Thursday, November 24, 2011

Hurricane Electric IPv6 tunnel through Actiontec MI424WR

A couple of days ago I decided that I wanted to establish a permanent Hurricane Electric IPv6 tunnel to my house, and did the usual thing - started Googling for the setup I'd need to pass the tunnel traffic, IP Protocol 41, through my Actiontec MI424WR router. Most of the hits I found were people saying that the Actiontec doesn't support such a feature. As it turns out, the tunnel works just fine - it's just that the configuration isn't documented.

There are two steps needed. First, log in to the Actiontec and head to the Advanced menu. Acknowledge the warning, then choose 'Port Forwarding Rules'. That will show you a long list of preconfigured rulesets, organized by application. Unfortunately there isn't one for Protocol 41, so scroll down to the bottom of the list and choose the Add option.

The 'Edit Service' screen has a name and description that you can fill in as you wish, except that the name can't contain spaces. Then select 'Add Server Ports', and enter 41 in the 'Protocol Number' box. Apply that change, and you're halfway home.

Now head to Firewall Settings and choose 'Port Forwarding' on the left-side menu. Under 'Create new port forwarding rule' either find the IP of the tunnel server in the menu or type it in, and choose your newly created rule as the 'Application to forward'. Add the new entry, make sure it is in the rules list, and hit Apply.

I'm using Linux, and there is one tweak needed for the tunnel config that the HE website created for me. Instead of binding the tunnel 'local' end to the public IPv4 address, I needed it attached to the RFC1918 LAN address of the tunnel server. I expect that something similar would be needed for other OSes; the change should be fairly obvious if you look for the public v4 address that the HE website displayed for your connection. Have fun with IPv6. . .