From Fedora Project Wiki

Revision as of 09:41, 3 November 2016 by Rathann (talk | contribs) (Document how to configure using NetworkManager.)

Introduction

This page details the process for setting up a tunnel broker for IPv6 using Hurricane Electric. While any tunnel broker will work, for this example we are going to use http://www.tunnelbroker.net/ by Hurricane Electric.

Instructions

  1. Go to http://www.tunnelbroker.net/register.php and fill out the form to create a new account.
  2. Login to your account and click on Create Regular Tunnel.
  3. Enter your public IPv4 address in the IPv4 Endpoint field. To find this address, visit http://www.whatismyip.com (Note: You can change your endpoint address later any time if your address is not 100% static). Select the tunnel server closest to you and click on the Create Tunnel button.
  4. You will be given multiple example scripts to set up the tunnel on your end. However, it's recommended that you configure the connection using the nmcli command provided below if you use the default method of managing your network connections (NetworkManager). Alternatively, you can use the script provided below. (Select OS: linux-route2)
  5. Click on Main Page to find a list of your tunnels at the end. You can modify your tunnel, allocate your own /48 or set up rDNS delegation by clicking on the tunnel.
  6. Feel free to enable forwarding on your tunnel machine and assign addresses from your own /64 or /48 to the machines on your network to provide IPv6 connectivity to your own network.

NetworkManager connection

Go to the configuration page of your tunnel (Main Page => Click on your tunnel) to find the settings needed to fill into the sample command below to replace the places where the words are CAPITALIZED.

# nmcli connection add type ip-tunnel con-name sit1 ifname sit1 mode sit \
  remote SERVER_IPV4_ADDRESS -- ipv4.method disabled ipv6.method manual \
  ipv6.address CLIENT_IPV6_ADDRESS ipv6.gateway SERVER_IPV6_ADDRESS \
  ip-tunnel.ttl 64

Afterwards, you can control the tunnel using nmcli. Unfortunately, it won't be visible in any of the interactive tools (nmtui or nm-connection-editor).

The main advantage of this method is that the connection will be managed by NetworkManager and brought up automatically upon reboot without any further configuration.

Example tunnel script

  1. Go to the configuration page of your tunnel (Main Page => Click on your tunnel) to find the settings needed to fill into the sample script below to replace the places where the word CHANGE!!! appears.
    cat << EOF > /usr/local/bin/ipv6-tunnel.sh
    #!/bin/sh
    
    LOCAL=CHANGE!!!                     # Client IPv4 address
    ADDR=CHANGE!!!                      # Client IPv6 address
    REMOTE=CHANGE!!!                    # Server IPv4 address
    
    ip tunnel del he-ipv6 > /dev/null 2>&1
    
    ip tunnel add he-ipv6 mode sit remote ${REMOTE} local ${LOCAL} ttl 255
    ip link set he-ipv6 up
    
    ip addr add ${ADDR} dev he-ipv6
    ip route add ::/0 dev he-ipv6
    EOF
    
  2. Ensure the script is executable
    chmod ugo+x /usr/local/bin/ipv6-tunnel.sh
  3. Finally, simply run the script to bring up the IPv6 tunnel.

Network configuration file

The tunnel can also be configured like any other physical interface. Once this is done, the tunnel can be started and stopped via the ifup and ifdown commands, and the interface can be configured to start on boot. To do so, use the settings from the script above to create the file, /etc/sysconfig/network-scripts/ifcfg-he-ipv6, as follows:

DEVICE=he-ipv6
TYPE=sit
BOOTPROTO=none
ONBOOT=yes                         # set to "no" if you prefer to start the tunnel manually
IPV6INIT=yes
IPV6TUNNELIPV4=CHANGE!!!           # Server IPv4 address
IPV6ADDR=CHANGE!!!                 # Client IPv6 address

Also, add the following to /etc/sysconfig/network:

IPV6_DEFAULTDEV=he-ipv6

This ensures that IPv6 traffic is sent via the tunnel interface.

To bring up the interface, run ifup he-ipv6. To bring the interface down, run ifdown he-ipv6.