Hurricane Electric's IPv6 Tunnel Broker Forums

General IPv6 Topics => IPv6 Software Applications & Hardware Appliances => Topic started by: samh on February 18, 2008, 03:54:44 PM

Title: Hardware that supports Protocol 41 Tunnels out of the box
Post by: samh on February 18, 2008, 03:54:44 PM
We are looking to compile a list of firewall/CPE devices that by default (With no major changes except maybe a firmware update) support IPv6 over IPv4 tunnels. (Protocol 41 tunneling).

If you are passing your tunnel over a commercial firewall to terminate on a machine behind it, then please let us know what version hardware and firmware you are having success with.

So far we have tested in house:

# Linksys WRT54G firmware 4.21.2
# Linksys WRT54GL firmware 4.30.7 & 4.30.11
# D-Link DGL-4100 firmware 1.6 & 1.7

All of which work.
Title: Re: Hardware that supports Protocol 41 Tunnels out of the box
Post by: amph on February 23, 2008, 07:16:40 PM
Hmm, not sure if it counts as proprietary :P but I imagine any firewall/router/modem device that is capable of DDWRT/OpenWRT would be capable of this. It is interesting though to see which are capable of it out of the box.

amph
Title: Re: Hardware that supports Protocol 41 Tunnels out of the box
Post by: yorick on April 16, 2008, 10:34:27 AM
Works on Nokia IP boxen running CheckPoint. Tested with IPSO 4.1-build045 and CheckPoint VPN-1 NGX R65 HFA02 + ipv6 hotfix. The documentation leaves something to be desired, and tunnels cannot be terminated on the VRRP (virtual) address of a pair. On a single machine, it works fine.
Title: Re: Hardware that supports Protocol 41 Tunnels out of the box
Post by: tufinhas on June 05, 2008, 01:12:02 PM
SpeedTouch 546v6     Firmware 7.4.1.7
Title: Re: Hardware that supports Protocol 41 Tunnels out of the box
Post by: avongauss on June 05, 2008, 05:14:11 PM
D-Link DGL-4500, Firmware 1.02, Virtual Server Rule (protocol 41 to endpoint)
Title: Re: Hardware that supports Protocol 41 Tunnels out of the box
Post by: lorenzoz on June 27, 2008, 02:54:56 AM
Asus WL500g.P support Proto-41-Passthrought but don't work with AICCU (Heartbeat Tunnel)
Title: Re: Hardware that supports Protocol 41 Tunnels out of the box
Post by: broquea on August 11, 2008, 11:33:26 PM
Linksys WRT610N passes protocol 41 out of the box.

Friend is seeing if he can get dd-wrt running on it as well, but at least it does this. Sadly for such a new product, still no native IPv6 support in their firmware/interface.
Title: Re: Hardware that supports Protocol 41 Tunnels out of the box
Post by: drydog on November 17, 2008, 05:37:17 PM
Quote from: samh on February 18, 2008, 03:54:44 PM
We are looking to compile a list of firewall/CPE devices that by default (With no major changes except maybe a firmware update) support IPv6 over IPv4 tunnels. (Protocol 41 tunneling).
I use  D-Link Gaming Router DGL-4300 fw 1.7.
I have NAT enabled. The router works with HE's IPv6 Tunnel Broker out-of-the-box.
This is a regular IPv4-only router.

Direct IPv6 Support with D-Link Routers
Also, D-Link is supposed to support IPv6 directly in some of their (newer?) routers.  They are: D-Link IPv6 support: DI-784 abg, DI-524 bg, DI-624 bg, WBR-1310 g, WBR-2310 g rangebooster, DIR-615 n. See
Ref: http://www.ipv6.org.tw/summit2008/doc/1-4-4.pdf
It would be nice if HE can provide configuration instructions for these routers (although I could probably figure it out myself eventually once I get one).
Title: Re: Hardware that supports Protocol 41 Tunnels out of the box
Post by: broquea on November 22, 2008, 12:03:03 PM
D-Link DIR-615, not 100% confirmed yet, but after reviewing a user's screen shots of the device's web interface out of the box, it appears to let you configure a 6in4 tunnel on it, and plug in the routed /64 to hand out to your LAN.

I'm going to run out to a store and see if I can get one. Mostly for personal use at home, aside from testing it for this HCL. I'll post some screen shots if I can get one and confirm.

