How To – Establish a 6in4 IP tunnel using a To – Establish a 6in4 IP Tunnel using a Tunnel Broker Service TunnelHow Broker Service

Applicable Version: 10.00 onwards Overview Cyberoam supports Four (4) methods of IP tunneling to promote interoperability between IPv4 and IPv6 networks. It is a mechanism to encapsulate one network protocol as payload for another network protocol i.e. either an IPv6 packet is encapsulated in to an IPv4 packet, for communication between IPv6 enabled hosts/networks via an IPv4 network or vice-a-versa. Cyberoam supports following types of IP Tunneling methods: 







6in4 Tunnel: It is commonly referred as Manual Tunnel and used for IPv6 to IPv6 communication over IPv4 backbone. The source and destination IPv4 addresses must be manually configured. It is recommended for point-to-point communication. 6to4 Tunnel: It is commonly referred to as Automatic Tunnel and used for IPv6 to IPv6 communication over IPv4 backbone. The destination IPv4 address of the tunnel can be automatically acquired, but the source address needs to be provided manually. It is recommended for point-to-multi point communication. 6rd Tunnel: It is used for IPv6 to IPv6 communication over IPv4 backbone. The 6RD tunnel is an extension of the 6to4 Automatic Tunnel. The tunnel can be established by pre-defined ISP provided prefix. 4in6 Tunnel: It is used for IPv4 to IPv4 communication over IPv6 backbone, the source and destination IPv6 addresses must be manually configured. It is recommended for point-to-point communication.

Note: The devices at the ends of an IPv6 over IPv4 tunnel or IPv4 over IPv6 tunnel must support IPv4/IPv6 dual stack.

Scenario Establish a 6in4 tunnel using the tunnel broker service named Hurricane Electric (HE). Hurricane Electric (HE) provides free IPv6 tunnel broker service to allow users to connect to IPv6 networks over IPv4 backbone. To create a 6to4 tunnel, users must register at http://www.tunnelbroker.net.

Prerequisite Register with HE at http://www.tunnelbroker.net.

Configuration This configuration consists of Two (2) parts: 1. HE configuration 2. Cyberoam Configuration

How To – Establish a 6in4 IP Tunnel using a Tunnel Broker Service

HE Configuration 

Login to your HE Account and click Create Regular Tunnel.

How To – Establish a 6in4 IP Tunnel using a Tunnel Broker Service



Specify the IPv4 address of your local endpoint, select the tunnel server and click Create Tunnel.

On tunnel creation, HE provides the following information which is to be used in IP Tunnel configuration in Cyberoam.   



Server IPv4 Address: This is the IPv4 address of the server at the tunnel broker (server endpoint) end of the tunnel. Server IPv6 Address: This is the IPv6 address of the server at the tunnel broker end of the tunnel. Client IPv4 Address: This is the public (WAN) facing IPv4 address of the Cyberoam (client endpoint) end of the tunnel. This IP address must be entered during the tunnel creation process at HE. This address must be pingable by the tunnel broker. Client IPv6 Address: This is the IPv6 address assigned by the tunnel broker. This will be used during the configuration process in Cyberoam.

How To – Establish a 6in4 IP Tunnel using a Tunnel Broker Service







Available DNS Resolvers: These are recursive caching name servers that you can use through your tunnel either over IPv6 or IPv4. They will also allow you to access Google's websites along with other organizations who have white-listed the servers as part of their IPv6 participation programs. Routed IPv6 Prefixes: A 64 bit or, on request, a 48 bit network block is assigned by the tunnel broker. In this article, we statically assign the LAN interface of Cyberoam with an IPv6 address within this 64 bit network block. IPv6 enabled hosts behind the LAN will automatically obtain an IPv6 address within this block. rDNS Delegations: These are the Name Servers delegated by Hurricane Electric with authority for the "Routed /64" and "Routed /48" above.

