• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Hardware that supports Protocol 41 Tunnels out of the box

Started by samh, February 18, 2008, 03:54:44 PM

Previous topic - Next topic

samh

We are looking to compile a list of firewall/CPE devices that by default (With no major changes except maybe a firmware update) support IPv6 over IPv4 tunnels. (Protocol 41 tunneling).

If you are passing your tunnel over a commercial firewall to terminate on a machine behind it, then please let us know what version hardware and firmware you are having success with.

So far we have tested in house:

# Linksys WRT54G firmware 4.21.2
# Linksys WRT54GL firmware 4.30.7 & 4.30.11
# D-Link DGL-4100 firmware 1.6 & 1.7

All of which work.

amph

Hmm, not sure if it counts as proprietary :P but I imagine any firewall/router/modem device that is capable of DDWRT/OpenWRT would be capable of this. It is interesting though to see which are capable of it out of the box.

amph

yorick

Works on Nokia IP boxen running CheckPoint. Tested with IPSO 4.1-build045 and CheckPoint VPN-1 NGX R65 HFA02 + ipv6 hotfix. The documentation leaves something to be desired, and tunnels cannot be terminated on the VRRP (virtual) address of a pair. On a single machine, it works fine.

tufinhas


avongauss

D-Link DGL-4500, Firmware 1.02, Virtual Server Rule (protocol 41 to endpoint)

lorenzoz

Asus WL500g.P support Proto-41-Passthrought but don't work with AICCU (Heartbeat Tunnel)

broquea

Linksys WRT610N passes protocol 41 out of the box.

Friend is seeing if he can get dd-wrt running on it as well, but at least it does this. Sadly for such a new product, still no native IPv6 support in their firmware/interface.

drydog

Quote from: samh on February 18, 2008, 03:54:44 PM
We are looking to compile a list of firewall/CPE devices that by default (With no major changes except maybe a firmware update) support IPv6 over IPv4 tunnels. (Protocol 41 tunneling).
I use  D-Link Gaming Router DGL-4300 fw 1.7.
I have NAT enabled. The router works with HE's IPv6 Tunnel Broker out-of-the-box.
This is a regular IPv4-only router.

Direct IPv6 Support with D-Link Routers
Also, D-Link is supposed to support IPv6 directly in some of their (newer?) routers.  They are: D-Link IPv6 support: DI-784 abg, DI-524 bg, DI-624 bg, WBR-1310 g, WBR-2310 g rangebooster, DIR-615 n. See
Ref: http://www.ipv6.org.tw/summit2008/doc/1-4-4.pdf
It would be nice if HE can provide configuration instructions for these routers (although I could probably figure it out myself eventually once I get one).

broquea

D-Link DIR-615, not 100% confirmed yet, but after reviewing a user's screen shots of the device's web interface out of the box, it appears to let you configure a 6in4 tunnel on it, and plug in the routed /64 to hand out to your LAN.

I'm going to run out to a store and see if I can get one. Mostly for personal use at home, aside from testing it for this HCL. I'll post some screen shots if I can get one and confirm.

I'll have screen shots that hopefully I can sort into example configurations.

EDIT - Looks like this model needs to be HARDWARE Rev. C
EDIT 2 - ftp://ftp.dlink.com/Gateway/dir615_revC/Manual/dir615_revC_manual_300.pdf  start at their page 48, does native, pppoe, 6to4, 6in4

drydog

The IPv6 configuration choices for D-Link 615 n are
- Link-Local
- Static IPv6 Stateful or Stateless
- DHCPv6 Stateful or Stateless
- IPv6 over PPPoE Stateful or Stateless
- 6 to 4 Tunneling Stateful or Stateless
- IPv6 in IPv4 Tunneling Stateful or Stateless

I think Hurricane electric uses IPv6 in IPv4 Tunneling, as  6 in 4 Tunneling is for isolated networks.

For Stateful or Stateless I think that's just a local (site) choice whether the D-Link router assigns an address with it's own Router Advertisement Network Discovery Protocol daemon (Stateless) or each host sets it's IPv6 address (Stateful).  I could be wrong.

Question: are these statements correct?

limemonkey

FRITZ!Box Fon WLAN 7170, Firmware-Version 29.04.67 passes protocol 41, but has no Interface to control this beheviour.

Works perfectly from a Mac with os x 10.5.

itechie


Ninho

Old Thomson or Alcatel Speedtouch 510 v4 (firmware 4.2.7.16).

Built-in protocol 41 helper need be disabled ("unbound"), and a NAT rule added specifically to pass proto 41 datagrams to the machine serving as gateway.

In addition for HE tunnels to work (but not 6in4 in general) firewall rules have to be added so that the Speedtouch answers pings.


jrowens

FWIW, this cheap Actiontec GT701-wg DSL modem passes prot 41 just fine.  That is what you mean, right, not that it has to be able to participate in any IPv6 itself?

Firmware is QW06.5-3.60.3.0.8.6-GT701-WG.  It's the freebie that came with the DSL service.

dataless

I'm using an old Secure Computing SG570 with firmware Version 3.1.4u5 and it allows tunnels with zero configuration.

It has built in IPv6 support that can be enabled if your ISP supports IPv6, Comcast does not at this time so I cannot test that side of things.  I turned the IPv6 support off because of this.

I did ssh into the router and setup my HE tunnel through the CLI at one point, but it doesn't save the changes upon reboot so I opted not to use this method.  I setup a VMware CentOS to handle IPv6 and DNS locally, it also worked fine when I used a Windows 7 machine to connect directly to the tunnel as well.