在VPS架设6IN4 Tunnel服务器

IT天地,

一直想把HE tunnel的固定ipv6地址拿到家中的局域网使用,但中国直连HE节点网络质量不佳,所以尝试通过VPS与HE建立6in4 tunnel,然后把routed prefix(路由前缀)分发到家中网络,于是有了以下文章。

前提条件:
1、一台VPS已与HE建立6in4 tunnel
2、已从HE取得/48 routed prefix
3、宽带有一个公网IPv4地址
4、一个支持sit tunnel的路由器,我此处使用飞塔

因为sit tunnel两端是对等的,所以配置上基本相同
本例中VPS已与HE建立ipv6 tunnel,并从HE取得了routed /48的路由前缀。现把/48中的其中一个/56分配到本地局域网

VPS配置sit tunnel

~$ sudo cat /etc/netplan/99-to-ugf-ipv6.yaml 
network:
  version: 2
  tunnels:
    to-ugf-ipv6:
      mode: sit
      remote: 1.2.3.4     //此处填写宽带IPv4
      local: 10.0.10.209  //VPS网卡上显示的IPv4
      addresses:
        - "2001:470:a79:b::1/64";     //从routed /48中分一个/64作为VPS与家中路由器sit tunnel的互联IP段
      routes:
        - to: 2001:470:a79:b00::/56    //从routed /48中分一个/56作为家中局域网设备分配的IP段

确保以上填写正确,sudo netplan try 或 sudo netplan apply
此时VPS路由表如下

~$ ip -6 r
2001:470:220:190::/64 dev he-ipv6 proto kernel metric 256 pref medium
2001:470:a79:b::/64 dev to-ugf-ipv6 proto kernel metric 256 pref medium
2001:470:a79:d::/64 dev br-80b2c5c798a6 proto kernel metric 256 pref medium
2001:470:a79:b00::/56 dev to-ugf-ipv6 proto static metric 1024 pref medium
fe80::/64 dev enp0s6 proto kernel metric 256 pref medium
fe80::/64 dev docker0 proto kernel metric 256 linkdown pref medium
fe80::/64 dev vethf0072eb proto kernel metric 256 pref medium
fe80::/64 dev br-80b2c5c798a6 proto kernel metric 256 pref medium
default via 2001:470:220:190::1 dev he-ipv6 proto static metric 99 pref medium

本地飞塔防火墙配置sit tunnel与VPS建立连接

config system sit-tunnel
    edit "to-vps-ipv6";
        set source 1.2.3.4           //宽带IPv4
        set destination 8.8.8.8      //VPS IPv4
        set ip6 2001:470:a79:b::2/64 //与VPS sit tunnel的IP同一个网段
        set interface "cmcc";
    next
end

飞塔防火墙配置LAN接口的路由前缀与SLAAC

config system interface
    edit "lag3.104";
        set vdom "MGMT";
        set device-identification enable
        set role lan
        set snmp-index 42
        set ip-managed-by-fortiipam disable
        config ipv6
            set ip6-address 2001:470:a79:bbb::1/64     //从2001:470:a79:b00::/56中随意选中一段/64作为此接口的IP
            set ip6-allowaccess ping ssh
            set ip6-send-adv enable
            config ip6-prefix-list
                edit 2001:470:a79:bbb::/64             //分配给局域网设备
                next
            end
        end
        set interface "lag3";
        set vlanid 104             //这是我虚拟机的VLAN
    next
end

对于飞塔,接下来还需要配置进、出站规则,在此不作详述。 马上从虚拟机上测试网是否通

C:\Users\niclau>ping -6 www.cloudflare.com

Pinging www.cloudflare.com [2606:4700::6810:7c60] with 32 bytes of data:
Reply from 2606:4700::6810:7c60: time=74ms
Reply from 2606:4700::6810:7c60: time=67ms
Reply from 2606:4700::6810:7c60: time=66ms
Reply from 2606:4700::6810:7c60: time=68ms

Ping statistics for 2606:4700::6810:7c60:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 66ms, Maximum = 74ms, Average = 68ms

C:\Users\niclau>curl -6 ip.sb
2001:470:a79:bbb:21a:5dbf:de09:f915

Leave a Reply

Your email address will not be published. Required fields are marked *