Configuring 6in4 on Zyxel Keenetic routers
It's no secret that IPv4 addresses in the free distribution are no longer and will not exist, and this phrase is likely to cause a lot of holivar, but still - the future of the IPv6 protocol.
To date, not a very large number of Internet providers (meaning home Internet providers, and not transit users) support full-fledged work with IPv6, but I think I would like to try working with the new protocol.
To do this, we have a permanent public IPv4 address, the Zyxel Keenetic Ultra Internet Center with the latest version of the NDMS operating system: v2.02, which already supports Dual Stack and the IPv6 tunnel broker. On the Internet, there are many tunnel brokers, both paid and free, I will not give a list that would not be considered for advertising.
Who cares how it is configured welcome under the cat
In KB Zyxel there is an Instruction for the web interface of the router for configuring a 6in4 tunnel, but I did not earn IPv6 via Wi-Fi (namely, distribution of IPv6 to the client), I did not check the LAN ports. Due to the “poverty” of this very web interface, we will configure the router through cli .
')
So log in via telnet to our router and log in with the same credentials as in the router's web configurator. If nothing is changed in the account ( tag cli, tag http ), then it should start.
We get into the configuration menu and begin our setup.
At the beginning, we go to the configuration of the system parameters and allow the transfer of traffic using the ipv6 protocol
Next, create and configure our tunnel interface.
That's actually this config and does what is stated in the instructions in the KB, but this is not enough for IPv6 to work on clients.
Now we need to hang an IPv6 address on the interface that sounds like Home (This is a bridge interface that combines the rules on a Wi-Fi network and Lan).
this is done as follows
who cares here is the complete interface config
The final touches remained - creating a subnet that we received as a prefix from the provider and attaching it to the Bridge0 interface
we can add another IPv6 DNS server here
Let's see if our interface has risen.
Let's see whether traffic goes through it.
Approximately such a picture you can see if all is well.
Also in the web interface tab System Monitor -> IPv6 should appear:
The IPv6 address of the tunnel end of your tunnel , hanging on the TunnelSixInFour0 interface, with infinite reality
IPv6 addresses of your client devices
The prefix received from the broker
Internet route
:: / 0 with gateway :: and interface TunnelSixInFour0
View Routes
xxxx: xxxx: xxxx :: / 64 with gateway :: and Home interface to your client computers
Save configuration via web interface or cli
The configuration is completed and if the client computer has support for the ipv6 protocol, then
ping -6 ipv6.google.com will be successful. You can also go to test-ipv6.com , thanks to agmt
Of course, ACL nuts could be tightened, but IPv6 ACLs are not supported on this router.
UPD. Already a week the tunnel is working normally, no cliffs are noticed, the processor of the router is 6% loaded, memory is 7%, about 7 GB have passed the incoming traffic (I think this is Youtube, by the way, there were no brakes when watching the video), the only clue that I’m using is a Ukrainian broker The tunnel and Yandex with Google determine my location in Kiev, but I think you will have no problems changing it.
UPD. All the same, 6in4 and not 6to4, thanks llivejo
That's all, do not judge strictly the first article on Habré.
To date, not a very large number of Internet providers (meaning home Internet providers, and not transit users) support full-fledged work with IPv6, but I think I would like to try working with the new protocol.
To do this, we have a permanent public IPv4 address, the Zyxel Keenetic Ultra Internet Center with the latest version of the NDMS operating system: v2.02, which already supports Dual Stack and the IPv6 tunnel broker. On the Internet, there are many tunnel brokers, both paid and free, I will not give a list that would not be considered for advertising.
Who cares how it is configured welcome under the cat
In KB Zyxel there is an Instruction for the web interface of the router for configuring a 6in4 tunnel, but I did not earn IPv6 via Wi-Fi (namely, distribution of IPv6 to the client), I did not check the LAN ports. Due to the “poverty” of this very web interface, we will configure the router through cli .
