I made this guide to show everyone how easy it is to get IPv6 working for free on your home or small business network using only a free account with TunnelBroker (Hurricane Electric) and an IPv6 enabled Router.
The Problem
As you may already be aware, the world is running out of IPv4 addresses and IPv6 solves this problem because it allows for dramatically more IP addresses to be created. Despite its benefits, many internet service providers are slow to adopt IPv6 in their networks. When I called my ISP and asked about IPv6 they let me know that they had no immediate plans to implement IPv6. Frustrated, I scoured the internet to find out how I could do this on my own. There are several pages that describe how to implement IPv6 but many of them are outdated or didn’t quite accomplish what I wanted to. Those that did exist did not account for users whose ISPs provided dynamic or changing IP addresses.
It is my goal to share with you a reliable way to get IPv6 working on your network for all devices that connect to your router. The tunnel will remain up and automatically update your IP address every time your public IP address changes. Please leave me a comment if I forgot a step or didn’t explain it well enough and I will try to improve this guide.
Project Requirements
- Computer with which to configure the router and tunnel
- IPv6 router (Synology RT2600ac https://amzn.to/39i7shI works well)
- A free account with https://tunnelbroker.net/
I have only configured these tunnels using the Synology RT2600ac router which I find to be a very stable router for home and office use. I recommend it to friends and customers whenever they ask for a recommendation about which router to buy. These steps should also work with other IPv6 routers which allow tunneling but since I haven’t used them, I can’t go into great detail on their setup. As an Amazon Associate, I earn a referral fee when people purchase products through my referral links.
Getting Started
Create your tunnel
- Register for a free account at https://tunnelbroker.net/
You will need to provide Hurricane Electric with your contact information and choose a username and password. Obviously we are assuming that you are using your IPv6 tunnel for good reasons; do not plan on using it for illegal things because Hurricane Electric knows who you are and can drop the hammer on you if you try to do something stupid.
- Create a Regular IPv6 Tunnel
From the User Functions menu on the left, choose Create Regular Tunnel.
Copy the IP address next to You are viewing from and paste it in the box for the IPv4 Endpoint (Your side).
- Next Choose a location for your tunnel, and click Create Tunnel.
If all went well, you will be taken to a new screen which will display the settings for your new IPv6 tunnel.
In order to get DNS working properly, I always click Edit under the rDNS Delegations section and then choose Delegate to dns.he.net. On this page you can also enter a Description for your tunnel to differentiate it from others if you plan to use more than one tunnel.
Your tunnel is now created and operational on TunnelBroker.net.
The next step is to configure your Synology Router to connect to it. Please keep the TunnelBroker.net tab open because you will need these settings while configuring your router.
Configure the Tunnel on your Router
- Sign into the DSM on your Router using your username and password.
The DSM is Synology’s management interface where you configure all connection and network settings for the router. I will assume that you at least understand the basics of configuring your router if you have made it this far; if you have not please check with Synology resources online because they have an abundance of information on how to configure your router. This guide will include just the specifics of how to get your IPv6 tunnel configured.
- Open the Network Center. It should look something like the image below.
I have removed personal information specific to my networks from the following images.
- On the Internet tab, click IPv6 Setup to open the configuration page.
- From the drop-down menu, select 6in4 as the type of tunnel.
Proceed to enter the rest of your settings from TunnelBroker as described below the next image.
What information goes in which field, you ask?
Where Synology DSM asks for a Preferred DNS Server,
enter what TunnelBroker calls the Anycast IPv6 Caching Nameserver
Where Synology DSM asks for an IPv6 address,
enter what TunnelBroker calls the Client IPv6 Address
Synology DSM asks for a Prefix length. Use 64 for this value.
Where Synology DSM asks for a Prefix,
enter what Tunnelbroker calls the Routed IPv6 Prefixes → Routed /64
This prefix should end with :: and /64 as pictured above
Where Synology DSM asks for an Remote server IPv4 address,
enter what Tunnelbroker calls the Server IPv4 Address
Check the Set as default gateway box and choose OK
- Now switch to the Local Network tab and then click on the IPv6 tab.
Check the box next to Enable IPv6 and select your IPv6 network’s Prefix from the drop down menu. To let devices on your network configure their own IPv6 addresses on your network select the radio box next to Stateless DHCPv6 mode and click Apply. (I cannot fully explain the difference between the Stateless, Stateless DHCPv6, and Stateful modes, but you may also use one of those modes if it better describes what you are trying to accomplish.)
Create a Firewall Rule to enable ICMP traffic
In order for your Tunnel to connect and stay up, your network must be ping-able from Hurricane Electric. This means that you must create a firewall rule to allow ICMP traffic from Hurricane Electric. By default, your Synology router’s firewall will drop all ICMP traffic, but we need to create an exception which will allow Hurricane Electric to verify that your IP address is correct. To set this up, enter the Security tab of your Network Center and then click on the Firewall tab.
- Click Create to create a new firewall rule
- Give the rule a meaningful name such as “AllowHurricaneElectric”
- From Protocol, select ICMP
- From Source IP Address, choose Specific IP and then click Select
- Enter Hurricane Electric’s IP address: 66.220.2.74 and press OK
- Make sure the rule is set to Allow and click OK to create the rule
You may now switch back over to the Status tab of the Network Center and choose IPv6 under Internet Connection.
