IPv6 Tunnel via Own Linux (IPv6-connected) Server

windows linux ipv4 ipv6 proxy

Solution 1:

Creating a 6in4 gateway:

Note (Feb 25, 2015): I'm reviewing these instructions, and I think that you could skip the addr add and route del steps, but I'm not entirely sure yet. Will need to test.

  1. Create a IPv6 tunnel interface:

    # ip tunnel add tun6in4 mode sit local <gwaddr> remote any
# ip link set tun6in4 up

    where <gwaddr> is your server's public IPv4 address;

  2. Assign a IPv6 address from a new subnet to the tunnel:

    # ip addr add 2001:db8:e3af:666::1/64 dev tun6in4

  3. Route the subnet to your IP own address, removing the automatic route first:

    # ip route del 2001:db8:e3af:666::/64 dev tun6in4
# ip route add 2001:db8:e3af:666::/64 via ::78.260.211.195 dev tun6in4

  4. Enable IPv6 forwarding:

    # echo 1 > /proc/sys/net/ipv6/conf/all/forwarding

Client-side

On your PC, follow the standard 6in4 tunnel instructions, assigning yourself an address from the same subnet as above.

  1. Add a tunnel:

    C:\> netsh
netsh> int ipv6
netsh interface ipv6> add v6v4tunnel Myserver <locaddr> <gwaddr>

    where <gwaddr> is the IPv4 address of the gateway server and <locaddr> is the local address (not necessarily public) of the PC's network interface.

    If you have radvd set up on the gateway, you may also append enable to enable IPv6 autoconfiguration over the tunnel.

  2. For manual configuration, add an address...

    netsh interface ipv6> add addr Myserver 2001:db8:e3af:666::2

    and a route:

    netsh interface ipv6> add route ::/0 Myserver
netsh interface ipv6> show route

  3. If you want Windows to advertise the IPv6 connectivity to your LAN (like radvd on Linux), you can do that too.

    netsh interface ipv6> add route 2001:db8:e3af:666::/64 eth0 pub=yes
netsh interface ipv6> set route ::/0 Myserver pub=yes
netsh interface ipv6> show route

netsh interface ipv6> set interface eth0 forward=enable advertise=enable
netsh interface ipv6> show interface eth0

    Replace eth0 with the name or numeric index of your LAN interface – possibly "Local Area Connection"... I have renamed mine to save typing.

Securing only the IPv6 tunnel does not make sense, as 1) the traffic between your gateway and the destination will be public anyway, 2) you never know whether a connection is going to be plain IPv4 or "secured" IPv6.

However, you can try to set up IPsec between the two computers to secure the 6in4 traffic, or create a proper VPN such as OpenVPN or L2TP/IPsec.

Related

Is there any way to disable TortoiseHg windows integration?
Thumbs.db does not always show up in image folders
Is there any free windows software that can play 3D Blu-rays? [closed]
PuTTY Windows 7 jump lists won't work
Cannot delete folders on a network drive from Windows 7
Ubuntu Linux server - set file permissions for VirtualBox shared folder
MySQL Workbench, start with auto commit off
How to convert websites into Kindle documents?
What does this mean? "osascript: Please update this scripting addition to supply a value for ThreadSafe"
Difference between Apache Tapestry and Apache Wicket
Word wrap in Gvim
How do NULL values affect performance in a database search?