Login hello@ethernetservers.com +443300431258

  Categories

Accounting
7
Sales
16
Technical Support
93

  Categories

  Support

My Support Tickets
Announcements
Knowledgebase
Network Status
Open Ticket

Setting up a he.net IPv6 Tunnel Print

  • 0

A customer reached out to us asking how to set up a he.net IPv6 tunnel on their Ethernet Servers VPS running Debian 12.

After some discussion, the customer was able to get this working as intended, and offered up a bash script in hope it helps others!

It's important to note that:

- The VPS in question does not require IPv6 connectivity.
- TUN/TAP and PPP must be enabled within our VPS control panel.
- The script was tested on Debian 12. Support on other Linux distributions is unknown.
- The script assumes you are using SSH port 22.

Pleas ensure that time is taken to adjust the settings accordingly.

Without further ado, below is the script, again, kindly offered up to us by a valued customer:

#!/bin/bash

# CREDITS:
# Stefan Meinecke (https://github.com/smeinecke/ustun) - UStun w/ updates
# Radoslaw Ejsmont (https://github.com/rejsmont/UStun) - original UStun project

# !!! PREREQUISITES: Enable Settings > TUN/TAP & PPP !!!!!!!!!!!!!!!!

# !!! CHANGE THESE TO YOUR HE.NET SETTINGS !!!!!!!!!!!!!!!!!!!!!!!!!!

IPV6_ADDRESS="HE.net-CLIENT-IPv6-ADDRESS"
IPV4_REMOTE="HE.net-SERVER-IPv4-ADDRESS"
IPV4_LOCAL="HE.net-CLIENT-IPv4-ADDRESS"
IPV6_GATEWAY="HE.net-SERVER-IPv6-ADDRESS"
IPV6_NETMASK="64"

SSH_PORT="22"

# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

# Install required packages
sudo apt update
sudo apt upgrade -y
sudo apt install -y ufw build-essential git

# Clone the repository
git clone https://github.com/smeinecke/ustun.git
cd ustun || exit

# Compile the project
make

# Copy binaries to /usr/local/sbin
sudo cp ustun usctrl us6tables /usr/local/sbin

# Copy ufw helper scripts to /usr/local/sbin
sudo cp ufw/us6tables-restore /usr/local/sbin

# Backup current ip6tables
mv /sbin/ip6tables /sbin/ip6tables.bak
mv /sbin/ip6tables-restore /sbin/ip6tables-restore.bak

# Relink ip6tables commands
sudo ln -sf /usr/local/sbin/us6tables /sbin/ip6tables
sudo ln -sf /usr/local/sbin/us6tables-restore /sbin/ip6tables-restore
sudo ln -sf /usr/local/sbin/us6tables /usr/sbin/us6tables
sudo ln -sf /usr/local/sbin/us6tables-restore /usr/sbin/us6tables-restore

# Disable ip6tables-save by linking to /bin/true
sudo ln -sf /bin/true /sbin/ip6tables-save

# Backup and copy ufw rules
sudo cp /etc/ufw/after6.rules /etc/ufw/after6.rules.bak
sudo cp /etc/ufw/before6.rules /etc/ufw/before6.rules.bak
sudo cp /etc/ufw/ufw.conf /etc/ufw/ufw.conf.bak
sudo cp ufw/after6.rules ufw/before6.rules ufw/ufw.conf /etc/ufw

# Set UFW default incoming policy to deny
sudo ufw default deny incoming

# Set UFW default outgoing policy to allow
sudo ufw default allow outgoing

# Allow EthernetServers default SSH port
sudo ufw allow "$SSH_PORT"/tcp

# Disable ufw logging (ip6tables -m limit is not support)
sudo ufw logging off

# Generate IPv6 network interface configuration
echo "
iface he-ipv6 inet6 static
address $IPV6_ADDRESS
netmask $IPV6_NETMASK
endpoint $IPV4_REMOTE
local $IPV4_LOCAL
ttl 255
gateway $IPV6_GATEWAY
pre-up /usr/local/sbin/ustun -n he-ipv6 -r $IPV4_REMOTE -l $IPV4_LOCAL -m tunnelbroker -p /run/ustun-he-ipv6.pid
post-up /sbin/ip -6 route add ::/0 dev he-ipv6
post-down /bin/kill `cat /run/ustun-he-ipv6.pid` > /dev/null 2>&1 || /bin/true
mtu 1480
" > /etc/network/interfaces.ipv6

# Backup /etc/rc.local before modifications
cp /etc/rc.local /etc/rc.local.bak

# Ensure /etc/rc.local ends with 'exit 0'
if ! tail -n1 /etc/rc.local | grep -q "exit 0"; then
echo -e "\nexit 0" >> /etc/rc.local
fi

# Insert the network interface setup before 'exit 0' if it's not already
if ! grep -q "cat /etc/network/interfaces.ipv6 >> /etc/network/interfaces" /etc/rc.local; then
sed -i "/^exit 0/i cat /etc/network/interfaces.ipv6 >> /etc/network/interfaces" /etc/rc.local
fi

# Make rc.local executable
chmod +x /etc/rc.local

# Set up /etc/network/interfaces to work immediately
cat /etc/network/interfaces.ipv6 >> /etc/network/interfaces

# Set up a service to bring up the tunnel interface after network is ready:
echo "[Unit]
Description=HE IPv6 Tunnel
After=network.target multi-user.target

[Service]
Type=oneshot
ExecStart=/bin/sh -c '/usr/sbin/ifup he-ipv6 || true'
RemainAfterExit=true

[Install]
WantedBy=multi-user.target" > /etc/systemd/system/he-ipv6-tunnel.service

# Reload the systemd daemon to pick up the new service
sudo systemctl daemon-reload

# Enable and start the HE IPv6 Service
sudo systemctl enable he-ipv6-tunnel.service
sudo systemctl start he-ipv6-tunnel.service

# Enable UFW
sudo ufw enable

# Ping ethernetservers.com to confirm IPv6 connectivity
ping6 -c 1 ethernetservers.com

echo "HE.net IPv6 tunnel setup completed!"

Was this answer helpful?

Related Articles

What are my root user login credentials? The username will always be root (by default), and the password is randomly generated. This... Do you offer Reverse DNS/PTR records? We certainly do! Reverse DNS / rDNS / PTR records can be set via our control panel, using these... How do I reboot my server? If you have SSH access and the server is still responding, you can log in as the root user and... How do I enable TUN/TAP? All of our VPS nodes have TUN/TAP support enabled. All you need to do is enable it on your VPS,... "Invalid Root Password” when changing password If you receive the message Invalid Root Password when trying to change your root password via our...
« Back

  Support

My Support Tickets
Announcements
Knowledgebase
Network Status
Open Ticket


Products

Solutions

Help & Support

Miscellaneous

Legal

Social


Ethernet Servers Ltd
124 City Road
London
EC1V 2NX
United Kingdom


Registered Limited Company: #09114946

Telephone: +44 330 043 1258

Email: hello@ethernetservers.com



Ethernet Servers


Payment Options

Copyright © 2014 - 2024 - Ethernet Servers Ltd - All Rights Reserved.

Proudly serving customers in 143 countries since July 2014!