I’m providing a simple guide below on how to configure IPv6 tunnelling to Hurricane Electronic tunnel broker on Cyberoam UTM appliance. Before start configure on Cyberoam UTM, you need to register an account here and then create a “Regular Tunnel” to start with.
Below is the screenshot of the tunnel creation, provide your Public IP into the “IPv4 Endpoint” box and select the Tunnel servers that near to your location for me, I choose Hong Kong or Tokyo for my connections
After creating the new tunnel, it will provide you the details of the IP addresses as below
Now proceed to configure on Cyberoam UTM and you need to run command in CLI as at the moment GUI have no support on IPv6 yet. Before that do make sure Cyberoam firmware is using version 10.02.0473 or above. How to check firmware version? You can check the version number on the far left hand below the Cyberoam logo or at the system dashboard. If the firmware version is older than that, grab the firmware from here.
You can login to CLI via telnet or SSH, for me i’m connecting to SSH with Putty client that you can download from here. Once you connected to CLI, choose option 4 to enter console mode:-
Once you’re in console mode, type the following command
console> cyberoam ipv6 tunnel add tunnel-name henet remote-ip 18.104.22.168 local-ip 22.214.171.124 local-ip6 2001:470:23:6fe::2/64
to display the tunnel
console> cyberoam ipv6 tunnel show
Remoteip4 = Tunnel Broker server IPv4 address
Localip4 = your current public IP on your Cyberoam WAN interface
Localip6 = is the IPv6 address given by HE tunnel broker
After adding the tunnel, now add routing to route all IPv6 traffic to henet tunnel to do that fire the following command
console> cyberoam ipv6 route add ::/0 interface henet
We are almost done now and you can ping to IPv6 address within Cyberoam CLI just type the following to test
console> ping6 2001:4860:4860::8888
and you should be getting the result below means its already working.
Now you already have IPv6 connection from Cyberoam to tunnel broker but how about client sitting behind Cyberoam that still running on IPv4?
What you need to do is assign another set of IPv6 addresses to the client behind Cyberoam that HE have provided earlier based on the detail given under “Routed IPv6 Prefixes”. If you not required to create multiple segment you can just use the /64 prefix else you can request for /48 prefix. For this example we are using /64 prefix and we are going to define IPv6 address to LAN interface of Cyberoam. Still on console we fire the command below
console> cyberoam ipv6 interface PortA address add 2001:470:24:6fe::1/64
Next, set your notebook or pc with the any available addresses from the /64 prefix eg. below
IPv6 = 2001:470:24:6fe::100
Prefix = 64
Gateway = 2001:470:24:6fe::1
Once apply, you can test ping to any IPv6 address and you’re officially connected to IPv6 world
You can also test from few website below on IPv6 connectivity.
1) Test IPv6 – http://test-ipv6.com/
2) IPv6 Test – http://ipv6-test.com/
3) Google IPv6 test page – http://ipv6test.google.com/