Though IPv6 has been around for quite some time, its adoption is still not as widespread as IPv4. While IPv6 offers an almost unlimited number of addresses, support from major ISPs remains limited. One way to enable IPv6 at home is by using a tunnel broker like Hurricane Electric, which provides a routable IPv6 prefix to your home network.
In this guide, we’ll configure an IPv6 tunnel on OpenBSD 7.5, using it as a home router.
Tunnel Configuration 🔗
Once you sign up for a tunnel with Hurricane Electric, you’ll receive configuration details similar to the following:
- Server IPv4 address: 216.66.88.98
- Server IPv6 address: 2001:db8:1f1c:1a6::1/64
- Client IPv4 address: 10.0.2.22 (if behind NAT; otherwise, use your public IP)
- Client IPv6 address: 2001:db8:1f1c:1a6::2/64
- Routed /48: 2001:db8:cafe::/48
Note: The prefix 2001:db8::/32 is a reserved IPv6 documentation prefix and is used for example purposes only.
Creating the gif0 Interface 🔗
To configure the tunnel, create a file /etc/hostname.gif0 with the following content:
tunnel 10.0.2.22 216.66.88.98
inet6 alias 2001:db8:1f1c:1a6::2 128 2001:db8:1f1c:1a6::1
!route -n add -inet6 default 2001:db8:1f1c:1a6::1
up
Here’s what each line does:
- Tunnels traffic from your local IPv4 address (
10.0.2.22) to the HE server (216.66.88.98). - Assigns the IPv6 address
2001:db8:1f1c:1a6::2with a /128 prefix, routing to the HE server’s IPv6 address. - Sets the default IPv6 route to the HE server.
- Brings the interface up.
Testing the Connection 🔗
To start the interface, run:
# sh /etc/netstart gif0
Alternatively, you can reboot your machine, as hostname.* files initialize network interfaces during boot.
Once the interface is up, you can test connectivity by pinging an IPv6 address, such as Google’s:
# ping6 google.com
If the ping fails, double-check the syntax, especially the IPv6 address colons.
Enabling IPv6 Forwarding 🔗
To enable packet forwarding between interfaces, run:
# sysctl -w net.inet6.ip6.forwarding=1
To make this setting persistent across reboots, add the following to /etc/sysctl.conf:
net.inet6.ip6.forwarding=1
Configuring Router Advertisements 🔗
To advertise the IPv6 prefix to other devices on your network, configure the rad (Router Advertisement Daemon). Create or edit the /etc/rad.conf file:
dns {
nameserver {
2001:4860:4860::8888
2001:4860:4860::8844
}
}
interface em0 {
prefix 2001:db8:cafe::/48
}
This configuration announces the routed prefix 2001:db8:cafe::/48 on the em0 interface and uses Google’s public DNS servers for name resolution.
Conclusion 🔗
With this setup, your home network should now have full IPv6 internet access via Hurricane Electric’s tunnel. If you’ve kept the default OpenBSD firewall settings, everything should be ready to go.
PS: For more detailed information on OpenBSD, I highly recommend Absolute OpenBSD by Michael W. Lucas. It’s a fantastic resource for learning more about OpenBSD networking and security.