FreeBSD – IPv6 Tunnel and Gateway Configuration

Most of us don’t have native IPv6 Internet connections at home.  Fortunately, it’s easy (and free) to get connected to the IPv6 Internet.  Here’s how to get your FreeBSD box connected.

First, you need a tunnel broker.  I used Hurricane Electric’s tunnelbroker.net, but there are plenty of others out there – here’s a list.  Hurricane Electric uses 6in4 which is similar to 6to4.

Once you’ve signed up, they’ll give you a few pieces of info that you need:

  • The IPv4 address of the endpoint (the other end of the tunnel)
  • The IPv6 address of the endpoint
  • Your box’s IPv6 address.
  • The CIDR mask of the subnet they’re routing to you (if you plan on being a gateway)

You’ll also need your box’s IPv4 address.  Note: If you’re behind a NAT, you’ll configure your local endpoint address with your box’s local IP address – the address actually assigned to the NIC.

In my case, the values are (I’ve obfuscated the public-facing IP addresses):

  • The FreeBSD Box’s IPv4 address: 10.0.0.5
  • Endpoint IPv4 address: 72.52.104.74
  • Endpoint IPv6 address: 2001:350:aaa4:acd::1/64
  • The box’s IPv6 address: 2001:350:aaa4:acd::2/64
  • The routed subnet: 2001:350:aaa5:acd::/64

Now that we have all the information, let’s configure rc.conf:

First, enable IPv6:

ipv6_enable="YES"

Define the tunnel interface – FreeBSD will create this interface on boot:

gif_interfaces="gif0"

Configure the IPv4 tunnel information, using the local NIC address and the IPv4 endpoint address.

gifconfig_gif0="10.0.0.5 72.52.104.74"

Configure the gif0 interface for ipv6:

ipv6_ifconfig_gif0="2001:350:aaa4:acd::2 2001:350:aaa4:acd::1 prefixlen 128"

Configure the default gateway for gif0:

ipv6_defaultrouter="2001:350:aaa4:acd::1"

That’s all the configuration you need to get your FreeBSD box connected to your tunnel broker.  To test, try:

ping6 ipv6.google.com

If you’d like to set it up as a gateway, it’s pretty straight foward.  And the nice thing about this setup is that it will automatically configure any IPv6 devices on your network.

Configure your main network card with an IPv6 address.  My network card is nfe0.

ipv6_ifconfig_nfe0="2001:350:aaa5:acd::1 prefixlen 64"

Enable IPv6 gateway:

ipv6_gateway_enable="YES"

Enable the router advertisement daemon:

rtadvd_enable="YES"

Set the router advertisement daemon to run on your internal interface (again, in my case, this is nfe0):

rtadvd_interfaces="nfe0"

To make all this configuration take effect, you can do it manually, or just reboot your system.

Once your system comes back up, the other systems on your network should get IPv6 addresses.  It’s completely automatic.  You can test by pinging ipv6.google.com from another system on your network.  On Windows, instead of “ping6 <host>”, the command is “ping -6 <host>”.

To summarize, your /etc/rc.conf should contain the following lines.  Obviously you’ll need to use the proper addresses.

# IPv6 Tunnel Client
ipv6_enable="YES"
gif_interfaces="gif0"
gifconfig_gif0="10.0.0.5 72.52.104.74"
ipv6_ifconfig_gif0="2001:350:aaa4:acd::2 2001:350:aaa4:acd::1 prefixlen 128"
ipv6_defaultrouter="2001:350:aaa4:acd::1"

# IPv6 Gateway
ipv6_config_nfe0="2001:350:aaa5:acd::1 prefixlen 64"
ipv6_gateway_enable="YES"
rtadvd_enable="YES"
rtadvd_interfaces="nfe0"

One last thing – I did not need to change my router’s configuration (I’m using a WRT54GL with DD-WRT).  Your mileage may vary.  I have read that in order for this to work behind a NAT, you need to make sure your router forwards protocol 41.

A quick note about Hurricane Electric’s service.  If you have a dynamic IP address, you’ll need to update your tunnel configuration on their systems every time your IP address changes.  This can be done through their web interface, or through a simple HTTP GET request.  I will probably write a script to automate this – and when I do, I’ll post it here.

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.