Difference between revisions of "IPv6 tunnel broker setup"

From ArchWiki
Jump to: navigation, search
m (Changed a comma to a colon.)
m (Start tunnel at boot time: this belongs to the previous section)
(10 intermediate revisions by 5 users not shown)
Line 1: Line 1:
 
[[Category:Networking]]
 
[[Category:Networking]]
{{i18n|IPv6 - Tunnel Broker Setup}}
 
 
 
Hurricane Electric offers a free [http://tunnelbroker.net/ tunnel broker] service that is relatively painless to use under Arch if you wish to add IPv6 connectivity to an IPv4-only host.
 
Hurricane Electric offers a free [http://tunnelbroker.net/ tunnel broker] service that is relatively painless to use under Arch if you wish to add IPv6 connectivity to an IPv4-only host.
  
Line 9: Line 7:
  
 
It is not that hard to do. Feel free to fill in the directions here if something seems tricky, but otherwise just go the tunnel broker site and complete the registration.
 
It is not that hard to do. Feel free to fill in the directions here if something seems tricky, but otherwise just go the tunnel broker site and complete the registration.
 +
 +
== Setting up SiXxs tunnel ==
 +
 +
First, you need to have {{Pkg|aiccu}}, {{Pkg|radvd}} and {{Pkg|iproute2}} installed.
 +
 +
Now edit {{ic|/etc/aiccu.conf}} and fill in your data.
 +
If you have several tunnels, you need to also supplement the tunnel_id option in the file.
 +
The following is an example for a dynamic ayiay tunnel.
 +
 +
{{bc|<nowiki>
 +
username <username>
 +
password <password>
 +
protocol tic
 +
server tic.sixxs.net
 +
ipv6_interface sixxs
 +
automatic true
 +
requiretls true
 +
pidfile /var/run/aiccu.pid
 +
defaultroute true
 +
makebeats true
 +
behindnat true
 +
</nowiki>}}
 +
 +
Test the configuration now with:
 +
# systemctl start aiccu
 +
If it works, enable it:
 +
# systemctl enable aiccu
 +
 +
Configuring radvd and LAN side IP of the router:
 +
See [[Router#IPv6|Router]].
  
 
== Tunnel rc.d script ==
 
== Tunnel rc.d script ==
 +
 +
{{Out of date|Needs to be rewritten into [[systemd#Writing custom .service files|systemd service]], if still useful.}}
  
 
For this script to work you will need the iproute2 package installed:
 
For this script to work you will need the iproute2 package installed:
Line 24: Line 54:
  
 
if_name=he6in4
 
if_name=he6in4
server_ipv4='' # HE Server Endpoint IP
+
 
client_ipv4='' # Your local IP
+
# "Server IPv4 Address" under "IPv6 Tunnel Endpoints" on HE tunnel details page
client_ipv6='' # Your HE-assigned client IP
+
server_ipv4=''
 +
 
 +
# Your local IP. NOTE: when behind a NAT (even with DMZ),
 +
# use an address of your LOCAL machine, NOT the ROUTER one.
 +
client_ipv4=''
 +
 
 +
# Your HE-assigned client IP, "Client IPv6 Address" on HE tunnel details page
 +
client_ipv6=''
 +
 
 
link_mtu=1480
 
link_mtu=1480
 
tunnel_ttl=255
 
tunnel_ttl=255
Line 46: Line 84:
 
     fi
 
     fi
  
 +
    # Note from Lekensteyn: removing "local $client_ipv4" seems to work too!
 
     ip tunnel add $if_name mode sit remote $server_ipv4 local $client_ipv4 ttl $tunnel_ttl
 
     ip tunnel add $if_name mode sit remote $server_ipv4 local $client_ipv4 ttl $tunnel_ttl
 
     ip link set $if_name up mtu $link_mtu
 
     ip link set $if_name up mtu $link_mtu
Line 51: Line 90:
 
     ip route add ::/0 dev $if_name
 
     ip route add ::/0 dev $if_name
 
     # Here is how you would add additional ips....which should be on the eth0 interface
 
     # Here is how you would add additional ips....which should be on the eth0 interface
 +
    # "Routed IPv6 Prefixes" on HE tunnel details page
 
     # ip addr add 2001:XXXX:XXXX:beef:beef:beef:beef:1/64 dev eth0
 
     # ip addr add 2001:XXXX:XXXX:beef:beef:beef:beef:1/64 dev eth0
 
     # ip addr add 2001:XXXX:XXXX:beef:beef:beef:beef:2/64 dev eth0
 
     # ip addr add 2001:XXXX:XXXX:beef:beef:beef:beef:2/64 dev eth0
Line 71: Line 111:
 
     ip link set $if_name down
 
     ip link set $if_name down
 
     ip tunnel del $if_name
 
     ip tunnel del $if_name
 +
    # Here is how you would del additional ips... if you added them to eth0 interface
 +
    # ip addr del 2001:XXXX:XXXX:beef:beef:beef:beef:1/64 dev eth0
 +
    # ip addr del 2001:XXXX:XXXX:beef:beef:beef:beef:2/64 dev eth0
 +
    # ip addr del 2001:XXXX:XXXX:beef:beef:beef:beef:3/64 dev eth0
  
 
     rm_daemon $daemon_name
 
     rm_daemon $daemon_name
Line 82: Line 126:
 
</nowiki>}}
 
</nowiki>}}
  
== Start tunnel at boot time ==
 
 
Once you have that all setup how you want you will need to add {{ic|6in4-tunnel}} to your {{ic|/etc/rc.conf}} file:
 
Once you have that all setup how you want you will need to add {{ic|6in4-tunnel}} to your {{ic|/etc/rc.conf}} file:
 
{{bc|1=
 
{{bc|1=

Revision as of 07:25, 10 November 2013

Hurricane Electric offers a free tunnel broker service that is relatively painless to use under Arch if you wish to add IPv6 connectivity to an IPv4-only host.

