TSP server requirements

Generic proceeding of Freenet6's TSP protocol implementation
Requests are initiated by hosts or servers already connected to Internet and having an IPv6 stack. TSP client (tspc) reads a configuration file (tspc.conf), then sends a request (using TCP) to the TSP server specified in the configuration file. The TSP server processes the request and (according to its local policy), assigns a single IPv6 address or a full IPv6 prefix to the requester. Next, the TSP server establishes a new configured tunnel (IPv6 over IPv4) according to the information sent in the request.

When the client receives tunnel's information, it locally configures it's tunnel interface and default IPv6 route. The client has now full IPv6 connectivity.

How does the client configure locally the tunnel
The information received is stored in environment variables and a shell script (batch file for Windows) is executed. The shell script will execute the commands needed to set the tunnel up. This shell script is called a template.

The client will execute the template specified in the configuration file.

To be able to use Freenet6, there are basic requirements that hosts and networks must have to get IPv6 connectivity. This document gives an overview of the requirements needed.


IPv4 : IP version 4, the current version used on Internet
IPv6 : IP version 6, the next generation IP protocol
Configured tunnel : Mechanism to carry IPv6 packets over IPv4 packets
Tunnel server : System that deploys IPv6 connectivity using configured tunnel over IPv4 networks
Freenet6 : a tunnel server implementation
Host requirements to use Freenet6

IPv6 stack

Each host must have an IPv6 stack running under the operating system. IPv6 support for different operating systems is freely available for most platforms. Users could download and follow instructions to install IPv6 on their computer. IPv6 stacks and programs are available at

IPv4 address

To get IPv6 connectivity from a tunnel server through Internet (IPv4), hosts must have Internet unicast address globally unique meaning the private addressing (10.x.x.x, 172.16.x.x, 192.168.x.x) is not accepted by tunnel server. Private addressing is often used behind NAT gateway, proxy server, firewall and routers because there is not enough IPv4 address in the world for every computers.

Root/administrator privileges

To install IPv6 stack and to be able to configure properly the IPv6 connectivity to the tunnel server, users must have root or administatror privileges on their computers.

Network requirements to use Freenet6

Configured tunnel

Configured tunnel mechanism (IPv6 over IPv4), the way Freenet6 delivers IPv6 packets to remote computers over an IPv4 network (Internet) is a protocol standardised by IETF. The protocol number is 41. Technical information is available in RFC 2893 about configured tunnel.

Tunnel Setup Protocol

Tunnel Setup Protocol is a protocol designed by Viag�nie to automate the deployment of IPv6 over IPv4 with configured tunnel mechanism at large scale instead of having manual operation or using Web/CGI scripts to setup tunnels. TSP uses TCP with port number 3653 which is a defined port by IANA.

Security requirements

To be able to get IPv6 connectivity from Freenet6, firewall protecting network must have special rules to allow protocol number 41 and TCP port 3653 between Freenet6 and end-users' network. Look in the configuration file (tspc.conf) to know the tunnel server address.

Router using access-list to protect network must have special rules to allow protocol number 41 and TCP port 3653 between Freenet6 and end-users' network. Look in the configuration file (tspc.conf) to know the tunnel server address.

Network Address Translation (NAT)

If an end-user is behind a NAT(Network Address Translation) gateway, it is not possible to get IPv6 over IPv4 traffic from any tunnel server except on these two situations :

1. NAT gateway handles static NAT addressing and the network administrator could map one Internet unicast globally unique IP address to the end-user host behind the NAT. This means the local network administrator controls and authorises this special configuration for end-users.

2. NAT gateway runs under any BSD platform and end-user manages the gateway. It is possible to setup special IPfilter rules to redirect IPv6 over IPv4 packets to a specific host behind the NAT. More information about this tweak is available at

Users can customize the templates according to their local preferences.

IPv6 addresses assigned by TSP server

With the Freenet6 service there have been abuses from Freenet6 users (spamming, intrusions and other types of abuses). With this old system, it was impossible for administrators to track malicious users over IPv4 except by reaching tunnel server administrators.

Freenet6's team was aware of this problem and came up with a clean solution toward this problem. Freenet6's IPv6 addresses for anonymous client will have the client's IPv4 address embedded in it. This way, administrator will be able to contact the real provider of the offender or filter the offender's ISP IPv4 prefix.

Please look at the policy page for a description of the tunnel address endpoints.