IPv6 over UDP/IPv4 Tunnel

Basically, an IPv6 over IPv4 tunnel cannot traverse NAT. However, we'll be able to traverse NAT using an IPv6 over UDP/IPv4 tunnel instead of an IPv6 over IPv4 tunnel.
Because, it uses Netgraph, it runs only on FreeBSD for now.

The extended DTCP has two usage mode to handle an UDP tunnel; whether there is a NAT or not.

The server have to know not only an IPv4 address of the client but also a port number of the client, to forward an IPv6 packet which received from an external network.
To accomplish this, the DTCP protocol has been enhanced by adding the feature that a DTCP client can inform its binding port to a DTCP server. With this enhancement, we can accomplish bi-directional connection.

However, this still doesn't work well with NAT. Since, NAT changes a port number dynamically, a DTCP client cannot inform its binding port to a DTCP server in advance.
In NAT traversal mode, a DTCP client doesn't inform its binding port. Instead, a server forwards a packet to a src port of a packet which is received from a client. Thus, an IPv6 packet from an external network can reach to a client only after a client once send an IPv6 packet to an external network.
In addition, a packet from an external network can reach to a client only when there is an entry for a connection in NAT table. So, a client need to send some IPv6 packet periodically to keep the entry in NAT table.

- Configuration of dtcps

The UDP tunnel support of the DTCP package uses ng_ksocket(4). To work UDP tunnel support in NAT traversal mode correctly, we need to modify ng_ksocket(4) to be able to forward a packet to a src port of a packet from a client. Please apply following patch, then rebuild your ng_ksocket.ko: If you don't have a plan to use an UDP tunnel in NAT traversal mode, you don't need to modify your ng_ksocket(4).
Please note that the patch is required only for a server. You don't need it for a client.

If the dtcps is invoked with -U option, it accepts a request for an IPv6 over UDP/IPv4 tunnel.

The ngN is used for an interface of an UDP tunnel. By default, the unit number grows from ng0 dynamically. If you want to use an interface with certain lower unit number, you can specify it by -I option.

An UDP port is assigned dynamically for every UDP tunnel. By default, the lower port number is 4028. You can change the lower port number by -b option.

- Usage of dtcpc

If the dtcpc is invoked with -U option, it uses an IPv6 over UDP/IPv4 tunnel. If you are behind NAT, specify -n option as well.

The ngN is used for an interface of an UDP tunnel. The ng0 is used by default. If you want to use another interface, you can specify it by -i option.

The port to use for an UDP tunnel is 4028 by default. You can change it by -b option.

- Usage of dtcpclient

If the dtcpc is invoked with -U option, it uses an IPv6 over UDP/IPv4 tunnel. If you are behind NAT, specify -n option as well.

The ngN is used for an interface of an UDP tunnel. The ng0 is used by default. If you want to use another interface, you can specify it by `tunif' variable in dtcpclient_script.conf.

The port to use for an UDP tunnel is 4028 by default. You can change it by -b option.

In NAT traversal mode, a client needs to send an IPv6 packet periodically. There is a sample script to do this:

dtcpclient-pinger.sh
Recent dtcpclient has some enhancement to be able to specify up_command and down_command in dtcpclient_script.conf. You can specify like following in your /usr/local/etc/dtcpclient_script.conf: 
up_command="/usr/local/etc/dtcpclient-pinger.sh IPv6 HOST &"
down_command="/usr/local/etc/dtcpclient-pinger.sh -k"
Where, IPv6 HOST could be an IPv6 address of your favorite DTCP server.

If you configure your NAT box to forward the UDP tunnel traffic arrived to the specific port, statically, you can set the port number by -B option. In this configuration, you don't need to send an IPv6 packet periodically.

All Rights Reserved, Copyright (C) 2006 Hajimu UMEMOTO
Last Modified May 26, 2006
ume@mahoroba.org