How to quickly turn your Windows Sever 2003 into a 6to4 gateway

Takeshi Kabata



Microsoft has released Windows Server 2003. Like Windows XP, this OS comes with an environment that allows the user to easily utilize IPv6. It also has more IPv6-capable applications than Windows 2000, enabling more practical use of IPv6. This article will explain how to configure Windows Server 2003 as an IPv6 gateway in a corporate network in order to access IPv6 Internet.

There are several ways to use IPv6. One of the methods that allow you to use IPv6 when you only have IPv4 environment is 6to4. 6to4 enables you to access IPv6 Internet without any special procedures, by utilizing special IPv6 addresses that are made with global IPv4 addresses. Some OS, such as Windows XP can automatically configure 6to4 when a global IPv4 address is assigned to a network interface. Because of this feature, if you have access to the Internet through a connection such as dialup, you can connect to IPv6 Internet without any additional configuration.

As you can see, 6to4 is very useful. However, it has some limitations. One of the problems is that it cannot perform automatic configuration unless global IPv4 address is assigned to the interface. Another is that, in case of Windows, a server provided by Microsoft located in United States will be used as a default 6to4 gateway that bridges between IPv4 and IPv6. This slows down the communication for some users in other countries such as Japan.

The latter problem can be partially resolved by using a 6to4 server closer to you. For example, a Japanese user can use a 6to4 server provided by KDDI (http://www.6to4.jp/). However, the former problem has made it difficult to use 6to4 in an environment where there is only one static IP address and private addresses are used inside the company by utilizing NAT. But if you set up an IPv6 gateway inside a corporate network (or in DMZ), you will be able to access IPv6 Internet from an desktop PC inside the company without making large changes to the existing environment.


Configuring 6to4 gateway

We will take a look at the configuration procedures in the following environment, which should be common in a small-scale network.

• Things you need:
  
  • Windows Server 2003 (you need only one network card)
    
  • One static global IPv4 address
    
  • Windows XP SP1 for test purpose (must have IPv6 installed)

Configuration Procedures

First, we have to install Windows Server 2003. IPv6 is not enabled at default, so type

netsh interface ipv6 install

at the command line, or go to the “Properties” of the “Local area network connection” to install IPv6.



There is no need to change the configuration of the IPv4, and it’s fine even if you are obtaining addresses using DHCP.

Windows Server 2003 and Windows XP can not access Web sites using IPv6 addresses Internet Explorer that was provided in Windows 2000 allowed user to directly specify IPv6 address using a URL specifying method called literal format shown in the example below. (Example) http://[2001:240:XX:80]/ However, Windows XP and Windows Server 2003 do not support this type of format. Which means that when you want to test the connection, you cannot type the address directly into the browser. This won’t be a problem when you are using Ping or tracert, but it will cause inconvenience when you want to test using IIS or Windows Media. In order to resolve this problem you need DNS. It will be nice if we can get around the problem by writing directly into Hosts file, but unfortunately Windows does not allow this. In Windows Server 2003, not only IIS but also Windows Media Service supports IPv6, but as mentioned above, you won’t even be able to access the service if you don’t have DNS. Please be careful.

Next, we will run the following commands to enable 6to4 on the machine. Interface number might change depending on the number of network card you are using, so please check carefully. Here you must specify network interface that is connected to the corporate network.

//For using KDDI’s 6to4 service
netsh interface ipv6 6to4 set relay 202.255.45.5 enable
//Assign address for the use in 6to4 ¹
netsh interface ipv6 add address interface=3 address=2002:XX:YY::XX:YY
//Set the route ²
netsh interface ipv6 add route 2002:XX:YY:4::/64 4 publish=yes
//Set the default route. Direct the traffic towards KDDI server
netsh interface ipv6 add route ::/0 3 2002:caff:2d05::1 publish=yes
//
//Set router advertisement
netsh interface ipv6 set interface 3 forwarding=enabled
netsh interface ipv6 set interface 4 forwarding=enabled advertise=enabled


XX:YY shown in the command above is a colon hexadecimal representation of the assigned global IPv4 address. After finishing these settings, you can try running ipconfig on a client XP, and you will see that an IPv6 address starting from 2002 is assigned to the machine. Now you should be able to access the web sites like www.kame.net. Also some of the settings regarding IPv6 were erased after reboot in Windows 2000, but in Windows Server 2003, these settings will remain even when you reboot.

1	In the above example, address assigned to the 6to4 interface is shown as 2002:XX:YY::XX:YY. However, you can use any part of the assigned address, and it is possible, for example, to specify as 2002:XX:YY::80.
2	Here the subnet is specified as 4 following the convention of using the same number as the interface number, but you can specify other numbers.

Cautions when using these settings in Windows 2000

If you install IPv6 stack in Windows 2000, you will not be able to access IPv6 sites using Internet Explorer 6. You can avoid this problem by using tpipv6-001205-SP2-IE6.zip available at hs247.com, but this is not the official version and proper operation is not guaranteed.

Issues

When I tested this environment, there was no problem accessing outside from inside, but it was not possible to access internal client from outside. More specifically, when I connected XP client to Intranet using dialup and tried to check the path to the test environment using a configuration that utilizes Microsoft’s 6to4 server, I could not access the test environment. Furthermore, I frequently had problems with automatic configuration of 6to4 service when using XP machine with a dialup connection. However, this problem was not always seen and therefore the cause of it is still unknown.


You can easily upgrade existing networks to IPv6

Although there are some minor problems, I hope you were able to see that you can upgrade a network to IPv6 very easily, without making large changes to the existing environment. In fact, the method mentioned in this article should also work in Windows XP. If you have a static IP address, please try upgrading your network to IPv6.