{"id":747,"date":"2011-06-22T09:31:17","date_gmt":"2011-06-22T09:31:17","guid":{"rendered":"http:\/\/gigihfordanama.wordpress.com\/?p=747"},"modified":"2012-08-08T00:11:00","modified_gmt":"2012-08-08T00:11:00","slug":"configuring-ipv6-tunnel-broker-with-vyatta-behind-nat-freebsd","status":"publish","type":"post","link":"https:\/\/dosen.unila.ac.id\/gigih\/2011\/06\/22\/configuring-ipv6-tunnel-broker-with-vyatta-behind-nat-freebsd\/","title":{"rendered":"Configuring IPv6 Tunnel Broker With Vyatta behind NAT (FreeBSD)"},"content":{"rendered":"<p><a href=\"http:\/\/greeninnovationsolutions.com\/yahoo_site_admin\/assets\/images\/Vyatta_firewall.242170837_logo.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft\" src=\"http:\/\/greeninnovationsolutions.com\/yahoo_site_admin\/assets\/images\/Vyatta_firewall.242170837_logo.jpg\" alt=\"\" width=\"243\" height=\"61\" \/><\/a> <strong> Vyatta<\/strong> , kenapa mesti barang ini yang digunakan, jawabnya simple, pengen aja nyoba citarasanya, apakah segurih Mikrotik\/FreeBSD dalam hal kegunaan dan kemudahan penggunaannya. Ternyata sungguh betul dan benar sodara-sodara, aplikasi ini sungguh bisa membuat saya terpukau, fitur kumpilt dan userfriendly pulak.\u00a0 Cocok kan gan ??? , That&#8217;s it kita mulai saja. Sebagian saya ambil dari alamat berikut\u00a0 <a href=\"http:\/\/virtualpercula.blogspot.com\/2011\/04\/installing-and-configuring-vyatta-vm-to.html\">http:\/\/virtualpercula.blogspot.com\/2011\/04\/installing-and-configuring-vyatta-vm-to.html<\/a><br \/>\n<strong>Configuring the HE tunnel and testing basic IPv6 connectivity<\/strong><\/p>\n<p>Langsung saja menuju ke alamat berikut HE tunnel broker site\u00a0 lalu register untuk mendapatkan alokasi IPv6 gratis, tiss..tiss.. Kondisi yang saya alami adalah Vyatta tepat berada di belakang router(OS FreeBSD)\u00a0 dengan alokasi Private Address, dengan alokasi sbb;<\/p>\n<div style=\"padding-left:30px\"><strong>IP : 192.168.1.254<\/strong><\/div>\n<div style=\"padding-left:30px\"><strong>Netmask : 255.255.255.0<\/strong><\/div>\n<div style=\"padding-left:30px\"><strong>Gateway : 192.168.1.234<\/strong><\/div>\n<div>\n<p>Pastikan gateway utama dibuatkan rule pass protokol 41 dimapping ke server vyatta, simplenya karena gateway utama disini menggunakan freeBSD, kira kira seperti seperti ini;<\/p>\n<\/div>\n<p style=\"padding-left:30px\"><strong>binat on $eIF from\u00a0 192.168.1.254\u00a0 to any -&gt; 103.3.46.58 #Map BiNAT Full Vyatta<\/strong><\/p>\n<p>arti perintah packerfilter diatas adalah si gateway akan melakukan mapping secara bidirectional point to point dari ip 103.3.46.58 ke 192.168.1.254<\/p>\n<div><!--more-->Ini alokasi yang kita dapatkan dari si TUNNELBROKER;<\/div>\n<div>\n<div>\n<div style=\"padding-left:60px\"><strong>IPv6 Tunnel Endpoints<\/strong><\/div>\n<div style=\"padding-left:60px\"><strong>Server IPv4 Address:216.218.221.42<\/strong><\/div>\n<div style=\"padding-left:60px\"><strong>Server IPv6 Address:2001:470:35:2eb::1\/64<\/strong><\/div>\n<div style=\"padding-left:60px\"><strong>Client IPv4 Address:<a id=\"edit_ipv4z\" title=\"Edit Endpoint\" href=\"http:\/\/tunnelbroker.net\/ipv4_update.php?tid=122965\">103.3.46.58<\/a><\/strong><\/div>\n<div style=\"padding-left:60px\"><strong>Client IPv6 Address:2001:470:35:2eb::2\/64<\/strong><\/div>\n<div style=\"padding-left:60px\"><strong>Available DNS Resolvers<\/strong><\/div>\n<div style=\"padding-left:60px\"><strong>Anycasted IPv6 Caching Nameserver:2001:470:20::2<\/strong><\/div>\n<div style=\"padding-left:60px\"><strong>Anycasted IPv4 Caching Nameserver:74.82.42.42<\/strong><\/div>\n<div