Setting up a hurricane electric tunnel with a linux router

This assumes that you have a working router as per my older post . This can work behind a nat (though I ended up DMZing this router) in some circumstances. This distils grawity’s excellent post on superuser – in the context of this setup (which has a few quirks), and some broader context

You’ll need to start with getting an account with Hurricane Electric’s tunnel broker , creating a tunnel and setting up the tunnel to your router as per the example configuration.


auto he-ipv6
iface he-ipv6 inet6 v4tunnel
address 2001:470:AA:BBBB::2
netmask 64
endpoint 216.218.221.6
local 192.168.1.79
ttl 255
gateway 2001:470:AA:BBBB::1

Its a simple matter of adding what’s there to your /etc/network/interfaces

You’ll want to create the /48 as well – and we’ll be carving a /64 from that to add to br0

To note here – you have a routed /64 – this will *probably* work, but that’s not what we are using. You’ll have a routed /48 in the format of 2001:470:AB::.

You’ll want to add an additional block for br0 in /etc/networks/interfaces with

iface br0 inet6 static
address 2001:470:AB:1::1/64
gateway CLIENT IPv6 address

I’m not strictly sure if the client IPv6 address is necessary – I added it in during troubleshooting and its entirely possible that it works without that.

As for dnsmasq – you’ll need to add the following lines to /etc/dnsmasq,conf

enable-ra
dhcp-range = 2001:470:AB:1::, ra-stateless

Basically we’re telling it to give any IP address within the range that we’d set for the br0 interface.

Restart dnsmasq and networks with systemctl restart networking and systemctl restart dnsmasq

Finally, we’ll need to add firewall rules to firewalld

sudo firewall-cmd --direct --add-rule ipv6 filter FORWARD 0 -i he-ipv6 -o br0 -m state --state RELATED,ESTABLISHED -j ACCEPT

sudo firewall-cmd --direct --add-rule ipv6 filter FORWARD 0 -i br0 -o he-ipv6 -j ACCEPT

sudo firewall-cmd --runtime-to-permanent

Refresh your IP addresses, test with your favourite site and you’re good.