How to Earn IPv6 Certifications (Windows Version: Fast)

Why?

IPv6 is coming, whether we like it or not. We all need to learn it, and the sooner we do that, the better. This page will guide you through getting the Hurricane Electric IPv6 Certifications, which demonstrate that you have learned both the theory and practice of using IPv6 on each of these systems: Each 10 Hurricane Electric points are worth one point in CNIT 60. If you make it all the way to Guru, you get 1000 points from Hurricane Electric, a total of 100 points.

These instructions take you to Administrator level, which is worth 25 CCSF points.

Macintosh Instructions

For detailed Mac instructions, see https://robpickering.com/2011/02/how-to-become-a-certified-ipv6-technician-part-one-424

Windows Versions

I recommend using Windows XP, Vista or 7, a professional version or higher. Lower versions make these projects more difficult. However, it can be done. If you want to try it, see:

Tips for Windows Home Edition Users


Step 1. Registering at Hurricane Electric

Go to http://ipv6.he.net/certification/. In the upper left, click the "Register" button. Fill in the form to create an account. Check your email to get your login information, and log in at http://ipv6.he.net/certification/. You should see a badge at the right of the page with your user name and the message "No Cert Yet", as shown below on this page.

hecert1 (60K)

At the upper left of this page, click "Update Info". Change your password to something you can remember.

At the upper left of this page, click "Click For Main Page".


hecert-Newbie (3K)

Step 2. NeWb Test

In the NeWb! section, click the "IPv6 Primer" link and study the primer. Then click the "questions" link and take the test.

When you return to the main page, you should see that your badge has changed to Newbie, as shown to the right on this page. Click your badge to see your score: you now have 25 Hurricane Electric points, which are worth 2.5 points in my classes.


Step 3. Explorer with Gogo6 Tunnel

Since you probably only have IPv4 Internet service, the easiest way to get on IPv6 is to use a Tunnel Broker--a service that converts IPv4 traffic to IPv6. The easiest one is Gogo6. You could use http://www.sixxs.net/ or http://www.tunnelbroker.net/, but they are harder to set up. In these instructions, I assume you are using Gogo6.

Go to http://gogo6.com/ and, at the top of the page, click Services, "Setup your Freenet6 account".

Now you need to sign up for gogoNET (which is different from freenet6). Follow the instructions to create an account, as shown below.

Check your email. Open the "Verify Your Email on gogoNET" message and click the link inside.

Now you need to create a profile on gogoNET, as shown below.

Now you need to get a "Freenet6 Pro Account", as shown below.

To get an account for free, you will need a Twitter or Facebook account. If you don't have one you will have to make one.

Open another browser tab and log in to your Twitter or Facebook account.

On the "Freenet6 Pro Account" page, click the "PAY WITH A TWEET OR FACEBOOK" button.

A "PAY WITH A TWEET" box pops up. Click the appropriate button, such as "TWITTER".

An "Authorize Pay with a Tweet" page appears. Click "Sign In".

In the next page, click the pink "POST NOW AND GAIN ACCESS" button.

Wait 4 seconds. Click the pink "FREENET6 PRO ACCOUNT" button.

On the "Register for a Pro Account" page, select a server. Fill in the form to get your account, as shown below.

On the http://gogo6.com/ page, at the upper center of the page, click Services, "Download Freenet6 Client".

For Windows, use one of the two on the left, as shown below:

The next page asks you to donate money. Click the blue Donate button.

In the "Payment details" page, enter an amount of $0 and an email address, as shown below. Then click the Get button.

The next page says "THANK YOU", as shown below. Click the Download button.

Now you finally have the client, with a filename like "gogoc1.2RELEASEwin32.exe".

Run the installer and install the software with the default options.

When the gogoCLIENT is installed and running, click the "Advanced" tab, and select a "Tunnel Mode" of "IPv6-in-UDP-IPv4 Tunnel (NAT Traversal)" as shown below on this page. Click "Apply". This is the best choice because it works almost everywhere--even at Starbuck's. Unfortunately, it won't work on CCSF's wireless network at the moment, because it uses UDP Port 3653 which is blocked. So if you do this project on campus, you will need to connect with wired Ethernet, at least at present.

