Welcome to the IPFire Wiki

This wiki is a community-maintained resource about everything there is to know about IPFire. Join us and help us improving it!

Looking for something?

Use the search and find answers to everything about IPFire. If you cannot find what you are looking for, join our community and talk to fellow IPFire users, developers and everybody else involved in the project.

IPFire Community

Differences in Revisions: Set up a tunnel

»
more links markup
# Set up a tunnel
You can get an IPv6-tunnel e.g. from [https://tunnelbroker.net](https://tunnelbroker.net) or [https://www.sixxs.net/main](https://www.sixxs.net/main) or a 6rd gateway provided by your ISP.
 
* Set the variables
```
export TUNNEL_NAME="my-ipv6-tunnel" # select a name for the tunnel
export SERVER_IPV4_ADDRESS=""
export WAN_IPADDRESS=""
export CLIENT_IPV6_ADDRESS="" # probably ending in "/64"
export IPV6_PREFIX_IP="" # e.g. 2001:0db8:0100:f101::
export IPV6_PREFIX_MASK="" # e.g. /64
```
 
* Create the tunnel
```
cat <<EOF >> /etc/sysconfig/rc.local
ip tunnel add ${TUNNEL_NAME} mode sit remote ${SERVER_IPV4_ADDRESS} local ${WAN_IPADDRESS} ttl 255
ip link set ${TUNNEL_NAME} up
ip addr add ${CLIENT_IPV6_ADDRESS} dev ${TUNNEL_NAME}
ip route add ::/0 dev ${TUNNEL_NAME}
# Assign an IPv6 address to the green interface
ip addr add ${IPV6_PREFIX_IP}1${IPV6_PREFIX_MASK} dev green0
ip -f inet6 addr
EOF
```
 
* Reboot
```
init 6
```
 
* Test the tunnel
```
mtr ipv6.google.com
```
 
In a second step, you need to enable the clients to use the newly created tunnel. You can choose between using static settings and using radvd or DHCPv6.
 
## Alternative 1: Static settings
### Client
* Give the LAN-Interface of your client a static IPv6 address in the same range of IPFire's LAN-/green0-interface
* So if green0 is set to "2001:1234:5678:123::1/64", you can just replace the "1" before the "/64" with "2"
* If you're using Windows 7, do not enter "/64" at the end of the address, the "64" (without "/") can be put in the second field
* Add the IPv6 address of IPFire's green interface to the Gateway-field, but again leave out the "/64"
* Now set "2001:470:20::2" as DNS-server
* You should now be able to connect to IPv6 websites on the client
 
## Alternative 2: radvd
This is an addon from user bartgrefte (as explained in http://forum.ipfire.org/viewtopic.php?t=9063)
This is an addon from user bartgrefte (as explained in [http://forum.ipfire.org/viewtopic.php?t=9063](http://forum.ipfire.org/viewtopic.php?t=9063))
 
* Install Addon
```
cd /tmp && \
wget http://www.ravenslair.nl/files/radvd-1.10.0-2.ipfire && \
cd /opt/pakfire/tmp && \
tar xvf /tmp/radvd-1.10.0-2.ipfire && \
./install.sh
```
 
* Create configuration
```
cat <<EOF > /etc/radvd.conf
interface green0 {
` AdvSendAdvert on;`
` MinRtrAdvInterval 3;`
` MaxRtrAdvInterval 10;`
` prefix ${IPV6_PREFIX_IP}${IPV6_PREFIX_MASK} {`
` AdvOnLink on;`
` AdvAutonomous on;`
` AdvRouterAddr on;`
` };`
};
EOF
```
 
* Reboot (or manually run the command from above plus "/etc/rc.d/init.d/radvd start")
* Radvd should now be started and your clients should be getting an IPv6 address, if the clients have DHCP enabled.
* You can now try to open IPv6-capable websites or a website that can show if you're IPv6-connection is working or not. For example: http://test-ipv6.com or http://ipv6-test.com
 
## Alternative 3: Dynamic IPv6 prefix using radvd
 
If your using a 6rd gateway provided by your ISP and you don't have a static IPv4 address it can be a challenge to maintain IPv6 connectivity when your IPv4 address changes. By incorporating radvd above and this script, you can maintain IPv6 connectivity after DHCP lease updates.
 
```
cat <<EOF >> /usr/sbin/ipv6-tunnel.sh
#!/bin/bash
 
# Grab the current external IPv4 address
export LOCAL=$(ifconfig | grep -A 1 'red0' | tail -1 | cut -d ':' -f 2 | cut -d ' ' -f 1) # red0 interface IPv4 address
 
# Generate my IPv6 address based on my current IPv4 address
export ADDR=$(perl -MSocket -e 'printf "PREFIX:HERE:%02x%02x:%02x%02x\n", unpack("C4", inet_aton($ENV{LOCAL}));')
 
# My 6rd gateway IPv4 address
REMOTE=
 
# configure the tunnel
ip tunnel del red1 > /dev/null 2>&1
ip tunnel add red1 mode sit remote ${REMOTE} local ${LOCAL} ttl 255
ip link set red1 up
ip addr add "${ADDR}::1" dev red1
ip addr add "${ADDR}::2/64" dev green0
ip route add ::/0 dev red1
 
# edit radvd.conf for new prefix.
(perl -i.bak -pe 'BEGIN{ $ADDR=shift @ARGV; $ADDR=~s/$/::/g; }; s/prefix (PREFIX:HERE:[^\/]+)/prefix ${ADDR}/g;' $ADDR /etc/radvd.conf)
 
# restart radvd
/etc/init.d/radvd restart
EOF
```
 
* Replace PREFIX:HERE with your ISP's /32 prefix.
* Add your ISP's or tunnel broker's 6rd gateway address after REMOTE
* sudo chmod +x /usr/sbin/ipv6-tunnel.sh
* add /usr/sbin/ipv6-tunnel.sh to /etc/sysconfig/rc.local
* reboot to validate settings.
 
<wrap em>Important: Continue configuring the [IPv6-firewall](/add-ipv6/extend/firewall)</wrap>