• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Hardware that supports Protocol 41 Tunnels out of the box

Started by samh, February 18, 2008, 03:54:44 PM

Previous topic - Next topic


any of the cisco asa 5500 series will work, as long as you pass all ip traffic.  (no seperate setting for forwarding a single protocol)



Astaro ASG v8 supports IPv6 with several tunnel brokers out of the box, it does not include tunnelbroker.net but it has a separate section for 6to4 tunnels where you can add the IP for your tunnel server and then you add the routed /64 to your interface, I recommend your internal one for the addresses and your external for the tunnel because the prefix assignment assigns addresses from the prefix on the interface attached to that network.  While Astaro is primarily an expensive business system there is a free full version with all of the features for home for up to 50 devices to run on your own hardware.  If anyone has one set up and wants help setting up IPv6 I can help, I have done it just recently with tunnelbroker.net at one place I work.  To use prefix assignment you must assign a /64 network or it will fail.


All of the Fortinet FortiGate UTM products have supported IP/41 tunnelling for years, initial configuration is from the CLI only, once that is done a new virtual interface appears, you then use that to create IPV6 specific policies which are completely autonomous from the IPV4 policies.

Most of the application layer security services also appear to work on IPV6 connections, including network AV and Web Filtering...

OSPFv3 and BGP support as well as RIPng

native IPv6 IPSec tunnels and SSLVPN support

You can even admin this thing natively over IPv6 connections as of the more recent firmware....


Cisco Linksys E2000 (and presumably the E1000 and E3000 as well) forwards protocol 41 OTB. It doesn't appear to support IPv6 itself though.


i have a trendnet 639GR and I can tunnel to HE without any problems. The only change I did was to allow traffic from the tunnel end point. The router itself has link local addresses, but there is no way to configure them to a specific address.


Linksys WRT300N V1.1 running DD-WRT firmware build 13064 and build 13929 works fine to pass protocol 41 to a Tunnel Endpoint behind it.


A software list should be made, too.  People already mentioned DD-WRT.  pfSense 2.1 also supports tunnels and I bet Untangle and other Linux one's do as well.


Some trendchip modem devices support half-bridge, so an ipv6 router for 6in4 tunneling can be added.

First, turn nat off, then,

poe bridge switch on
ip dhcp enif0 server lease 120
sys save

from the command line.

On my device, this only works with OLDER firmware. The feature is undocumented.


I was unable to get prot 41 through a Zyxel PK5000Z with firmware installed.  Had to put it in bridging mode.  Worked fine then.


And about Netgear WPN824v2 ? Because IPv6 connectivity seems difficult or impossible with a tunnel (6in4).


Jim Whitby

Ubiquiti EdgeMAX routers support fully an he tunnel. As well as ipv6 firewall.

But! only from the cli.


I can confirm that the Asus RT-N66U works,  IPv6 firewall settings under firewall


Sophos XGS firewall works fine. Set up a tunnel, route to it, firewall rules to allow traffic, RA. (Don't do anything with the Gateway, that would be for native IPv6.) Should therefore also work with the Sophos XG Home firewall software on your own hardware -- given that your hardware is supported by XG Home.