Hurricane Electric IPv6 Tunnel with EdgeOS

I wrote yesterday about my new home network setup, using an Ubiquiti EdgeRouter X as the router. I’ve wanted working IPv6 at home for years now, but have never been able to make it reliable. Virginmedia don’t natively support IPv6 and their Superhubs don’t support tunnels. I’ve had other routers that did support tunnels, but buggy firmware stopped me from enabling them full-time. I’m not a fan of per-client tunnelling either.

I decided to give it another go using the EdgeRouter X, which runs EdgeOS. EdgeOS supports all of the moving parts needed: IPv6 (duh!), being able to setup arbitrary tunnel interfaces, and supporting nice-to-have infrastructure to help configure clients, like radvd for Router Advertisement message support.

I chose Hurricane Electric (HE.net) as my IPv6 tunnel broker. HE.net give you a routed IPv6 address for your tunnel, and a routed /64 IPv6 prefix to use on your network. I have the EdgeRouter X configured so that eth0 is the WAN interface connected to my modem, and eth1-eth4 are ports on a virtual LAN switch called switch0.

If you have a similar setup to me, where you have an interface you can call your LAN, remember to assign your routed prefix to the LAN interface. HE.net use very similar addressing for each, so be very careful assigning the routed prefix to your LAN interface. I spent a couple of hours wondering why I could do IPv6 things on the EdgeRouter X OK, after setting up the tunnel and the IPv6 default route, but nothing on my clients; I’d set the client IPv6 address on the switch interface by mistake.

I mostly followed this guide on One Bad Pixel. Here are my eventual applied set of commands on the EdgeRouter X CLI.

# this assumes WAN is eth0 and LAN is switch0. Please adjust for your own setup

configure

# Tunnel first
edit interfaces tunnel tun0
set encapsulation sit
set local-ip xxx.xxx.xxx.xxx # your WAN IP
set remote-ip xxx.xxx.xxx.xxx # HE.net Server IPv4 Address
set address xxxx:xxxx:xxxx:xxxx::2/64 # Client IPv6 Address
set description "HE.NET IPv6 Tunnel"
exit
set protocols static interface-route6 ::/0 next-hop-interface tun0
commit

# Use DHCPv6 to set some client config parameters
edit service dhcpv6-server shared-network-name SWITCH0_V6POOL
set subnet xxxx:xxxx:xxxx:xxxx::/64 domain-search xxxx # your local domain
set subnet xxxx:xxxx:xxxx:xxxx::/64 name-server xxxx:xxxx:xxxx:xxxx::2
top
commit

# Set the LAN IPv6 address
set interfaces switch switch0 address xxxx:xxxx:xxxx:xxxx::1/64 # 1st IP in the routed /64

# Set the DHCPv6 options to assign interface parameters only, not addresses
set interfaces switch switch0 dhcpv6-options parameters-only

# Setup Router Advertisement
edit interfaces switch switch0 ipv6
set dup-addr-detect-transmits 1
set router-advert cur-hop-limit 64
set router-advert default-preference high
set router-advert link-mtu 0
set router-advert managed-flag false
set router-advert max-interval 600
set router-advert other-config-flag true
set router-advert prefix xxxx:xxxx:xxxx:xxxx::/64 autonomous-flag true # Routed /64
set router-advert prefix xxxx:xxxx:xxxx:xxxx::/64 on-link-flag true
set router-advert prefix xxxx:xxxx:xxxx:xxxx::/64 valid-lifetime 2592000
set router-advert reachable-time 0
set router-advert retrans-timer 0
set router-advert send-advert true
top
commit

# Save everything
save