Configuring an IPv6 Tunnel With m0n0wall
Configuring an IPv6 Tunnel With m0n0wall
2008-08-19 02:32:42 by Andrew Hitchcock G+

About every year or so for the last few years I unsuccessfully attempt to set up an IPv6 connection for my home network. Today I tried again—triggered by Slashdot's article about IPv6 adoption—and this time I succeeded.

For a few years I've been using m0n0wall as a router on one of my old computers. It provides advanced features such as a stateful firewall, VPN endpoint, and QoS traffic shaper. I'll show how to configure a Hurricane Electric IPv6 tunnel with m0n0wall.

In my latest attempt to configure IPv6, I noticed that m0n0wall recently released a beta that supports tunneling IPv6 over IPv4. If I could set up the tunnel such that it works for all computers on the network and not just my desktop, that'd be great. If you are coming from the 1.2x series, make sure you upgrade to 1.3b7 before 1.3b13+.

For the IPv6 tunnel, I went with Hurricane Electric's tunnel broker. They offer a free /48 to anyone with an e-mail address who is willing and able to set up the tunnel. After registration, confirm your e-mail address and login. Create a tunnel by specifying your IP address and the closest endpoint. Once created, you'll be presented with the tunnel detail page. You only need to remember the "Server IPv4 address", "Client IPv6 address", and "Routed /64" fields.

Now return to your m0n0wall installation. Click Advanced under System and then check "Enable IPv6 support".

Screenshot of enabling IPv6 with m0n0wall.

To setup the tunnel, click WAN under Interfaces. Halfway down the page you'll see the IPv6 configuration. Select "Tunnel" for IPv6 mode. The IPv6 address is the client address you saved from the tunnel detail page. Leave the drop down as /64. IPv6 gateway is greyed out, so continue down to IPv6 tunnel endpoint and fill in the server IPv4 address you saved from the tunnel detail page.

Screenshot of configuring IPv6 WAN settings in m0n0wall.

Now move up to the LAN configuration. Set the IPv6 mode to static. The server IPv6 address I was given ends in ::1 and the client address ends in ::2, so I used the same prefix and ended this address with ::3. Enter the "Routed /64" from the tunnel configuration as your IPv6 address. Check the box that says "Send IPv6 router advertisements". Click Save. It'll want you to restart the router, but that can wait for a minute.

Screenshot of configuring IPv6 LAN settings in m0n0wall.

Saving the LAN settings disables the DHCP server. If you need DHCP like I do, click on DHCP server under Services. Check "Enable DHCP server on LAN interface" and then Save. Finally, you need to add a firewall rule to allow traffic through. Go to IPv6 Rules under Firewall and click LAN. Add a new rule with Action set to "Pass", Interface as "LAN", and over any protocol. Save it and then delete any default rules that may have already been defined. Now you can restart the router using the Diagnostics menu. If everything worked, you should now have a functioning IPv6 tunnel.

Google's IPv6 Website

Update 2008-08-26: A reader contacted me after having trouble with the instructions. It turns out I had forgotten to include the step about adding a firewall rule to let traffic out through IPv6. Also, he corrected me about the IP address to use on the LAN configuration page, it should be the routed /64. I've update the post to include the new information

Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 Unported License.