IPv6 Tunnel via Own Linux (IPv6-connected) Server

windows linux proxy ipv6 ipv4

8,248

Creating a 6in4 gateway:

Note (Feb 25, 2015): I'm reviewing these instructions, and I think that you could skip the addr add and route del steps, but I'm not entirely sure yet. Will need to test.

Create a IPv6 tunnel interface:

# ip tunnel add tun6in4 mode sit local <gwaddr> remote any
# ip link set tun6in4 up

where <gwaddr> is your server's public IPv4 address;

Assign a IPv6 address from a new subnet to the tunnel:
```
# ip addr add 2001:db8:e3af:666::1/64 dev tun6in4
```

Route the subnet to your IP own address, removing the automatic route first:

# ip route del 2001:db8:e3af:666::/64 dev tun6in4
# ip route add 2001:db8:e3af:666::/64 via ::78.260.211.195 dev tun6in4

Enable IPv6 forwarding:

# echo 1 > /proc/sys/net/ipv6/conf/all/forwarding

Client-side

On your PC, follow the standard 6in4 tunnel instructions, assigning yourself an address from the same subnet as above.

Add a tunnel:
```
C:\> netsh
netsh> int ipv6
netsh interface ipv6> add v6v4tunnel Myserver <locaddr> <gwaddr>
```
where <gwaddr> is the IPv4 address of the gateway server and <locaddr> is the local address (not necessarily public) of the PC's network interface.

If you have radvd set up on the gateway, you may also append enable to enable IPv6 autoconfiguration over the tunnel.

For manual configuration, add an address...

netsh interface ipv6> add addr Myserver 2001:db8:e3af:666::2

and a route:

netsh interface ipv6> add route ::/0 Myserver
netsh interface ipv6> show route

If you want Windows to advertise the IPv6 connectivity to your LAN (like radvd on Linux), you can do that too.

netsh interface ipv6> add route 2001:db8:e3af:666::/64 eth0 pub=yes
netsh interface ipv6> set route ::/0 Myserver pub=yes
netsh interface ipv6> show route

netsh interface ipv6> set interface eth0 forward=enable advertise=enable
netsh interface ipv6> show interface eth0

Replace eth0 with the name or numeric index of your LAN interface – possibly "Local Area Connection"... I have renamed mine to save typing.

Securing only the IPv6 tunnel does not make sense, as 1) the traffic between your gateway and the destination will be public anyway, 2) you never know whether a connection is going to be plain IPv4 or "secured" IPv6.

However, you can try to set up IPsec between the two computers to secure the 6in4 traffic, or create a proper VPN such as OpenVPN or L2TP/IPsec.

8,248

Michael H.

Updated on September 18, 2022

Comments

Michael H. over 1 year

Unfortunately, there's a lot of IPv6 tunnel brokers, and their documentation often clutters the search results for how to setup your own IPv6 tunnel.

I have a Linux server with IPv6 connectivity. I want to make my own tunnel (very securely, via SSH SOCKS or similar, if possible) for my Windows 7 x64 computer to utilize for all IPv6 purposes, while using my own ISP-given IPv4 address for everything else.

How would one go about setting this up?

This is very similar to what I posted here, but I would very much appreciate either a Windows-level or Chrome-level solution.
user1686 almost 13 years

These instructions worked for myself, but they were written mostly by trial-and-error, so feel free to edit the post if you know a Better Way to do something.
Michael H. almost 13 years

Thanks! Definitely giving this a go right now. Will post back with what I learn :)
majorhayden almost 13 years

grawity - Is it possible to carve out a /96 from a /64 of IPv6 addresses and use that for the tunnel? I'm struggling to come up with a solution for that.
user1686 almost 13 years

@rackerhacker: It should be possible; just add routes with the appropriate prefix lengths instead of the /64 used in my example. But note that stateless autoconfiguration of addresses requires a /64, so if you are looking to provide tunnelled IPv6 to your entire LAN, you will have to manually add an address to every host manually or try to set up DHCPv6. (Autoconfiguration of default gateway should still work.)