IPV6 tunneling on vpsfree: Difference between revisions

vpsFree.cz operates its own tunneling server, through which it is possible to obtain an IPv6 tunnel to places where IPv6 has not yet been introduced.

On June 6, 2017, the operation of the SixXS tunneling platform was terminated. It was the only one that provided a tunneling server in Prague that could be used even without a public IPv4 address. Although SixXS's argument is understandable, there are situations where it is simply not possible to ask a provider for IPv6 connectivity, and often it is not even possible to change providers.

If a public IPv4 address is available, it is possible to arrange a tunnel from HE.net, which works quickly and reliably. Our service therefore mainly focuses on situations where there is not even a public IPv4 address in the place. Unfortunately, the sixxsd software, which formed the server part of the SixXS tunneling platform and was able to efficiently handle hundreds of tunnels, was never released as Open Source and was not published for a long time. So it was necessary to look for another solution.

It is possible to use the modern WireGuard tunneling protocol. It offers encryption and authentication, but also great performance compared to OpenVPN. UDP traffic on port 51820 is used. Each client authenticates with a pair of public and private keys. Each client is statically assigned one connecting IPv6 address and a subnet with a prefix length of /48.

Each tunnel will have an expiration date set for one year after establishment, after which it is deconfigured. Therefore, an extension must be requested for uninterrupted operation. The intention of this inconvenient measure is for every user to write to their connection provider at least once a year about the status of IPv6 support. Note: this feature is not yet implemented. Any deconfiguration in the future will be preceded by several email warnings.

1. Ask your ISP about IPv6 support.
2. Generate a pair of private and public keys: $ wg genkey | tee privatekey | wg pubkey - the private key is created in the privatekey file, the public key is displayed on the terminal. To display the public key again, call $ wg pubkey < privatekey.
3. Request a tunnel via e-mail to ipv6tun@vpsfree.cz. Don't forget to attach the public key. Please do not send the key in an attachment, put it directly in the text of the message. If the end of the tunnel is to be located in Slovakia, please indicate this in the application.
4. You will receive an email with example configuration for wg-quick and OpenWRT. You will also find out the allocated address block in the configuration file.
5. Add your private key to the configuration file and configure your client.
6. Configure your router to assign some addresses from the assigned subnet to your home network.

[Interface]
# FIXME: Insert your private key
PrivateKey = 
Address = 2a03:3b40:200::XXX
# Alternatively, the ListenPort value can be set to any value. By default, a random value should be selected automatically.
#ListenPort = 51820
[Peer]
Endpoint = ipv6tun01.vpsfree.cz:51820
PublicKey = r7vzF6irpXSmkTibIHztIcfc/YzPmpyMX9LYa9z5Yw0=
AllowedIPs =  ::/0
#PersistentKeepalive = 120  # Optional: use if there is a NAT/firewall blocking incoming traffic