reader comments
18
with 15 posters participating, including story author
Share this story
Share on Facebook
Share on Twitter
Share on Reddit
Apple recently released firmware version 7.6.3 for its line of Airport Extreme Wi-Fi base stations. Assuming the
release notes
are accurate, the update barely warrants a bump after the second decimal point. The update adds the ability to extend a guest network or add a WPS-capable Wi-Fi printer, and it improves "international support." However, it does something else, too: it breaks IPv6 tunnels. But don't panic—this is easily fixed by changing a setting in the Airport Utility.
How Apple handles IPv6
The Airport Extreme base stations (AEBS) have a long and
checkered
past when it comes to supporting IPv6, which is the next version of the Internet Protocol that we now need more and more of
as the world runs out of IP(v4) addresses
.
Recent versions of the AEBS can provide IPv6 connectivity to the devices connected to them in four different ways: with and without tunnels, and automatically versus configured manually. Ideally, ISPs would just provide IPv6 connectivity the same way they provide regular IPv4 service. But most ISPs aren't quite there yet. As such, those of us who want to be on the bleeding edge, Internet Protocol-wise, have to put our IPv6 packets inside IPv4 packets in order to skip over the IPv4-only part of the network. Such a connection is called a tunnel.
IPv6-in-IPv4 tunneling.
There are two main ways to tunnel. You can let the AEBS handle everything automatically, or you can configure it to send packets to a tunnel broker—which is basically an IPv6 ISP. The automatic tunneling is called 6to4. Unfortunately, 6to4 doesn't always work reliably, so OS X—and most other operating systems—
try to avoid using it
. But despite that, if you have 6to4 enabled on your AEBS, don't worry—the 7.6.3 update doesn't break it.
Advertisement
The update does, however, break manually configured tunnels. I use one of those toward Hurricane Electric's free
tunnelbroker.net
service, and indeed, after the upgrade my home network was IPv4-only. The AEBS reported an IPv6 tunnel error. Unfortunately, the error message in the Airport Utility didn't go into any detail about the issue. Inspection with the
ifconfig
command in the Terminal showed that the AEBS wasn't giving out IPv6 addresses.
Getting your IPv6 back
According to Jeroen Massar, one of the operators of the free
SixXS
tunnel broker service, updated AEBSs
send back error messages
in response to the ping packets sent by the tunnel broker to determine whether the tunnel is operational.
One way to return a tunnel to working order is to downgrade to version 7.6.1 of the Airport Extreme firmware. With the latest version of the Airport Utility (6.2, also released last week) this is done by clicking on the AEBS, then on "edit," and then hovering the mouse pointer over the version number while holding the option key. This turns the version number into a drop-down menu with access to several older firmware versions. Be careful, though: once you click on a firmware version, the process starts, and there are no opportunities to stop it.
However, there's an easier way to get your tunnel back to working order. In version 5.6 and earlier of the Airport Utility, you need to enter four items to set up a tunnel:
The remote IPv4 address
The WAN IPv6 address
The IPv6 default route
The LAN IPv6 address
Advertisement
The AEBS would then assume that the
prefix length
used on your LAN is 64, allowing for 2
64
addresses. In theory, a different prefix length is possible, but in practice that doesn't work very well, so this is a pretty safe assumption. But you know what they say about assuming, so in the
new and improved Airport Utility
, there's a new field when you go to Internet > Internet Options to find the IPv6 tunnel settings.
The new field is "IPv6 delegated prefix"—in other words, the range of IPv6 addresses that the tunnel broker has given you for use on your LAN. (Unlike with IPv4, these are bona fide public addresses, so enable the IPv6 firewall through "block incoming IPv6 connections" as desired in Network > Network Options.)
If your tunnel broker gave you a prefix in
CIDR/prefix notation
ending in /64, just enter that prefix in the box, click update, drink a beverage of your choice while the AEBS reboots, and all will be right with the world.
I can't test this myself because I have a /64 prefix, but I suspect that if your prefix length is not /64, things will not work right. If you have a prefix longer than /64 (i.e., 65 or higher), go complain to your tunnel broker. If your prefix is shorter, for instance, a /56 or /48, you may want to change it to /64 for consumption by the AEBS. This way, you're only using a small part of the IPv6 addresses available to you, but otherwise entering a longer prefix is not problematic.
Apparently the Airport Utility doesn't check whether the AEBS' LAN IPv6 address falls within the specified prefix, but things will probably work better if it does. Also, the IPv6 WAN address displayed below these settings is incorrect, but that doesn't seem to get in the way of anything. You can check whether your IPv6 connectivity works at
test-ipv6.com
.
Listing image by
Sean MacEntee
