Difference between revisions of "IPv6 tunnel broker setup"

From ArchWiki
Jump to: navigation, search
(Tunnel rc.d script)
(flagged broken section links (interactive))
(Tag: wiki-scripts)
 
(28 intermediate revisions by 13 users not shown)
Line 1: Line 1:
 
[[Category:Networking]]
 
[[Category:Networking]]
 +
[[ja:IPv6 トンネルブローカー設定]]
 
Hurricane Electric offers a free [http://tunnelbroker.net/ tunnel broker] service that is relatively painless to use under Arch if you wish to add IPv6 connectivity to an IPv4-only host.
 
Hurricane Electric offers a free [http://tunnelbroker.net/ tunnel broker] service that is relatively painless to use under Arch if you wish to add IPv6 connectivity to an IPv4-only host.
  
Line 8: Line 9:
 
It is not that hard to do. Feel free to fill in the directions here if something seems tricky, but otherwise just go the tunnel broker site and complete the registration.
 
It is not that hard to do. Feel free to fill in the directions here if something seems tricky, but otherwise just go the tunnel broker site and complete the registration.
  
== Tunnel rc.d script ==
+
== Setting up SixXS tunnel ==  
  
For this script to work you will need the iproute2 package installed:
+
First, you need to have {{Pkg|aiccu}} and {{Pkg|radvd}} installed.
  
# pacman -S iproute2
+
Now edit {{ic|/etc/aiccu.conf}} and fill in your data.
 +
If you have several tunnels, you need to also supplement the tunnel_id option in the file.
 +
The following is an example for a dynamic ayiay tunnel.
  
Try the following init script to start and stop an IPv6 tunnel once you have registered it with HE. I placed this at {{ic|/etc/rc.d/6in4-tunnel}}. Obviously some of the variables up top will need to be filled in.
+
{{bc|<nowiki>
 +
username <username>
 +
password <password>
 +
protocol tic
 +
server tic.sixxs.net
 +
ipv6_interface sixxs
 +
automatic true
 +
requiretls true
 +
pidfile /var/run/aiccu.pid
 +
defaultroute true
 +
makebeats true
 +
behindnat true
 +
</nowiki>}}
  
'''For DSL users the link_mtu should be set to 1472'''
+
Test the configuration now with:
 +
# systemctl start aiccu
 +
If it works you can add a dispatcher script for the NetworkManager, so it will start whenever your network is ready. Note that enabling the service via systemd will not work, as the network will not be ready on boot. Please see {{Bug|38221}} for more details.
  
{{bc|<nowiki>
+
{{hc|/etc/NetworkManager/dispatcher.d/99-aiccu|2=
 
#!/bin/bash
 
#!/bin/bash
 +
# -*- coding: utf-8 -*-
 +
# Manual Running/Test: ./99-aiccu eth0 up
 +
if [ -e /sys/fs/cgroup/systemd ]; then
 +
  case "$2" in
 +
    up)
 +
      systemctl start aiccu.service
 +
      ;;
 +
    down)
 +
      systemctl stop aiccu.service
 +
      ;;
 +
  esac
 +
fi
 +
}}
  
if_name=he6in4
+
Configuring radvd and LAN side IP of the router:
 +
See [[Router#IPv6|Router]]{{Broken section link}}.
  
# "Server IPv4 Address" under "IPv6 Tunnel Endpoints" on HE tunnel details page
+
== Setting up Hurricane Electric tunnel ==
server_ipv4=''
+
Create the following systemd unit, replacing bold text with the IP addresses you got from HE:
  
# Your local IP. NOTE: when behind a NAT (even with DMZ),
+
{{Note|If you are behind a NAT (typical home router setup), use your ''local'' IPv4 address for {{ic|'''Client_IPv4_Address'''}}, e.g. {{ic|192.168.0.2}}.}}
# use an address of your LOCAL machine, NOT the ROUTER one.
+
client_ipv4=''
+
  
# Your HE-assigned client IP, "Client IPv6 Address" on HE tunnel details page
+
{{hc|/etc/systemd/system/he-ipv6.service|2=
client_ipv6=''
+
[Unit]
 +
Description=he.net IPv6 tunnel
 +
After=network.target
  
link_mtu=1480
+
[Service]
tunnel_ttl=255
+
Type=oneshot
 +
RemainAfterExit=yes
 +
ExecStart=/usr/bin/ip tunnel add he-ipv6 mode sit remote '''Server_IPv4_Address''' local '''Client_IPv4_Address''' ttl 255
 +
ExecStart=/usr/bin/ip link set he-ipv6 up mtu 1480
 +
ExecStart=/usr/bin/ip addr add '''Client_IPv6_Address''' dev he-ipv6
 +
ExecStart=/usr/bin/ip -6 route add ::/0 dev he-ipv6
 +
ExecStop=/usr/bin/ip -6 route del ::/0 dev he-ipv6
 +
ExecStop=/usr/bin/ip link set he-ipv6 down
 +
ExecStop=/usr/bin/ip tunnel del he-ipv6
  
