-
IPv6 Tunnels on U-Verse
With IPv4 allocations being complete and noticing more requests for AAAA records in the DNS logs, I decided to dive into some IPv6 stuff with the website. Since U-verse doesn’t allocate IPv6 to customers, there is no way to dual stack or run IPv6 by itself. I had to set up a tunnel through an IPv6 broker and I found the simplest and so far very reliable broker is Hurricane Electric. (www.he.net) I set up three tunnels (I will explain why later), one for my workstation, one for each web server. Since I have static IP’s for the webservers, the tunnel setup was fairly simple since they run local firewalls and the U-verse GW passes everything directed to the IP’s to them without looking twice. My workstation on the otherhand was a bit more interesting…
The U-verse gateway doesn’t pass protocol 41 natively since there is no actual ports for it to use and it is unaware of it to actively pass it, and can’t function as an endpoint for the tunnel for the same reason. This is the reason that I had to set up individual tunnels for each device while keeping the public IP’s for the servers intact.
I set up my servers first, and for the tunnels to work correctly I had to disable the block IMCP ping option on the U-verse gateway. Some might already have this option disabled, so you might want to just double check. To do this, enter the address of the gateway (default is http://192.168.1.254) and go to the firewall tab.
Now you have to set your workstation into DMZ+ mode. This gives you a public, routeable IP address. Make sure you have a firewall active on the workstation. On the firewall tab under the applications, pinholes, and DMZ subsection, choose the name of your workstation out of the list. Once the page refreshes and your workstation is now selected, scroll to the bottom of the page and select the option for DMZ+ mode. It will ask you for your system password, which is on a sticker on the bottom of the gateway.
Renew the IP address on your workstation and you should now have your public U-verse IP (99.x.x.x). Go to your tunnel broker site and follow their directions for getting your tunnel and how to set it up on your system. I used Hurricane Electric (www.tunnelbroker.net).
As for the servers, since they are already in a DMZ+ type mode, (firewall is turned off automatically on the gateway) it was as simple as setting up the tunnels on them and updating the DNS records to hand out the correct AAAA records.
I hope to have some screenshots up here soon for the steps and even add a plugin that will detect if you are on IPv6 or v4.