Wednesday, 8 August 2018

ipv6 - How to configure monowall to use TunnelBroker?


How do i configure monowall for IPv6 connectivity with Hurricane Electric's TunnelBroker.net IPv6 tunneling service?


Note: i'll be answering the question myself; since this site is a wiki



IPv6 support in m0n0wall is still incomplete. From What Works in IPV6:


Feature              IPv4  IPv6
==================   ====  ====
Web Interface        Yes   Yes
Static Routes        Yes   Yes
Firewall Rules       Yes   Yes
NAT                  Yes    No
Traffic Shaper       Yes    No*  Using ipv6 and ipv4 traffic shaper has reported problems
Aliases              Yes    No
DNS forwarder        Yes   Yes
Dynamic DNS          Yes    No
DHCP server          Yes   Yes
DHCP relay           Yes    No
SNMP                 Yes    No*  Requires update to SNMPD
Proxy ARP            Yes   n/a
Captive portal       Yes    No
Wake on LAN          Yes   n/a
IPSec                Yes    No*  Requires update to Freebsd > 6
PPTP                 Yes    No
Syslog               Yes   Yes
DHCP Leases info     Yes    No
Ping/Traceroute      Yes   Yes
ARP Table            Yes   n/a
Firewall states      Yes   Yes
Reset state          Yes   Yes

Supported WAN methods:



  • static, ppp, 6to4, tunnel, AICCU (with/without AYIYA), DHCP (default route via slaac not working)


Supported LAN methods:



  • static, 6to4, DHCP-PD


Not Available WAN/LAN methods:



  • 6RD, SLAAC



Answer



Once you've signed up with TunnelBroker.net, their "tunnel details" page will supply you with information about your tunnel:



IPv6 Tunnel Endpoints
- Server IPv4 Address: 209.51.181.2
- Server IPv6 Address: 2001:470:1f3a:1178::1 /64
- Client IPv6 Address: 2001:470:1f3a:1178::2 /64


Routed IPv6 Prefixes
- Routed /64: 2001:470:1f3a:1178:: /64



To configure TunnelBroker in m0n0wall:




  1. By default all IPv6 support is disabled. In order for IPv6 configuration settings to appear you must enable IPv6 support. Under System -> Advanced, check Enable IPv6 support, and click Save:
    enter image description here




  2. In order to establish, or maintain a tunnel with Hurricane Electric, they must be able to ping you (over IPv4). This means that you must respond to ICMP packets on the WAN interface. Under Firewall->IPv4 Rules, select the WAN tab. Click the add new rule button, and create the rule:



    • Action: Pass

    • Interface: WAN

    • Protocol: ICMP

    • ICMP type: any

    • Description: Allow IPv4 ICMP packets


    and click Save.




  3. Next configure the WAN interface's IPv6 settings. Click Interfaces->WAN. Under IPv6 configuration:



    • IPv6 mode: Tunnel

    • IPv6 address: 2001:470:1f3a:1178::2/64 (Client IPv6 Address from tunnel details page)

    • IPv6 tunnel endpoint: 209.51.181.2 (Server IPv4 Address from tunnel details page)


    enter image description here


    and click Save.




  4. Next configure the LAN interface's IPv6 settings. Click Interfaces->LAN:



    • IPv6 mode: static

    • IPv6 address: 2001:470:1f3a:1178::/64 (Routed /64 from tunnel details page)

    • IPv6 RA: check Send IPv6 router advertisments

    • MTU: 1280 bytes


    enter image description here


    and click Save.




  5. By default in monowall all outbound IPv4 traffic is permitted. With IPv6 we must manually create the similar rule to allow all outbound traffic. Click Firewall->IPv6 Rules and select the LAN tab, and click add new rule, and create the rule:



    • Action: Pass

    • Interface: LAN

    • Protocol: any

    • Source
      Type: LAN subnet

    • Destination
      Type: any

    • Description: IPv6 LAN -> any


    and click Save.




  6. Visit test-ipv6.com, to check that your IPv6 connectivity is working.




Tested with monowall v1.33


See also



-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Where does Skype save my contact's avatars in Linux?

I'm using Skype on Linux. Where can I find images cached by skype of my contact's avatars? Answer I wanted to get those Skype avat...