If all went well, you should now see that your IPv6 tunnel is Connected.
Once your IPv6 connection shows as Connected, any devices connected to your router should be able to connect to the internet using IPv6. To test this, please open the test page at http://ipv6-test.com/ to test that your IPv6 is working.
Once you have made it this far, IPv6 is working correctly on your network. All of your computers, mobile phones, and other devices which support IPv6 will now be able to use IPv6 on your network. Now is a great time to take a break if you need one. In the next section, I will show you how you can quickly keep your IP address updated on your IPv6 tunnel so that your network doesn’t go offline the next time your ISP changes your public IP address.
Keeping Your IPv4 address up-to-date
I used my tunnel in this way for a year or two without many problems. The only thing that would come up every few months is that my IPv6 tunnel would stop working every time my ISP changed my public IPv4 address. When that happened, I needed to go to TunnelBroker.net and update my Client IPv4 address in the tunnel for it to resume working. To update this manually, log into TunnelBroker.net and click on your tunnel to open up its details. Then click on your former IP address next to Client IPv4 address to update it to your current IPv4 address.
Updating the IP address manually works well enough if your ISP changes your IP address pretty infrequently. If this happens weekly or monthly, it becomes frustrating pretty quickly. Fortunately, Hurricane Electric gives you a powerful tool to update the IP address automatically but it does require some configuration.
From the Tunnel Details page, switch to the Advanced tab and you will see your details which look similar to mine below.
Copy the Example Update URL from the Advanced tab and save this on your desktop as a shortcut or as a bookmark in Firefox or Chome (Internet Explorer and Edge are not smart enough to follow these links). The Update URL contains your account ID, your update key, and your tunnel information. When you click on that link, it updates your tunnel with your current IP address. This saves you the step of having to log into TunnelBroker.net and manually update it there.
When you click on it and visit the update page, you will see a simple message which shows whether your IP address was updated (“good”) or was not updated (“nochg”).
Remember, your IPv6 tunnel is now working correctly and if you want to stop, you may do so. Don’t forget that whenever you lose IPv6 connectivity, it probably means that your ISP changed your router’s public IP address and you need to click on your bookmark or shortcut to update the IP address on TunnelBroker.
Automatically Update your dynamic IPv4 address
At this point we are really close to having a stable and reliable IPv6 tunnel, but I wanted a solution that would completely automate the process of updating my DHCP IP address on TunnelBroker. In the end, I settled on using a simple 3rd-party tool named GNU Wget to tie it all together.
What we are going to do next is create a scheduled task to run once every hour on a computer located on your home or office network which calls the Update URL from above and updates your IP address. This way, every time your ISP changes your IP address, the scheduled task will promptly (within 1 hour) update the address on your tunnel without any intervention from you.
If anyone can figure out a way to do this using native Windows tools *without* installing GNU Wget please let me know in the comments below and I will update this guide to keep it simple.
For these next steps, it is important that you perform them on a desktop computer or a computer that does not leave your home or office. Don’t install the Scheduled Task on a laptop or a portable computer. If you do, you will break your IPv6 tunnel every time you take it to another network since it will incorrectly update your tunnel’s IP address to match someone else’s network.
- Download the .zip for the 32-bit version of GNU Wget from https://eternallybored.org/misc/wget/
- Extract the file wget.exe from the .zip and save it some place simple such as C:\Windows\system32
- Open Task Scheduler on your Windows computer and click Create Task
- Give the task a Name and check the box to Run whether user is logged in or not
- On the Triggers tab, choose New and then check the box to Repeat Task Every Hour Indefinitely and click OK
- On the Actions tab, choose New and then Start a program. Now Browse to the folder where you extracted Wget.exe and then click Open.
- In the box labeled Add arguments (optional): enter the following information and then click OK (replace the Update URL with your own URL from earlier)
-O C:\temp\update.txt https://akguy:[email protected]/nic/update?hostname=422229 –no-check-certificate
8. Click OK again and enter the login password for your Windows Account to allow the task to run automatically even if you are not logged in.
9. Your task is now created and will run on the schedule you set up. You may also run the task on demand when you need to or if you want to make sure it is working
That’s the last task. Your IPv6 tunnel is now fully configured and the Scheduled Task will keep TunnelBroker.net updated any time your public IPv4 address changes.
Please let me know below if you have any questions or comments about the implementation, and if this helped you or made your life easier, please consider sending some crypto my way or make a donation to a meaningful nonprofit organization.
bitcoin:16AZjxCHHmxfyTny1rNXcPSduaYWEvhQds
ethereum:0xe7f84CC9DAB3bB90Df5EFE55F93585b3d0f2D57A
Sources:
IPv6 with Synology RT2600ac via HE tunnel
https://ausfestivus.wordpress.com/2017/12/31/ipv6-with-synology-rt2600ac-via-he-tunnel/
GNU Wget 1.20.3 for Windows
https://eternallybored.org/misc/wget/