Jump to content

This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

FireBrick IPv6 Tunnel: Difference between revisions

FireBrick IPv6 Tunnel (view source)

Revision as of 13:44, 12 August 2014

6 bytes added ,  12 August 2014
m
Fixing spelling and grammar and other errors.
No edit summary
m (Fixing spelling and grammar and other errors.)
[[File:2700-small.png|link=:Category:FireBrick]]
 
To add a tunnelledtunneled IPv6 block to your FireBrick (2500/2700) and advertise it on your LAN subnet is do the following:
 
==Create a route:==
<syntaxhighlight>
<route ip="::/0" gateway="81.187.81.6" comment="IPv6 Defaultdefault route using IPv4 tunnel"/>
</syntaxhighlight>
Here, 81.187.81.1876 is the AAISP side tunnel endpoint, and we've created an IPv6 default route to it - if you are using someone else for the tunnel, then use their endpoint.
 
==Update your LAN subnet to include:==
*ra="true"
*ra-mtu="1480" (1472 if MTU was 1492 before, eg over PPPoE)
*ra-dns ="2001:8b0::2020 2001:8b0::2021"
*and add an IPv6 address from your block to the ip="" element.
 
The smaller MTU is required due to the IPv6 packets being placed inside IPv4 packets.
 
==Add a firewall rule to allow the tunnel in==
You'll may need to allow the tunnel into your FireBrick with a rule such as:
<syntaxhighlight>
<rule name="IPv6 tunnel" source-interface="WAN" target-interface="SELF" source-ip="81.187.81.6" protocol="41"/>
 
<syntaxhighlight>
<route comment="ServerTunnel server IPv4 address" ip="::/0" gateway="192.0.2.26"/>
<loopback comment="ClientTunnel client IPv6 address" ip="2001:DB8:ABCD:123E::2"/>
</syntaxhighlight>
 
Then create a LAN subnet entry with your Routedrouted /64 (or /48) and firewall rule as above.
 
 
CrazyTeeka
editor
426

edits

Retrieved from ‘http://support.aa.net.uk/Special:MobileDiff/6010