Configuring a tunnel under Linux

[broquea]

Users will always be able to view the example configurations provided in the tunnelbroker.net interface, however we also wanted to make them available on the forums. I'll cover both the ifconfig and ip commands used. I won't be using valid IPv4/IPv6 information in the examples, but the example configurations in the broker's interface will provide the full commands with your relevant account information.

Legend of variables:
$ipv4a = tunnel server's IPv4 IP
$ipv4b = user's IPv4 IP
$ipv6a = tunnel server's side of point-to-point /64 allocation
$ipv6b = user's side of point-to-point /64 allocation

Using ifconfig:

ifconfig sit0 up
ifconfig sit0 inet6 tunnel ::$ipv4a
ifconfig sit1 up
ifconfig sit1 inet6 add $ipv6b
route -A inet6 add ::/0 dev sit1

Using ip:

ip tunnel add he-ipv6 mode sit remote $ipv4a local $ipv4b ttl 255
ip link set he-ipv6 up
ip addr add $ipv6b dev he-ipv6
ip route add ::/0 dev he-ipv6

[broquea]

I slapped together a video presentation on setting up a Linux tunnel behind a firewall that passes Protocol41:

http://www.youtube.com/watch?v=4o7sk97mItM

Full resolution version here: http://broquea.corp.he.net/videos/tutorial.ogv  (Ogg/Vorbis/Theora, used recordMyDesktop under Linux)

I'm working on some for MacOS X & Vista/XP, and will post them in the respective forum topics.

[EDIT] - Thanks e164, I had nuked the .htaccess fixing that by accident, and it is back in place now.

[eonesixfour]

I haven't watched yet, but it's good of you to do this for people, you might want to link this on the main website.

Also the server is sending out the mime/type as text/html and you might want to change this to something else

[fletteboer]

For Debian-based distros, you can put the following in /etc/network/interfaces and have it configured automatically when the system boots up:

Code:

auto he-ipv6
iface he-ipv6 inet6 v4tunnel
endpoint $ipv4a
address $ipv6b
netmask 64
up ip -6 route add default dev he-ipv6
down ip -6 route del default dev he-ipv6
mtu 1480

[freese60]

Hello from Hamburg, Germany,

i just tried to set up a tunnel concerning several of the here suggested solutions, but it didn´ t work. I use Debian Etch here and the solution I found and that works is as follows (for permanent setup via -interfaces-):

# Hurricane Electric Tunnel aufbauen
auto he-ipv6
iface he-ipv6 inet6 v4tunnel
     endpoint $ipv4a
     address  2001:0470:xxxx:xxxx::2
     netmask  64
     mtu 1480
     up ip -6 route add 2000::/3 dev he-ipv6

(xxxx means your nummers)


You can test the tunnel via  http://www.kame.net, the easiest way to see if a ipv6 tunnel works. If the turtle on the screen moves, then you got ipv6 working.

[miggy]

On Debian Lenny just now here's what I needed in /etc/network/interfaces:

Code:

auto he-ipv6
iface he-ipv6 inet6 v4tunnel
        endpoint   <Server IPv4 address>
        local      <Client IPv4 address>
        ttl        255
        address    <Client IPv6 address>
        netmask    64
        mtu        1480

The bits in <> use the same labels as the current he.net 'Tunnel Details' pages.

[jrowens]

Here's what I have in a Fedora system, in /etc/sysconfig/network-scripts/ifcfg-sit1 (there are three files with this name, hardlinked to each other).

Code:

# Hurricane Electric V6V4 tunnel
NAME="Hurricane Electric SIT"
DEVICE=sit1
ONBOOT=yes
USERCTL=yes
BOOTPROTO=none
PEERDNS=no

IPV6INIT=yes
IPV6_AUTOTUNNEL=yes
IPV6ADDR="$ipv6b/64"
# IPV6ADDR_SECONDARIES=""
IPV6_MTU=1280
IPV6_ROUTER=yes
IPV6_AUTOCONF=no

IPV6_CONTROL_RADVD=yes
IPV6TUNNELIPV4=$ipv4a
IPV6TUNNELIPV4LOCAL=$ipv4b

PHYSDEV=eth0
TYPE=sit
DEVICETYPE=sit
NM_CONTROLLED=no

You might want to turn off USERCTL, and tinker with the MTU; mine's at the minimum.  IPV6_AUTOTUNNEL and IPV6_AUTOCONF are mysteries to me, but it works with those values.  I'm not sure if PHYSDEV is necessary, but if it is, it's the interface with $ipv4b on it.  TYPE and DEVICETYPE are probably redundant, but I'm not sure which one is really needed.  You could try letting NetworkManager control it with NM_CONTROLLED, but if you do, you're on your own.

IPV6ADDR_SECONDARIES could be filled with extra addresses from your routed /64 and /48, if you want your routing Linux box to be able to use those addresses.  Maybe.

And of course, in your /etc/sysconfig/network file, you should have "IPV6_DEFAULTDEV=sit1".  If you like, you can also include "IPV6_DEFAULTGW=$ipv6a".

Edit: Minor typo in env variable name.

[jg]

The bits in <> use the same labels as the current he.net 'Tunnel Details' pages; and note that cutting and pasting addresses from the page which include the /64 at the end isn't helpful 

I added lines for up and down (Ubuntu Koala alpha):

Code:

auto he-ipv6
iface he-ipv6 inet6 v4tunnel
        endpoint   <Server IPv4 address>
        local      <Client IPv4 address>
        ttl        255
        address    <Client IPv6 address>
        netmask    64
        mtu        1480
up ip -6 route add default dev he-ipv6
down ip -6 route del default dev he-ipv6

[xdaxdb]

I am trying to make my tunnel configuration persistent, as in it will still be there when my system reboots. I used the code generated by the example configuration tool:

Code:

modprobe ipv6
ip tunnel add he-ipv6 mode sit remote 66.220.18.42 local x.x.x.x ttl 255
ip link set he-ipv6 up
ip addr add x:x:x:x::2/64 dev he-ipv6
ip route add ::/0 dev he-ipv6
ip -f inet6 addr

What would be the proper way to make this configuration persistent/permanent?

I am using Linux, CentOS 5.4

Thanks