IPv6 tunneling with Hurricane Electrics (HE)

I’ve been looking around for a possible way to connect to the IPv6 internet for some time now and given the fact my provider didn’t allow me to run IPv6 natively I had to find an alternative solution. Hurricane Electrics (HE) provides (for free) five configurable IPv4-to-IPv6 tunnels together with a free DNS service and an interesting certification program.

Hurricane Electrics IPv6 Certification

Willing to test the latest revision of the Internet Protocol on your Debian, Ubuntu, Fedora machines? Here’s how:

1. Register yourself at Hurricane Electrics by visiting tunnelbroker.net.

2. Create a new tunnel and make sure to use your public IP address as your IPv4 Endpoint.

3. Write down the relevant details of your tunnel, specifically:

  1. Server IPv6 Address: 2001:470:1f0a:a6f::1 /64
  2. Server IPv4 Address: 216.66.84.46 (this actually depends on which server did you choose on the previous step)
  3. Client IPv6 Address: 2001:470:1f0a:a6f::264

Tunnel Broker

4. Create a little script that will update your IPv4 tunnel endpoint every time your internet IP changes. (this step is not needed if you have an internet connection with a static IP):

#!/bin/bash
USERNAME=yourHEUsername
PASSWORD=yourHEPassword
TUNNELID=yourHETunnelID
GET "https://$USERNAME:$PASSWORD@ipv4.tunnelbroker.net/ipv4_end.php?tid=$TUNNELID"

5. Create the networking configuration files on your computer:

Debian / Ubuntu, on the /etc/network/interfaces file:

auto he-ipv6
iface he-ipv6 inet6 v4tunnel
address 2001:470:<b>1f0a</b>:a6f::2
netmask 64
endpoint 216.66.80.30
local 192.168.X.X (Your PC's LAN IP address)
ttl 255
gateway 2001:470:<b>1f0a</b>:a6f::1
pre-up /home/user/bin/update_tunnel.sh

Fedora, on the  /etc/sysconfig/network-scripts/ifcfg-he-ipv6 file:

DEVICE=he-ipv6
TYPE=sit
BOOTPROTO=none
ONBOOT=yes
IPV6INIT=yes
IPV6TUNNELIPV4="216.66.80.30"
IPV6TUNNELIPV4LOCAL="192.168.X.X" (Your PC's LAN IP address)
IPV6ADDR="2001:470:<b>1f0a</b>:a6f::2/64"

and on the /etc/sysconfig/network file, add:

NETWORKING_IPV6=yes
IPV6_DEFAULTGW="2001:470:<b>1f0a</b>:a6f::1"
IPV6_DEFAULTDEV="he-ipv6"

You can then set up a little /sbin/ifup-pre-local script to update the IPv4 tunnel endpoint when your dynamic IP changes or simply add the script on the /etc/cron.daily directory and have it executed when you turn up your computer.

A sample image taken from ipv6-test.com.

6. Change the DNS servers on /etc/resolv.conf:

OpenDNS:

nameserver 2620:0:ccc::2
nameserver 2620:0:ccd::2

Google DNS:

nameserver 2001:4860:4860::8888
nameserver 2001:4860:4860::8844

7. Restart your network and enjoy IPv6!

8. If you want to know more about IPv6 take some time for the HE Certification program, you will learn a lot and eventually win a sponsored t-shirt, I just finished mine :-)

EDIT: Be aware of the fact that as soon as the tunnel is up, your computer will be exposed to to the internet without any kind of firewall (the tunnel sets up a direct connection to the internet, even bypassing your router’s firewall), you can secure your machine by using ip6tables. Thanks Michael Zanetti for pointing this out!