Welcome to the IPFire Wiki

This wiki is a community-maintained resource about everything there is to know about IPFire. Join us and help us improving it!

Looking for something?

Use the search and find answers to everything about IPFire. If you cannot find what you are looking for, join our community and talk to fellow IPFire users, developers and everybody else involved in the project.

IPFire Community

Set up a tunnel

You can get an IPv6-tunnel e.g. from https://tunnelbroker.net or https://www.sixxs.net/main or a 6rd gateway provided by your ISP.

  • Set the variables
export TUNNEL_NAME="my-ipv6-tunnel" # select a name for the tunnel
export SERVER_IPV4_ADDRESS=""
export WAN_IPADDRESS=""
export CLIENT_IPV6_ADDRESS="" # probably ending in "/64"
export IPV6_PREFIX_IP="" # e.g. 2001:0db8:0100:f101::
export IPV6_PREFIX_MASK="" # e.g. /64
  • Create the tunnel
cat <<EOF >> /etc/sysconfig/rc.local
ip tunnel add ${TUNNEL_NAME} mode sit remote ${SERVER_IPV4_ADDRESS} local ${WAN_IPADDRESS} ttl 255
ip link set ${TUNNEL_NAME} up
ip addr add ${CLIENT_IPV6_ADDRESS} dev ${TUNNEL_NAME}
ip route add ::/0 dev ${TUNNEL_NAME}
# Assign an IPv6 address to the green interface
ip addr add ${IPV6_PREFIX_IP}1${IPV6_PREFIX_MASK} dev green0
ip -f inet6 addr
EOF
  • Reboot
init 6
  • Test the tunnel
mtr ipv6.google.com

In a second step, you need to enable the clients to use the newly created tunnel. You can choose between using static settings and using radvd or DHCPv6.

Alternative 1: Static settings

Client

  • Give the LAN-Interface of your client a static IPv6 address in the same range of IPFire's LAN-/green0-interface
  • So if green0 is set to "2001:1234:5678:123::1/64", you can just replace the "1" before the "/64" with "2"
  • If you're using Windows 7, do not enter "/64" at the end of the address, the "64" (without "/") can be put in the second field
  • Add the IPv6 address of IPFire's green interface to the Gateway-field, but again leave out the "/64"
  • Now set "2001:470:20::2" as DNS-server
  • You should now be able to connect to IPv6 websites on the client

Alternative 2: radvd

This is an addon from user bartgrefte (as explained in http://forum.ipfire.org/viewtopic.php?t=9063)

  • Install Addon
cd /tmp && \
wget http://www.ravenslair.nl/files/radvd-1.10.0-2.ipfire && \
cd /opt/pakfire/tmp && \
tar xvf /tmp/radvd-1.10.0-2.ipfire && \
./install.sh
  • Create configuration
cat <<EOF > /etc/radvd.conf
interface green0 {
`  AdvSendAdvert on;`
`  MinRtrAdvInterval 3;`
`  MaxRtrAdvInterval 10;`
`  prefix ${IPV6_PREFIX_IP}${IPV6_PREFIX_MASK} {`
`      AdvOnLink on;`
`      AdvAutonomous on;`
`      AdvRouterAddr on;`
`  };`
};
EOF
  • Reboot (or manually run the command from above plus "/etc/rc.d/init.d/radvd start")
  • Radvd should now be started and your clients should be getting an IPv6 address, if the clients have DHCP enabled.
  • You can now try to open IPv6-capable websites or a website that can show if you're IPv6-connection is working or not. For example: http://test-ipv6.com or http://ipv6-test.com

Alternative 3: Dynamic IPv6 prefix using radvd

If your using a 6rd gateway provided by your ISP and you don't have a static IPv4 address it can be a challenge to maintain IPv6 connectivity when your IPv4 address changes. By incorporating radvd above and this script, you can maintain IPv6 connectivity after DHCP lease updates.

cat <<EOF >> /usr/sbin/ipv6-tunnel.sh
#!/bin/bash

# Grab the current external IPv4 address
export LOCAL=$(ifconfig | grep -A 1 'red0' | tail -1 | cut -d ':' -f 2 | cut -d ' ' -f 1)   # red0 interface IPv4 address

# Generate my IPv6 address based on my current IPv4 address
export ADDR=$(perl -MSocket -e 'printf "PREFIX:HERE:%02x%02x:%02x%02x\n", unpack("C4", inet_aton($ENV{LOCAL}));')

# My 6rd gateway IPv4 address
REMOTE=

# configure the tunnel
ip tunnel del red1 > /dev/null 2>&1
ip tunnel add red1 mode sit remote ${REMOTE} local ${LOCAL} ttl 255
ip link set red1 up
ip addr add "${ADDR}::1" dev red1
ip addr add "${ADDR}::2/64" dev green0
ip route add ::/0 dev red1

# edit radvd.conf for new prefix.
(perl -i.bak -pe 'BEGIN{ $ADDR=shift @ARGV; $ADDR=~s/$/::/g; }; s/prefix (PREFIX:HERE:[^\/]+)/prefix ${ADDR}/g;' $ADDR /etc/radvd.conf)

# restart radvd
/etc/init.d/radvd restart
EOF
  • Replace PREFIX:HERE with your ISP's /32 prefix.
  • Add your ISP's or tunnel broker's 6rd gateway address after REMOTE
  • sudo chmod +x /usr/sbin/ipv6-tunnel.sh
  • add /usr/sbin/ipv6-tunnel.sh to /etc/sysconfig/rc.local
  • reboot to validate settings.

Important: Continue configuring the IPv6-firewall

Edit Page ‐ Yes, you can edit!

Older Revisions • November 1 at 8:55 am • cfusco