I'll have screen shots that hopefully I can sort into example configurations.

EDIT - Looks like this model needs to be HARDWARE Rev. C
EDIT 2 - ftp://ftp.dlink.com/Gateway/dir615_revC/Manual/dir615_revC_manual_300.pdf  start at their page 48, does native, pppoe, 6to4, 6in4
Title: Re: Hardware that supports Protocol 41 Tunnels out of the box
Post by: drydog on November 25, 2008, 12:15:03 AM
The IPv6 configuration choices for D-Link 615 n are
- Link-Local
- Static IPv6 Stateful or Stateless
- DHCPv6 Stateful or Stateless
- IPv6 over PPPoE Stateful or Stateless
- 6 to 4 Tunneling Stateful or Stateless
- IPv6 in IPv4 Tunneling Stateful or Stateless

I think Hurricane electric uses IPv6 in IPv4 Tunneling, as  6 in 4 Tunneling is for isolated networks.

For Stateful or Stateless I think that's just a local (site) choice whether the D-Link router assigns an address with it's own Router Advertisement Network Discovery Protocol daemon (Stateless) or each host sets it's IPv6 address (Stateful).  I could be wrong.

Question: are these statements correct?
Title: Re: Hardware that supports Protocol 41 Tunnels out of the box
Post by: limemonkey on January 28, 2009, 09:29:06 AM
FRITZ!Box Fon WLAN 7170, Firmware-Version 29.04.67 passes protocol 41, but has no Interface to control this beheviour.

Works perfectly from a Mac with os x 10.5.
Title: Re: Hardware that supports Protocol 41 Tunnels out of the box
Post by: itechie on July 25, 2009, 04:49:07 PM
Apple Time Capsule firmware 7.4.2
Title: Re: Hardware that supports Protocol 41 Tunnels out of the box
Post by: Ninho on August 07, 2009, 09:00:51 AM
Old Thomson or Alcatel Speedtouch 510 v4 (firmware 4.2.7.16).

Built-in protocol 41 helper need be disabled ("unbound"), and a NAT rule added specifically to pass proto 41 datagrams to the machine serving as gateway.

In addition for HE tunnels to work (but not 6in4 in general) firewall rules have to be added so that the Speedtouch answers pings.

Title: Re: Hardware that supports Protocol 41 Tunnels out of the box
Post by: jrowens on August 20, 2009, 02:59:27 AM
FWIW, this cheap Actiontec GT701-wg DSL modem passes prot 41 just fine.  That is what you mean, right, not that it has to be able to participate in any IPv6 itself?

Firmware is QW06.5-3.60.3.0.8.6-GT701-WG.  It's the freebie that came with the DSL service.
Title: Re: Hardware that supports Protocol 41 Tunnels out of the box
Post by: dataless on August 20, 2009, 10:09:06 AM
I'm using an old Secure Computing SG570 with firmware Version 3.1.4u5 and it allows tunnels with zero configuration.

It has built in IPv6 support that can be enabled if your ISP supports IPv6, Comcast does not at this time so I cannot test that side of things.  I turned the IPv6 support off because of this.

I did ssh into the router and setup my HE tunnel through the CLI at one point, but it doesn't save the changes upon reboot so I opted not to use this method.  I setup a VMware CentOS to handle IPv6 and DNS locally, it also worked fine when I used a Windows 7 machine to connect directly to the tunnel as well.
Title: Re: Hardware that supports Protocol 41 Tunnels out of the box
Post by: cholzhauer on March 28, 2010, 07:28:14 AM
any of the cisco asa 5500 series will work, as long as you pass all ip traffic.  (no seperate setting for forwarding a single protocol)
Title: Re: Hardware that supports Protocol 41 Tunnels out of the box
Post by: bluthunder on November 22, 2010, 01:38:58 PM
Hi,

Mikrotik Router OS (and Mikrotik Routerboards) works fully.

