IPv6 tunnel broker setup

From ArchWiki

Hurricane Electric offers a free tunnel broker service that is relatively painless to use under Arch if you wish to add IPv6 connectivity to an IPv4-only host. Read the "Tunnel Broker" section of their FAQ for a list of prerequisites.

Registering for a tunnel

It is not that hard to do. Feel free to fill in the directions here if something seems tricky, but otherwise just go the tunnel broker site and complete the registration.

Setting up Hurricane Electric tunnel

Create the following systemd unit, replacing bold text with the IP addresses you got from Hurricane Electric:

Note: If you are behind a NAT (typical home router setup), use your local IPv4 address for client_IPv4_address, e.g. 192.168.0.2.
/etc/systemd/system/he-ipv6.service
[Unit]
Description=he.net IPv6 tunnel
After=network.target

[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/bin/ip tunnel add he-ipv6 mode sit remote server_IPv4_address local client_IPv4_address ttl 255
ExecStart=/usr/bin/ip link set he-ipv6 up mtu 1480
ExecStart=/usr/bin/ip addr add client_IPv6_address dev he-ipv6
ExecStart=/usr/bin/ip -6 route add ::/0 dev he-ipv6
ExecStop=/usr/bin/ip -6 route del ::/0 dev he-ipv6
ExecStop=/usr/bin/ip link set he-ipv6 down
ExecStop=/usr/bin/ip tunnel del he-ipv6

[Install]
WantedBy=multi-user.target

Then start/enable he-ipv6.service.

systemd-networkd

If systemd-networkd handles your network connections, it is probably a better idea to let it handle tunnel broker too (instead of using a .service file). 

/etc/systemd/network/he-tunnel.netdev
[Match]
 
[NetDev]
Name=he-ipv6
Kind=sit
MTUBytes=1480
 
[Tunnel]
Local=<local IPv4>
Remote=<tunnel endpoint>
TTL=255

/etc/systemd/network/he-tunnel.network
[Match]
Name=he-ipv6
 
[Network]
Address=<local IPv6>
Gateway=<IPv6 gateway>
DNS=2001:4860:4860::8888
DNS=2001:4860:4860::8844

And, add this line to [Network] section of your default Internet connection .network file: 

Tunnel=he-ipv6

Using the tunneling with dynamic IPv4 IP

Updating via cron job

The simplest way of using tunnelling with a dynamic IPv4 IP is to set up a cron job that is going to periodically update your current address. The example URL and an Update Key can be found in the Advanced tab of the Tunnel Details page.

To check if the update works, run the following command (replace USERNAME, UPDATEKEY and TUNNELID by the details of your account and tunnel): 

$ wget -O - https://USERNAME:UPDATEKEY@ipv4.tunnelbroker.net/nic/update?hostname=TUNNELID

If it works, create a cron job by opening crontab -e and adding a new line: 

*/10 * * * * wget -q -O /dev/null https://USERNAME:UPDATEKEY@ipv4.tunnelbroker.net/nic/update?hostname=TUNNELID

Updating via ddclient

Alternatively this can be configured by installing ddclient and configuring /etc/ddclient.conf: 

protocol=dyndns2
use=web
web=checkip.dns.he.net
server=ipv4.tunnelbroker.net
ssl=yes
login=USERNAME
password=UPDATEKEY
TUNNELID

And finally start/enable ddclient.service.

Retrieved from "https://wiki.archlinux.org/index.php?title=IPv6_tunnel_broker_setup&oldid=786187"