my blog my blog

Tag: sit tunnel
自建sit 6in4 Tunnel Broker IPv6隧道

从大概8年前就知道HE(Hurricane Electric)的Free IPv6 Tunnel Broker,但是印象中尝试一直是失败的,当然这次的尝试也是失败的,原因估计是电信运营商封了6in4这种数据包封装,不过还是把过程记录下吧。

先说说sit tunnel,其实和GRE tunnel啊IPIP tunnel是相似的,sit tunnel也是本地和远程对等的一种tunnel,也就是说服务器端和客户端几乎是相反的配置。这里的配置需要iproute2的支持。

客户端:

ip tunnel add user-ipv6 mode sit remote 服务器IPv4地址 local 本地IP(如果是内网则为内网地址) ttl 255
ip link set user-ipv6 up
ip addr add 服务器IPv6地址::2/80 dev user-ipv6
ip route add ::/0 dev user-ipv6

服务器端:

ip tunnel add server-ipv6 mode sit remote 客户公网IPv4地址 local 服务器IPv4地址 ttl 255
ip link set server-ipv6 up
ip addr add 服务器IPv6地址网关::1/80 dev server-ipv6
ip route add 服务器IPv6 Route地址::/80 dev server-ipv6
echo "net.ipv6.conf.all.forwarding = 1" >>/etc/sysctl.conf
sysctl -p

配置完成后需要添加邻居信息服务,防止IPv6地址无法被广播识别。

wget https://github.com/DanielAdolfsson/ndppd/archive/0.2.5.tar.gz
tar zxvf 0.2.5.tar.gz
cd ndppd-0.2.5
make
make install

vi /etc/ndppd.conf

route-ttl 30000
proxy eth0 {
router yes
timeout 500
ttl 30000
rule 你的:IPv6:子网:前缀::/前缀长度 {
static
}
}

ndppd -d

配置完成后客户端应该可以直接使用分配的IPv6地址了。这里需要注意的是/64的IPv6地址需要切分成/80的子网,然后进行广播设置。配置工具可以使用https://github.com/sskaje/6in4

但是使用的时候需要将sipcalc安装上,否则无法正确使用。使用方法:

cd 6in4-master/etc/
vi config.ini

; IPv6 network, must be ending with '::'
; * Required
IPV6_NETWORK=你的:IPv6:子网:前缀::

; IPV6 CIDR, must be a multiple of 8.
; * Required
; If your IPV6_CIDR is smaller than /64, assigned blocks are /64; if smaller than /48, /48 is used.
; If IPV6_CIDR is greater than /64, assigned blocks are /(IPV6_CIDR + 16 [ + 8 ]), e.g.: 64->80, 72->96, 80->96
IPV6_CIDR=前缀长度

; Bind tunnel to device INTERFACE
; * Required
INTERFACE=接口名

; Local IPv4
; * Optional
; This is useful if your $INTERFACE has more than one IP.
; If BIND_IP is not set, script reads first IPv4 ip from $INTERFACE
;BIND_IP=1.1.1.1 若接口上有多于1个IPv4地址 需要绑定

; MTU
; Default: 1480
;LINK_MTU=1480

:wq

cd 6in4-master
./bin/6to4 add 1 233.233.233.233

***************************** WARNING ********************************
IPV6_CIDR greater than 64 may cause your subnet not advertisable.
***************************** WARNING ********************************

Please set up tunnel on your machine with following parameters:
    Server IPv4 Address:        1.1.1.1
    Server IPv6 Address:        2001:0db8:0001:0001:1001::1/80
    Client IPv4 Address:        233.233.233.233
    Client IPv6 Address:        2001:0db8:0001:0001:1001::2/80
    Routed /80:                 2001:0db8:0001:0001:2001::/80

If you don't have a static IP, set your local to 0.0.0.0 and invoke update api to update your endpoint