Geek Foibles


Making your Hurricane Electric IPv6 tunnel start automatically on FreeBSD
August 7, 2009, 8:45 pm
Filed under: Uncategorized | Tags: ,

In a recent fit of masochism, I decided to get all of my systems onto IPv6.  I get the impression that the worldwide IPv6 transition is going to continue to be a very slow and tedious one, but by God I don’t intend to be on the trailing edge of it, so in I dove.  Hurricane Electric has a quite good setup featuring a nice, technical site that caters to us geeks without falling into the common trap of being difficult to use.  I’ll assume that you’ve already created your tunnel on their site.  It should be a “regular” tunnel and you should provide them with your public IPv4 address, even if the machine you’ll be using it with is NAT-ed.

It’s worth mentioning here that if you’re behind NAT, it is my impression that your router needs to be able to pass “protocol 41” traffic in order for this to work.  I use pfSense for my router, and it has a special field where I can provide the LAN IP of the machine incoming protocol 41 traffic should be forwarded to.  Other router software may have similar abilities, but yet others may be unable to do this.  There are apparently other ways of getting IPv6 tunnels through routers, such as AYIYA or Cisco’s GRE, but I won’t be getting into them here.

So, back to your tunnel.  At the bottom of the “tunnel details” page there’s a not totally obvious but very handy menu that you can use to get instructions on how to set up your tunnel under several popular operating systems:

Example OS Configurations

The only problem is, these instructions only tell you how to fire up the tunnel once.  It doesn’t tell you how to have your system start the tunnel automatically during start up.  So, after looking at a few search results and then a bit of tinkering, I’m happy to say I figured out how to have FreeBSD start your tunnel during startup.  Here’s what I ended up putting into my /etc/rc.conf file:

ipv6_enable="YES"
ipv6_network_interfaces="gif0"
ipv6_defaultrouter="<server IPv6 address>"
gif_interfaces="gif0"
gifconfig_gif0="<client IPv4 address> <server IPv4 address>"
ipv6_ifconfig_gif0="<client IPv6 address> <server IPv6 address> prefixlen 128"

Now, note that <client IPv4 address> should be your local system’s assigned IPv4 address, as in the one that shows up when you run ifconfig.  It’s okay if this is a private, NAT-ed IP address.  In fact, if you are using NAT, using your network’s public-facing IP address will not work.  Use the IP address your system is actually assigned, regardless of whether it’s a public or private IP.

In addition to the IPv6 address Hurricane Electric assigns you for your side of the tunnel (listed on their site as the “Client IPv4 address”), they kindly give you a whole /64 subnet to have your way with.  If you want to assign any of those addresses to your system in addition to the one we already do above, add a line like this to /etc/rc.conf for the first address:

ipv6_ifconfig_gif0_alias0="<first subnet address> prefixlen 64"

Your subnet address is listed as “Routed /64” on your “tunnel details” page.  If, for example, it’s listed as 2001:618:400:33bb::/64, your first address in that subnet could be: 2001:618:400:33bb::1 For additional addresses, you’ll need to increment the alias number, e.g. alias1, alias2, etc.

So that’s it!  Now your FreeBSD box should be tunneling IPv6 traffic to and from Hurricane Electric’s network.  You can test it out like so:

ping6 ipv6.google.com

Advertisements

Leave a Comment so far
Leave a comment



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s



%d bloggers like this: