IPv4-in-IPv6 Tunnel on Debian

Setting up an IPv4-in-IPv6 tunnel on Debian

I am currently in China, and to make a long story short, my internet connection is IPv6 only. However, there is some software (∗cough∗Skype∗cough∗) that doesn't work too well with IPv6. Also, Bittorrent clients (I tried deluge, rtorrent and transmission) seem to have problems using IPv6 connections as well (I think it's the communication with the tracker).

So I needed some way to get IPv4 connectivity in my IPv6 network. Since there isn't too much documentation on tunnelling IPv4 in IPv6 (instead of the other way round), I thought I'd write something up and make the world a better place!

What you'll need

  • iproute2 package
  • A server that has the ip\tunnel module available
  • A public IPv6 address for the connecting host
  • A public IPv6 and one (or two) public IPv4 addresses for the server

What to do

Basically, setting up IPv4-in-IPv6 tunnels is easy: Just run the correct iproute command on both sides of the tunnel, where the local address is the public IPv6 address of the interface, and the remote address is the public IPv6 address of other side. The selected interface should be the interface the tunnel packets are arriving on, the one that has the public address.

This, however can be thwarted by the cryptic error messages ip gives off: "ioctl: No buffer space available" means that the interface you are trying already exists. Choose a different interface name. "ioctl: No such device" means that the ip\tunnel module is not loaded.

When you have managed to sucessfully the commands on both server and client, give an IP address to the interface on both sides (I selected addresses from the 10.0.3.0/24 subnet, 10.0.3.1 for the server and 10.0.3.2 for the client) and add routing entries.

Put it together and you get this (for the server)

ip -6 tun add sit1 mode ipip6 local <server address> remote <client address> interface <interface>

ip link set dev sit1 up
ip a add dev sit1 10.0.3.1
ip route add 10.0.3.1 dev sit1

and this for the client:

ip -6 tun add sit1 mode ipip6 local <client address> remote <server address> interface <interface>

ip link set dev sit1 up
ip a add dev sit1 10.0.3.2
ip route add default dev sit1

You should now be able to ping the IPv4 address across the tunnel. For full routing, set up NAT on the server and you're done.

Automate it

In order to automatically start the tunnel on the server side, I wrote two scripts, since IPv4-in-IPv6-Tunnels aren't supported natively by the debian network scripts (if you know different, contact me).

Put this script in etc/network/if-up.d and make it executable:

#!/bin/bash


if [[ "$VERBOSE" ]]; then
        set -x
fi

if [[ "$IFACE" != "eth0" ]]; then
        exit 0;
fi

if [[ "$ADDRFAM" != "inet6" ]]; then
        exit 0;
fi

#already have sit1 interface
ip a show sit1 &>/dev/null

if [[ "$?" -ne 255 ]]; then
        exit 0;
fi

ip -6 tun add sit1 mode ipip6 local <server address> remote <client address> dev eth0
ip link set sit1 up

# Adjust if necessary
ip a add dev sit1 10.0.3.1/32
ip route add 10.0.3.0/24 dev sit1

To tear down the tunnel when the interface goes down (shouldn't be necessary, but I'm a neat freak when it comes to OS configuration (and only then^^)), put the following script in \/etc/network/if-down.d\/ and make it executable:

#!/bin/bash

if [[ "$VERBOSE" ]]; then
        set -x
fi

if [[ "$IFACE" != "eth0" ]]; then
        exit 0;
fi

if [[ "$ADDRFAM" != "inet6" ]]; then
        exit 0;
fi

#assure we have a sit1 interface
ip a show sit1 &>/dev/null
if [[ "$?" -ne 0 ]]; then
        exit 0;
fi

# Adjust if necessary
ip route del 10.0.3.0/24 dev sit1
ip a del dev sit1 10.0.3.1/32

ip link set sit1 down
ip -6 tun del sit1

Client configuration for debian is similar, and will not be explained here. Since my laptop runs gentoo, I don't need it either^^. When I figure out automatic tunnel setup on gentoo, I'll post it here, so keep your fingers crossed.

Author: Jan Seeger

Email: sitecomments@thenybble.de

Validate