A new project has been added

Hi everyone,

It’s been a long time since I’ve updated this blog. I wanted to announce that I added a new project to my Projects page. It’s an updater for a TunnelBroker IPv6 Tunnel, written in Python. You’ll see two versions listed. The first version is the original script, while the second version includes a password hashing program.

The requirements are Python 2.7.3 (although it’s a trivial task to convert it to Python 3.x), and you’ll have to fill in your information in the UserInfo.txt file. Try it out, and let me know what you think. And let me know what features you want to see included in it. My next plan for the script is adding some type of file size limitations, so you don’t end up with logs that are wiping out your hard drives. Right now, you have to manually clean the results.log file out (although after a week of running, it’s only at about 5KB).

Have a great day:)
Patrick.

Some things to know about IPv6.

Hi there.

I’ve posted about IPv6 before, and in some cases people are hearing more and more about it in the mainstream media. However, in most cases, you’re not hearing anything (and probably not even aware of it). So, here are a few things that you should know about IPv6.

IPv4 and IPv6 are not compatible. What does this mean? It means that if your server/site only has access via IPv4 or via IPv6, then users who are not running both configurations may not be able to access it.

The changeover is not automatic. What this means is if you run the service, you either a) have to manually configure it for IPv6, or b) instruct your hosting provider (and/or Domain Registrar) to configure it to be accessible via IPv6. It won’t happen automatically.

We’re almost out of IPv4 addresses. What this means is that after this month, no more IPv4 addresses will be available for providers or corporations. While you may not notice anything, some things will be happening.

These are:

  • Entities who currently have IPv4 addresses will have to make due with what they have.
  • If you’re a new subscriber to an ISP, you may get an IPv4 address, both an IPv4 and IPv6 address, or just an IPv6 address. If you only get an IPv6 address, then a lot of sites that you currently visit will not work.
  • Not a lot of sites are making the effort to configure IPv6 yet.

Because IPv6 is new, the security issues are not completely known. And most consumer routers/modems are not capable of working with IPv6 (or securing it). As time goes on and more people are making the switch, you will see more information in plain language about securing your networks.

Your computer won’t automatically switch to IPv6. This is kind of misleading. I say that, because if your modem provides you with an IPv6 address, and your operating system has IPv6 installed, then it will automatically get one. However, if your Operating System doesn’t have IPv6 installed, you will have to do that.

You can just set up IPv6 and surf. Again, this is misleading. Yes, you can Just set up IPv6 and surf. However, there are multiple steps needed (unless your ISP provides you with an IPv6 address). You have to find an IPv6 tunnel service (http://www.tunnelbroker.net http://www.gogo6.net http://www.sixXs.net are a few) and sign up for their service. Then you have to configure your computer (or install their tools) to use their service as your tunnel. Finally, you need to test things out by going to sites like http://www.whatismyipv6.net **I would try this one first, as it will show you an IPv4 or IPv6 address–depending on what it detects** http://ipv6.google.com http://www.v6.facebook.com or other IPv6 enabled sites.

Most importantly, if your favorite site doesn’t have IPv6 capabilities, you need to pressure them to make the switch. I would imagine within the next six to nine months, that most major sites will start to switch. However, the onus is on YOU to make sure they know that it’s needed.

I should note that some of the information from this came from a post on Planet Ubuntu. http://www.stgraber.org/2010/12/31/getting-ready-for-ipv6/ and http://www.omat.nl/2011/01/09/ipv6-approaching-fast/ (Planet KDE)

I’ll have more information on the changeover as it arrives.

Have a great day:)
Patrick.

Configuring a Cisco Router to support a LAN on DSL

One of the things that I accomplished in the past month was to convert my network from a “modem to consumer router to computers” to a “modem to Cisco Enterprise Router to Cisco Enterprise Switch to computers (with the consumer router proving wireless access).  And on top of that, I enabled IPv6 on the entire network with my /64 network from Hurricane Electric.  Both feats took some effort to accomplish, although I owe a great deal of thanks to the people at DSL Reports Cisco Hardware Forums.

