Wednesday, 03 November 2010

Configuring a static 6in4 tunnel in Gentoo

I recently started experimenting with IPv6, using tunnels available from Hurricane Electric and SixXS. I want the tunnel to automatically be set up when my computer starts, but the directions available from the official IPv6 Router Guide only show how to manually configure the tunnel using the ip command from the iproute2 package.

Fortunately, it is possible to use Gentoo’s network configuration scripts to set up the tunnel, and I hope to document how to do this in this post.

Getting started

In order to configure your tunnel, you must ensure that you are running an IPv6-enabled kernel. Additionally, you should have set up a 6in4 tunnel with a broker such as Hurricane Electric or SixXS. If you need help with these steps, please refer to the Gentoo IPv6 Router Guide.

Tunnel endpoint addresses

Your tunnel broker should have provided the following information for you:

Name Example value Description
IPv4 server endpoint 172.17.15.24 The IPv4 address of the tunnel server
IPv4 client endpoint 172.21.187.195 Your public IPv4 address
IPv6 server endpoint 2001:db8:a7d0:d3fa::1/64 The IPv6 address of the tunnel server
IPv6 client endpoint 2001:db8:a7d0:d3fa::2/64 Your IPv6 address in the tunnel
Network interface names

The interface name for the tunnel generally has the form sitn where sit stands for Simple Internet Transition and n is a number. You will most likely already have a sit0 interface created by the kernel. This guide will use the generic name sit1, but you can give it any name you like.

You will also need to know the name of the interface that has your public IPv4 address, such as eth0.

Updating /etc/conf.d/net

You will need to add the following lines to /etc/conf.d/net, substituting your tunnel’s address and interface names:

  # Create tunnel interface ‘sit1’ with given IPv4 endpoints
  iptunnel_sit1="mode sit local 172.21.187.195 remote 172.17.15.24 ttl 255"
  # Assign local IPv6 address to tunnel interface
  config_sit1="2001:db8:a7d0:d3fa::2/64"
  # Make the tunnel the default route for IPv6 traffic
  routes_sit1="::/0"
  # Ensure that eth0 is up before setting up the tunnel
  RC_NEED_sit1="net.eth0"

Creating and starting the service

Finally, you will need to create the service for your tunnel just as you would for any other network interface:

  # cd /etc/init.d
  # ln -s net.lo net.sit1

You can now add the service to the default run level and start it:

  # rc-update add net.sit1 default
   * net.sit1 added to runlevel default
  # /etc/init.d/net.sit1 start
   * Caching service dependencies ...
   * Starting sit1
   *   Creating tunnel sixxs ...                                             [ ok ]
   *   Bringing up sixxs
   *     2001:db8:a7d0:d3fa::2/64                                            [ ok ]
   *   Adding routes
   *     ::/0 ...                                                            [ ok ]

Testing your tunnel

Now that your tunnel has been established, you should be able to ping the other end of your tunnel. This requires the ping6 utility which should be available if you installed iputils with the ipv6 USE flag.

  # ping6 -c 1 2001:db8:a7d0:d3fa::1
  PING 2001:db8:a7d0:d3fa::1(2001:db8:a7d0:d3fa::1) 56 data bytes
  64 bytes from 2001:db8:a7d0:d3fa::1: icmp_seq=1 ttl=64 time=16.4 ms

  --- 2001:db8:a7d0:d3fa::1 ping statistics ---
  1 packets transmitted, 1 received, 0% packet loss, time 0ms
  rtt min/avg/max/mdev = 16.410/16.410/16.410/0.000 ms

If the above test worked, you have successfully set up your tunnel. Welcome to the world of IPv6.

Learning more

Now that you have set up your IPv6 tunnel, there are any number of things you can do. Some good resources for further reading include:

  • Gentoo IPv6 Router Guide: From the Gentoo documentation team, this guide covers setting up DNS, routing, automatic configuration (e.g. DHCP), and client configuration.
  • Linux+IPv6-HOWTO: This HOWTO contains some good background information on IPv6 and contains some more detailed instructions on setting up IPv6 on Linux.

In the next couple of weeks I plan to write about both Hurricane Electric and SixXS and their IPv6 services.