Tunnel Configuration

This page describes how to configure the IPv6-in-IPv4 tunnel connecting Lemuria and Twilight. These instructions are incomplete/wrong in that the tunnel is not fully operational even after doing these steps.

Lemuria

These commands work for Lemuria (see this blog post for more information about Linux tunnels). Roughly, the steps can be summarized verbally as:

  1. Create a tunnel virtual interface with a given name ("wormhole" in this case), specifying the tunnel endpoints in the IPv4 universe and using "sit" mode (Simple Internet Transition).
  2. Bring the new virtual interface up.
  3. Add an appropriate IPv6 address to the local tunnel endpoint.
  4. Add a static route that specifies how to get to IPv6 networks on the far side of the tunnel. As many routes as needed could be added (a more powerful solution would use a routing protocol such as OSPFv3 for this).
  5. Activate IPv6 forwarding through the system by adjusting kernel parameters. If you forget this, the machine will drop all packets not destined to one of its own interfaces.

The commands below do the required steps for Lemuria. However, this configuration is lost when the system is rebooted. TODO: figure out how to make this configuration permanent! 

  # /sbin/ip tunnel add wormhole mode sit remote 155.42.113.99 local 155.42.107.97
  # /sbin/ip link set dev wormhole up
  # /sbin/ip -6 addr add FD25:F376:7B60:FFFF::1/64 dev wormhole
  # /sbin/ip -6 route add FD25:F376:7B60:2::/64 via FD25:F376:7B60:FFFF::2 dev wormhole metric 1
  # /sbin/sysctl -w net.ipv6.conf.all.forwarding=1
  # /sbin/sysctl -w net.ipv6.conf.default.forwarding=1

Twilight

On the Twilight side of the tunnel the commands are:

  # /sbin/ip tunnel add wormhole mode sit remote 155.42.107.97 local 155.42.113.99
  # /sbin/ip link set dev wormhole up
  # /sbin/ip -6 addr add FD25:F376:7B60:FFFF::2/64 dev wormhole
  # /sbin/ip -6 route add FD25:F376:7B60:1::/64 via FD25:F376:7B60:FFFF::1 dev wormhole metric 1
  # /sbin/sysctl -w net.ipv6.conf.all.forwarding=1
  # /sbin/sysctl -w net.ipv6.conf.default.forwarding=1

NOTE: The instructor station in WIL-210 has a permanent IPv6 address of FD25:F376:7B60:1:1022:EB10:46BD:73C0. This can be useful for testing the tunnel.

The configuration above doesn't entirely work, I think because of host-level firewall issues. This needs to be looked into more.

Last Revised: 2023-03-31
© Copyright 2023 by Peter Chapin <peter.chapin@vermontstate.edu>