To make someone else’s life a little easier, I’m posting my completed (sanitized to remove passwords and actual IP Addresses) configuration file for the router up here.  As for the switch, I simply configured one vlan (vlan 1) with an IP Address from my excluded IP’s and configured security on it.  If the text has a * or () then it’s a comment.

version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname whatrouteriscalled
!
boot-start-marker
boot-end-marker
!
enable secret 5 removed-password
!
no aaa new-model
ip subnet-zero
ip cef
ip dhcp excluded-address eth0 ipv4 address
ip dhcp excluded-address switch vlan management ipv4 address
ip dhcp excluded-address server ipv4 address
ip dhcp excluded-address wireless router ipv4 address
ip dhcp excluded-address optional ipv4 (needed for a desktop
ip dhcp excluded-address second wireless router ipv4 address (open wireless)
!
ip dhcp pool internal-network
   network ipv4network (.0) 255.255.255.0
   default-router eth0 ipv4 address
   dns-server 208.67.222.222 208.67.220.220 (OpenDNS Public IPv4 addresses)
!
vpdn enable
!
vpdn-group 1
request-dialin
  protocol pppoe
!
ipv6 unicast-routing *enables IPv6 and allows for routing
!
!
!
!
interface Tunnel0
description Hurricane Electric IPv6 Tunnel Broker
no ip address
ipv6 address client-side ipv6 address/64
ipv6 enable
tunnel source Dialer1
tunnel destination server side ipv4 address for he.net
tunnel mode ipv6ip
!
interface Ethernet0
description My LAN Interface
ip address eth0 ipv4 address 255.255.255.0
ip nat inside
no ip mroute-cache
ipv6 address ipv6 network address/64 eui-64 *(ends in ::)
ipv6 enable
no cdp enable
!
interface Ethernet1
description Physical ADSL Interface (Facing the ISP)
no ip address
no ip mroute-cache
pppoe enable
pppoe-client dial-pool-number 1
no cdp enable
!
interface Serial0
no ip address
no ip mroute-cache
shutdown
no cdp enable
!
interface Serial1
no ip address
no ip mroute-cache
shutdown
no cdp enable
!
interface Dialer1
description Logical ADSL Interface
ip address negotiated
ip mtu 1492
ip nat outside
encapsulation ppp
ip tcp adjust-mss 1452
no ip mroute-cache
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname username provided by ISP
ppp chap password 7 encrypted password provided by ISP
ppp pap sent-username username provided by ISP password 7 encrypted password from ISP
!
ip nat inside source list 10 interface Dialer1 overload
ip nat inside source static tcp server ipv4 address 4125 interface Dialer1 4125
ip nat inside source static tcp server ipv4 address 443 interface Dialer1 443
ip nat inside source static tcp server ipv4 address 80 interface Dialer1 80
no ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
access-list 10 permit ipv4 network (.0) 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
ipv6 route ::/0 Tunnel0
!
!
line con 0
exec-timeout 120 0
password 7 password (encrypted)
login
stopbits 1
line aux 0
line vty 0 4
exec-timeout 0 0
password 7 password (encrypted)
no login
length 0
!
scheduler max-task-time 5000
end

Some notes…  The ! are ignored by the router, so you don’t need to put them in.  If you want to create comments for what things are doing, you’ll precede them with the ! (and the router will throw them out when it’s configuring).

It was recommended that I (and you) use service password-encryption which will automatically encrypt any passwords (minimizing the need for removing them).  If you use this, and it puts a “7” before the password, you still need to remove it (as the encryption is weak) but if it has a “5” before it (like the enable secret does) it’s stronger.  Personally, I’ll remove them all from the config anyhow.

This should be considered a starting point for you, as everyone’s situation is different.  And this should be a starting point, if you’re interested in learning (for your CCNA or CCNP or just for the sheer joy of it) about Cisco configurations.

Have a great daySmile
Patrick.

IPv6 accessible websites

This is going to be a list of IPv6 accessible websites.  Some of them will be accessible regardless of whether you have IPv6 enabled or not, but others will only be available via IPv6.  As I get more, I will add them to the list…  Here we go.

http://penrose.uk6x.com/ Countdown to the exhaustion of IPv4 addresses

Checking to see whether you have IPv6 enabled:

http://www.whatismyipv6.com

http://www.ipv6.org (also has information and an older list of sites)

http://ipv6.whatismyipv6.net.ipv4.sixxs.org/

http://www.runningipv6.net/what-is-my-ipv6-address.php

Search engines:  (There’s only one that actually has an IPv6 address that I know of)

http://ipv6.google.com (will return an error if you don’t have IPv6 enabled)