In the gogoCLIENT window, click the "Basic" tab. Change the "Server Address" to authenticated.freenet6.net

In the middle of the window, click the "Connect Using the Following Credentals" button. Enter your Freenet6 username and password. Click the "Connect" button. A box will pop up asking "Save changes before connecting?". Click Save.

Click the "Status" tab. When it connects, you should see a long IPv6 "Local Endpoint Address", as shown below on this page. If you cannot connect, you may have to adjust your router or firewall to allow UDP port 3653.

Troubleshooting

The "authenticated.freenet6.net" server is often down. If it won't connect, enter the server you made an account on, such as montreal.freenet6.net

CCSF's wireless network blocks the UDP port used by gogo6, and so does the fast 192.168.200.0 network in S214. The normal wired network, with addresses in the 192.168.1.0/24 subnet, works.

In S214, in Feb. 2014, the gogoCLIENT has a strange bug: it fails to set the default gateway. The correct gateway address is the "Remote Endpoint Address" shown on the Status page of the gogoCLIENT Utility.

To fix that, open Network and Sharing Center in Control Panel, and click "Change Adapter Settings". Open the Properties sheet for the "gogo6 Virtual Multi-Tunnel Adapter", and open the Properties sheet for "Internet Protocol Version 6 (TCP/IPv6)". In the "Default Gateway" field, enter the "Remote Endpoint Address" shown on the Status page of the gogoCLIENT Utility.

If it's not still open, go to http://ipv6.he.net/certification/ and log in.

If you don't have IPv6 connectivity, you will see this:

But if you do have an IPv6 connection, you pass the test immediately and see this:

Click the done button.

Your badge should now show Explorer, as shown below. Click your badge to see your score: you now have 75 Hurricane Electric points, which are worth 7.5 points in my classes.


Step 4. Enthusiast with IIS Web Server (25 CCSF Points)

The next level requires you to have your own domain name and a working Web server.

Installing IIS

IIS (Internet Information Services) is the Microsoft's Web server. On your Windows 7 desktop, click Start, type in Prog, and click "Programs and Features".

Click "Turn Windows features on or off". Click the "Internet Information Services" box, as shown below on this page. Click OK. Wait until IIS is installed.

In a Web browser, go to 127.0.0.1

You should see an IIS Welcome page, as shown below on this page. This shows that IIS is listening on port 80 of IPv4.

Open a Command Prompt and type in the NETSTAT -AN command. Scroll back to see the TCP Listening ports. You should see the IPv6 address [::] Listening, as shown below on this page. This means that your Web server is serving pages over every IPv6 address.

Registering a Domain Name at GoDaddy

The best way I found to do this is to spend $11.99 of real money (price as of 9-30-12). I couldn't find a free service that was good enough. Even most paid services aren't really good enough to get you all the way to IPv6 Sage level, because they don't have full IPv6 functionality including glue records (glue records will be explained later).

Go to godaddy.com. In the middle of the page, type your desired domain, and choose a top-level domain. I recommend using .info because I know there are top-level glue records for it. But as time passes, more and more top-level domains will have full IPv6 compatibility, so other choices will become OK. Click Go.

If the domain is available, buy it. You will need a credit card and $11.99 of real money to get a .info domain for one year. You will have to enter your real email address, and GoDaddy will offer you a lot of extra features like other domains, email accounts, Web hosting, etc. For IPv6 certification you don't need any of that. You can say No to it all and only pay a total of $12.17.

Setting your Nameservers

On the Godaddy website, at the upper left, click the black "My Account" button.

A list of your products appears, as shown below:

In the lower left, click the + sign in the DOMAINS row.

A list of your domains appears, as shown below:

At the right, click the green Launch button for your domain.

The "Domain Details" screen appears, as shown below:

At the bottom left, in the Nameservers section, click the blue "Set Nameservers" link.

In the "Set Nameservers" box, click the "I have specific nameservers for my domains" box.

Enter these values for nameservers, as shown below:

ns5.he.net
ns4.he.net
ns3.he.net
ns2.he.net

Click the OK button.

On the next page, click the OK button.

Observing DNS Propagation (Optional)

In a Web bowser, go to

http://www.whatsmydns.net/

Enter your domain in the box, and select SOA from the drop-down list.

Click the Search button.

Records appear from various nameservers, showing the Start of Authority for your domain.

The "domaincontrol.com" servers are at GoDaddy. When DNS updates, you will see "he.net" servers instead.

