[Ukfreebsd] HE tunnel configuration for freebsd gateway box.

Mark Blackman mark at exonetric.com
Tue May 24 23:23:28 BST 2011


Hi,

As I spent a bit of time coming up with this configuration, I'll post it here for
reference, but beware this doesn't include any firewall configuration. I'm sure
others have already come up with this, but I would have appreciated this as a
cut-n-paste configuration which I didn't find this concisely laid out.

This configuration will turn your FreeBSD box into a local IPv6 router
for your internal LAN (after you've signed up with HE's tunnel broker at
http://www.tunnelbroker.net/), bearing in mind this will expose your internal LAN to arbitrary external IPv6 source addresses as there is no firewall/filtering in this configuration.

This configuration includes a setting up router advertisements on your network,
so everything on the network will pick this router and prefix up anyway for ipv6.
In particular, any OS X machines will just use it (assuming they're on the
IPv6 automatic default setting).

obviously, 'bge0' will need to change if you don't use bge0 internally and
reboot after this configuration is applied with your own interface names,
IPv4 endpoints and IPv6 tunnel endpoints and subnets.

-------------------
# extras for /etc/sysctl.conf

net.inet6.ip6.auto_linklocal=1

-------------------
# extras for /etc/rc.conf

ipv6_enable="YES"
ipv6_network_interfaces="auto"	# all interfaces

# this the HE "routed" /64 subnet, not the tunnel subnet, but they will be nearly identical
ipv6_prefix_bge0="2001:470:1b09:168d"  
ipv6_gateway_enable="YES"	# Set to YES if this host will be a gateway.
rtadvd_enable="YES"		# Set to YES to enable an IPv6 router
rtadvd_interfaces="bge0"		# Interfaces rtadvd sends RA packets.

# IPv6 Tunnel Client
gif_interfaces="gif0"

# 192.168.0.100 is the actual RFC1918 address of your tunnel termination, but does assume your firewall will pass protocol 41, the other address will be from HE
gifconfig_gif0="192.168.0.100 216.66.80.26" 

# these are your ipv6 tunnel endpoints
ipv6_ifconfig_gif0="2001:470:1b08:168d::2 2001:470:1b08:168d::1 prefixlen 128"  
ipv6_defaultrouter="2001:470:1b08:168d::1"



More information about the Ukfreebsd mailing list