6in4 interface configuration

notempty

Dieser Artikel bezieht sich auf eine nicht mehr aktuelle Version!

notempty

Der Artikel für die neueste Version steht hier

notempty

Zu diesem Artikel gibt es bereits eine neuere Version, die sich allerdings auf eine Reseller-Preview bezieht

Create 6in4 tunnel

Last adaptation to the version: 12.2.3

New:

Updated screenshots
Layout adjustment

notempty

This article refers to a Resellerpreview

11.7

Introduction
A 6in4 tunnel is a transition mechanism from IPv4 to IPv6. Here, the IPv6 data packets are transmitted over an IPv4 network to a node. This is done with the help of a tunnel broker such as the one from Hurricane Electric .			The 6in4 tunnel is established between the firewall and the 6in4 tunnel broker

Tunnel broker configuration
The tunnel broker from Hurricane Electric is used as an example.

Create an account with Hurricane Electric
The website is: www.tunnelbroker.net Click on "Register" at the top left.			Tunnel broker registration

All fields must be filled in and then click on "Register". The password for the account will be send to the specified email address.			Enter more registration details

Creating the 6in4 tunnel
Log in to the website with username and password. Click on the "Create Regular Tunnel" button under "User Functions".			Create a new tunnel with the tunnel broker

There, the IPv4 address can be entered and a tunnel server can be selected. In this example the tunnel server in Berlin is used. After clicking on "Create Tunnel", it takes a brief moment and a page with the Tunnel Details appears. The tunnel is now created.			Specify IPv4 address and select tunnel server

Tunnel ID and IP addresses of the tunnel servers
Here, the tunnel ID can be viewed, which will still play a role in the configuration on the UTM. In addition, the respective "Tunnel Endpoints" are listed with the respective IP addresses.			Tunnel details

Configuration of the Securepoint Appliance
In order to create a 6in4 tunnel it is necessary to click on → Network →Network configurationTab Network Interfaces Button + 6in4.
Name:	six0	Assign names	Enter local IPv4 and IPv6 address
Local IPv6 address:	2001:db8::2001/64	Enter IPv6 address
Local IPv4 address:	203.0.113.203/---	Enter public IPv4 address If the interface is dynamic, this field must remain empty! The firewall then automatically informs the Tunnel Broker when the IP address changes.
Next	Click here and the entries are saved and the editing continues


Remote IPv6 address:	201:db8::2001/64	Enter IPv6 address	Store tunnel server IP addresses and user data
Remote IPv4 address:	216.66.86.114/---	Enter the IPv4 address of the server (here Berlin). This IPv4 address is listed in the tunnel details under the item Server IPv4 address.
Use as default route:	Yes	Must be enabled
Type:	Hurricane Electric Dynamic	Select Hurricane
Username:	TestSecurepoint	Enter username
Password:	Password	Enter password
Tunnel:	123456	Enter tunnel ID (also to be taken from the tunnel details)
Next	Click here to continue


Zones:	×external_v6 × firewall-external_v6	Select the "external_v6" and "firewall-external_v6" zones	Bind zones to the 6in4 interface
Add new zone:	No dmz3	Hier kann eine neue Zone hinzugefügt werden
Generate rules:	No	Rules for the zone can be generated here

Portfilter
In order for the 6in4 tunnel to be established, the IP address must be enabled by the Tunnel Broker server. The server first tests with a ping whether the specified tunnel endpoint exists at all and can be reached.

Create network object
Click on → Firewall →Port filterTab Network objects Button + Add object.
Name:	Hurricane	Assign names	Create network object for Hurricane
Type:	Host	Select "Host" type
Address:	66.220.2.74/---	Here the IP "66.220.2.74" must be entered
Zone	external_v6	Select zone "external_v6"
Groups:		Groups may be entered here