A list of Internet Providers who will give you an IPv6 address (I’m going to call a few around the US to find out if they offer it as well)

http://www.sixxs.net/faq/connectivity/?faq=native

http://ipv6.comcast.net/ Comcast is running IPv6 trials, and has this portal

 http://www.ast.cam.ac.uk/ Cambridge University Institute of Astronomy (IPv6 only)

http://www.ipv6.org.uk/workshop/ Workshop with different information on IPv6

http://www.surgeradio.co.uk/ Surge Radio (UK)

www.ipv6.ecs.soton.ac.uk IPv6 at Southampton University (may not load)

And most importantly…..

www.v6.facebook.com  Facebook has IPv6 access.  Now that’s a reason to switch (granted it looks the same as IPv4, but by using it, you’ll be helping the Internet)

I’ve sent comments to LinkedIN and MySpace to find out if, and when, they’ll have IPv6 capabilities.  Also, Google has IPv6 capability enabled on quite a few of their sites.  Including YouTube.

Comcast is testing out IPv6 and will hopefully phase it in within the next year.  This is the dilemma for people.  Everyone knows that the end of IPv4 is coming.  And most know that it will be within the next two years.  But, since they believe that even after all of the IPv4 addresses are doled out they’ll still be able to function, no one’s in a hurry to transition.  So, it’s up to US the people to convince them to make the change.

As I get more sites, I’ll update this list.

Have a great daySmile
Patrick.

IPv6 The Wave of the Future Catch it now, before it’s too late.

It’s been a while since I posted here, but I wanted to touch on this subject.  Recently, I set up a new home network consisting of Cisco routers and switches.  In the process of setting it up, one of the people who helped me made the comment about going to http://www.he.net and getting an IPv6 Tunnel.  The comment was (paraphrased) get a tunnel from them, and get lost in it.  So, I did.

So what’s IPv6?

IPv6 is the newest standard for assigning IP Addresses to your devices on the network.  Right now, the majority of the people in the world (and sites on the Internet) use IPv4 addresses (192.168.3.2 for example).  The reason that it’s called IPv4 is because there are 4 groups of 8 bits making up each IP address (0 – 255 in each group).  The problem with this is, there is a finite amount of IP Addresses available, and after 20+ years of widespread Internet usage, we’re running out. 

One of the last reports that I saw said we’ll run out in about 666 days or less.  No, the world won’t stop (and neither will the Internet) but when you go to get online with that new iPhone v7 (figuring that within the next 365 days, there will be a v5 and within the next 600 days a v6), you won’t be able to.  Or you’ll be seriously restricted in how long you can be on (or what you can do).

IPv6 uses a 128-bit IP Addressing scheme.  That’s 8 groups of 16 bits.  I don’t have the exact figure for how many that is, but essentially it’s enough that every single person and device in the world could have it’s own IP Address.  And we’d still have tons left.

So, I decided to take that plunge and get on IPv6 (of course I’m still on my IPv4 address too, as my Internet Provider doesn’t supply IPv6 addresses that I know of).  It took a little bit of finagling to get everything working (mainly because of my network setup and the fact that my router is about 6 years old).  But, I’m happy to say it works. 

So, how do you get on IPv6?  Well unless your Internet Provider is giving out IPv6 addresses (which very few are to my knowledge and you’ll most likely have to ask for one), you’ll have to sign up with a “tunnel” service like Hurricane Electric (http://www.he.net).  After you sign up, they will help you to set up your computer/network to use the IPv6.  You may or may not be able to disable the IPv4 access, depending on various factors.

An example of how you’ll do it on Windows Vista/7, is this (noting that you’ll have to open a Command Prompt as the administrator)

netsh interface teredo set state disabled
netsh interface ipv6 add v6v4tunnel IP6Tunnel source-IPv4 destination-IPv4
netsh interface ipv6 add address IP6Tunnel IPv6-client (assigned by your tunnel)
netsh interface ipv6 add route ::/0 IP6Tunnel IPv6-server (assigned by your tunnel)

The “source-IPv4” is whatever IP address you signed up with, and the “destination-IPv4” is the IP Address (IPv4) of the tunnel.  The “add route” command is called a default route.  It means if there’s no other route known from your computer to whatever you’re trying to get to, then it goes through this route.

My next post is going to be a list of IPv6 websites.  Some will be information, and some will actually be accessible if you’re on IPv6.  My challenge to everyone is this:  Help me find sites.  The list that I found of sites that are IPv6 accessible is old (as in about 6 years).  So, I need more current sites.

I’ll start the list, and then I’ll edit it as I get more sites.

Have a great daySmile
Patrick.