Skip to content

Ubiquiti EdgeRouter tunnelbroker IPv6 configuration

This post will cover the IPv6 configuration on Ubiquiti Edge Router ERPoE-5 running Version 1.9.1. I will be going through the whole process of setting up IPv6 connectivity using Hurricane Electric 6in4 tunnel.

I will not be using the real IP Addresses, however the reader should be able to understand and substitute for their own configuration.

This is a home network, therefore a lot of aspects are not considered in the design!

Overview

  • There are three VLANs. (Main (1) , Guest (2) , Automation (3) )
  • Since there is no native IPv6 support from my ISP, I am using a 6in4 Tunnel to get IPv6 working.
  • The EdgeRouter is the public facing device connected to a vDSL Modem via eth0.
  • The Ethernet interfaces eth1, eth2, eth3, eth4 are bridged via bridge interface br0.
  • Bridge interface br0 has a 192.168.1.1/24 RFC1918 address assigned to VLAN1 and also used as the management IP.

Part 1

In this part, I will be covering the tunnel creation. You need to head to Hurricane Electric here and get yourself an IPv6 tunnel. I have used a /48 Routed Prefix for my configuration which you can see below.

he-ipv6

With the above IPv6 configuration. I was able to create a tunnel to Hurricane Electric as follows. As you can see, I have also requested a /48 Routed IPv6 Prefix from HE which I will be using on my configuration.

Tunnel Configuration

set interfaces tunnel tun0 address '2001:470:abcd:123::2/64'
set interfaces tunnel tun0 description 'HE IPv6 Tunnel'
set interfaces tunnel tun0 encapsulation sit
set interfaces tunnel tun0 firewall in name WAN6_IN
set interfaces tunnel tun0 firewall local name WAN6_LOCAL
set interfaces tunnel tun0 local-ip 1.1.1.1
set interfaces tunnel tun0 multicast disable
set interfaces tunnel tun0 remote-ip 2.2.2.2
set interfaces tunnel tun0 ttl 255
set protocols static interface-route6 '::/0' next-hop-interface tun0

Once you have got the tunnel up and it should be able to ping6 google.com or any IPv6 address.

Part 2

The following aspects are assumed as part of this configuration. I have put together a chart which I use for enterprise deployment but I am sure you can see how I am distinguishing VLANs with the IPv4/IPv6 prefixes. This method might not always work but I usually follow this concept as much as possible.

he-ipv6-vlan

Since we have got the IPv6 prefixes and VLANs cleared, we can move into Part 3 for the IPv6 Interface Configuration.

Part 3

For VLAN 1, we will need to configure on the br0 bridge interface.

Bridge br0 Interface Configuration

set interfaces bridge br0 address 192.168.1.1/24
set interfaces bridge br0 address '2001:470:1111:1::1/64'
set interfaces bridge br0 aging 300
set interfaces bridge br0 bridged-conntrack disable
set interfaces bridge br0 description 'Local Bridge'
set interfaces bridge br0 dhcpv6-options parameters-only
set interfaces bridge br0 hello-time 2
set interfaces bridge br0 ipv6 dup-addr-detect-transmits 1
set interfaces bridge br0 ipv6 router-advert cur-hop-limit 64
set interfaces bridge br0 ipv6 router-advert default-preference high
set interfaces bridge br0 ipv6 router-advert link-mtu 1280
set interfaces bridge br0 ipv6 router-advert managed-flag false
set interfaces bridge br0 ipv6 router-advert max-interval 600
set interfaces bridge br0 ipv6 router-advert other-config-flag true
set interfaces bridge br0 ipv6 router-advert prefix '2001:470:1111:1::/64' autonomous-flag true
set interfaces bridge br0 ipv6 router-advert prefix '2001:470:1111:1::/64' on-link-flag true
set interfaces bridge br0 ipv6 router-advert prefix '2001:470:1111:1::/64' valid-lifetime 2592000
set interfaces bridge br0 ipv6 router-advert reachable-time 0
set interfaces bridge br0 ipv6 router-advert retrans-timer 0
set interfaces bridge br0 ipv6 router-advert send-advert true
set interfaces bridge br0 max-age 20
set interfaces bridge br0 priority 0
set interfaces bridge br0 promiscuous enable
set interfaces bridge br0 stp false

Once you have done that, we will go ahead and create the other VLAN (vif) interfaces.

Please note that we only need to configure br0 for VLAN 1 and not the vif 1 interface.