style=\"padding-left:60px\"><strong>Routed IPv6 Prefixes<\/strong><\/div>\n<div style=\"padding-left:60px\"><strong>Routed \/64:2001:470:36:2eb::\/64<\/strong><\/div>\n<div style=\"padding-left:60px\"><strong>Routed \/48:<a id=\"assign48\" href=\"http:\/\/tunnelbroker.net\/tunnel_detail.php?tid=122965#\">Assign \/48<\/a><\/strong><\/div>\n<\/div>\n<\/div>\n<div style=\"padding-left:60px\">Auto Generate dari tunnelbroker untuk OS Vyatta akan menghasilkan output Sbb,<\/div>\n<div style=\"padding-left:60px\"><strong>configure<\/strong><br \/>\n<strong>edit interfaces tunnel tun0<\/strong><br \/>\n<strong>set encapsulation sit<\/strong><br \/>\n<strong>set local-ip 103.3.46.58<\/strong> ### Karena Vyatta Behind\u00a0 NAT maka line ini kita ganti dengan IP Local kita jadi &lt;<strong>192.168.1.254<\/strong>&gt;<br \/>\n<strong>set remote-ip 216.218.221.42<\/strong><br \/>\n<strong>set address 2001:470:35:2eb::2\/64<\/strong><br \/>\n<strong>set description &#8220;HE.NET IPv6 Tunnel&#8221;<\/strong><br \/>\n<strong>exit<\/strong><br \/>\n<strong>set protocols static interface-route6 ::\/0 next-hop-interface tun0<\/strong><br \/>\n<strong>commit<\/strong><\/div>\n<div>Pastikan mulai saat ini mesin Vyatta sudah terkoneksi dengan jaringan global IPv6 via HE<\/div>\n<div><strong>gigih@int-gateway:~$ traceroute6 ipv6.google.com<\/strong><br \/>\ntraceroute to ipv6.google.com (2404:6800:800b::93), 30 hops max, 80 byte packets<br \/>\n1\u00a0 2001:470:35:2eb::1 (2001:470:35:2eb::1)\u00a0 31.186 ms\u00a0 31.563 ms\u00a0 32.184 ms<br \/>\n2\u00a0 gige-g2-13.core1.sin1.he.net (2001:470:0:17c::1)\u00a0 39.809 ms\u00a0 39.802 ms\u00a0 39.790 ms<br \/>\n3\u00a0 15169.sgw.equinix.com (2001:de8:4::1:5169:1)\u00a0 41.265 ms\u00a0 41.106 ms\u00a0 41.229 ms<br \/>\n4\u00a0 2001:4860::1:0:1c5 (2001:4860::1:0:1c5)\u00a0 32.088 ms 2001:4860::1:0:1c6 (2001:4860::1:0:1c6)\u00a0 32.076 ms 2001:4860::1:0:1c5 (2001:4860::1:0:1c5)\u00a0 32.185 ms<br \/>\n5\u00a0 2001:4860::1:0:9d0 (2001:4860::1:0:9d0)\u00a0 123.023 ms\u00a0 123.018 ms 2001:4860::1:0:3c0 (2001:4860::1:0:3c0)\u00a0 62.317 ms<br \/>\n6\u00a0 2001:4860::2:0:3c6 (2001:4860::2:0:3c6)\u00a0 39.399 ms\u00a0 37.947 ms\u00a0 38.039 ms<br \/>\n7\u00a0 2001:4860:0:1::25b (2001:4860:0:1::25b)\u00a0 38.073 ms\u00a0 38.027 ms\u00a0 38.369 ms<br \/>\n8\u00a0 2404:6800:800b::93 (2404:6800:800b::93)\u00a0 37.978 ms\u00a0 39.808 ms\u00a0 39.107 ms<br \/>\n<strong>gigih@int-gateway:~$<\/strong><\/div>\n<div><a href=\"http:\/\/gigihfordanama.files.wordpress.com\/2011\/06\/tun-5.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" src=\"http:\/\/gigihfordanama.files.wordpress.com\/2011\/06\/tun-5.png?w=300\" alt=\"\" width=\"320\" height=\"233\" border=\"0\" \/><\/a><\/div>\n<div style=\"padding-left:90px\"><strong>gigih@int-gateway# set interfaces ethernet eth0 ipv6 router-advert <\/strong><br \/>\n<strong>[edit]<\/strong><br \/>\n<strong>gigih@int-gateway# set interfaces ethernet eth0 ipv6 router-advert\u00a0 prefix 2001:470:35:2eb::\/64<\/strong><br \/>\n<strong>[edit]<\/strong><br \/>\n<strong>gigih@int-gateway# set interfaces ethernet eth0 address 2001:470:35:2eb::1\/64<\/strong><br \/>\n<strong>[edit]<\/strong><\/div>\n<div style=\"padding-left:90px\"><strong>gigih@int-gateway#commit<\/strong><\/div>\n<div>sampai disini seharusnya seluruh client yg tersambung ke interface eth0 jika diset IPv6 auto akan mendapatkan alokasi IPv6 address dari vyatta. contoh disaya,<\/div>\n<div>\n<pre>Ethernet adapter Local Area Connection:\n\n   Connection-specific DNS Suffix  . :\n   IPv6 Address. . . . . . . . . . . : 2001:470:35:2eb:ac64:bf76:bb02:d1\n   Temporary IPv6 Address. . . . . . : 2001:470:35:2eb:30cf:c048:35be:fb2e\n   Link-local IPv6 Address . . . . . : fe80::ac64:bf76:bb02:d1%12\n   IPv4 Address. . . . . . . . . . . : 192.168.1.205\n   Subnet Mask . . . . . . . . . . . : 255.255.255.0\n   Default Gateway . . . . . . . . . : fe80::221:5eff:fe6e:b0f0%12\n                                       192.168.1.254\nauto ip tidak akan bisa digunakan karena Firewall ipv6 belum kita aktifkan.