Jump to:navigation, search
Wiki

6in4 interface configuration

From Securepoint Wiki


















































































De.png
En.png
Fr.png






Create 6in4 tunnel
Last adaptation to the version: 12.6.0
New:
  • Funktion: Zugehörige Netzwerkobjekte aktualisieren
  • Updated to Redesign of the webinterface
notempty
This article refers to a Resellerpreview

11.2.3 11.7

Access: UTM-IP:Port or UTM-URL:Port
Port as configured at Network / Appliance Settings / Webserver
Default-Port: 11115
i.e.: https://utm.ttt-point.de:11115
Default: https://192.168.175.1:11115 Network Network Configuration  Area Netzwerkschnittstellen



Introduction

A 6in4 tunnel is a transition mechanism from IPv4 to IPv6. Here, the IPv6 data packets are transmitted over an IPv4 network to a node. This is done with the help of a tunnel broker such as the one from Hurricane Electric . 6in4tunnel grafik.jpg
The 6in4 tunnel is established between the firewall and the 6in4 tunnel broker

Tunnel broker configuration

The tunnel broker from Hurricane Electric is used as an example.


Create an account with Hurricane Electric

Tunnelbroker Login.png
Tunnel broker registration


Hurricane Tunnel Broker Registrierung.png
Enter more registration details
  • All fields must be filled in and then click on "Register".
  • The password for the account will be send to the specified email address.


Creating the 6in4 tunnel

  • Log in to the website with username and password.
  • Click on the "Create Regular Tunnel" button under "User Functions".
 Hurricane Tunnel Broker Create Regular Tunnel Berlin.png
Create a new tunnel with the tunnel broker
  • There, the IPv4 address can be entered and a tunnel server can be selected. In this example the tunnel server in Berlin is used. After clicking on "Create Tunnel", it takes a brief moment and a page with the Tunnel Details appears.
  • The tunnel is now created.
 Hurricane Tunnel Broker configure tunnel berlin.png
Specify IPv4 address and select tunnel server

Tunnel ID and IP addresses of the tunnel servers

  • Here, the tunnel ID can be viewed, which will still play a role in the configuration on the UTM.
  • In addition, the respective "Tunnel Endpoints" are listed with the respective IP addresses.
 Hurricane Tunnel Broker Details.png
Tunnel details

Configuration of the Securepoint Appliance

In order to create a 6in4 tunnel it is necessary to click on Network Network configuration  Area Network Interfaces Button + 6IN4.

Schritt 1

Schritt 1
Name: six0 Assign names Schnittstelle hinzufügen UTMuser@firewall.name.fqdnNetzwerkNetzwerkkonfiguration UTM v12.6 6IN4 Schnittstelle hinzufuegen Schritt1-en.pngEnter local IPv4 and IPv6 address
Local IPv6 address: 2001:db8::2001/64  Enter IPv6 address
Local IPv4 address: 203.0.113.203/---  Enter public IPv4 address
 If the interface is dynamic, this field must remain empty! The firewall then automatically informs the Tunnel Broker when the IP address changes.
Next

Schritt 2

Schritt 2
Remote IPv6 address: 201:db8::2001/64  Enter IPv6 address UTM v12.6 6IN4 Schnittstelle hinzufuegen Schritt2-en.png
Store tunnel server IP addresses and user data
Remote IPv4 address: 216.66.86.114/---  Enter the IPv4 address of the server (here Berlin).
This IPv4 address is listed in the tunnel details under the item Server IPv4 address.
Use as default route: Yes Must be enabled
Type: Hurricane Electric Dynamic Select Hurricane
Username: TestSecurepoint Enter username
Password: ••••••••• Enter password
Tunnel: 123456Link= Enter tunnel ID (also to be taken from the tunnel details)
Next

Schritt 3

Schritt 3
Zones: ×external_v6
× firewall-external_v6		 Select the "external_v6" and "firewall-external_v6" zones UTM v12.6 6IN4 Schnittstelle hinzufuegen Schritt3-en.png
Bind zones to the 6in4 interface
Add new zone: No
dmz3		 Hier kann eine neue Zone hinzugefügt werden
Generate rules: No Rules for the zone can be generated here
Zugehörige Netzwerkobjekte aktualisieren: notempty
neu ab v12.6.0
Ein Wurde eine bereits existierende Zone ausgewählt, werden alle Netzwerkobjekte, die bereits in dieser Zone liegen und eine Schnittstelle als Ziel haben auf die neue Schnittstelle umgezogen.
Fertig

Paketfilter

In order for the 6in4 tunnel to be established, the IP address must be enabled by the Tunnel Broker server.
The server first tests with a ping whether the specified tunnel endpoint exists at all and can be reached.



Create network object

Click on Firewall Network objects  Button + Add object.
Name: Hurricane Assign names Netzwerkobjekt hinzufügen UTMuser@firewall.name.fqdnFirewallNetzwerkobjekte UTM v12.6 6IN4 Paketfilter Netzwerkobjekt hinzufuegen-en.pngCreate network object for Hurricane
Type: Host Select "Host" type
Address: 66.220.2.74/---  Here the IP "66.220.2.74" must be entered
Zone: external_v6 Select zone "external_v6"
Groups:     Groups may be entered here

Firewall rule

Click Firewall Packetfilter  Area + Add rule and create the packet filter rule as follows:

# Source Target Service NAT Action Active
Dragndrop.png Host.svg Hurricane Interface.svg external-interface Tcp.svg ftp Accept On
Retrieved from "https://wiki.securepoint.de/index.php?title=UTM/NET/6in4&oldid=89037"