Jump to:navigation, search
Wiki

6in4 interface configuration

From Securepoint Wiki















































































De.png
En.png
Fr.png









Create 6in4 tunnel

Last adaptation to the version: 12.6.0

New:
  • Function: Update associated network objects
  • Updated to Redesign of the webinterface
notempty
This article refers to a Resellerpreview
Access: UTM-IP:Port or UTM-URL:Port
Port as configured at Network / Appliance Settings / Webserver
Default-Port: 11115
i.e.: https://utm.ttt-point.de:11115
Default: https://192.168.175.1:11115 Network Network Configuration  Area Netzwerkschnittstellen



Introduction

A 6in4 tunnel is a transition mechanism from IPv4 to IPv6. Here, the IPv6 data packets are transmitted over an IPv4 network to a node. This is done with the help of a tunnel broker such as the one from Hurricane Electric . 6in4tunnel grafik.jpg
The 6in4 tunnel is established between the firewall and the 6in4 tunnel broker

Tunnel broker configuration

The tunnel broker from Hurricane Electric is used as an example.


Create an account with Hurricane Electric

Tunnelbroker Login.png
Tunnel broker registration


Hurricane Tunnel Broker Registrierung.png
Enter more registration details
  • All fields must be filled in and then click on "Register".
  • The password for the account will be send to the specified email address.

Creating the 6in4 tunnel

  • Log in to the website with username and password.
  • Click on the "Create Regular Tunnel" button under "User Functions".
 Hurricane Tunnel Broker Create Regular Tunnel Berlin.png
Create a new tunnel with the tunnel broker
  • There, the IPv4 address can be entered and a tunnel server can be selected. In this example the tunnel server in Berlin is used. After clicking on "Create Tunnel", it takes a brief moment and a page with the Tunnel Details appears.
  • The tunnel is now created.
 Hurricane Tunnel Broker configure tunnel berlin.png
Specify IPv4 address and select tunnel server

Tunnel ID and IP addresses of the tunnel servers

  • Here, the tunnel ID can be viewed, which will still play a role in the configuration on the UTM.
  • In addition, the respective "Tunnel Endpoints" are listed with the respective IP addresses.
 Hurricane Tunnel Broker Details.png
Tunnel details


Configuration of the Securepoint Appliance

In order to create a 6in4 tunnel it is necessary to click on Network Network configuration  Area Network Interfaces Button + 6IN4.

Step 1

Step 1
Name: six0 Assign names Add interface UTMuser@firewall.name.fqdnNetworkNetwork configuration UTM v12.6 6IN4 Schnittstelle hinzufuegen Schritt1-en.pngEnter local IPv4 and IPv6 address
Local IPv6 address: 2001:db8::2001/64  Enter IPv6 address
Local IPv4 address: 203.0.113.203/---  Enter public IPv4 address
 If the interface is dynamic, this field must remain empty! The firewall then automatically informs the Tunnel Broker when the IP address changes.
Next

Step 2

Step 2
Remote IPv6 address: 201:db8::2001/64  Enter IPv6 address UTM v12.6 6IN4 Schnittstelle hinzufuegen Schritt2-en.png
Store tunnel server IP addresses and user data
Remote IPv4 address: 216.66.86.114/---  Enter the IPv4 address of the server (here Berlin).
This IPv4 address is listed in the tunnel details under the item Server IPv4 address.
Use as default route: Yes Must be enabled
Type: Hurricane Electric Dynamic Select Hurricane
Username: TestSecurepoint Enter username
Password: ••••••••• Enter password
Tunnel: 123456Link= Enter tunnel ID (also to be taken from the tunnel details)
Next

Step 3

Step 3
Zones: external_v6
firewall-external_v6		 Select the "external_v6" and "firewall-external_v6" zones UTM v12.6 6IN4 Schnittstelle hinzufuegen Schritt3-en.png
Bind zones to the 6in4 interface
Add new zone: No
dmz3		 Hier kann eine neue Zone hinzugefügt werden
Generate rules: No Rules for the zone can be generated here
Update associated network objects: notempty
New as of v12.6.0
On If an existing zone has been selected, all network objects that are already in this zone and have an interface as a target are moved to the new interface.
Finish

Packet filter

In order for the 6in4 tunnel to be established, the IP address must be enabled by the Tunnel Broker server.
The server first tests with a ping whether the specified tunnel endpoint exists at all and can be reached.

Create network object

Click on Firewall Network objects  Button + Add object.
Name: Hurricane Assign names Add network objects UTMuser@firewall.name.fqdnFirewallNetwork object UTM v12.6 6IN4 Paketfilter Netzwerkobjekt hinzufuegen-en.pngCreate network object for Hurricane
Type: Host Select "Host" type
Address: 66.220.2.74/---  Here the IP "66.220.2.74" must be entered
Zone: external_v6 Select zone "external_v6"
Groups:     Groups may be entered here


Firewall rule

Click Firewall Packetfilter  Area + Add rule and create the packet filter rule as follows:

# Source Target Service NAT Action Active
Dragndrop.png Host.svg Hurricane Interface.svg external-interface Tcp.svg ftp Accept On
Retrieved from "https://wiki.securepoint.de/index.php?title=UTM/NET/6in4&oldid=94854"