My ISP does not provide native IPv6 yet to their ADSL customers but I wanted to set up IPv6 on my local network, and be able to access the Internet using IPv6. To do this I’m using a free tunnel from tunnelbroker.net. The way this works is that your IPv6 packets are wrapped up in IPv4 and sent to tunnelbroker. There they are unwrapped and sent on their way, as IPv6 packets. Once set up this is transparent to you and you just treat it as a normal IPv6 network.

When you sign up for a free tunnel with tunnelbroker you will receive several pieces of information that you will need to set up your tunnel.

Here are my settings -

Server IPv4 Address - 216.66.84.46. This is where your router will sent your ‘wrapped up’ IPv6 packets for onward delivery.

Client IPv6 Address - 2001:470:1d14:154::2/64. This is the IPv6 address of the WAN side of your router

Routed /64 - 2001:470:1d15:154::/64. This is the IPv6 subnet that you will use on your LAN

Once you have these settings you can click on the Example Configurations page in tunnelbroker and, at least for OpenWRT, it tells you what commands to run on your router to install IPv6 and enable it for the tunnelbroker tunnel.

I wanted my router, a TP-LINK TL-WR1043ND, to hand out IPv6 IP addresses to my LAN clients so I also needed to install the following packages -

Detailed instructions for setting up IPv6 on OpenWRT can be found here - http://wiki.openwrt.org/doc/howto/ipv6

To test the tunnel is working you can ping ipv6.google.com from the router

To test the LAN/DHCP is working you can ping ipv6.google.com from your PC

I struggled a little to get the LAN/DHCP side working. Here are my relevant config files -

/etc/config/dhcp6s

 /etc/dhcp6s.conf

/etc/config/radvd

/var/etc/radvd.conf

Once everything is set up and working you should run the IPv6 portscan from the tunnelbroker web site. This will port scan a machine on your local network. This is very important as your machine is now directly connected to the internet, with no NAT happening on the IPv6 connection.

You should run a port scan to ensure that your firewall is blocking inbound connections over IPv6

I used iperf to max out my ADSL link which will run at 8mb. This showed around 35% CPU usage on the TP-LINK so it looks good, at least for my line speed.

Here is the iperf report -

and CPU usage by running ‘top’ on the TP-LINK -

This is a pretty advanced setup but here is a walkthrough for setting up a SysAdminMan VPS as an OpenVPN server and then connecting to it with a TP-LINK router running OpenWRT.

Specifically this router is used - http://www.tp-link.com/en/products/details/?model=TL-WR1043ND. I paid around £40 from Amazon, an absolute bargain for something that will run OpenWRT.

Setting up the router

First you need to flash OpenWRT on to the router. This replaces the original firmware. Here are some instructions for this TP-Link router - http://wiki.openwrt.org/toh/tp-link/tl-wr1043nd?s. I got version 18 of the router and flashed Backfire 10.03.1-rc6 version of OpenWRT.

Next the router was connected via the WAN port on the TP-LINK to my home network. The WAN side of your TP-LINK should be given an IP address from your network DHCP server. It will use this to connect to the Internet.

Now connect a PC to a LAN port using a network cable and you should be given an IP address in the range 192.168.1.0/24

Now make the following changes on the router using a web browser. This will install the OpenVPN software and assign a new IP address to the router. If you use a different subnet you will need to change some settings below to match -

• Assign a password
• Change the LAN network address to 10.10.10.1
• In OpenWRT go to System / Software and click on Update Lists
• Click Available Packages and install OpenVPN
• Click System / Administration and enable SSH on the LAN interface
• Click System / Startup and Enable and Start OpenVPN
• Reboot the router

On the SysAdminMan VPS

For this to work you will need a TUN device assigning to your VPS. Please open a support ticket to request this.

First we’re going to install OpenVPN. This will install from rpmforge, which is set up as standard -

Now, if you’d like you can edit /etc/openvpn/vars and change the settings at the bottom to some sensible defaults. This is not required, but will make creating the certificates easier.

Next we’re going to set up some certificates for OpenVPN. You should run these commands one at a time and answer the questions that are asked -

Now create a file called /etc/openvpn/server.conf with the following settings -

Now we’re going to tell OpenVPN to route traffic to our LAN behind the TP-LINK router -

Now fire up OpenVPN -

Next we need to allow the OpenVPN traffic through the local IPTables firewall -

ON THE TP-LINK ROUTER VIA SSH

Next from your PC we’re going to SSH on to the TP-LINK router at 10.10.10.1 and run the following. This will copy the certificate files we created earlier to the router. X.X.X.X should be replaced with your VPS IP -

Now create a copy of the original OpenVPN config file -

Next we’re going to edit that file and change some settings from the default. These settings start half way down the file under the client configuration settings. Finally reboot the router -

ON THE TP-LINK ROUTER VIA THE WEB GUI

First we’re going to create a new interface that includes the tun interface created by OpenVPN

• Network / Interfaces / Add New Interface
• name – openvpn
• protocol – unmanaged
• interface – tun0

and now we’re going to allow traffic through the TP-LINK firewall to the VPN -

• Network / Firewall / Zones / Add
• Input / Output / Forward = Accept
• Tick lan in Destination and Source zones

and now Reboot the router.

And we’re done!

If you used the settings above then VPS should be accessible on the IP address via the IP 10.20.0.1. You should be able to get to the FreePBX web interface on this address and also use it for your phone configuration.

This is definitely not for the faint hearted as it’s pretty technical and could require some troubleshooting if things don’t work immediately. It’s pretty cool though and should allow for multiple VOIP handsets to be plugged in to the TP-LINK router and connect to the VPS without any worry of NAT problems  (as there’s no NAT happening across the VPN).

I’ve done a few test calls which worked well, but I’ve still got to do some speed tests to see how well the TP-LINK performs.

At one point it must have seemed like the 4 billion IPv4 addresses would be more than enough but there are currently less than 10% left, and they’re going fast.

Exactly when they will run out is difficult to predict. The widespread usage of NAT has helped to prolong the availability of public addresses, but an interesting page here predicts only 86 days left at the time of writing. This will probably be extended as organisations hand back unused blocks, but they won’t last long.

What’s the answer? IPv6!

IPv6 provides 340 billion billion billion billion IP addresses so we really shouldn’t run out of those. However, IPv4 and IPv6 are incompatible. They do not work together, so soon we are going to have 2 separate Internets. There is going to be a huge demand over the transition period (which will take years) for people that understand IPv4 and IPv6 and how to make them work together.

So if you’re looking for something new to learn – start playing with IPv6! Your skills will definitely be in demand.

Here’s some reading to get you started -

• http://en.wikipedia.org/wiki/IPv4_address_exhaustion
• http://www.ipv6.com/
• http://technet.microsoft.com/en-us/network/bb530961.aspx

To prevent this happening to your IP address you can add it to /etc/hosts.allow.

For instance if your IP adress is 123.123.123.123 then add it to the bottom of the /etc/hosts.allow file like this -

The best way to do this is use an external monitoring company. I’ve been using Hyperspin for a couple of months now and it’s been working great.

You can pick what services/ports on your server to monitor (SMTP, HTTP, HTTPS, etc.) and you can chose how to be alerted when they are not available. Obviously you need to make sure that you’re alerted via an out of band method (in other words don’t rely on an e-mail to an e-mail account on your VPS to know that your VPS is down!)

The Hyperspin website isn’t very pretty but overall their system is reliable and easy to use.