IPv6 tunnel broker setup
This article introduces a method for obtaining an IPv6 address using 6in4, also known as SIT.
The following sections will use the tunnel service provided by Hurricane Electric as a setup example. Hurricane Electric offers a free tunnel broker service to add IPv6 connectivity to an IPv4-only host. Read the "Tunnel Broker" section of their FAQ for a list of prerequisites.
Registering for a tunnel
Registering for a tunnel on its website.
Setting up Hurricane Electric tunnel
There is some ways you can achieve this, such as using the ip command to test the tunnel manually, a custom systemd unit, or using a Network Manager like #systemd-networkd.
Custom systemd unit
Create the following systemd unit, replacing bold text with the IP addresses you got from Hurricane Electric:
client_IPv4_address
, e.g. 192.168.0.2
./etc/systemd/system/he-ipv6.service
[Unit] Description=he.net IPv6 tunnel After=network.target [Service] Type=oneshot RemainAfterExit=yes ExecStart=/usr/bin/ip tunnel add he-ipv6 mode sit remote server_IPv4_address local client_IPv4_address ttl 255 ExecStart=/usr/bin/ip link set he-ipv6 up mtu 1480 ExecStart=/usr/bin/ip addr add client_IPv6_address dev he-ipv6 ExecStart=/usr/bin/ip -6 route add ::/0 dev he-ipv6 ExecStop=/usr/bin/ip -6 route del ::/0 dev he-ipv6 ExecStop=/usr/bin/ip link set he-ipv6 down ExecStop=/usr/bin/ip tunnel del he-ipv6 [Install] WantedBy=multi-user.target
Then start/enable he-ipv6.service
.
ExecStart
manually to setup a temporary tunnel. It will not persist after reboot.systemd-networkd
If systemd-networkd handles your network connections, it is probably a better idea to let it handle tunnel broker too (instead of using a .service file).
/etc/systemd/network/he-tunnel.netdev
[Match] [NetDev] Name=he-ipv6 Kind=sit MTUBytes=1480 [Tunnel] # IPv6 Tunnel Endpoints|Server IPv4 Address Remote=216.66.80.30 # Local IPv4 | NAT-Address Local=192.168.0.2 TTL=255
/etc/systemd/network/he-tunnel.network
[Match] Name=he-ipv6 [Network] # IPv6 Tunnel Endpoints|Client IPv6 Address>/64 Address=2001:470:NNNN:NNNN::2/64 # IPv6 Tunnel Endpoints|Server IPv6 Address Gateway=2001:470:NNNN:NNNN::1 DNS=2001:4860:4860::8888 DNS=2001:4860:4860::8844 [Route] # IPv6 Tunnel Endpoints|Server IPv6 Address Gateway=2001:470:NNNN:NNNN::1 Destination=::/0 [RoutingPolicyRule] # IPv6 Tunnel Endpoints|Client IPv6 Address>/64 From=2001:470:NNNN:NNNN::2/64 [RoutingPolicyRule] # Routed IPv6 Prefixes|Routed 64>/64 - OR - Routed IPv6 Prefixes|Routed 48>/48 From=2001:470:NNNN::/48
Replace all NNNN to your own address.
And, add this line to [Network]
section of your default Internet connection .network file:
/etc/systemd/network/DEVICE.network
Tunnel=he-ipv6
Using the tunneling with dynamic IPv4 IP
Updating via cron job
The simplest way of using tunnelling with a dynamic IPv4 IP is to set up a cron job that is going to periodically update your current address. The example URL and an Update Key can be found in the Advanced tab of the Tunnel Details page.
To check if the update works, run the following command (replace USERNAME
, UPDATEKEY
and TUNNELID
by the details of your account and tunnel):
$ wget -O - https://USERNAME:UPDATEKEY@ipv4.tunnelbroker.net/nic/update?hostname=TUNNELID
If it works, create a cron job by opening crontab -e
and adding a new line:
*/10 * * * * wget -q -O /dev/null https://USERNAME:UPDATEKEY@ipv4.tunnelbroker.net/nic/update?hostname=TUNNELID
Updating via ddclient
Alternatively this can be configured by installing ddclient and configuring /etc/ddclient.conf
:
protocol=dyndns2 use=web web=checkip.dns.he.net server=ipv4.tunnelbroker.net ssl=yes login=USERNAME password=UPDATEKEY TUNNELID
And finally start/enable ddclient.service
.