IPv6 with Airport Extreme and Tunnelbroker

Do you want IPv6 on your home or business network?
Are you having problems getting a working configuration through your provider?
Are you using an Apple Airport device for wireless?

If you answered ‘yes’ above then this post is for you!

This took me around 20 minutes to complete.

This kind of requires a public IP address on the WAN side of your Airport. I say kind of because I did not try to set this up in bridge mode.

3 steps:

You will need an account with Tunnelbroker (offered by Hurricane Electric). Go create your account!

You need to create a tunnel via their interface and you’ll need to know your public IP of your Airport device.

You’ll need to set up the Airport device (tested on Airport Time Capsule and Airport Extreme).

And follow along…

Once you have your account set up you’ll need to create the tunnel via the web interface. Click ‘create regular tunnel’ on the left side.

20160630-tunnel-step01

Tunnel creation screenshot

 
You’ll need to enter your public IPv4 IP address in the box indicated then choose your remote endpoint. You may want to do a few traceroutes ahead of time to find the site that is closest to you network-wise as physical locality doesn’t always equal closest point on the network. You’ll mainly want the lowest latency.

Your tunnel will look like the following screenshot:

Tunnel details screenshot

Tunnel details screenshot

 
You’ll notice a link to assign an /48 – this is not needed and will make more sense in my next post where I build a tunnel from the Fortigate firewall in my lab and then delegate /56 and /64 networks further into my network.

Last step is to configure the Airport device. Launch Airport Utility (Mac or Windows, I did not try this on iOS) and then select your device then click the ‘edit’ button. Select ‘Manually’ from the ‘Configure IPv6’ drop down and ‘Tunnel’ from the ‘IPv6 Mode’ drop down.

Click the Internet tab then select ‘Internet Options’ at the bottom, will look like:

20160630-tunnel-step03

Airport Internet options screenshot

 
Now we need to fill in those 5 boxes (I’ve included a textual summary table after screenshot)

Tunnel details filled in

Tunnel details filled in

 

Tunnel Airport
Server IPv4 Address Remote IPv4 Address
Server IPv6 Address IPv6 Default Route (remove /64)
Client IPv6 Address IPv6 WAN Address (remove /64)
Routed /64 IPv6 Delegated Prefix (include /64)
Routed /64 IPv6 LAN Address (remove /64)

Lastly, and I really suggest you do this, you should block incoming IPv6 connections to your clients behind the Airport device. While configuring the Airport device click on the ‘Network’ tab, then click ‘Network Options’ at the bottom and click the ‘Block Incoming IPv6 connections’ toggle. If you do not do this then external IPv6 connections from the Internet can talk directly to your hosts behind your Airport device.

Block incoming IPv6 connections

Block incoming IPv6 connections

 
That’s it!

Want to learn more about IPv6?