IPv6 Tunnel via Own Linux (IPv6-connected) Server

Solution 1:

Creating a 6in4 gateway:

Note (Feb 25, 2015): I'm reviewing these instructions, and I think that you could skip the addr add and route del steps, but I'm not entirely sure yet. Will need to test.

  1. Create a IPv6 tunnel interface:

    # ip tunnel add tun6in4 mode sit local <gwaddr> remote any
    # ip link set tun6in4 up
    

    where <gwaddr> is your server's public IPv4 address;

  2. Assign a IPv6 address from a new subnet to the tunnel:

    # ip addr add 2001:db8:e3af:666::1/64 dev tun6in4
    
  3. Route the subnet to your IP own address, removing the automatic route first:

    # ip route del 2001:db8:e3af:666::/64 dev tun6in4
    # ip route add 2001:db8:e3af:666::/64 via ::78.260.211.195 dev tun6in4
    
  4. Enable IPv6 forwarding:

    # echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
    

Client-side

On your PC, follow the standard 6in4 tunnel instructions, assigning yourself an address from the same subnet as above.

  1. Add a tunnel:

    C:\> netsh
    netsh> int ipv6
    netsh interface ipv6> add v6v4tunnel Myserver <locaddr> <gwaddr>
    

    where <gwaddr> is the IPv4 address of the gateway server and <locaddr> is the local address (not necessarily public) of the PC's network interface.

    If you have radvd set up on the gateway, you may also append enable to enable IPv6 autoconfiguration over the tunnel.

  2. For manual configuration, add an address...

    netsh interface ipv6> add addr Myserver 2001:db8:e3af:666::2
    

    and a route:

    netsh interface ipv6> add route ::/0 Myserver
    netsh interface ipv6> show route
    
  3. If you want Windows to advertise the IPv6 connectivity to your LAN (like radvd on Linux), you can do that too.

    netsh interface ipv6> add route 2001:db8:e3af:666::/64 eth0 pub=yes
    netsh interface ipv6> set route ::/0 Myserver pub=yes
    netsh interface ipv6> show route
    
    netsh interface ipv6> set interface eth0 forward=enable advertise=enable
    netsh interface ipv6> show interface eth0
    

    Replace eth0 with the name or numeric index of your LAN interface – possibly "Local Area Connection"... I have renamed mine to save typing.


Securing only the IPv6 tunnel does not make sense, as 1) the traffic between your gateway and the destination will be public anyway, 2) you never know whether a connection is going to be plain IPv4 or "secured" IPv6.

However, you can try to set up IPsec between the two computers to secure the 6in4 traffic, or create a proper VPN such as OpenVPN or L2TP/IPsec.