These instructions work for SixXS tunnels as well.

Registering for a tunnel

It is not that hard to do. Feel free to fill in the directions here if something seems tricky, but otherwise just go the tunnel broker site and complete the registration.

Setting up SiXxs tunnel

First, you need to have aiccu, radvd and iproute2 installed.

Now edit /etc/aiccu.conf and fill in your data. If you have several tunnels, you need to also supplement the tunnel_id option in the file. The following is an example for a dynamic ayiay tunnel.

username <username>
password <password>
protocol tic
server tic.sixxs.net
ipv6_interface sixxs
automatic true
requiretls true
pidfile /var/run/aiccu.pid
defaultroute true
makebeats true
behindnat true

Test the configuration now with:

# systemctl start aiccu

If it works, enable it:

# systemctl enable aiccu

Configuring radvd and LAN side IP of the router: See Router.

Tunnel rc.d script

Tango-view-refresh-red.pngThis article or section is out of date.Tango-view-refresh-red.png

Reason: Needs to be rewritten into systemd service, if still useful. (Discuss in Talk:IPv6 tunnel broker setup#)

For this script to work you will need the iproute2 package installed:

# pacman -S iproute2

Try the following init script to start and stop an IPv6 tunnel once you have registered it with HE. I placed this at /etc/rc.d/6in4-tunnel. Obviously some of the variables up top will need to be filled in.

For DSL users the link_mtu should be set to 1472

#!/bin/bash

if_name=he6in4

# "Server IPv4 Address" under "IPv6 Tunnel Endpoints" on HE tunnel details page
server_ipv4=''

# Your local IP. NOTE: when behind a NAT (even with DMZ),
# use an address of your LOCAL machine, NOT the ROUTER one.
client_ipv4=''

# Your HE-assigned client IP, "Client IPv6 Address" on HE tunnel details page
client_ipv6=''

link_mtu=1480
tunnel_ttl=255

daemon_name=6in4-tunnel

. /etc/rc.conf
. /etc/rc.d/functions

case "$1" in
  start)
    stat_busy "Starting $daemon_name daemon"

    ifconfig $if_name &>/dev/null
    if [ $? -eq 0 ]; then
      stat_busy "Interface $if_name already exists"
      stat_fail
      exit 1
    fi

    # Note from Lekensteyn: removing "local $client_ipv4" seems to work too!
    ip tunnel add $if_name mode sit remote $server_ipv4 local $client_ipv4 ttl $tunnel_ttl
    ip link set $if_name up mtu $link_mtu
    ip addr add $client_ipv6 dev $if_name
    ip route add ::/0 dev $if_name
    # Here is how you would add additional ips....which should be on the eth0 interface
    # "Routed IPv6 Prefixes" on HE tunnel details page
    # ip addr add 2001:XXXX:XXXX:beef:beef:beef:beef:1/64 dev eth0
    # ip addr add 2001:XXXX:XXXX:beef:beef:beef:beef:2/64 dev eth0
    # ip addr add 2001:XXXX:XXXX:beef:beef:beef:beef:3/64 dev eth0

    add_daemon $daemon_name
    stat_done
    ;;

  stop)
    stat_busy "Stopping $daemon_name daemon"

    ifconfig $if_name &>/dev/null
    if [ $? -ne 0 ]; then
      stat_busy "Interface $if_name does not exist"
      stat_fail
      exit 1
    fi

    ip link set $if_name down
    ip tunnel del $if_name
    # Here is how you would del additional ips... if you added them to eth0 interface
    # ip addr del 2001:XXXX:XXXX:beef:beef:beef:beef:1/64 dev eth0
    # ip addr del 2001:XXXX:XXXX:beef:beef:beef:beef:2/64 dev eth0
    # ip addr del 2001:XXXX:XXXX:beef:beef:beef:beef:3/64 dev eth0

    rm_daemon $daemon_name
    stat_done
    ;;

  *)
    echo "usage: $0 {start|stop}"
esac
exit 0

Once you have that all setup how you want you will need to add 6in4-tunnel to your /etc/rc.conf file:

DAEMONS=(... 6in4-tunnel ...)

Using the tunneling with dynamic IPv4 IP

The simplest way of using tunelling with a dynamic IPv4 IP is to set up a cronjob that is going to periodically update your current address. To do that open crontab -e and add, in a new line:

*/10 * * * * wget -O /dev/null https://USERNAME:PASSWORD@ipv4.tunnelbroker.net/ipv4_end.php?tid=TUNNELID >> /dev/null 2>&1

Which should also make wget quiet and not bothering you with emails about its activity. Please replace USERNAME, PASSWORD and TUNNELID by the details of your account and tunnel. I would recommend running the command on its own first, to check if it works. To do that run:

wget https://USERNAME:PASSWORD@ipv4.tunnelbroker.net/ipv4_end.php?tid=TUNNELID