vyatta-aiccu provides support for establishing AYIYA tunnels with AICCU.
First, add the debian APT repositories and the repository of this project
configure set system package repository squeeze components 'main contrib non-free' set system package repository squeeze distribution squeeze set system package repository squeeze url http://http.us.debian.org/debian set system package repository squeeze-security components main set system package repository squeeze-security distribution squeeze/updates set system package repository squeeze-security url http://security.debian.org set system package repository vyatta-aiccu components contrib set system package repository vyatta-aiccu distribution squeeze set system package repository vyatta-aiccu url https://github.com/fgp/vyatta-aiccu/raw/gh-pages/debian/ commit
Then install the package with
sudo apt-get update sudo apt-get install vyatta-aiccu
NOTE: If the
aiccu package isn't already installed on your system, it will be installed as a dependency of
aicuu package will then asks for your SIXXS username and password. Simply hit ENTER when it does that!. The actual configuration of aiccu will happen from the EdgeOS CLI. If you do enter a username or password during installation, the
aiccu package will attempt to configure the aiccu daemon to be launched by the init system, which will fail because of a dependency issue! The EdegeOS integration provided by
vyatta-aiccu takes care of launching aiccu once per configured aiccu interface, and at the right time during the boot proccess. Having the init system launch aiccu is neither necessary nor desirable!
You then need to configure a aiccu interface using the EdgeOS CLI. Assuming that you want to establish a tunnel provided by sixxs.net, you only need to set your account's username, password, and the ID of the tunnel you want to establish. To avoid store your sixxs.net password unencrypted in the EdgeOS configuration, consider setting a tunnel-specific password in the sixxs.net webinterface! Then set <username> to <sixxs handle>/<tunnel id> and <password> to the tunnel-specific you specified in the webinterface. Note that you still need to set <tunnel> to the <tunnel id> as well.
Here is an example.
configure set interfaces aiccu aiccu0 tic tunnel <TIC Tunnel ID> set interfaces aiccu aiccu0 tic username <TIC username> set interfaces aiccu aiccu0 tic password <TIC password> commit
This should bring up the
aiccu0 interface. You can check that by doing
run show interfaces (or just
show interfaces if you have already exited configuration mode). To access the IPv6 internet via your tunnel, you'll need to an IPv6 default route, which you can do with
set protocols static interface-route6 ::/0 next-hop-interface aiccu0 commit
You should now be able to ping arbitrary IPv6 hosts. Try doing
run ping6 www.google.com to verify that things work as expected.
Firewalling for incoming, outgoing and local packets is enables as for any other IPv6 interface on EdgeOS, i.e. by doing
set interfaces aiccu aiccu0 firewall in ipv6-name <ruleset> set interfaces aiccu aiccu0 firewall local ipv6-name <ruleset> set interfaces aiccu aiccu0 firewall out ipv6-name <ruleset>
If your tunnel provider isn't sixxs.net, you will need to specify the hostname of the tic server to use with
set interfaces aiccu aiccu0 tic server <TIC server>
set interfaces aiccu aiccu0 tic requiretls false
if your TIC server does not support TLS.