# IPv6 Router using Tunnel Broker



## BostonDriver (Nov 1, 2011)

Is anyone else using FreeBSD as an IPv6 router *with* a Tunnel Broker (e.g. gogoc, freenet6, sixxs etc. from ports)? 

I'm looking for 'best practice' and/or to compare my (evolving) setup with others. 

The Tunnel Broker can delegate an IPv6 prefix to the router, allowing one to assign addresses to their own subnets which in the past would be from the private (i.e. non-routable, RFC 1918) address blocks and needed NAT.

Is anyone else playing with this?

How is rc.conf setup for you? Do you statically assign IPv6 addresses in rc.conf for local interfaces, or can these (should these) be assigned dynamically?


----------



## SirDice (Nov 1, 2011)

I've been using a broker for quite some time. Recently switch over as my ISP supports IPv6 natively.

The broker is nothing more then an IP-over-IP tunnel. Routing is just as simple as with IPv4. To automatically assign IPv6 addresses use rtadvd(8).

No need for NAT or 'private' addresses. You'll have plenty of IPv6 addresses to assign everything in your house it's own IPv6 address. Just use the global addresses.


----------



## OH (Nov 1, 2011)

I use tunnelbroker.net to route a /64, works perfectly. I would certainly consider them in your choice.


----------



## BostonDriver (Nov 1, 2011)

SirDice said:
			
		

> I've been using a broker for quite some time. Recently switch over as my ISP supports IPv6 natively.
> 
> The broker is nothing more then an IP-over-IP tunnel. Routing is just as simple as with IPv4. To automatically assign IPv6 addresses use rtadvd(8).
> 
> No need for NAT or 'private' addresses. You'll have plenty of IPv6 addresses to assign everything in your house it's own IPv6 address. Just use the global addresses.



Thanks, I (think I) understand all this.  If my ISP supported IPv6, and delegated a prefix, I'd be done. 

It's the setup and what I tell rc.conf etc. that I'm looking for 'best practice'

For example, using the port, gogoc stops rtadvd and start it with it's own settings.  So far I've only been able to get gogoc.conf to let me supply one interface for rtadvd.  I haven't yet figured out how to teach gogoc to not touch rtadvd, and just keep what rc.conf has.  Before reverse engineering it, or possibly modifying the scripts, I asked here.

Thanks


----------



## BostonDriver (Nov 1, 2011)

OH said:
			
		

> I use tunnelbroker.net to route a /64, works perfectly. I would certainly consider them in your choice.



Thanks.  I didn't even know about them.  I'll have a look.


----------



## SirDice (Nov 1, 2011)

I've never needed to use a port. I just setup gif(4) to get the IPv6-over-IPv4 tunnel. After that it's just a matter of configuring rtadvd(8).


----------



## SirDice (Nov 1, 2011)

This was all that I needed:

```
ipv6_enable="YES"
ipv6_defaultrouter="[IPv6 tunnel endpoint]"
ipv6_gateway_enable="YES"
ipv6_network_interfaces="rl1 gif0"
ipv6_ifconfig_rl1="[your IPv6 prefix]::1 prefixlen 64"
ipv6_ifconfig_gif0="[your IPv6 tunnel endpoint] prefixlen 64"
rtadvd_enable="YES"

gif_interfaces="gif0"
gifconfig_gif0="[your IPv4 address] [endpoint IPv4 address]"
```
And for /etc/rtadvd.conf:

```
rl1:\
	:addrs#1:addr="[your prefix]":prefixlen#64:
```


----------



## BostonDriver (Nov 1, 2011)

SirDice said:
			
		

> I've never needed to use a port. I just setup gif(4) to get the IPv6-over-IPv4 tunnel. After that it's just a matter of configuring rtadvd(8).



Thanks.  I saw what you wrote here as well.  

I've used Freenet6 in the past, and have moved to gogoc now, to obtain a tunnel.  I looked at tunnelbroker.net as suggested.  I will try them tonight, as they do not seem to require me to login to to obtain the tunnel values needed to use the settings that you suggest.  

In my case, there are several subnets which I'll need to set rtadvd up to handle, but I'll worry about that after I get the tunnel up.


----------



## BostonDriver (Nov 2, 2011)

I have the basics working just fine.  NOT using a port helps, as the port (first freenet6, then it's never version gogoc) is the source of all my trouble.  The port works fine for basic IPv6 access.  For _my_ purposes, at least right now, as an IPv6 router, the scripts with the port get in the way.  

At present, I have the /48 aggregated to the tunnel broker, and each IPv6 subnet is a /64, using rc.conf settings only.  I'm happy, for now.  Next step is dhcpd-v6 instead of rtadvd, just to learn how to do it.

Thanks everyone


----------



## SirDice (Nov 3, 2011)

BostonDriver said:
			
		

> Next step is dhcpd-v6 instead of rtadvd, just to learn how to do it.


Keep in mind that FreeBSD's dhclient(8) doesn't support DHCPv6. So you'll need dhcp6c(8) from net/dhcp6.