')
So log in via telnet to our router and log in with the same credentials as in the router's web configurator. If nothing is changed in the account ( tag cli, tag http ), then it should start.
We get into the configuration menu and begin our setup.
At the beginning, we go to the configuration of the system parameters and allow the transfer of traffic using the ipv6 protocol
(config)> system set net.ipv6.conf.all.forwarding 1 Next, create and configure our tunnel interface.
(config)> interface TunnelSixInFour0 (config-if)> description 6in4_tunnel - (config-if)> ip remote xxx.xxx.xxx.xxx - ipv4 (config-if)> ipv6 address xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx - ipv6 , 64 , (config-if)> ipv6 prefix xxxx:xxxx:xxxx::/xx - ipv6 , /48 (config-if)> ipv6 name-servers auto - IPv6 DNS- (config-if)> ipv6 force-default - (::/0 | :: | TunnelSixInFour0) (config-if)> up - (config-if)> exit - . That's actually this config and does what is stated in the instructions in the KB, but this is not enough for IPv6 to work on clients.
Now we need to hang an IPv6 address on the interface that sounds like Home (This is a bridge interface that combines the rules on a Wi-Fi network and Lan).
this is done as follows
(config)> interface Bridge0 (config-if)> ipv6 address auto (config-if)> exit who cares here is the complete interface config
! interface Bridge0 name Home description "Home network (Wired and wireless hosts)" inherit Switch0/VLAN1 include AccessPoint include AccessPoint_5G security-level private ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx ip dhcp client dns-routes ip dhcp client name-servers igmp downstream ipv6 address auto up ! The final touches remained - creating a subnet that we received as a prefix from the provider and attaching it to the Bridge0 interface
(config)> ipv6 subnet 6in4_prefix - (config-subnet)> bind Home - (config-subnet)> number 0 - ( , ) (config-subnet)> mode slaac - slaac, ICMPv6-RA (config-subnet)> exit we can add another IPv6 DNS server here
(config)> ipv6 name-server xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx Let's see if our interface has risen.
(config)> show interface TunnelSixInFour0 index: 0 type: TunnelSixInFour description: 6in4_tunnel state: up link: up connected: yes mtu: 1480 tx-queue: 0 Core::Configurator: done. Let's see whether traffic goes through it.
(config)> show interface TunnelSixInFour0 stat rxpackets: 6322 rxbytes: 751914 rxerrors: 0 rxdropped: 0 txpackets: 29599 txbytes: 1364490 txerrors: 2 txdropped: 0 Core::Configurator: done. Approximately such a picture you can see if all is well.
Also in the web interface tab System Monitor -> IPv6 should appear:
The IPv6 address of the tunnel end of your tunnel , hanging on the TunnelSixInFour0 interface, with infinite reality
IPv6 addresses of your client devices
The prefix received from the broker
Internet route
:: / 0 with gateway :: and interface TunnelSixInFour0
View Routes
xxxx: xxxx: xxxx :: / 64 with gateway :: and Home interface to your client computers
Save configuration via web interface or cli
(config)> system config-save The configuration is completed and if the client computer has support for the ipv6 protocol, then
ping -6 ipv6.google.com will be successful. You can also go to test-ipv6.com , thanks to agmt
Of course, ACL nuts could be tightened, but IPv6 ACLs are not supported on this router.
UPD. Already a week the tunnel is working normally, no cliffs are noticed, the processor of the router is 6% loaded, memory is 7%, about 7 GB have passed the incoming traffic (I think this is Youtube, by the way, there were no brakes when watching the video), the only clue that I’m using is a Ukrainian broker The tunnel and Yandex with Google determine my location in Kiev, but I think you will have no problems changing it.
UPD. All the same, 6in4 and not 6to4, thanks llivejo
That's all, do not judge strictly the first article on Habré.
Source: https://habr.com/ru/post/208568/
All Articles