Setting up a he.net IPv6 Tunnel Print

  • 0

A customer reached out to us asking how to set up a he.net IPv6 tunnel on their Ethernet Servers VPS running Debian 12.

After some discussion, the customer was able to get this working as intended, and offered up a bash script in hope it helps others!

It's important to note that:

- The VPS in question does not require IPv6 connectivity.
- TUN/TAP and PPP must be enabled within our VPS control panel.
- The script was tested on Debian 12. Support on other Linux distributions is unknown.
- The script assumes you are using SSH port 22.

Pleas ensure that time is taken to adjust the settings accordingly.

Without further ado, below is the script, again, kindly offered up to us by a valued customer:

#!/bin/bash

# CREDITS:
# Stefan Meinecke (https://github.com/smeinecke/ustun) - UStun w/ updates
# Radoslaw Ejsmont (https://github.com/rejsmont/UStun) - original UStun project

# !!! PREREQUISITES: Enable Settings > TUN/TAP & PPP !!!!!!!!!!!!!!!!

# !!! CHANGE THESE TO YOUR HE.NET SETTINGS !!!!!!!!!!!!!!!!!!!!!!!!!!

IPV6_ADDRESS="HE.net-CLIENT-IPv6-ADDRESS"
IPV4_REMOTE="HE.net-SERVER-IPv4-ADDRESS"
IPV4_LOCAL="HE.net-CLIENT-IPv4-ADDRESS"
IPV6_GATEWAY="HE.net-SERVER-IPv6-ADDRESS"
IPV6_NETMASK="64"

SSH_PORT="22"

# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

# Install required packages
sudo apt update
sudo apt upgrade -y
sudo apt install -y ufw build-essential git

# Clone the repository
git clone https://github.com/smeinecke/ustun.git
cd ustun || exit

# Compile the project
make

# Copy binaries to /usr/local/sbin
sudo cp ustun usctrl us6tables /usr/local/sbin

# Copy ufw helper scripts to /usr/local/sbin
sudo cp ufw/us6tables-restore /usr/local/sbin

# Backup current ip6tables
mv /sbin/ip6tables /sbin/ip6tables.bak
mv /sbin/ip6tables-restore /sbin/ip6tables-restore.bak

# Relink ip6tables commands
sudo ln -sf /usr/local/sbin/us6tables /sbin/ip6tables
sudo ln -sf /usr/local/sbin/us6tables-restore /sbin/ip6tables-restore
sudo ln -sf /usr/local/sbin/us6tables /usr/sbin/us6tables
sudo ln -sf /usr/local/sbin/us6tables-restore /usr/sbin/us6tables-restore

# Disable ip6tables-save by linking to /bin/true
sudo ln -sf /bin/true /sbin/ip6tables-save

# Backup and copy ufw rules
sudo cp /etc/ufw/after6.rules /etc/ufw/after6.rules.bak
sudo cp /etc/ufw/before6.rules /etc/ufw/before6.rules.bak
sudo cp /etc/ufw/ufw.conf /etc/ufw/ufw.conf.bak
sudo cp ufw/after6.rules ufw/before6.rules ufw/ufw.conf /etc/ufw

# Set UFW default incoming policy to deny
sudo ufw default deny incoming

# Set UFW default outgoing policy to allow
sudo ufw default allow outgoing

# Allow EthernetServers default SSH port
sudo ufw allow "$SSH_PORT"/tcp

# Disable ufw logging (ip6tables -m limit is not support)
sudo ufw logging off

# Generate IPv6 network interface configuration
echo "
iface he-ipv6 inet6 static
address $IPV6_ADDRESS
netmask $IPV6_NETMASK
endpoint $IPV4_REMOTE
local $IPV4_LOCAL
ttl 255
gateway $IPV6_GATEWAY
pre-up /usr/local/sbin/ustun -n he-ipv6 -r $IPV4_REMOTE -l $IPV4_LOCAL -m tunnelbroker -p /run/ustun-he-ipv6.pid
post-up /sbin/ip -6 route add ::/0 dev he-ipv6
post-down /bin/kill `cat /run/ustun-he-ipv6.pid` > /dev/null 2>&1 || /bin/true
mtu 1480
" > /etc/network/interfaces.ipv6

# Backup /etc/rc.local before modifications
cp /etc/rc.local /etc/rc.local.bak

# Ensure /etc/rc.local ends with 'exit 0'
if ! tail -n1 /etc/rc.local | grep -q "exit 0"; then
echo -e "\nexit 0" >> /etc/rc.local
fi

# Insert the network interface setup before 'exit 0' if it's not already
if ! grep -q "cat /etc/network/interfaces.ipv6 >> /etc/network/interfaces" /etc/rc.local; then
sed -i "/^exit 0/i cat /etc/network/interfaces.ipv6 >> /etc/network/interfaces" /etc/rc.local
fi

# Make rc.local executable
chmod +x /etc/rc.local

# Set up /etc/network/interfaces to work immediately
cat /etc/network/interfaces.ipv6 >> /etc/network/interfaces

# Set up a service to bring up the tunnel interface after network is ready:
echo "[Unit]
Description=HE IPv6 Tunnel
After=network.target multi-user.target

[Service]
Type=oneshot
ExecStart=/bin/sh -c '/usr/sbin/ifup he-ipv6 || true'
RemainAfterExit=true

[Install]
WantedBy=multi-user.target" > /etc/systemd/system/he-ipv6-tunnel.service

# Reload the systemd daemon to pick up the new service
sudo systemctl daemon-reload

# Enable and start the HE IPv6 Service
sudo systemctl enable he-ipv6-tunnel.service
sudo systemctl start he-ipv6-tunnel.service

# Enable UFW
sudo ufw enable

# Ping ethernetservers.com to confirm IPv6 connectivity
ping6 -c 1 ethernetservers.com

echo "HE.net IPv6 tunnel setup completed!"

Was this answer helpful?

« Back

We've worked with 25,506 customers in 143 countries - come & join us!
C I Wing September 19, 2024
"Support is brilliant"

Highly recommending Ethernet Servers, top notch and support is brilliant. Go for it as I am using the VPS already.

Paola Meyer September 5, 2024
"Splendid service"

All tickets are handled in timely manner. One of the best customer attentions I've had in the last 15 years. I wholeheartedly recommend ethernetservers.com for their splendid service.

Robin Gupta September 3, 2024
"Very happy"

I've been using Ethernet Servers since 2014, and they’ve always provided excellent service. I have many shared hosting accounts with them, and for the past five months, I’ve also been using their managed dedicated servers. What really stands out is their support. George, who I respectfully call Sir, is always there when I need help. He’s very knowledgeable and professional, and his assistance has made a big difference for me. If you’re looking for affordable and reliable web hosting, I highly recommend Ethernet Servers. They’ve been great to work with, and I’m very happy with their service. Thanks for everything!

David August 9, 2024
"Service is excellent"

The service is excellent. George went above and beyond. In this day and age, it is very nice to have a real person that I can deal with rather than a chatbot or some nameless/faceless tech support department as is often the case at other hosting providers. Highly recommended.


Ethernet Servers Ltd
124 City Road
London
EC1V 2NX
United Kingdom


Registered Limited Company: #09114946

Telephone:
+44 330 043 1258

Email:
hello@ethernetservers.com

Copyright © 2014 - 2024 - Ethernet Servers Ltd - All Rights Reserved.

Proudly serving customers in 143 countries since July 2014!