Ga door naar de hoofdinhoud

Getting (fast) IPv6 at home

IPv6

I value IPv6 access as quite important, however T-Mobile Thuis doesn't offer any official form of IPv6 on their network at this time. I looked into various options to get decent IPv6 for my home network:

  • 6to4
  • HE.net tunnelbroker
  • VPN based access

6in4

6to4 is a deprecated form of IPv6 access, but something that would work for any connection with a fixed IPv4 address. Configuring 6to4 on OpenWRT is quickly done, and it was easy to delegate a /64 subnet to my local network. 6to4 however results in a quite slow connection (of around 10 to 20 megabit), and reachability was spotty at best.

HE.net tunnelbroker

Upto a couple of years ago there used to be various public tunnelbrokers for 6in4 tunnels, and I used the sixxs.net tunnels for almost 10 years myself, however, almost all public tunnel-services seem to have shut down over the years. Only HE.net's tunnelbroker seems to be alive.

I have used a couple of HE.net tunnels throughout the years, and while they work fine in general, they seem quite limited in available bandwidth. This became even worse as sixxs.net shutdown, as most sixxs users migrated to HE.net.

Configuring OpenWRT to use a HE.net tunnel is quite easy, just a matter of copy/pasting the values from your HE.net account into OpenWRT's webinterface and providing credentials for the dynamic updating of the tunnel.

I did some speed-tests and these confirmed my experience, I seemed to be limited to maybe 20mbit, which is a bit low when using a 700+ mbit connection, but this is to be expected for a free service. If your needs are limited, HE.net is a good and free solution.

VPN based access

The third and final method of getting IPv6 that I tried was tunneling over IPv4 to my own server in a public datacenter. At that server (hosted at Hetzner) I have a /56 of IPv6 space, This is not standard, but available on request, and you get a /64 standard with every server or VPS.

I configured wireguard on OpenWRT (client) and my server in the datacenter, and route a /60 subnet of IPv6 space to my home-network. This range can then be split further for a couple of subnets. The remainder of the /56 can be used for some more VPN's and tunnels.

/images/speedtest-v6.png

Using the Wireguard VPN and testing speed on IPv6 I could easily get over 200mbit per second and I have even seen it hit 500mbit.

Todo

  • Try and get IP-TV working, though this doesn't have much priority for me
  • Cancelling voice and tv-subscriptions before the discount runs out :)

OpenWRT Config

Various bits of relevant configuration for OpenWRT:

The configuration of the switchports:

config switch
  option name 'switch0'
  option reset '1'
  option enable_vlan '1'

config switch_vlan
  option device 'switch0'
  option vlan '1'
  option ports '1 2 3 4 6t'
  option vid '1'

config switch_vlan
  option device 'switch0'
  option vlan '300'
  option vid '300'
  option ports '0t 6t'

config switch_vlan
  option device 'switch0'
  option vlan '640'
  option vid '640'
  option ports '0t 6t'

config switch_vlan
  option device 'switch0'
  option vlan '100'
  option ports '0t 6t'
  option vid '100'

Configuration of the Wireguard VPN for IPv6 tunneling

config interface 'WG6'
  option proto 'wireguard'
  option private_key '<wireguard-private-key-base64>'
  list addresses '2001:xxxx:xxx:xxx::3/60'

config wireguard_WG6
  list allowed_ips '::/0'
  option endpoint_host 'ipv4-of-wireguard-server'
  option endpoint_port 'wireguard-portnumber'
  option persistent_keepalive '25'
  option description 'Wireguard-ipv6-tunnel-name'
  option public_key '<public-key-of-wireguard-server-in-base64>'
  option route_allowed_ips '1'

config route6
  option interface 'WG6'
  option target '0::/0'
  option gateway '2001:xxxx:xxx:xxx::1'