SW_DSLite

How to circumvent the restrictions of DS-Lite

The instructions explain how to make the piTelex software accessible from both IPV4 and IPV6 networks using a FritzBox router and tunnel software.

Abstract

The piTelex software, running on a local Raspberry Pi device named raspi.fritz.box, is accessible on the local network using an IPV4 connection. However, it cannot handle IPV6 connections; an IPV4 address is required for the router. With DS-Lite, all carrier internal traffice is done via IPv6; transition to IPv4 network is done at the carrier borders. That means that your router is not reachable from the IPv4 part of the internet, and also your piTelex device is not. To make piTelex reachable externally in this case, a myfritz account is created for the FritzBox, providing a DynDNS service for IPV6 devices behind the FritzBox. By setting up a port share for IPV6 on the FritzBox and creating a tunnel using the 6tunnel software on the Raspberry Pi device, connections can be forwarded from the external IPV6 network to the internal IPV4-piTelex software. Additionally, an IPV4 connection can be established by using / renting an external vServer under Linux and setting up another 6tunnel software to tunnel IPV4 connections via IPV6 to the Raspberry Pi device. This way, piTelex can be accessed using the IPV4 address of the vServer. The tunnel software can be included in the start-up scripts for convenience.

Terms and definitions :-)

In the local network behind the FritzBox router, a RPi is running the piTelex software. It is called raspi.fritz.box and has received a local V4 and a V6 address from the FritzBox via DHCP. piTelex runs on the standard port 2342. The FritzBox is connected to the internet via DS-Lite (Dual Stack Lite).

This means that piTelex can be reached only from the local network, and only via IPV4 connections, because piTelex cannot yet handle V6.

HOWTO

• For the FritzBox, if not already done, create a myfritz account (how to do this can be found in the fritzbox help). This will give you a DynDNS service also for IPV6 devices behind the FritzBox. The hostname of the FritzBox is then e.g. abcxyz123.myfritz.net.

• Set up a port share for IPV6 on the FritzBox:

  • Add the device for the share -> raspi; Attention, check the suggested IPV6_address (last 4 groups) and correct if necessary!

  • Create a new share for raspi. Since the original port 2432 on the raspi is already occupied by piTelex, we simply take another one, here for example 2343:

    Application: other
    Name: iptelex-proxy
    Scheme: http://
    Port on device: 2343
    

    The scheme does not matter, just use http://.

  • Activate the share and accept it.

  • Call up the share again and check and remember the computer name displayed. Under this name, the raspi can be reached from the external IPV6 network, and only at port 2343 (iptelex-proxy). For example, it is raspi.abcxyz123.myfritz.net.

• Now the connection between IPV6 connections coming in via the Fritzbox on port 2343 and the IPV4-piTelex software on port 2342 must be created. For this purpose, a tunnel software is used on the raspi, which is installed with

  sudo apt install 6tunnel
  

• The tunnel is configured and called up with

  sudo 6tunnel -6 2343 127.0.0.1 2342
  

The tunnel binds to the IPV6 address of the raspi and forwards incoming connections there on port 2343 to the IPV4 loopback address 127.0.0.1 and the standard piTelex port 2342. This is what piTelex can handle.

This makes the piTelex software reachable from the IPV6-enabled part of the internet at raspi.abcxyz123.myfritz.net:2343 To extend this to a IPV4 connection, I rented the smallest available vServer out there with debian linux (you can get it for free or just a few Euros including DUAL stack (IPV4 and IPV6 and static IPV4 address). In the example, its IPV4 address is 111.222.333.444.

• Also install 6tunnel on the vServer (see above).

• Call the tunnel with

     6tunnel 2342 raspi.abcxyz123.myfritz.net 2343
  

  This causes 6tunnel to bind to the IPV4 address 111.222.333.444, port 2342 and to tunnel incoming IPV4 connections via IPV6 to the raspi on port 2343, where the raspi's internal tunnel is already listening to pass the packets to the piTelex software.

Et voilà!

Now piTelex can be reached from the internet via an IPV4 connection using the address 111.222.333.444:2342.

If everything works, you can of course include the calls to the tunnel software in the start-up scripts of the computers, so that you don't always have to do it manually.