FireBrick IPv6 Tunnel: Difference between revisions

Back up to the Tunnels Category
From AAISP Support Site
m (Fixing spelling and grammar and other errors.)
(clean up)
(9 intermediate revisions by 3 users not shown)
Line 1: Line 1:
<indicator name="FireBrick Tunnels">[[File:FBimgtunnel.svg|link=:Category:FireBrick Tunnels|30px|Back up to the Tunnels Category]]</indicator>
[[File:2700-small.png|link=:Category:FireBrick]]
[[File:2700-small.png|link=:Category:FireBrick]]


To add a tunneled IPv6 block to your FireBrick (2500/2700) and advertise it on your LAN subnet do the following:
To add a tunneled IPv6 block to your FireBrick (2500/2700) and advertise it on your LAN subnet do the following:


==Create a route:==
=Create a route=
<syntaxhighlight>
<syntaxhighlight>
<route ip="::/0" gateway="81.187.81.6" comment="IPv6 default route using IPv4 tunnel"/>
<route ip="::/0" gateway="81.187.81.6" comment="IPv6 default route using IPv4 tunnel"/>
Line 9: Line 10:
Here 81.187.81.6 is the AAISP tunnel endpoint, and we've created an IPv6 default route to it - if you are using someone else for the tunnel, then use their endpoint.
Here 81.187.81.6 is the AAISP tunnel endpoint, and we've created an IPv6 default route to it - if you are using someone else for the tunnel, then use their endpoint.



==Update your LAN subnet to include:==
=Update your LAN subnet to include=
*ra="true"
*ra="true"
*ra-mtu="1480" (1472 if MTU was 1492 before, eg over PPPoE)
*ra-mtu="1480" (1472 if MTU was 1492 before, e.g. over PPPoE)
*ra-dns="2001:8b0::2020 2001:8b0::2021"
*ra-dns="2001:8b0::2020 2001:8b0::2021"
*and add an IPv6 address from your block to the ip="" element.
*and add an IPv6 address from your block to the ip= element.


The smaller MTU is required due to the IPv6 packets being placed inside IPv4 packets.
The smaller MTU is required due to the IPv6 packets being placed inside IPv4 packets.
Line 19: Line 21:
Once saved, machines on your LAN should be given IPv6 addresses, and they will use the FireBrick as their IPv6 gateway, which in turn will use the tunnel endpoint.
Once saved, machines on your LAN should be given IPv6 addresses, and they will use the FireBrick as their IPv6 gateway, which in turn will use the tunnel endpoint.



==Add a firewall rule to allow the tunnel in==
=Add a firewall rule to allow the tunnel in=
You may need to allow the tunnel into your FireBrick with a rule such as:
You may need to allow the tunnel into your FireBrick with a rule such as:
<syntaxhighlight>
<syntaxhighlight>
Line 25: Line 28:
</syntaxhighlight>
</syntaxhighlight>



==Hurricane Electric tunnelbroker.net tunnel==
=Hurricane Electric tunnelbroker.net tunnel=
It's also really easy to set up an IPv6 tunnel from http://tunnelbroker.net if you are using a FB2700 on an ISP which doesn't already support IPv6. If the details for your tunnel on your control panel say your server IPv4 address is 192.0.2.26 and your client IPv6 is 2001:DB8:ABCD:123E::2 then you would put the following in your config:
It's also really easy to set up an IPv6 tunnel from http://tunnelbroker.net if you are using a FB2700 on an ISP which doesn't already support IPv6. If the details for your tunnel on your control panel say your server IPv4 address is 192.0.2.26 and your client IPv6 is 2001:DB8:ABCD:123E::2 then you would put the following in your config:


Line 36: Line 40:




[[Category:FireBrick]] [[Category:IPv6]]
[[Category:FireBrick Tunnels|IPv6 Tunnels]]

Revision as of 23:54, 17 August 2018

2700-small.png

To add a tunneled IPv6 block to your FireBrick (2500/2700) and advertise it on your LAN subnet do the following:

Create a route

<route ip="::/0" gateway="81.187.81.6" comment="IPv6 default route using IPv4 tunnel"/>

Here 81.187.81.6 is the AAISP tunnel endpoint, and we've created an IPv6 default route to it - if you are using someone else for the tunnel, then use their endpoint.


Update your LAN subnet to include

  • ra="true"
  • ra-mtu="1480" (1472 if MTU was 1492 before, e.g. over PPPoE)
  • ra-dns="2001:8b0::2020 2001:8b0::2021"
  • and add an IPv6 address from your block to the ip= element.

The smaller MTU is required due to the IPv6 packets being placed inside IPv4 packets.

Once saved, machines on your LAN should be given IPv6 addresses, and they will use the FireBrick as their IPv6 gateway, which in turn will use the tunnel endpoint.


Add a firewall rule to allow the tunnel in

You may need to allow the tunnel into your FireBrick with a rule such as:

<rule name="IPv6 tunnel" source-interface="WAN" target-interface="SELF" source-ip="81.187.81.6" protocol="41"/>


Hurricane Electric tunnelbroker.net tunnel

It's also really easy to set up an IPv6 tunnel from http://tunnelbroker.net if you are using a FB2700 on an ISP which doesn't already support IPv6. If the details for your tunnel on your control panel say your server IPv4 address is 192.0.2.26 and your client IPv6 is 2001:DB8:ABCD:123E::2 then you would put the following in your config:

<route comment="Tunnel server IPv4 address" ip="::/0" gateway="192.0.2.26"/>
<loopback comment="Tunnel client IPv6 address" ip="2001:DB8:ABCD:123E::2"/>

Then create a LAN subnet entry with your routed /64 (or /48) and firewall rule as above.