My ISP doesn't provide IPv6 addresses to clients (only one IPv4). I have a dedicated server with static IPv4 address and /64 block IPv6, so I decide to be my own tunnel broker (6in4). Yes, I can use tunnerbroker.net but I want to learn how to do it by myself.
Goal: provide 6in4 tunnel from server with native IPv4+IPv6(eth0) connection to clients behind home router with IPv4 only.
What I did:
Server side:
ip tunnel add sit5 mode sit ttl 255 remote [home_router_ipv4] local [server_ipv4]
ip link set dev sit5 up
ip -6 addr add [ipv6]::1/64 dev sit5
ip -6 route add [ipv6]::/64 via [ipv6]::2 dev sit5 metric 1
ip -6 neigh add proxy [ipv6]::2 dev eth0
sysctl:
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
net.ipv6.conf.all.proxy_ndp=1
net.ipv4.conf.all.accept_redirects=0
net.ipv6.conf.all.accept_redirects=0
net.ipv4.conf.all.send_redirects=0
Client side:
The router running DD-WRT with native support for 6in4 tunnels with radvd for adresses propagation to clients (tested with success for tunnelbroker.net).
radvd config:
interface br0
{
IgnoreIfMissing on;
AdvSendAdvert on;
MinRtrAdvInterval 3;
MaxRtrAdvInterval 10;
AdvHomeAgentFlag off;
AdvManagedFlag off;
AdvOtherConfigFlag on;
AdvLinkMTU 1480;
prefix [ipv6]::/64
{
AdvOnLink on;
AdvAutonomous on;
};
RDNSS [ipv6]::1 2620:0:ccd::2 {};
};
Problem: Router is correctly connected via tunnel to IPv6 network (it can browse ipv6 network), but clients doesn't (they receive correct ipv6 address, but can't ping anything including router and server).
When I am doing a traceroute6 from server to client I have routing loop:
# traceroute6 [ipv6]:4d34:1981:aba6:620c
traceroute to [ipv6]:4d34:1981:aba6:620c ([ipv6]:4d34:1981:aba6:620c) from [ipv6]::1, 30 hops max, 24 byte packets
1 [ipv6]::2 ([ipv6]::2) 43.446 ms 44.439 ms 39.687 ms
2 [ipv6]::1 ([ipv6]::1) 41.955 ms 41.391 ms 43.225 ms
3 [ipv6]::2 ([ipv6]::2) 80.456 ms 80.515 ms 81.893 ms
4 [ipv6]::1 ([ipv6]::1) 81.966 ms 83.338 ms 92.166 ms
...
tcpdump
,tshark
,ndisc6
,ip -6 route get <ip>
, andip -6 route show match <ip> table all
as IPv6 debugging tools.