From SixXS Wiki
Jump to: navigation, search

This page describes the way I enabled IPv6 on my FreeBSD 7.2 router/server that is on an ISP connection with DHCP

If your ISP does not provide you with an IPv6 connection then you'll need an IPv6 tunnel broker

Get an IPv6 tunnel

Apply for a tunnel e.g. at SixXS, in my case a Heartbeat tunnel

  • If you have a static IPv4 address, use a static tunnel
  • If you have a dynamic IPv4 address, use a Heartbeat tunnel
  • If you need to go outside using NAT, use an AYIYA tunnel

The request is a 2 phase approach, both steps take hours to one week max for SixXS to process

  1. Request an account
  2. Request a tunnel

The Tunnel has some information you'll need later in the configuration

Tunnel Name	  	My First Tunnel
PoP Name	  	xxyyy01
PoP Location	  	City, Country
PoP IPv4	  	<PoP-IPv4>
Your Location	  	City, Country
Your IPv4	  	Heartbeat, currently <My-Public-IPv4>
IPv6 Prefix	  	<My-IPv6>/64
PoP IPv6	  	<PoP-IPv6>
Your IPv6	  	<My-IPv6>
Created	  	2009-07-01 01:23:45 DST

Last Alive	  	2009-07-17 18:17:05 DST

State	  	Heartbeat (automatically enabled on the fly)

Set up your FreeBSD system

Make sure your kernel is IPv6 enabled, you can see that by checking for the line

OPTIONS          INET6

in your kernel configuration (or in GENERIC if you use the kernel from the distribution) and make sure it is enabled in your /etc/rc.conf


On FreeBSD 9 (maybe on 8 too) ipv6_enable is deprecated, the recommended way to enable IPv6 for network interfaces is




to configure a single interface for IPv6. For AICCU the ipv6_enable_all_interfaces is preferred.

Create the Tunnel Interface

Create a gif tunnel interface

ifconfig gif0 create

and don't forget to add it to your /etc/rc.conf


Guess you could name it ipv6 if you'd like to :D

Set up your firewall


Explained here for using ipfw, modify to suit your needs in the firewall of your choice.
This is a very minimalistic config, you'll need to treat gif0 like any other external interface!

Allow IPv6 traffic internally

00006 allow ip6 from any to any via gif0

Allow traffic from and to the PoP IPv4 (the IPv4 is in the tunnel detail page, see example in #Get an IPv6 tunnel

00010 allow ip4 from <PoP-IPv4> to me
00010 allow ip4 from me to <PoP-IPv4>


If you're using pf(4) as the firewall, here are some guidelines to filtering on gif0.

Allow all IPv4 on gif0.

pass quick on gif0 inet all

Allow all icmp6 on gif0.

pass quick on gif0 inet6 proto icmp6 all

Allow all outgoing IPv6 on gif0.

pass out quick on gif0 inet6 all

Selectively allow incoming IPv6 connections.

pass quick on gif0 inet6 proto tcp from any to $host port ssh

Configure AICCU

For a Heartbeat tunnel you need to use AICCU to configure your tunnel. If you're not using SixXS then you may not be able to use AICCU but may need to use TSP which is not described here.</br> For a static tunnel, follow the documentation from SixXS

install the net/sixxs-aiccu port Edit /usr/local/etc/aiccu.conf

Only info I have in aiccu.conf is

username <username>
password <password>
protocol tic
ipv6_interface gif0
verbose false
daemonize true
automatic true
requiretls false

Test aiccu using the command

sixxs-aiccu test <configfile>

NB testing aiccu will modify gif0, so you need to restart aiccu after testing!
For me the ipv4 traceroute test fails, but that's not a problem.
If all is well, all 10 tests will be OK, so enable sixxs in /etc/rc.conf.local


and start aiccu using

/usr/local/etc/rc.d/sixxs-aiccu start

AICCU will now configure your gif0 interface, check the resulting configuration using

ifconfig gif0
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1280
        tunnel inet <my-external-ipv4> --> <PoP's-ipv4>
        inet6 <my-assigned-ipv6> prefixlen 64