want to do 6to4 from the router to the anycast address. > > That already works. > > > Assuming that you are using NAT you can't use 6to4 unless you map > > it directly onto one internal host in the AP and properly let the > > router think that it has the public IP, as RFC1918 addresses don't > > route onto the internet. If that is done you can > > indeed create either a tunnel or possibly even native IPv6 between > > the Router and the Wireless Host. I would try native btw. > If you want > > it to be secure indeed go for the ipsec tunnel. > > In the picture above, the Wire Host (s) all work fine. radvd gives > them address and they have immediate access to the 6bone. > > My plan is to form a bridge between the Wireless Host (or any of > several) and the Router and then let the router carry ipv6 traffic to > the Anycast Relay when necessary. > > 1) If I get another tunnel, I'd like to change it in only one place, > though I know that I may have to renumber everything if I get a > bonafide network delegation. In the above setup that should be no problem. > 2) I'd really like to let there be a radvd server for the Wireless > Hosts, but I don't see how I can do this unless I can get one of > the Router's interfaces to appear in the collision domain of the > wireless network. The AP will probably have a "bridge" mode, thus extending the interface. I guess you have currently set it to make a seperate network of it. > 3) The next best thing is to for an IPSEC tunnel from the Wireless > Host to the Router since this kind of tunnel is recognized by the > AP. As an aside, the AP is really dumb in this respect. It > requires that the IPSEC tunnel use ISAKMP because of the port 500 > exchange that triggers the special super secret pass-through > mode. I'd use another kind of tunnel, but I don't think there is > one that will work with the AP. tinc/openvpn etc all use normal tcp and udp thus should not pose a problem. I actually wonder why the AP is needing to know about L4 stuff. Greets, Jeroen -----BEGIN PGP SIGNATURE----- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / http://unfix.org/~jeroen iQA/AwUBQA5dvimqKFIzPnwjEQJvcgCfaXRCFK+Tm20jzfroTFjO6v6IhiwAn3PL pjRgRllgVc5DuMdK/Mkt6Ntu =SLB4 -----END PGP SIGNATURE-----