\nBerikut cara-caranya<\/pre>\n<\/div>\n<div>Click on Firewall &gt; IPv6-name and click the create button. Enter Tunnel_to_LAN in the text box and click the &#8220;commit&#8221; link at the top right of the page, the default action of a rule is to drop traffic which is what we want.<\/div>\n<div>\n<div><a href=\"http:\/\/gigihfordanama.files.wordpress.com\/2011\/06\/gui-1.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" src=\"http:\/\/gigihfordanama.files.wordpress.com\/2011\/06\/gui-1.png?w=300\" alt=\"\" width=\"320\" height=\"195\" border=\"0\" \/><\/a><\/div>\n<p>Repeat the step above but create the LAN_to_Tunnel name, keep the default action as &#8220;drop&#8221; and commit it.<\/p>\n<div><a href=\"http:\/\/gigihfordanama.files.wordpress.com\/2011\/06\/gui-2.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" src=\"http:\/\/gigihfordanama.files.wordpress.com\/2011\/06\/gui-2.png?w=300\" alt=\"\" width=\"320\" height=\"198\" border=\"0\" \/><\/a><\/div>\n<p>Click on Firewall \u00a0&gt; IPv6-name &gt; LAN_to_Tunnel &gt; Rule and enter the number 10 set the action to accept and commit it. Now expand the rule you just created and click on State and click create and select &#8220;Established&#8221; and &#8220;Related&#8221; and commit your changes<\/p>\n<div><a href=\"http:\/\/gigihfordanama.files.wordpress.com\/2011\/06\/gui-3.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" src=\"http:\/\/gigihfordanama.files.wordpress.com\/2011\/06\/gui-3.png?w=300\" alt=\"\" width=\"320\" height=\"195\" border=\"0\" \/><\/a><\/div>\n<div><a href=\"http:\/\/gigihfordanama.files.wordpress.com\/2011\/06\/gui-4.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" src=\"http:\/\/gigihfordanama.files.wordpress.com\/2011\/06\/gui-4.png?w=300\" alt=\"\" width=\"320\" height=\"195\" border=\"0\" \/><\/a><\/div>\n<p>Using the same method create rule number 20 and but this time we want to drop packets, select state again and this time check &#8220;Invalid&#8221; and commit your changes.<\/p>\n<div><a href=\"http:\/\/gigihfordanama.files.wordpress.com\/2011\/06\/gui-5.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" src=\"http:\/\/gigihfordanama.files.wordpress.com\/2011\/06\/gui-5.png?w=300\" alt=\"\" width=\"320\" height=\"195\" border=\"0\" \/><\/a><\/div>\n<div><a href=\"http:\/\/gigihfordanama.files.wordpress.com\/2011\/06\/gui-6.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" src=\"http:\/\/gigihfordanama.files.wordpress.com\/2011\/06\/gui-6.png?w=300\" alt=\"\" width=\"320\" height=\"195\" border=\"0\" \/><\/a><\/div>\n<p>Next create rule number 100 with a accept action and this time select Protocol and select &#8220;All&#8221; and commit your changes.<\/p>\n<div><a href=\"http:\/\/gigihfordanama.files.wordpress.com\/2011\/06\/gui-7.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" src=\"http:\/\/gigihfordanama.files.wordpress.com\/2011\/06\/gui-7.png?w=300\" alt=\"\" width=\"320\" height=\"195\" border=\"0\" \/><\/a><\/div>\n<\/div>\n<div>\n<div>So to summarize, we have created a zone called Tunnel_to_LAN which has a\u00a0default\u00a0action of &#8220;drop&#8221;. So any\u00a0unsolicited\u00a0traffic from the IPv6 Internet will be dropped that is destined for your LAN. We will add rules to accept established and connected traffic and to drop\u00a0invalid\u00a0packets in future steps.