• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Howto: Setup a HE IPv6-tunnel with Ubuntu and pppd

Started by claas, May 26, 2010, 12:16:31 AM

Previous topic - Next topic

claas

Hello,

I just want to show how to set up a HE IPv6-tunnel when using dial-up internet with pppd and dynamic IPv4 tunnel endpoints.
I am using Ubuntu karmic koala / 9.10, but this should also apply to newer versions and also to debian versions.

First sign up, get a tunnel and assign a routed /48.

Create a file /etc/ppp/ip-up.d/he-ipv6-tunnel, chmod a+x, and edit the file:
#!/bin/sh
# This sets up the tunnel...

# ---------- change the IPv4 tunnel endpoint ----------
USERID="d6d7b958e23c8cd8b8046bd5af2f9999"       # your UserID (not your account name!)
MD5PASS="be46c9000959f8aaf05b655491eea37b"      # your password as MD5, create with: echo -n 'yourpassword' | md5sum
GTUNID="99999"  # your global tunnel ID
/usr/bin/wget --no-check-certificate -q -O - https://ipv4.tunnelbroker.net/ipv4_end.php\?ipv4b=$IPLOCAL\&pass=$MD5PASS\&user_id=$USERID\&tunnel_id=$GTUNID
# for debugging purposes, you may add: >> /tmp/debug-he-ipv6-tunnel
# if no debugging is needed, you may change '-O -' to '-O /dev/null'

# --------- enable Tunnel ---------
SERVER_IPv4_ENDPOINT=216.66.80.30   # fill in the server IPv4 endpoint
CLIENT_IPv6_ENDPOINT=2001:470:xxxx:xxxx::2/64 # fill in your client IPv6 endpoint

#modprobe ipv6          # usually not needed any more, today
ip tunnel add he-ipv6 mode sit remote $SERVER_IPv4_ENDPOINT local $IPLOCAL ttl 255
ip link set he-ipv6 up
ip addr add $CLIENT_IPv6_ENDPOINT dev he-ipv6
ip route add ::/0 dev he-ipv6
ip -f inet6 addr

# If you assigned a /48 net, please edit /etc/network interfaces for assigning adresses


Create a file /etc/ppp/ip-down.d/he-ipv6-tunnel, chmod a+x, and edit the file:
#!/bin/sh

# This destroys the tunnel after the IPv4 link has gone down...
# (This is really needed in order to)
ip route del ::/0 dev he-ipv6
ip tunnel del he-ipv6


Now edit /etc/network/interfaces and add IPv6 adresses out ouf your /48 to your network devices:
# this is for IPv4:
auto eth0
#iface eth0 inet dhcp   # I don't use DHCP for my LAN
iface eth0 inet static
       address 192.168.178.10
       netmask 255.255.255.0
       broadcast 192.168.178.255

# and this is new for IPv6:
iface eth0 inet6 static
        address 2001:470:xxxx::1
        mask 64


And finally install radvd (apt-get install radvd) and edit /etc/radvd.conf:
interface eth0
{
       AdvSendAdvert on;
       # IgnoreIfMissing on;

       # These settings cause advertisements to be sent every 3-10 seconds.  This
       # range is good for 6to4 with a dynamic IPv4 address, but can be greatly
       # increased when not using 6to4 prefixes.
       #
       #MinRtrAdvInterval 3;
       #MaxRtrAdvInterval 10;

       MinRtrAdvInterval 3;
       MaxRtrAdvInterval 60;

       AdvDefaultPreference low;

       # Disable Mobile IPv6 support
       AdvHomeAgentFlag off;

       # Advertise a /64 out of your /48
       prefix 2001:470:xxxx::/64
       {
               AdvOnLink on;
               AdvAutonomous on;
               AdvRouterAddr off;
       };

};


And now restart radvd (/etc/init.d/radvd restart) and restart your ppp link (kill -HUP `pidof pppd`).
Restart your client machines IPv6 (or reboot them), they should get an IPv6 adress out the /64 that is advertised by radvd.
You can check with ifconfig (or ipconfig on Windows XP).

Now test this: ping6 ipv6.google.com

That's it! :)

And remember that the IPv4 firewall on your router does not do IPv6 firewalling!
I am using Shorewall (IPv4) and Shorewall6 (IPv6) for this.
Maybe I could show how to set up Shorewall6 another day (if there is demand).

Many regards,
and many thanks to Hurricane Electric for providing the tunnelbroker service!

claas


hisken

Quote from: claas on May 26, 2010, 12:16:31 AM
[...]

