How to: Debian & Ubuntu static 6in4 tunnel config (/etc/network/interfaces)

[tedp]

I noticed in Owen DeLong's Linux Administration slides that using /etc/network/interfaces was not supported in Debian, but I wanted to provide a simple example of how it can be done. Here is the configuration I'm using in /etc/network/interfaces:

auto he-ipv6
iface he-ipv6 inet6 v4tunnel
       address 2001:db8:0f10:99d::2
       netmask 64
       endpoint 209.51.181.2
       ttl 255
       gateway 2001:db8:0f10:99d::1

You can grab the necessary fields from the Linux-route2 configuration instructions, eg. here are mine so you can see how they map.

modprobe ipv6
ip tunnel add he-ipv6 mode sit remote 209.51.181.2 local 198.51.100.164 ttl 255
ip link set he-ipv6 up
ip addr add 2001:db8:0f10:99d::2/64 dev he-ipv6
ip route add ::/0 dev he-ipv6
ip -f inet6 addr

The remote address is the endpoint address in the interfaces file and the IPv6 address is the interface address. The gateway is not listed in the Linux-route2 instructions, but can be found on your tunnelbroker.net Tunnel Details page, listed as "Server IPv6 address". It is the same as your IPv6 address, but ending in ::1 rather than ::2.

Once you've put those entries in your /etc/network/interfaces, run ifup he-ipv6 to enable the tunnel.

DNS

To use HE's IPv6-whitelisted DNS servers, add the following line to your tunnel configuration in /etc/network/interfaces, right after the "gateway" line:
       dns-nameservers 2001:470:20::2 74.82.42.42

If you're concerned about the possibility of tunnel connectivity problems (eg. you have a dynamic IPv4 address), consider leaving out the IPv6 address, because the IPv4 address will still be accessible if your tunnel is down.

To apply the new DNS servers, run ifdown he-ipv6; ifup he-ipv6

Notes:
- You can specify the local IPv4 endpoint address, but it's not necessary in most setups. In particular if you have protocol 41 forwarded to your machine (eg. by a home router) then you must not include the "local" option.

(Edit: Changed my IP addresses to be in documentation subnets. Endpoint (he.net) IP address retained in case it helps people recognize it.)
(Edit 2: Used the "gateway" option instead of post-up and pre-down "route -6" commands.)
(Edit 3: Removed the "local" address as it's not necessary. Added DNS section.)

[JRey]

Thanks for this. Makes it much easier for us to map which is what. This is post is even linked to on the Debian IPv6 Wiki page now.

Only thing you didn't mention was how to setup the IPv6 DNS/nameserver. I just copied the Anycasted IPv6 Caching Nameserver listed at the Tunnel Details screen & put in a new line at /etc/resolv.conf. Now everything works fine!  ;D

[tedp]

You can add the dns-nameservers option to have them configured, just add it like this

iface he-ipv6 inet6 v4tunnel
   ...
   dns-nameservers 2001:470:20::2 74.82.42.42

Since they are accessible over IPv4 I have that in the IPv4 interface configuration rather than the tunnel config.

(Edit: use HE's IPv6-whitelisted DNS servers.)

[owen]

Ted,

I know this is long overdue, but, yes, thanks for posting. This was added to Debian/Ubuntu in versions which came out after I produced the slides in question.

I've now had a chance to validate the configuration on Ubuntu and will be updating the slides for future presentations.

I'm also going to encourage the maintainers of the tunnel-broker site to add this to the list of configuration templates.

[crosser]

You might want to have your outgoing connections to originate from an address from your routed prefix rather than from the address of the tunnel endpoint. One reason for that is to have the name into which the address resolves under your control.

One way to achieve that is to assign an address chosen from the routed prefix to some other interface on your host (even to 'lo' if you wish), and mark the endpoint address of the tunnel "deprecated". This will prevent Linux from setting this address as the source address of the outgoing IP packets. Reference: http://www.davidc.net/networking/ipv6-source-address-selection-linux

Code Select Expand

ip -6 addr change 2001:db8:0f10:99d::2/64 dev he-ipv6 preferred_lft 0

this command may be added as an 'up' element into the 'iface he-ipv6' section.