<\/div>\n<div>We created the LAN_to_Tunnel zone and applied rules to allow traffic out.\u00a0You now have a basic rule set for the traffic that will travel from your LAN to the Tunnel to HE and to the IPv6 at large.<\/div>\n<\/div>\n<div>Now we will adds rules to the Tunnel_to_LAN zone to allow established and related traffic in and drop invalid traffic.<\/div>\n<div><a href=\"http:\/\/gigihfordanama.files.wordpress.com\/2011\/06\/gui-8.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" src=\"http:\/\/gigihfordanama.files.wordpress.com\/2011\/06\/gui-8.png?w=300\" alt=\"\" width=\"320\" height=\"195\" border=\"0\" \/><\/a><\/div>\n<div><a href=\"http:\/\/gigihfordanama.files.wordpress.com\/2011\/06\/gui-9.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" src=\"http:\/\/gigihfordanama.files.wordpress.com\/2011\/06\/gui-9.png?w=300\" alt=\"\" width=\"320\" height=\"195\" border=\"0\" \/><\/a><\/div>\n<p>terakhir check apakah IPv6 sudah bisa keluar<\/p>\n<pre>C:UsersDD-IYAY&gt;tracert -6 ipv6.google.com\n\nTracing route to ipv6.l.google.com [2404:6800:800b::93]\nover a maximum of 30 hops:\n\n  1    &lt;1 ms    &lt;1 ms    &lt;1 ms  2001:470:35:2eb::1\n  2    31 ms    31 ms    31 ms  2001:470:35:2eb::1\n  3    30 ms    30 ms    31 ms  gige-g2-13.core1.sin1.he.net\n[2001:470:0:17c::1]\n\n  4    30 ms    33 ms    30 ms  15169.sgw.equinix.com [2001:de8:4::1:5169:1]\n  5    31 ms    31 ms    31 ms  2001:4860::1:0:1c6\n  6    37 ms    37 ms    37 ms  2001:4860::1:0:9d0\n  7    99 ms    38 ms    37 ms  2001:4860::2:0:3c7\n  8    48 ms    38 ms    49 ms  2001:4860:0:1::257\n  9    38 ms    38 ms    43 ms  2404:6800:800b::93\n\nTrace complete.<\/pre>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Vyatta , kenapa mesti barang ini yang digunakan, jawabnya simple, pengen aja nyoba citarasanya, apakah segurih Mikrotik\/FreeBSD dalam hal kegunaan dan kemudahan penggunaannya. Ternyata sungguh betul dan benar sodara-sodara, aplikasi ini sungguh bisa membuat saya terpukau, fitur kumpilt dan userfriendly pulak.\u00a0 Cocok kan gan ??? , That&#8217;s it kita mulai saja. Sebagian saya ambil dari &hellip; <a href=\"https:\/\/dosen.unila.ac.id\/gigih\/2011\/06\/22\/configuring-ipv6-tunnel-broker-with-vyatta-behind-nat-freebsd\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Configuring IPv6 Tunnel Broker With Vyatta behind NAT (FreeBSD)&#8221;<\/span><\/a><\/p>\n","protected":false},"author":25,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1348,9],"tags":[241,1253,1254,1255],"class_list":["post-747","post","type-post","status-publish","format-standard","hentry","category-kiat-sukses-menjadi-seorang-network-engineer-2","category-world-of-ict","tag-configure-vyatta-ipv6","tag-vyatta","tag-vyatta-ipv6-tunnel","tag-vyatta-tunnel-broker"],"_links":{"self":[{"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/posts\/747"}],"collection":[{"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/users\/25"}],"replies":[{"embeddable":true,"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/comments?post=747"}],"version-history":[{"count":0,"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/posts\/747\/revisions"}],"wp:attachment":[{"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/media?parent=747"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/categories?post=747"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/tags?post=747"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}