I haven't set up the server yet but my dhcp6c.conf looks like this:

```
interface tun0 {
        send ia-pd 0;
};
id-assoc pd {
        prefix-interface rl0 {
                sla-id 1;
        };
};
```

This gets the IPv6 address from the PPPoE connection on tun0 to my ISP. It will assign the address to rl0. The PPPoE tunnel end-points don't get an IPv6 address, this is done 'underwater' as I understood it.


----------



## mlager (Nov 28, 2011)

I just wrote up a quick blog post on how I implemented this step by step, just in case it is helpful. Cheers.

http://blog.sdunix.com/2011/11/ipv6-router-via-tunnelbroker-net-on-freebsd/


----------



## AlbyVA (May 11, 2012)

mlager said:
			
		

> I just wrote up a quick blog post on how I implemented this step by step, just in case it is helpful. Cheers.
> 
> http://blog.sdunix.com/2011/11/ipv6-router-via-tunnelbroker-net-on-freebsd/



Does anybody have a sample rc.conf file for setting up IPv6 using SixXS on FreeBSD v9?


----------



## AlbyVA (May 11, 2012)

AlbyVA said:
			
		

> Does anybody have a sample rc.conf file for setting up IPv6 using SixXS on FreeBSD v9?



I'm all good now. I was able to get my tunnel up on FreeBSD v9 with the following configs:


```
#
# /etc/rc.conf
#
# IPv6
ipv6_enable="YES"
gif_interface="gif0"
ipv6_ifconfig_gif0="My_SixXS_ipv6_addr"
ipv6_defaultrouter="My_SixXS_ipv6_gateway"
#
```


```
#
# /etc/aiccu.conf
#

username <username>  # SixXS Username
password <password>  # SixXS Password
protocol tic
server tic.sixxs.net
ipv6_interface gif0
tunnel_id Txxxx      # Tunnel ID from SixXS
verbose true
daemonize true
automatic true
requiretls false
```


----------



## kpa (Aug 13, 2012)

Here is my configuration for SIXXS tunnel that uses heartbeat and net/sixxs-aiccu. My system is 9-STABLE SVN revision r239227 amd64. Interface re0 is my LAN interface.

I did struggle with setting this up first because I didn't have ipv6_activate_all_interfaces="YES" initially and gif0 was flagged as IFDISABLED for IPv6. I could have configured IPv6 manually for each interface using ifconfig_<interface>_ipv6 but ipv6_activate_all_interfaces is easier of course.

/etc/rc.conf:


```
gif_interfaces="gif0"
ipv6_activate_all_interfaces="YES"
ifconfig_re0_ipv6="inet6 my_ipv6_64_prefix::1 prefixlen 64"
rtadvd_enable="YES"
rtadvd_interfaces="re0"
ipv6_gateway_enable="YES"

sixxs_aiccu_enable="YES"
```

I didn't have to create a /etc/rtadvd.conf file, rtadvd(8) picks up the prefix automatically from my LAN interface.
Edit: I couldn't get name server advertisement working using dhcpd6 so I created /etc/rtadvd.conf with addr, rdnss and dnssl entries.

/usr/local/etc/aiccu.conf, I only changed these lines:


```
username me
password mypassword

protocol tic
server tic.sixxs.net
```


----------



## AlbyVA (Aug 14, 2012)

I gave up on using aiccu and switched to just building the tunnel to the
destination v4 address.. Here is my newly revised tunnel:



```
ipv6_activate_all_interfaces="YES"
gif_interfaces="gif0"
gifconfig_gif0="server_ipaddr sixxs_dest_ipaddr"
ifconfig_gif0_ipv6="inet6_server_v6addr sixxs_dest_v6addr prefixlen 128"
ipv6_defaultrouter="sixxs_dest_v6addr"
```


----------



## MNIHKLOM (Feb 3, 2013)

AlbyVA said:
			
		

> I gave up on using aiccu and switched to just building the tunnel to the
> destination v4 address.. Here is my newly revised tunnel:
> 
> 
> ...


Hi,

Are the above codes working for you ?  I used to set things up like that but could not `% ping6 forums.freebsd.org` when using sixxs.  When running with sixxs from ports with interface gif instead of tun,  I still have tun0 created without ipv6 connectivity though.

Any hints and helps are welcome.

With best regards,
MNIHKLOM


----------



## AlbyVA (Feb 4, 2013)

MNIHKLOM said:
			
		

> Hi,
> 
> Are the above codes working for you ?  I used to set things up like that but could not `% ping6 forums.freebsd.org` when using sixxs.  When running with sixxs from ports with interface gif instead of tun,  I still have tun0 created without ipv6 connectivity though.
> 
> ...




 Since this posting, I have since given sixxs the boot and went solely with 
 Hurricane Electric. Must less of a complex install. Quick, Easy, and no
 need to worry about that foolish ISK scoring. 

Check out: http://www.tunnelbroker.net



```
ifconfig gif0 create
ifconfig gif0 tunnel 10.0.0.1 216.66.22.2
ifconfig gif0 inet6 [::2] [::1] prefixlen 128
route -n add -inet6 default [::1]
ifconfig gif0 up
```

Key:
----
::2 = Your assigned /128 Tunnel Address
::1 = Hurricane Electric's /128 Tunnel Address
10.0.0.1 = Your IPv4 Address (ie: Address assigned by ISP)


----------

