Jump to content

This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

FireBrick IPv6 Tunnel: Difference between revisions

← Older editNewer edit →
Content deleted Content added
AA-Andrew (talk | contribs)
autoreview, Bureaucrats, editor, Interface administrators, reviewer, Administrators
12,616 edits
No edit summary
CrazyTeeka (talk | contribs)
editor
426 edits
m Fixing spelling and grammar and other errors.
Line 1: Line 1:
[[File:2700-small.png|link=:Category:FireBrick]]
[[File:2700-small.png|link=:Category:FireBrick]]


To add a tunnelled IPv6 block to your FireBrick (2500/2700) and advertise it on your LAN subnet is do the following:
To add a tunneled IPv6 block to your FireBrick (2500/2700) and advertise it on your LAN subnet do the following:


==Create a route:==
==Create a route:==
<syntaxhighlight>
<syntaxhighlight>
<route ip="::/0" gateway="81.187.81.6" comment="IPv6 Default route using IPv4 tunnel"/>
<route ip="::/0" gateway="81.187.81.6" comment="IPv6 default route using IPv4 tunnel"/>
</syntaxhighlight>
</syntaxhighlight>
Here, 81.187.81.187 is the AAISP side tunnel endpoint, and we've created an IPv6 default route to it - if you are using someone else for the tunnel, then use their endpoint.
Here 81.187.81.6 is the AAISP tunnel endpoint, and we've created an IPv6 default route to it - if you are using someone else for the tunnel, then use their endpoint.


==Update your subnet to include:==
==Update your LAN subnet to include:==
*ra="true"
*ra="true"
*ra-mtu="1480" (1472 if MTU was 1492 before, eg over PPPoE)
*ra-mtu="1480" (1472 if MTU was 1492 before, eg over PPPoE)
*ra-dns ="2001:8b0::2020 2001:8b0::2021"
*ra-dns="2001:8b0::2020 2001:8b0::2021"
*and add an IPv6 address from your block to the ip= element.
*and add an IPv6 address from your block to the ip="" element.


The smaller MTU is required due to the IPv6 packets being placed inside IPv4 packets.
The smaller MTU is required due to the IPv6 packets being placed inside IPv4 packets.
Line 20: Line 20:


==Add a firewall rule to allow the tunnel in==
==Add a firewall rule to allow the tunnel in==
You'll need to allow the tunnel into your FireBrick with a rule such as:
You may need to allow the tunnel into your FireBrick with a rule such as:
<syntaxhighlight>
<syntaxhighlight>
<rule name="IPv6 tunnel" source-interface="WAN" target-interface="SELF" source-ip="81.187.81.6" protocol="41"/>
<rule name="IPv6 tunnel" source-interface="WAN" target-interface="SELF" source-ip="81.187.81.6" protocol="41"/>
Line 29: Line 29:


<syntaxhighlight>
<syntaxhighlight>
<route comment="Server IPv4 address" ip="::/0" gateway="192.0.2.26"/>
<route comment="Tunnel server IPv4 address" ip="::/0" gateway="192.0.2.26"/>
<loopback comment="Client IPv6 address" ip="2001:DB8:ABCD:123E::2"/>
<loopback comment="Tunnel client IPv6 address" ip="2001:DB8:ABCD:123E::2"/>
</syntaxhighlight>
</syntaxhighlight>


Then create a subnet entry with your Routed /64 (or /48) and firewall rule as above.
Then create a LAN subnet entry with your routed /64 (or /48) and firewall rule as above.




Retrieved from "http://support.aa.net.uk/FireBrick_IPv6_Tunnel"