Mac OS X ISATAP client

$Id: isatap.html,v 1.20 2012/03/12 15:09:21 momose Exp $

Mar 13, 2012

You are using an IPv4 address. (3.17.78.184)

What's new

Introduction

ISATAP(Intra-Site Automatic Tunneling Addressing Protocol) is a technology that provides IPv6 reachablity for dual stack nodes on IPv4 network. See RFC5214 for more details.

In this page, ISATAP client for Mac OS X is introduced. Current Mac OS X has only 6to4 for IPv6 transition, though, it can't be used in the most Intra-Site networks (or enterprise networks). ISATAP is desgined to work on such intra-site if the site has IPv6 connectivity on it's border. (And ISATAP router should be put on the border.)

This implemenation is derived from KAME works. But a lot of fixes were needed to make it work as a Mac OS X kernel extention.

Current Status

This is quite pre-alpha quality. You must be sure that you may get serious damage with this kext. Please backup your Mac before trying this software.

In addition, functions provided by this software are very primitive. For example, if your ipv4 address was changed due to moving another network, dhcp lease expiring, so on, IPv6 addresses attached to the isatap interface wouldn't be updated automatically. That might irritate you since the ipv6 reachability would be hung up suddenly. These shortcomings will be improved at times.

I confirmed it works on 64 bit mode.

Licence

I don't claim any license of this work. All the license terms are belong to the original holder. i.e., The code from KAME have WIDE project license(almost same as BSD's one).

Requirements

Install and Operation

Note that this implementation is pre-alpha quality yet, thus, there is no cool installer nor nice looking gui. You need to operate it by hand in the terminal shell.

The following procedure should be done once when you install this package at fist.

  1. Download the binary package. macosx-isatap-0.4.tar.gz. This package doesn't contain any installer yet.
  2. Expand it under /usr/local/.
    % cd /usr/local
    % sudo tar xfz ~/Downloads/macosx-isatap-0.4.tar.gz
    
  3. Make sure that the permission of isatap.kext is 644, the owner is 'root' and the group is 'wheel'. If not, change them.
  4. change the rtsol/ifconfig path in userconfig.sh if you've expanded this packages elsewhere.

Normally, a kext is installed at /System/Library/Extensions. However, since additional operations are also required to configure ISATAP besides loading kext, this page doesn't recommend to put it on the default directory. But, it doesn't prohibit. If you'd like to install it there, do as you like. the following scripts would work properly such case. I'm glad to hear from you how it should be.

The operation described below is almost same as How to use ISATAP on KAME. But some operations are put into shell scripts.

  1. load this kext and configure isatap interface with config-ist.sh. Specify the interface name ipv4 address is assigned. If you use wifi, the operation would be as follows.
    % cd /usr/local/isatap
    % sudo ./config-ist.sh en1
    
    With this operation, kext is loaded, linklocal address is assigned based on your reachable IPv4 address.
  2. Configure isatap router. If you know the isatap router address, you can specify it statically like this: (suppose the isatap router is 192.168.0.254)
    % sudo ./ifconfig ist0 isataprtr 192.168.0.254
    
    if your site defines "isatap.your-domain", you can use update-isataprtr.sh.
    % sudo ./update-isataprtr.sh <your-domain>
    
    This script should be execute periodically somehow to update the isatap router list.
  3. Solicite RA periodically.
    % sudo ./rtsold.sh &
    
    Note that the built-in rtsold(8) doesn't send RA periodically.

If your outgoing IPv4 address was changed as moved to another network, execute config-ist.sh again.

If your isatap router was no longer available, change the address as follows:

% sudo ./ifconfig ist0 deleteisataprtr <old isatap router address>
% sudo ./ifconfig ist0 isataprtr <new isatap router address>

If you don't want to use ISATAP any more, just down the ist0 interface.

% sudo ifconfig ist0 down

You can use the ISATAP again when you up the ist0 interface.

or, just unload the kext.

% sudo kextunload isatap.kext

For Developers

Of cource, this is perfectly open source. But I can't prepare the source to be published yet. It will put on this site soon.

Known Bugs/Issues

There shouldn't be any serious problems. Belows are a list of what should be advanced.

Links


MOMOSE Tsuyoshi
Twitter Account: tmomose_en

Leave comment via facebook