Thanks for the howto!
This makes me wonder: are you really still using dial-up?  :P

claas

Well, I am using a ADSL2+ line, not quite "dial-up", but it's using ppp (pppoe). I get about 9 Mbit/s down with a stable 1 Mbit/s upload. Have a nice day!

jimb

To set the LAN IPv6 address, you can also use another iface section in your /etc/network/interfaces file with the inet6 method, e.g.:

iface eth0 inet6 static
   address 2001:db8:1234::1
   netmask 64


Might be more "proper" than using the "up" command in your "inet" (ipv4) method section.

I also noticed a "ppp" method available that you might be able to use instead of doing your own interface script, but never tried that before and not sure if it'd be easier than the "manual" way.

Also, you might want to put something in there about using the routed 64 that HE automatically assigns.  Most people don't need a 48 as they only have one inside LAN.

claas

Quote from: jimb on May 26, 2010, 01:57:35 PM
iface eth0 inet6 static
  address 2001:db8:1234::1
  netmask 64

Right, this is better.

QuoteI also noticed a "ppp" method available that you might be able to use instead of doing your own interface script, but never tried that before and not sure if it'd be easier than the "manual" way.

What is the "ppp" method you are talking about? ipv6-up and ipv6-down does not work here, since pppd does not get a ipv6 adress from my provider. And I don't see a way to tell pppd the tunnel type and tunnel options.

QuoteAlso, you might want to put something in there about using the routed 64 that HE automatically assigns.  Most people don't need a 48 as they only have one inside LAN.

Oups, you are right. Assingning ::3  of the tunnel f. ex. is fine.
I used to have a SixXS tunnel before and there the tunnel was only able to use the two adresses ::1 and ::2. For more hosts on the local net requesting a /48 was mandatory. ( http://www.sixxs.net/faq/connectivity/?faq=usingsubnet ) I don't know why they do this waste of adresses. This confused me.

With more than one inside LAN: why not split the /64 up? Can Radvd announce one /64 on multiple devices?

jimb

Quote from: claas on May 27, 2010, 01:15:11 PM
Quote from: jimb on May 26, 2010, 01:57:35 PM
iface eth0 inet6 static
  address 2001:db8:1234::1
  netmask 64

Right, this is better.

QuoteI also noticed a "ppp" method available that you might be able to use instead of doing your own interface script, but never tried that before and not sure if it'd be easier than the "manual" way.

What is the "ppp" method you are talking about? ipv6-up and ipv6-down does not work here, since pppd does not get a ipv6 adress from my provider. And I don't see a way to tell pppd the tunnel type and tunnel options.
If you read the man page for the interfaces file, it talks about a "ppp method" that you can use in the interfaces file which uses "pon/poff".  I have no idea if doing it this way would be even be feasible to do what your doing, or any better, etc.  I was just letting you know about it.

Quote
QuoteAlso, you might want to put something in there about using the routed 64 that HE automatically assigns.  Most people don't need a 48 as they only have one inside LAN.

Oups, you are right. Assingning ::3  of the tunnel f. ex. is fine.
I used to have a SixXS tunnel before and there the tunnel was only able to use the two adresses ::1 and ::2. For more hosts on the local net requesting a /48 was mandatory. ( http://www.sixxs.net/faq/connectivity/?faq=usingsubnet ) I don't know why they do this waste of adresses. This confused me.

With more than one inside LAN: why not split the /64 up? Can Radvd announce one /64 on multiple devices?
I think you may have misunderstood me, or vica-versa.  I'm not talking about assigning ::3 from your tunnel IPv6.  I'm talking about the routed /64 which HE assigns you automatically.  You already have a /64 to use on your LAN.  This is listed on the tunnel details page as the "routed /64".  It is a different network than the tunnel IPv6 but looks very similar since it only changes by one character.  This is suppose to be what you use on your LAN in the case where you only have a single LAN.

If you have more than one LAN behind your tunnel router, you should instead request a /48.  Splitting up /64s is not recommended since it breaks IPv6 autoconfig.  With IPv6, a /64 is basically the smallest LAN size recommended, although there is debate about using /126s and such for PtP links.  

With the total amount of space available under IPv6,  /64 LANs, and /48s for multiple LANs really isn't a waste.  I used to think similarly until someone pointed out to me that it was "IPv4 thinking."  :)

LuckyMan

Thanks for the config, it works great!

LAN:
1. Ubuntu Server (x64)
2. WinXP Home (x86)
3. WinXP Pro (x86)
4. WinVista (x64)

All the systems are route-able inside LAN and over Internet...

Just perfect! Great thanks!