http://www.mikrotik.com

The full explanation is on their Wiki too:

http://wiki.mikrotik.com/wiki/Setting_up_an_IPv6_tunnel_via_a_tunnel_broker

Regards,
Dave
Title: Re: Hardware that supports Protocol 41 Tunnels out of the box
Post by: mcgurrin on December 14, 2010, 12:04:50 PM
Astaro ASG v8 supports IPv6 with several tunnel brokers out of the box, it does not include tunnelbroker.net but it has a separate section for 6to4 tunnels where you can add the IP for your tunnel server and then you add the routed /64 to your interface, I recommend your internal one for the addresses and your external for the tunnel because the prefix assignment assigns addresses from the prefix on the interface attached to that network.  While Astaro is primarily an expensive business system there is a free full version with all of the features for home for up to 50 devices to run on your own hardware.  If anyone has one set up and wants help setting up IPv6 I can help, I have done it just recently with tunnelbroker.net at one place I work.  To use prefix assignment you must assign a /64 network or it will fail.
Title: Re: Hardware that supports Protocol 41 Tunnels out of the box
Post by: barinthus on February 10, 2011, 08:34:19 AM
All of the Fortinet FortiGate UTM products have supported IP/41 tunnelling for years, initial configuration is from the CLI only, once that is done a new virtual interface appears, you then use that to create IPV6 specific policies which are completely autonomous from the IPV4 policies.

Most of the application layer security services also appear to work on IPV6 connections, including network AV and Web Filtering...

OSPFv3 and BGP support as well as RIPng

native IPv6 IPSec tunnels and SSLVPN support

You can even admin this thing natively over IPv6 connections as of the more recent firmware....

Title: Re: Hardware that supports Protocol 41 Tunnels out of the box
Post by: demize95 on April 25, 2011, 08:08:18 PM
Cisco Linksys E2000 (and presumably the E1000 and E3000 as well) forwards protocol 41 OTB. It doesn't appear to support IPv6 itself though.
Title: Re: Hardware that supports Protocol 41 Tunnels out of the box
Post by: papoanaya on December 30, 2011, 05:17:12 PM
i have a trendnet 639GR and I can tunnel to HE without any problems. The only change I did was to allow traffic from the tunnel end point. The router itself has link local addresses, but there is no way to configure them to a specific address.

Title: Re: Hardware that supports Protocol 41 Tunnels out of the box
Post by: lfoothome on January 15, 2012, 06:36:07 PM
Linksys WRT300N V1.1 running DD-WRT firmware build 13064 and build 13929 works fine to pass protocol 41 to a Tunnel Endpoint behind it.
Title: Re: Hardware that supports Protocol 41 Tunnels out of the box
Post by: azcrumpty on August 31, 2012, 04:51:43 PM
A software list should be made, too.  People already mentioned DD-WRT.  pfSense 2.1 also supports tunnels and I bet Untangle and other Linux one's do as well.
Title: Re: Hardware that supports Protocol 41 Tunnels out of the box
Post by: jmv on April 07, 2013, 08:12:04 PM
Some trendchip modem devices support half-bridge, so an ipv6 router for 6in4 tunneling can be added.

First, turn nat off, then,

poe bridge switch on
ip dhcp enif0 server lease 120
sys save

from the command line.

On my device, this only works with OLDER firmware. The feature is undocumented.
Title: Re: Hardware that supports Protocol 41 Tunnels out of the box
Post by: bloyall on August 19, 2013, 07:14:32 PM
I was unable to get prot 41 through a Zyxel PK5000Z with firmware 3.4.020.0 installed.  Had to put it in bridging mode.  Worked fine then.
Title: Re: Hardware that supports Protocol 41 Tunnels out of the box
Post by: valorisa on June 20, 2014, 04:15:38 AM
And about Netgear WPN824v2 ? Because IPv6 connectivity seems difficult or impossible with a tunnel (6in4).

Thanks.
Title: Re: Hardware that supports Protocol 41 Tunnels out of the box
Post by: Jim Whitby on June 25, 2014, 04:58:22 PM
Ubiquiti EdgeMAX routers support fully an he tunnel. As well as ipv6 firewall.

But! only from the cli.
Title: Re: Hardware that supports Protocol 41 Tunnels out of the box
Post by: sunnyghat on November 30, 2014, 03:19:48 PM
I can confirm that the Asus RT-N66U works,  IPv6 firewall settings under firewall
Title: Re: Hardware that supports Protocol 41 Tunnels out of the box
Post by: wfolta on May 14, 2022, 02:21:05 PM
Sophos XGS firewall works fine. Set up a tunnel, route to it, firewall rules to allow traffic, RA. (Don't do anything with the Gateway, that would be for native IPv6.) Should therefore also work with the Sophos XG Home firewall software on your own hardware -- given that your hardware is supported by XG Home.