# This is a partial configuration file to handle an HE.net IPv6 tunnel easily # from Gentoo. # # Author: Robin H. Johnson # # Works with OpenRC-0.4.3, also with baselayout1 with minimal changes. # # Instructions: # 1. Apply to HE.net for a tunnel # 2. Fill in all the FIXME blocks you can (leave v6net48) # 3. ln -s net.lo /etc/init.d/net.tun0 # 4. Start up the net.tun0 service. # 5. Test using HE's system. # (optional) # 6. Get a /48 allocation from HE.net # 7. Update the last FIXME # # Notes: # - I used to name the interface customly as heipv6, and while that looks nice # it can lead to a loop with udev, as it does not detect that we are a # tunnel device. HE="2001:0470" # 2001:470::/32 is the HE.net allocation v6net64="${HE}:FIXME" # your initial /64 allocation from HE.net v6net48="${HE}:FIXME" # your later /48 allocation from HE.net # I divide my /48 allocation into two blocks at present, # using 16 bits for a site identifier. # _BLOCK_:0001:: = services on the tunnel node # _BLOCK_:0002:: = my home LAN v6net48_lan="${v6net48}:1" v6net48_srv="${v6net48}:2" # HE.net tunnel configuration link_tun0="eth0" # tunnel IFACE (internet-facing iface, eg ppp0/eth0) # tunnel IPv4 endpoint, remote, HE.net tells you this iptunnel_tun0_remote="FIXME" # tunnel IPv4 endpoint, local # this is the address of IFACE ${link_tun0} iptunnel_tun0_local="FIXME" iptunnel_tun0="mode sit remote ${iptunnel_tun0_remote} local ${iptunnel_tun0_local} ttl 255 dev ${link_tun0}" mtu_tun0=1280 config_tun0="${v6net64}::2/64" # /126 routes_tun0="default via ${v6net64}::1" # The below are optional, and should only be used once you have your /48 # allocation for routing your LAN. # # Using your /48 locally: config_lo="127.0.0.1/8 ${v6net48_srv}::1/128" # grab your EUI link identifier like this: # # ip addr show dev $IFACE \ # | awk \ # '/fe80::/{gsub("fe80::","",$2); gsub("/[0-9]+","",$2); print $2}' # # Example output: 02AA:BBff:feCC:DDEE # This puts your internal interface on IPv6 :-) config_eth1_eui64="FIXME" config_eth1="${config_eth1} ${v6net48_lan}:${config_eth1_eui64}/64 ${v6net48_lan}::1/64" # Misc useful bits: # Preup for tunnels can be a bit bumpy. # The device does NOT exist yet... preup() { # If the link does not exist, return now, it's a tunnel! ip link show dev ${IFACE} 2>/dev/null || return 0 #... } # If you want to use IPv6 on a bonded device, you may run into issues with the # Duplicate Address Detection (DAD). You need to disable it otherwise any # auto-assigned addresses will not stabilize. postup_ipv6_dad() { einfo "Disabling IPv6 DAD on $1" sysctl -w net.ipv6.conf.${1}.dad_transmits=0 } postup() { bonddir="/sys/devices/virtual/net/$IFACE/bonding" if [ -d "${bonddir}" ]; then postup_ipv6_dad $IFACE cat "${bonddir}"/slaves \ |xargs -n1 postup_ipv6_dad fi } # vim: set filetype=gentoo-conf-d: