Recently my friend asked me to help him to set up multiple ipv6 tunnels on a single linux box. After some reading and initial config decided to drop it as a post for future use.

Some years ago I was doing the same thing but for multiple ISP broadbands on a single machine. Multiple ipv6 tunnels will also have multiple gateways so what I need is a multiple ipv6 routing tables!

Linux Kernel Driver DataBase is telling that since 2.6.19 linux has support for CONFIG_IPV6_MULTIPLE_TABLES (Support multiple routing tables) and since 2.6.20 CONFIG_IPV6_SUBTREES (Enable routing by source address or prefix). So that means should be supported by default kernel thease days.

PREPARATIONS

Testing and implementation was made using linux server located in https://online.net as they provide a native ipv6 out of the box. As for tunnel brokers I've decided to try couple of them that left:

Hardware

1 x debian (9) linux with:

  • public avaliable IP
  • iproute2

Tunnels

  • 2001:abc:4321:ff00::/48 (native)
  • 2001:470:1234:00ff::/64 (tunnelbroker ipv6 tunnel)
  • 2a05:abc:1234:babb:abaa::/80 (6project ipv6 tunnel)
  • 2a01:0d0:ffff:ff00::/64 (netassist ip tunnel)

SYSTEM CONFIG

All we need is already there so only thing we need is to set it up as boot.
Lets do it debian way!

/etc/iproute2/rt_tables

Adding new routing tables 100,101,102

#
# reserved values
#
255     local
254     main
253     default
100     ipv6-he
101     ipv6-6project
102     ipv6-NetAssist
0       unspec
#
# local
#
#1      inr.ruhep

/etc/network/interfaces

Ensure that its reading configs from interfaces.d/

 This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

All ipv6 interfaces exept enp1s0 are using seperate routing tables!
Create interfaces files with names you like

 root::/etc/network # tree 
.
|____interfaces.d
| |____ipv6-NetAssist
| |____ipv6-he
| |____enp1s0
| |____ipv6-6project
|____interfaces
|____if-pre-up.d
...

/etc/network/interfaces.d/enp1s0

This is example config of a native ipv6 transport.

allow-hotplug enp1s0
auto enp1s0

iface enp1s0 inet static
  address 51.xx.xxx.xx
  netmask 255.255.255.0
  gateway 51.xx.xxx.1

iface enp1s0 inet6 static
  address 2001:abc:4321:ff00::1
  netmask 48
  accept_ra 2
  pre-up echo 0 > /proc/sys/net/ipv6/conf/enp1s0/accept_dad
  pre-up sleep 5; dhclient -cf /etc/dhcp/dhclient6.conf -pf /run/dhclient6.enp1s0.pid -6 -P enp1s0
  pre-down dhclient -x -pf /run/dhclient6.enp1s0.pid
  up ip -6 a a 2001:abc:4321:ff00::2/128 dev enp1s0
  down ip -6 a d 2001:abc:4321:ff00::2/128 dev enp1s0

accept_ra - accept router advertisements, and autoconfigure this interface with received data.

/etc/network/interfaces.d/ipv6-6project

Server IPv4 Address: 158.xx.xx.xx
Server IPv6 Address: 2a05:abc:1234:babb:abaa::1
Client IPv6 Address: 2a05:abc:1234:babb:abaa::2
Routed Prefix: 2a05:abc:1234:babb:abaa::/64

auto ipv6-6project
iface ipv6-6project inet6 v4tunnel
  address 2a05:abc:1234:babb:abaa::2
  netmask 80
  endpoint 158.xx.xx.xx
  mtu 1280
  ttl 64
  up ip -6 rule add from 2a05:abc:1234:babb:abaa::2 table ipv6-6project
  up ip -6 route add default via 2a05:abc:1234:babb:abaa::1 table ipv6-6project
  up ip -6 a a 2a05:abc:1234:babb:abaa::/128 dev ipv6-6project
  down ip -6 a d 2a05:abc:1234:babb:abaa::/128 dev ipv6-6project
  down ip -6 rule del table ipv6-6project
  down ip -6 route flush table ipv6-6project

/etc/network/interfaces.d/ipv6-he

Server IPv4 Address: 212.xx.xx.xx
Server IPv6 Address: 2001:470:1234:00ff::1
Client IPv6 Address: 2001:470:1234:00ff::2
Routed Prefix: 2001:470:1234:00ff::/64

auto ipv6-he
iface ipv6-he inet6 v4tunnel
  address 2001:470:1234:00ff::2 
  netmask 64
  endpoint 212.xx.xx.xx
  mtu 1280
  ttl 255
  up ip -6 rule add from 2001:470:1234:00ff::2 table ipv6-he
  up ip -6 route add default via 2001:470:1234:00ff::1 table ipv6-he
  up ip -6 a a 2001:470:1234:00ff::3/128 dev ipv6-he
  down ip -6 a d 2001:470:1234:00ff::3/128 dev ipv6-he
  down ip -6 rule del table ipv6-he
  down ip -6 route flush table ipv6-he

/etc/network/interfaces.d/ipv6-NetAssist

Server IPv4 Address: 62.xxx.xx.xx
Server IPv6 Address: 2a01:0d0:ffff:ff00::1
Client IPv6 Address: 2a01:0d0:ffff:ff00::2
Routed Prefix: 2a01:0d0:ffff:ff00::/64

auto ipv6-NetAssist
iface ipv6-NetAssist inet6 v4tunnel
  address 2a01:0d0:ffff:ff00::2
  netmask 64
  endpoint 62.xxx.xx.xx
  ttl 200
  up ip -6 rule add from 2a01:0d0:ffff:ff00::2 table ipv6-NetAssist
  up ip -6 route add default via 2a01:0d0:ffff:ff00::1 table ipv6-NetAssist
  up ip -6 a a 2a01:0d0:ffff:ff00::3/128 dev ipv6-NetAssist
  down ip -6 a d 2a01:0d0:ffff:ff00::3/128 dev ipv6-NetAssist
  down ip -6 rule del table ipv6-NetAssist
  down ip -6 route flush table ipv6-NetAssist

TESTING

Ok, now when all the config is ready lets bring up a tunnel:

root::/ # ifup ipv6-6project ; ifconfig ipv6-6project ; 
ipv6-6project: flags=209<UP,POINTOPOINT,RUNNING,NOARP>  mtu 1280
        inet6 2a05:abc:1234:babb:abaa::2  prefixlen 80  scopeid 0x0<global>
        inet6 2a05:abc:1234:babb:abaa::3  prefixlen 128  scopeid 0x0<global>
        inet6 fe80::2300:b182  prefixlen 64  scopeid 0x20<link>
        sit  txqueuelen 1  (IPv6-in-IPv4)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

To make it work just ping the gateway!

root  /etc/network/interfaces.d  ping6 -c 4 2a05:abc:1234:babb:abaa::1
PING 2a05:abc:1234:babb:abaa::1(2a05:abc:1234:babb:abaa::1) 56 data bytes
64 bytes from 2a05:abc:1234:babb:abaa::1: icmp_seq=1 ttl=64 time=28.0 ms
64 bytes from 2a05:abc:1234:babb:abaa::1: icmp_seq=2 ttl=64 time=32.6 ms
64 bytes from 2a05:abc:1234:babb:abaa::1: icmp_seq=3 ttl=64 time=26.1 ms
64 bytes from 2a05:abc:1234:babb:abaa::1: icmp_seq=4 ttl=64 time=36.8 ms

--- 2a05:abc:1234:babb:abaa::1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 26.126/30.916/36.857/4.167 ms

All IPv6 addrsses used here are made up!