daemon_name=6in4-tunnel
+
[Install]
 +
WantedBy=multi-user.target
 +
}}
  
. /etc/rc.conf
+
Then start/enable {{ic|he-ipv6.service}}.
. /etc/rc.d/functions
+
  
case "$1" in
+
== systemd-networkd ==
  start)
+
    stat_busy "Starting $daemon_name daemon"
+
  
    ifconfig $if_name &>/dev/null
+
If [[systemd-networkd]] handles your network connections, it's probably a better idea to let it handle tunnel broker too (instead of using a {{ic|.service}} file).
    if [ $? -eq 0 ]; then
+
      stat_busy "Interface $if_name already exists"
+
      stat_fail
+
      exit 1
+
    fi
+
  
    # Note from Lekensteyn: removing "local $client_ipv4" seems to work too!
+
{{hc|/etc/systemd/network/he-tunnel.netdev|<nowiki>
    ip tunnel add $if_name mode sit remote $server_ipv4 local $client_ipv4 ttl $tunnel_ttl
+
[Match]
    ip link set $if_name up mtu $link_mtu
+
    ip addr add $client_ipv6 dev $if_name
+
[NetDev]
    ip route add ::/0 dev $if_name
+
Name=he-ipv6
    # Here is how you would add additional ips....which should be on the eth0 interface
+
Kind=sit
    # ip addr add 2001:XXXX:XXXX:beef:beef:beef:beef:1/64 dev eth0
+
MTUBytes=1480
    # ip addr add 2001:XXXX:XXXX:beef:beef:beef:beef:2/64 dev eth0
+
    # ip addr add 2001:XXXX:XXXX:beef:beef:beef:beef:3/64 dev eth0
+
[Tunnel]
 +
Local=<local IPv4>
 +
Remote=<tunnel endpoint>
 +
TTL=255
 +
</nowiki>}}
  
    add_daemon $daemon_name
+
{{hc|/etc/systemd/network/he-tunnel.network|<nowiki>
    stat_done
+
[Match]
    ;;
+
Name=he-ipv6
 +
 +
[Network]
 +
Address=<local IPv6>
 +
Gateway=<IPv6 gateway>
 +
DNS=2001:4860:4860::8888
 +
DNS=2001:4860:4860::8844
 +
</nowiki>}}
  
  stop)
+
And, add this line to {{ic|[Network]}} section of your default Internet connection {{ic|.network}} file:
    stat_busy "Stopping $daemon_name daemon"
+
  
    ifconfig $if_name &>/dev/null
+
Tunnel=he-ipv6
    if [ $? -ne 0 ]; then
+
      stat_busy "Interface $if_name does not exist"
+
      stat_fail
+
      exit 1
+
    fi
+
  
    ip link set $if_name down
+
== Using the tunneling with dynamic IPv4 IP ==
    ip tunnel del $if_name
+
  
    rm_daemon $daemon_name
+
The simplest way of using tunelling with a dynamic IPv4 IP is to set up a cronjob that is going to periodically update your current address. To do that open {{ic|crontab -e}} and add, in a new line:
    stat_done
+
    ;;
+
  
  *)
+
{{bc|<nowiki>
    echo "usage: $0 {start|stop}"
+
*/10 * * * * wget -O /dev/null https://USERNAME:PASSWORD@ipv4.tunnelbroker.net/ipv4_end.php?tid=TUNNELID >> /dev/null 2>&1
esac
+
exit 0
+
 
</nowiki>}}
 
</nowiki>}}
  
== Start tunnel at boot time ==
 
Once you have that all setup how you want you will need to add {{ic|6in4-tunnel}} to your {{ic|/etc/rc.conf}} file:
 
{{bc|1=
 
DAEMONS=(... 6in4-tunnel ...)
 
}}
 
 
== Using the tunneling with dynamic IPv4 IP ==
 
The simplest way of using tunelling with a dynamic IPv4 IP is to set up a cronjob that is going to periodically update your current address.
 