How To – Establish a 6in4 IP Tunnel using a Tunnel Broker Service

Cyberoam Configuration You must be logged on to the Web Admin Console as an administrator with Read-Write permission for relevant feature(s).

Step 1: Create 6in4 Tunnel Go to Network > Interface > IP Tunnel and click Add to create a new IP Tunnel according to parameters given below. Parameters Tunnel Name

Value CR_HE

Description Specify a name to identify the Tunnel Specify the Tunnel Type.

Tunnel Type

6in4

Available Options: - 6in4 - 6to4 - 6rd - 4in6 Select the zone to create the tunnel for, from the options available. The tunnel will cater to the traffic of selected zone.

Zone

WAN

Available Options: - LAN - DMZ - WAN Specify IP Address of the Local End Point (as specified in HE configuration) of the tunnel.

Local End Point

Remote End Point

203.88.56.45

66.220.18.42

Specify IPv4 Address for 6to4, 6in4 and 6rd tunnels. Specify IPv6 Address for 4in6 tunnel. Specify IP Address of the Remote End Point of the tunnel. Here, specify Server IPv4 Address mentioned in the HE Tunnel Details page. Specify IPv4 Address for 6in4 tunnel. Specify IPv6 Address for 4in6 tunnel.

How To – Establish a 6in4 IP Tunnel using a Tunnel Broker Service

Click OK to create the tunnel.

Step 2: Add Default Static Route On clicking OK, the Add Static Unicast Route For IP Tunnel ‘CR_HE' screen appears which enables you to create static routes for remote network. Set route parameters as desired and click OK to save the configuration. Here, we have routed all traffic to the tunnel CR_HE.

Step 3: Configure LAN Network on IPv6 Go to Network > Interface > Interface and configure the LAN Interface as shown below. Specify the Static IPv6 Address of the LAN interface in the Routed IPv6 Prefixes mentioned in the HE Tunnel Details page.

How To – Establish a 6in4 IP Tunnel using a Tunnel Broker Service

Step 4: Enable Router Advertisement on LAN Interface Go to Network > Router Advertisement > Router Advertisement and click Add to add an advertisement as per parameters below. Parameters

Value

Description Select an interface for router advertisement.

Interface

Other Flag

PortD

Enable

All IPv6 enabled physical interfaces, LAG, VLAN and Bridge interfaces can be selected. Select to set the Other Flag. When this flag is set, DHCPv6 client obtains other network parameters like DNS server, Domain Name, NIS, NISP, SIP, SNTP, BCMS servers from DHCPv6 server. The option must be selected if a DHCPv6 Server is available.

Prefix Advertisement Configuration

2001:470:d:96d::

Prefix Advertisement includes zero or more prefix options containing information that the default gateway advertises. This information is used by stateless address auto configuration to auto-generate a global IPv6 Address. Here, specify the Routed IPv6 Prefix from the HE Tunnel Details page that you configured in the LAN Interface.

How To – Establish a 6in4 IP Tunnel using a Tunnel Broker Service

Click OK to save advertisement.

Step 5: Configure DHCP Server Go to Network > DHCP > Server and configure a new server as per parameters below. This is specifically required to assign DNS Server Address to clients. Parameters Name

Interface

Dynamic Lease IP

Value

Description

IPv6DHCP

Provide a name to identify DHCPv6 server uniquely.

PortD

Select any internal interface to set it as DHCPv6 server. DHCP service can be configured on virtual sub-interface but cannot be configured on Interface alias.

2001:470:d:96d::100 2001:470:d:96d::200

Specify range of IPv6 Address from which DHCP server must assign to the clients and subnet mask for the IPv6 Address range. It is also possible to configure multiple IPv6 range for a same interface. You can provide multiple IP range for the DHCP Server.

How To – Establish a 6in4 IP Tunnel using a Tunnel Broker Service

Click OK to save DHCP configuration. The above configuration allows Cyberoam to establish a 6in4 tunnel using the Tunnel Broker Service Hurricane Electric (HE).

Document Version: 1.0 – 1 May, 2015