You’ll need a Linux machine or device supporting AICCU and ip6tables to act as IPv6 router. It doesn’t have to be the same machine/device as IPv4 router. If you’re using DD-WRT on your IPv4 router then there’s a tutorial covering this here.
First you need to pop over to www.sixxs.net and sign up for a account (it’s free). Once that’s approved you’ll need to request a tunnel.
For safeties sake, as some connectivity providers block other protocols, select “Dynamic NAT-traversing IPv4 Endpoint using AYIYA” as your endpoint.
Then you’ll need to select a PoP that’s close to you (to keep latency low) and give a reason why you want an IPv6 tunnel (use your imagination!)
After that’s approved you’ll need to request a subnet
Now we just need to setup our IPv6 router (in my case a Debian VM). First lets setup AICCU which will configure a tunnel device for IPv6 with SixXS. During the ncurses installer, you will be asked for your SixXS username and password:
# apt-get install aiccu
An “ifconfig” should now show the tunnel to be present:
sixxs Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet6 addr: fe80::xxxx:xxx:xx:2/64 Scope:Link
inet6 addr: 2604:xxxx:xxx:xx::2/64 Scope:Global
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1280 Metric:1
RX packets:1989470 errors:0 dropped:0 overruns:0 frame:0
TX packets:1187540 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:1401336999 (1.3 GiB) TX bytes:306453776 (292.2 MiB)
Then we need to enable IPv6 forwarding (as root):
#echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
To make this persistent you’ll need to add/ammend this rule in “/etc/sysctl.conf”:
net.ipv6.conf.default.forwarding=1
Lets now setup an IPv6 address from subnet we’ve been given to act as our IPv6 gateway, in my case my subnet is (anonymized):
2604:xxxx:xxx::/48
So in “/etc/network/interfaces” I put the following:
iface eth0 inet6 static address 2604:xxxx:xxx::1 netmask 48
Now whenever the network comes up I want to add some routes in to make sure my IPv6 traffic is directed correctly, to do this I created a script called “/etc/network/if-up.d/ipv6routes” and marked it as executable:
#!/bin/sh ip -6 route add 2604:8800:112::1/64 dev eth0 ip -6 route add 2604:8800:112::/48 dev lo
Then we just need to setup the ip6tables rules to forward the traffic correctly, in my case:
ip6tables -P FORWARD DROP ip6tables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT ip6tables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT ip6tables -A INPUT -i lo -j ACCEPT ip6tables -A OUTPUT -o lo -j ACCEPT ip6tables -A FORWARD -i eth0 -s 2604:xxxx:xxx::/48 -j ACCEPT ip6tables -A FORWARD -i sixxs -o eth0 -d 2604:xxxx:xxx::/48 -j ACCEPT
To make these persistent you’ll need to set them to be loaded when the network comes up, what I usually do is this:
ip6tables-save > /etc/iptables-ipv6.conf
Then create a script called “/etc/network/if-up.d/iptables” and mark it as executable with the following inside it:
#!/bin/sh ip6tables-restore < /etc/iptables-ipv6.conf
Now we assign an IPv6 address to a different machine in the network and set the gateway as the address we setup previously (2604:xxxx:xxx::1), here’s what the “ifconfig” looks like:
wlan0 Link encap:Ethernet HWaddr 00:23:14:53:56:3c
inet addr:192.168.x.xxx Bcast:192.168.x.xxx Mask:255.255.x.x
inet6 addr: 2604:xxxx:xxx::500/64 Scope:Global
inet6 addr: fe80::xxx:xxxx:xxxx:xxxx/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1280 Metric:1
RX packets:403511 errors:0 dropped:0 overruns:0 frame:0
TX packets:366141 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:195242106 (195.2 MB) TX bytes:60409846 (60.4 MB)
And hopefully, it all works!
# traceroute6 -n www.sixxs.net traceroute to nginx.sixxs.net (2001:1af8:4050::2) from 2604:xxxx:xxx::500, 30 hops max, 24 byte 1 2604:xxxx:xxx::1 2.871 ms 2.892 ms 9.606 ms 2 2604:xxxx:xxx:31::1 137.17 ms 150.576 ms 168.446 ms 3 2620:0:6b0:a::1 204.796 ms 245.039 ms 329.039 ms 4 2001:1900:2100::171 326.815 ms 256.593 ms 385.289 ms ... ...