To do that open {{ic|crontab -e}} and add, in a new line:
 
{{bc|1=
 
*/10 * * * * wget -O /dev/null https://USERNAME:PASSWORD@ipv4.tunnelbroker.net/ipv4_end.php?tid=TUNNELID >> /dev/null 2>&1
 
}}
 
 
Which should also make wget quiet and not bothering you with emails about its activity. Please replace USERNAME, PASSWORD and TUNNELID by the details of your account and tunnel. I would recommend running the command on its own first, to check if it works. To do that run:
 
Which should also make wget quiet and not bothering you with emails about its activity. Please replace USERNAME, PASSWORD and TUNNELID by the details of your account and tunnel. I would recommend running the command on its own first, to check if it works. To do that run:
{{bc|1=
+
 
 +
{{bc|<nowiki>
 
wget https://USERNAME:PASSWORD@ipv4.tunnelbroker.net/ipv4_end.php?tid=TUNNELID
 
wget https://USERNAME:PASSWORD@ipv4.tunnelbroker.net/ipv4_end.php?tid=TUNNELID
}}
+
</nowiki>}}

Latest revision as of 10:35, 7 August 2016

Hurricane Electric offers a free tunnel broker service that is relatively painless to use under Arch if you wish to add IPv6 connectivity to an IPv4-only host.

These instructions work for SixXS tunnels as well.

Registering for a tunnel

It is not that hard to do. Feel free to fill in the directions here if something seems tricky, but otherwise just go the tunnel broker site and complete the registration.

Setting up SixXS tunnel

First, you need to have aiccu and radvd installed.

Now edit /etc/aiccu.conf and fill in your data. If you have several tunnels, you need to also supplement the tunnel_id option in the file. The following is an example for a dynamic ayiay tunnel.

username <username>
password <password>
protocol tic
server tic.sixxs.net
ipv6_interface sixxs
automatic true
requiretls true
pidfile /var/run/aiccu.pid
defaultroute true
makebeats true
behindnat true

Test the configuration now with:

# systemctl start aiccu

If it works you can add a dispatcher script for the NetworkManager, so it will start whenever your network is ready. Note that enabling the service via systemd will not work, as the network will not be ready on boot. Please see FS#38221 for more details.

/etc/NetworkManager/dispatcher.d/99-aiccu
#!/bin/bash
# -*- coding: utf-8 -*-
# Manual Running/Test: ./99-aiccu eth0 up
if [ -e /sys/fs/cgroup/systemd ]; then
  case "$2" in
    up)
      systemctl start aiccu.service
      ;;
    down)
      systemctl stop aiccu.service
      ;;
  esac
fi

Configuring radvd and LAN side IP of the router: See Router[broken link: invalid section].

Setting up Hurricane Electric tunnel

Create the following systemd unit, replacing bold text with the IP addresses you got from HE:

Note: If you are behind a NAT (typical home router setup), use your local IPv4 address for Client_IPv4_Address, e.g. 192.168.0.2.
/etc/systemd/system/he-ipv6.service
[Unit]
Description=he.net IPv6 tunnel
After=network.target

[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/bin/ip tunnel add he-ipv6 mode sit remote Server_IPv4_Address local Client_IPv4_Address ttl 255
ExecStart=/usr/bin/ip link set he-ipv6 up mtu 1480
ExecStart=/usr/bin/ip addr add Client_IPv6_Address dev he-ipv6
ExecStart=/usr/bin/ip -6 route add ::/0 dev he-ipv6
ExecStop=/usr/bin/ip -6 route del ::/0 dev he-ipv6
ExecStop=/usr/bin/ip link set he-ipv6 down
ExecStop=/usr/bin/ip tunnel del he-ipv6

[Install]
WantedBy=multi-user.target

Then start/enable he-ipv6.service.

systemd-networkd

If systemd-networkd handles your network connections, it's probably a better idea to let it handle tunnel broker too (instead of using a .service file).

/etc/systemd/network/he-tunnel.netdev
[Match]
 
[NetDev]
Name=he-ipv6
Kind=sit
MTUBytes=1480
 
[Tunnel]
Local=<local IPv4>
Remote=<tunnel endpoint>
TTL=255
/etc/systemd/network/he-tunnel.network
[Match]
Name=he-ipv6
 
[Network]
Address=<local IPv6>
Gateway=<IPv6 gateway>
DNS=2001:4860:4860::8888
DNS=2001:4860:4860::8844

And, add this line to [Network] section of your default Internet connection .network file:

Tunnel=he-ipv6

Using the tunneling with dynamic IPv4 IP

The simplest way of using tunelling with a dynamic IPv4 IP is to set up a cronjob that is going to periodically update your current address. To do that open crontab -e and add, in a new line:

*/10 * * * * wget -O /dev/null https://USERNAME:PASSWORD@ipv4.tunnelbroker.net/ipv4_end.php?tid=TUNNELID >> /dev/null 2>&1

Which should also make wget quiet and not bothering you with emails about its activity. Please replace USERNAME, PASSWORD and TUNNELID by the details of your account and tunnel. I would recommend running the command on its own first, to check if it works. To do that run:

wget https://USERNAME:PASSWORD@ipv4.tunnelbroker.net/ipv4_end.php?tid=TUNNELID