History

« Previous - Version 20/23 (diff) - Next » - Current version
Rich Brown, 06/20/2012 08:45 am

IPv6 Tunnelling

Hurricane Electric (http://he.net) provides a free IPv6 "6in4" tunnel that works well with CeroWrt. This gives your router a globally routable IPv6 address so that you can directly connect to other IPv6 resources on the Internet. It's straightforward to do this: first you create a tunnel through Hurricane Electric's Tunnelbroker site (http://tunnelbroker.net) and then configure your CeroWrt router.

The Sample Script for IPv6 tunnel at the bottom of this page makes it easy to set up the tunnel once you have created your Tunnelbroker account. This procedure has been tested with the 3.3.8-6 and newer builds.

NB: As of April 2012 (CeroWrt 3.3.1-4), the automatic re-establishment code of the 6in4 module appears not to be working. You will need to re-establish the tunnel manually when your external IP address changes. Bug is being tracked here: #358

1. Create an IPv6 6in4 tunnel

  1. Go to the IPv6 Tunnel Broker site at http://tunnelbroker.net
  2. Register to create an account. After you're logged in...
  3. Click the Create Regular Tunnel link (circled in Figure 1, below) You'll see the "Create New Tunnel" page (Figure 2).
  4. Fill in the "IPv4 Endpoint (Your side):" field with your router's external IP address. This is shown in the "You are viewing from:" line.
  5. Click the button that corresponds to the closest Tunnel Server. The page may suggest a server recommendation, as shown in the image. If so, use it.
  6. Scroll to the bottom of the page and click the "Create Tunnel" button. It will take a few moments (less than a minute) to create and register your new tunnel, and show the Tunnel Details page.
  7. The Tunnel Details page (Figure 3) shows everything you need to know about your tunnel:
    • Your Tunnel ID and its creation date.
    • A text field where you can fill in a human-readable name for the tunnel
    • The IPv6 Tunnel endpoints: both an IPv4 and IPv6 address for the server (far) endpoint, and the IPv4 & IPv6 address for your end of the tunnel.
    • DNS resolver addresses (IPv4 & IPv6)
    • Routed IPv6 prefixes for a /64 (single network) or /48 address.
    • rDNS name servers for this block of addresses.
  8. You can click on any of the legends ("Tunnel ID", "Routed /64", etc.) to see more details.

You have now created the tunnel. (The Tunnel Broker home page lists all the tunnels that you have established.) Hurricane Electric is listening on their end waiting to pass IPv6 traffic to and from your external address listed above. Now you need to configure the CeroWrt router to use the tunnel.

2. Configure CeroWrt to use the IPv6 Tunnel

  1. Stay on the Tunnel Details page of the Tunnel Broker web site.
  2. Click the Example Configurations tab (Figure 4) on the Tunnel Details page. This lists a number of configurations for common routers/operating systems.
  3. Select "OpenWRT Backfire 10.03.1" from the dropdown. You will see a set of commands listed.
  4. Use your favorite text editor to open the Sample Script for IPv6 tunnel at the bottom of this page.
  5. Use the values from the Tunnelbroker web page to fill in the corresponding values in the script. Save the text to file in /tmp and execute the script.
  6. The full procedure for saving and executing the script is described at the top of the script file.

3. Manually re-establish the tunnel when your IPv4 address changes

If you do not have a static IPv4 address for the client end of the tunnel (perhaps you have a DSL or cable modem connection), your tunnel will go down each time your external IPv4 address changes.

The Tunnel Broker has a facility for re-registering your current client IPv4 address. The page at https://ipv4.tunnelbroker.net/ipv4_end.php has details. As a quick fix, you can visit the URL below to inform the Tunnel Broker to update your TUNNELID to autodetect your IPv4 address:

https://USERNAME:PASSWORD@ipv4.tunnelbroker.net/ipv4_end.php?tid=TUNNELID

or use the non-HTTPS URL described in the script below. If the update goes properly, you see a response similar to this:

+OK: Tunnel endpoint updated to: 123.45.67.89

Screenshots

Figure 1: Main Page, showing Create Regular Tunnel link

Figure 2: Create New Tunnel page

Figure 3: Tunnel Details page

Figure 4: Configuration script for CeroWrt and OpenWrt

Figure 5: Advanced Settings

Sample Script for setting up Tunnelbroker Tunnel

The script below sets up a tunnel using the configuration parameters provided by the Hurricane Electric Tunnelbroker.net site.