VLAN 2 Interface – vif2

vif2 Configuration

set interfaces switch switch0 vif 2 address 192.168.2.1/24
set interfaces switch switch0 vif 2 address '2001:470:1111:2::1/64'
set interfaces switch switch0 vif 2 dhcpv6-options parameters-only
set interfaces switch switch0 vif 2 ipv6 dup-addr-detect-transmits 1
set interfaces switch switch0 vif 2 ipv6 router-advert cur-hop-limit 64
set interfaces switch switch0 vif 2 ipv6 router-advert default-preference high
set interfaces switch switch0 vif 2 ipv6 router-advert link-mtu 1280
set interfaces switch switch0 vif 2 ipv6 router-advert managed-flag false
set interfaces switch switch0 vif 2 ipv6 router-advert max-interval 600
set interfaces switch switch0 vif 2 ipv6 router-advert other-config-flag true
set interfaces switch switch0 vif 2 ipv6 router-advert prefix '2001:470:1111:2::/64' autonomous-flag true
set interfaces switch switch0 vif 2 ipv6 router-advert prefix '2001:470:1111:2::/64' on-link-flag true
set interfaces switch switch0 vif 2 ipv6 router-advert prefix '2001:470:1111:2::/64' valid-lifetime 2592000
set interfaces switch switch0 vif 2 ipv6 router-advert reachable-time 0
set interfaces switch switch0 vif 2 ipv6 router-advert retrans-timer 0
set interfaces switch switch0 vif 2 ipv6 router-advert send-advert true
set interfaces switch switch0 vif 2 mtu 1500

VLAN 2 Interface – vif3

Please note that some AP Vendors do not support IPv6 while running on captive portal. This is because the Controller is most likely running on IPv4 for authentication purposes and issueing an IPv6 address would not allow the user to reach the controller.

vif3 Configuration

set interfaces switch switch0 vif 3 address 192.168.3.1/24
set interfaces switch switch0 vif 3 address '2001:470:1111:3::1/64'
set interfaces switch switch0 vif 3 dhcpv6-options parameters-only
set interfaces switch switch0 vif 3 ipv6 dup-addr-detect-transmits 1
set interfaces switch switch0 vif 3 ipv6 router-advert cur-hop-limit 64
set interfaces switch switch0 vif 3 ipv6 router-advert default-preference high
set interfaces switch switch0 vif 3 ipv6 router-advert link-mtu 1280
set interfaces switch switch0 vif 3 ipv6 router-advert managed-flag false
set interfaces switch switch0 vif 3 ipv6 router-advert max-interval 600
set interfaces switch switch0 vif 3 ipv6 router-advert other-config-flag true
set interfaces switch switch0 vif 3 ipv6 router-advert prefix '2001:470:1111:3::/64' autonomous-flag true
set interfaces switch switch0 vif 3 ipv6 router-advert prefix '2001:470:1111:3::/64' on-link-flag true
set interfaces switch switch0 vif 3 ipv6 router-advert prefix '2001:470:1111:3::/64' valid-lifetime 2592000
set interfaces switch switch0 vif 3 ipv6 router-advert reachable-time 0
set interfaces switch switch0 vif 3 ipv6 router-advert retrans-timer 0
set interfaces switch switch0 vif 3 ipv6 router-advert send-advert true
set interfaces switch switch0 vif 3 mtu 1500

Part 4

Now we will move onto the final part where we define the additional IPv6 info via the DHCPv6 Options.

DHCPv6 Configuration

set service dhcpv6-server shared-network-name AUTOMATION subnet '2001:470:1111:3::/64' domain-search nish.local
set service dhcpv6-server shared-network-name AUTOMATION subnet '2001:470:1111:3::/64' name-server '2001:470:20::2'
set service dhcpv6-server shared-network-name GUEST subnet '2001:470:1111:2::/64' domain-search nish.local
set service dhcpv6-server shared-network-name GUEST subnet '2001:470:1111:2::/64' name-server '2001:470:20::2'
set service dhcpv6-server shared-network-name LAN subnet '2001:470:1111:1::/64' domain-search nish.local
set service dhcpv6-server shared-network-name LAN subnet '2001:470:1111:1::/64' name-server '2001:470:20::2'

Conclusion

Once you have done all the configuration. You should be able to see the IPv6 routing table as follows.

Routing table output

IPv6 Routing Table
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
       IA - OSPF inter area, E1 - OSPF external type 1,
       E2 - OSPF external type 2, N1 - OSPF NSSA external type 1,
       N2 - OSPF NSSA external type 2, B - BGP
Timers: Uptime
IP Route Table for VRF "default"
S      ::/0 [1/0] via ::, tun0, 1d18h58m
C      ::1/128 via ::, lo, 07w3d10h
C      2001:470:1111:1::/64 via ::, br0, 12:39:24
C      2001:470:1111:3::/64 via ::, switch0.3, 12:53:02
C      2001:470:1111:2::/64 via ::, switch0.2, 12:49:03
C      2001:470:abcd:123::/64 via ::, tun0, 1d18h58m
C      fe80::/64 via ::, eth4, 12:06:56
C      fe80::50e5:a315/128 via ::, tun0, 1d18h58m
comments powered by Disqus