NOTE: You may see no SOA records at all at this point. I think that means GoDaddy has updated your nameservers to forward to HE.NET, and there are no HE.NET DNS records yet. In that case, just proceed to the following steps, and when you configure your HE.NET records the SOA should become visible.

Entering your AAAA Record at Hurricane Electric

In a Web browser, go to

https://dns.he.net/

At the top left, log in with the same username and password you used for HE certification.

The "Hurricane Electric Free DNS Management" page opens.

On the left side, in the "Zone Functions" section, click "Add a new domain".

Enter your domain name, as shown below, and click the green "Add Domain!" button.

A "Zone Management" tab appears, showing your domain name.

To the left of your domain name, click the tiny pencil-and-paper icon, as shown below:

The "Managing zone" page opens, as shown below:

Click the "New AAAA" tab.

Enter a "Name" of @

In the "IPv6 Address" field, enter your Local Endpoint IPv6 address, as shown below on this page. I recommend using copy and paste from the Status tab of the gogoCLIENT utility.

Set the "TTL (Time to live)" to "5 minutes

Your screen should look like the example below.

Click the green Submit button.

Testing your Webserver (Optional)

If you have another IPv6-connected machine handy, such as one in the S214 lab, you can easily test your Web server.

Enter your IPv6 address in the URL bar of a Web browser, enclosed in square brackets, with an http:// in front of it, like this:

http://[2001:5c0:1000:b::92e1]
The IIS default page should open, as shown below:

Observing DNS Propagation

In a Web bowser, go to

http://www.whatsmydns.net/

Enter your domain in the box, and select AAAA from the drop-down list.

Click the Search button.

You should see the correct IPv6 address for your domain on at least some of the domain servers, as shown below.

Completing the Hurricane Electric Enthusiast Test

In Firefox, go to http://ipv6.he.net/certification/ and log in.

In the Enthusiast section, type your domain name (the one you registered at GoDaddy) and click the "Get a User Code" link. Click the "here" link to continue with the test. Click the "Create URL" button.

Now you should see a URL in line [3], something like this:

http://samsdemo.info/Se35fg48.txt

You need to create a file with that name. The filename does not include http or your domain name--in the example above, the correct filename is:

Se35fg48.txt

Yoh need to create that file in your Web server's home directory, which is C:\Inetpub\wwwroot. You don't have permission to write to that folder by default, but the Administrator does, so the easiest way to make the file you need is to use an Administrator Command prompt and execute this command:

echo 1 > c:\inetpub\wwwroot\Se35fg48.txt

In the Hurricane Electric Web page, click the "Test It!" button.

If you pass the test, you will see the "Enthusiast Questionnaire", as shown below on this page.

If you can't pass the test, try these debugging tips:

Here's the Enthusiast test you need to fill out.

When you complete the questionnaire, click the "Here" link to return to the main page.


Your badge should now show Enthusiast, as shown to the right on this page. Click your badge to see your score: you now have 150 Hurricane Electric points, which are worth 15 points in my classes.


Step 5. IPv6 Email Server (25 CCSF Points)

Installing the Apache James SMTP Server

NOTE: 64-bit Windows Users

On 64-bit Windows, Java doesn't install correctly and James won't launch.

One solution is to download 64-bit Java and install it. You can get 64-bit Java here:

http://www.java.com/en/download/faq/java_win64bit.xml

Another solution is fixing the PATH statement, as explained here. It worked for some students but not for others:

http://stackoverflow.com/questions/7455753/how-to-set-the-java-path-and-classpath-in-windows-64bit

In Firefox, go to

https://olex.openlogic.com/packages/apache-james

Click the "Versions & Downloads" tab. On the left side, section, click 2.3.1. In the "Apache-james 2.3.1 binary" line, click the "Download Now" button. Save the file on your desktop.

On your desktop, right-click the openlogic-apache-james-2.3.1-all-bin-1.zip file and click "Extract All". Click Extract. Double-click the openlogic-apache-james-2.3.1-all-bin-1 folder to open it. Double-click the apache-james-2.3.1 folder to open it. Double-click the bin folder to open it. Double-click the run.bat file.

Note: If the window flashes briefly and vanishes, that usually means you don't have Java installed. Open a browser, go to java.com, and install it.

Another common reason it closes is that you did not extract the zip file, and you are attempting to run the file inside a Zip folder. That won't work.

A Command Prompt window opens, and you see some messages, ending with the messages shown below on this page.

Open another Command Prompt window execute this command:

NETSTAT -AN | MORE
You should see the IPv6 address [::] Listening on port TCP 25, as shown below on this page. Your email server is ready!

Now you need to add a mail user account to James. To do that, in the Command Prompt window, type this command, followed by the Enter key:

telnet localhost 4555
Note: if you get a message saying "'telnet' is not recognized as an internal or external command, operable program or batch file.", that means Telnet is not installed.

To install Telnet, open Control Panel and click "Programs and Features". Click "Turn Windows features on or off". Check "Telnet Client", as shown to the right on this page. Click OK.

Log in with the use name root and a password of root. When you see the "Welcome root. HELP for a list of commands" message type this command followed by the Enter key:

adduser admin password
This adds a user named admin with a password of password.

Type this command followed by the Enter key:

quit

Configuring James

In the Command Prompt window that is running James, press Ctrl+C. When you see the message "Terminate batch job (Y/N)?", type Y and press Enter.

Nagivate to the openlogic-apache-james-2.3.1-all-bin-1\apache-james-2.3.1\apps\james\SAR-INF folder and open the config.xml file in Wordpad.

There are two changes you need to make in this file. First, in the servernames section, you need to add a line with your domain name, as shown below on this page.

Second, in the dnsserver section, you need to change the default entry of 127.0.0.1 to a real DNS server. I used Google's free server at 8.8.8.8, as shown below on this page.

After making the changes, save the config.xml file and close Wordpad.

Then start James, as you did before: In the bin folder, double-click the run.bat file.

Adding an MX Record to your DNS Zone

In a Web browser, go to

https://dns.he.net/

At the top left, log in with the same username and password you used for HE certification.

The "Hurricane Electric Free DNS Management" page opens.

A "Zone Management" tab appears, showing your domain name.

To the left of your domain name, click the tiny pencil-and-paper icon, as shown below:

The "Managing zone" page opens. Click the "New MX" tab.

Enter a "Name" of @

Enter a "Priority" of 10

Enter a "Hostname" of @

Select a "TTL (Time to live)" of 5 minutes (300)

Your screen should look like the image below. When it is correct, click the green Submit button.

Observing DNS Propagation

In a Web bowser, go to

http://www.whatsmydns.net/

Enter your domain in the box, and select MX from the drop-down list.

Click the Search button.

You should see the correct MX record for your domain on at least some of the domain servers, as shown below.

Completing the Hurricane Electric Administrator Test

In Firefox, go to http://ipv6.he.net/certification/ and log in.

In the Administrator section, Click the "Generate It!" link. Enter the email address admin@yourdomain.info in the box below the "Generated" message, as shown below on this page. Use your own domain name. Click the "Send It!" button.

Reading your Mail

In Windows explorer, navigate to the openlogic-apache-james-2.3.1-all-bin-1\apache-james-2.3.1\apps\james\var\mail\inboxes\admin folder.

Troubleshooting

If you don't see an "admin" folder, your email may have been discarded as spam by James. This happened to a student in June 2013, who was working on 64-bit Windows. The cure is to comment out the spam filtering section of the James config.xml, from the <mailet> tag to the </mailet> tag, as shown below:

If All Else Fails

If you can't get James to work, you can totally cheat, with this process:
  • Install Nmap. Run it. Close it
  • At a Command Prompt, execute this command: ncat -l 25 and leave that window open
  • Use Wireshark to sniff network traffic, with the filter tcp.port==25
  • You can read the email Hurricane Electric sent you in the raw packets
You see your message, as shown below:

Open the message in Notepad to reveal the secret code, as shown below:

In Firefox, in the http://ipv6.he.net/certification page, paste in the code from the email message. Click the -> button.

The "Administrator Questionnaire" opens, as shown below on this page. Fill it out.

You should now be an Administrator, with a badge like the one shown below on this page. Click the badge to see your score: it is now 245, worth 25 points in any of my CCSF classes.

To claim your points, save a screen image showing your Administrator status and email it to cnit.60@gmail.com. Use a subject line of "IPv6 Cert Windows 1 from YOUR NAME".

Last modified 2-19-14 10:58 pm