#!/bin/sh
# Script for setting CeroWrt to create an IPv6 tunnel 
# to Hurricane Electric at http://www.tunnelbroker.net/
# There are two steps:
# 1) Go to the Tunnelbroker.net site to set up your free account
# 2) Run the script below, using the parameters supplied by Tunnelbroker
# This CeroWrt page gives detailed instructions for setting up an IPv6 tunnel: 
#    http://www.bufferbloat.net/projects/cerowrt/wiki/IPv6_Tunnel  
# 
# Once you've created your account and a tunnel, get the "Example
# Configurations" for OpenWRT Backfire, and use the info to fill in this
# file, then save it as a file named "tunnel.sh" Finally, ssh into the 
# router and execute this script with these steps:
# 
# ssh root@172.30.42.1
# cd /tmp
# cat > tunnel.sh 
# [paste in the contents of this file, then hit ^D]
# sh tunnel.sh
# [Restart your router. This seems to make a difference.]
#
# Presto! Your tunnel is set up. You should now be able 
#   communicate directly with IPv6 devices. 

# ==============================================
# Download and update all the interesting packages
# Some of these are pre-installed, but there is no 
# harm in updating/installing them a second time.
opkg update
opkg install 6in4

# Set the credentials for the tunnel login
# NB: These lines are automatically generated 
# specifically for *your* tunnel when you set it up
# Copy/paste the information from the Example Configurations
# generated for the OpenWRT Backfire 10.03.1 dropdown
#
echo 'Setting up HE.net tunnel'
# ------- USE THE INFORMATION FROM TUNNELBROKER.NET HERE --------
uci set network.henet=interface
uci set network.henet.proto=6in4
uci set network.henet.peeraddr=xxx.xxx.xxx.xxx
uci set network.henet.ip6addr='2001:xxx:xxx::2/64'
uci set network.henet.tunnelid=xxxxxx
uci set network.henet.username=xxxxxxxxxxxxxxxxxxx
uci set network.henet.password='xxxxxxxxxxxxxx'
# uci commit network

# ------ Set IPv6 subnets on the LAN interfaces...
# Addresses should be from the *routed* /48 address range assigned by HE.net
# If HE.net assigned 2001:470:ABCD::/48, you could use these example addresses
# Sets addresses on se00, sw10, sw00, gw00, gw10, but not the babel interfaces, gw01 and gw11
echo 'Setting IPv6 addresses on local interfaces'
uci set network.se00.ip6addr='2001:470:ABCD:100::1/64' # secure wired
uci set network.sw10.ip6addr='2001:470:ABCD:200::1/64' # secure wireless   5GHz
uci set network.sw00.ip6addr='2001:470:ABCD:300::1/64' # secure wireless 2.4GHz
uci set network.gw00.ip6addr='2001:470:ABCD:400::1/64' # guest wireless  2.4GHz
uci set network.gw10.ip6addr='2001:470:ABCD:500::1/64' # guest wireless    5GHz
#uci set network.gw01.ip6addr='2001:470:ABCD:600::1/64' # Ad-hoc babel interface
#uci set network.gw11.ip6addr='2001:470:ABCD:700::1/64' # Ad-hoc babel interface
uci commit network

echo 'Restarting network...'
/etc/init.d/network restart

# CeroWrt puts WAN stuff in zone[0], not zone[1] as suggested by henet
uci set firewall.@zone[0].network='ge00 henet'
uci commit firewall

ifup henet
echo 'Restarting firewall...'
/etc/init.d/firewall restart

echo 'Done. You should restart the router now to make these take effect.'
# ------- END OF EXAMPLE CONFIGURATION LINES --------

# ==============================================
# Re-establishing the Tunnel
#
# NB: As of April 2012 (CeroWrt 3.3.1-4), the automatic re-establishment code 
# of the 6in4 module appears not to be working. You will need to re-establish 
# the tunnel manually when your external IP address changes.
#
# To re-establish the tunnel, say, because your external IP address changed,
# you can also use the following URL with these parameters. Note that the 
# USERNAME and PASSWORD are what you type to log into the Tunnelbroker site.
#
# USERNAME is the Account Name 
# PASSWORD is the current password
# TUNNELID is the Tunnel ID  
# https://USERNAME:PASSWORD@ipv4.tunnelbroker.net/ipv4_end.php?tid=TUNNELID
# 
# You can also use a non-HTTPS URL and parameters to re-establish the link.
# This form relies on hashed representations of the credentials since they're
# not carried on a secure connection. You can get more information about the
# parameters at https://ipv4.tunnelbroker.net/ipv4_end.php
#
# USERID is the "User ID" from the Tunnelbroker site's Main Page
# PWHASH is the MD5 hash of the password
# TUNNELID is the Tunnel ID
# http://ipv4.tunnelbroker.net/ipv4_end.php?ip=AUTO&apikey=USERID&pass=PWHASH&tid=TUNNELID
#
# --- end of script ---

tunnelbroker1.png (116.6 kB) Rich Brown, 03/17/2012 07:13 am

tunnelbroker2.png (154.5 kB) Rich Brown, 03/17/2012 07:14 am

tunnelbroker3.png (134.9 kB) Rich Brown, 03/17/2012 07:14 am

tunnelbroker4.png (147.8 kB) Rich Brown, 03/17/2012 07:14 am

tunnelbroker5.png (102.5 kB) Rich Brown, 03/17/2012 07:14 am