HomeHome ArticlesArticles Most Popular ArticlesMost Popular Articles Most Helpful ArticlesMost Helpful Articles Request New ArticleRequest New Article
RSS Feeds
DrillDown Icon Table of Contents
DrillDown Icon Knowledge Base Information
DrillDown Icon Cyberoam Security Appliances (UTM and NGFW)
DrillDown Icon FAQs on Cyberoam and Sophos Firewall
DrillDown Icon Vulnerability Security Advisories
DrillDown Icon Best Practices & Policies
DrillDown Icon Protect Your Cyberoam Appliances from Power Fluctuations
DrillDown Icon Technical Library
DrillDown Icon Deployment
DrillDown Icon Registration & Licensing
DrillDown Icon System
DrillDown Icon Objects
DrillDown Icon Network
DrillDown Icon Add Static DNS Host Entry in Cyberoam
DrillDown Icon Establish a 6in4 IP tunnel using a Tunnel Broker Service
DrillDown Icon From where do I change the Maximum Transmission Unit (MTU) or Maximum Segment Size (MSS) values of any Cyberoam Interface?
DrillDown Icon Configure Multi-Port Bridge in Cyberoam
DrillDown Icon Configure DNS Inbound Load Balancing and Failover
DrillDown Icon Configure Link Aggregation (LAG) in Cyberoam
DrillDown Icon Configure Zone settings in Cyberoam
DrillDown Icon Routing
DrillDown Icon Wireless LAN (WLAN)
DrillDown Icon Wireless WAN
DrillDown Icon Configure Cyberoam as a DDNS Server
DrillDown Icon Create an IP Tunnel
DrillDown Icon Implement Transparent Subnet Gateway using Bridge Pair
DrillDown Icon Implement Transparent Subnet Gateways using Proxy ARP
DrillDown Icon Configure Cyberoam as HTTP Proxy Server Using Single Port
DrillDown Icon Configure DHCP Option Objects in Cyberoam
DrillDown Icon How do I configure DHCP Option Object 150 in VoIP Configuration?
DrillDown Icon Implement IPv6 using Cyberoam CLI Console
DrillDown Icon Configure Cyberoam as DHCP Relay
DrillDown Icon Tunnel IPv6 Traffic over IPv4 Network
DrillDown Icon Integrate Cyberoam with third-party Dynamic DNS Service Provider
DrillDown Icon Configure PPPoE on Cyberoam
DrillDown Icon Configure Cyberoam as DHCP Server
DrillDown Icon What is the meaning of AND & OR in Gateway Failover condition?
DrillDown Icon Does Cyberoam support Fiber Optical networks?
DrillDown Icon How to take a tcpdump on Cyberoam for IPv6 traffic?
DrillDown Icon Why are users not being able to access a website hosted on an internal web server when their browsers have Cyberoam configured?
DrillDown Icon How to prevent MAC Spoofing in Cyberoam?
DrillDown Icon Does Cyberoam Support H.323 Standard?
DrillDown Icon How can I clone the MAC address of an interface (Port) of Cyberoam?
DrillDown Icon Does Cyberoam support VLAN over WAN interface?
DrillDown Icon My 3G is not getting connected automatically after reboot. What can be the reason for the same?
DrillDown Icon How to change the Interface/Port Speed?
DrillDown Icon Does Cyberoam support RTP (Real-time Transport protocols)?
DrillDown Icon SIP support in Cyberoam
DrillDown Icon Which are the voice protocols supported by Cyberoam?
DrillDown Icon How do I tag Cyberoam's Bridge Interface initiated traffic with VLAN IDs?
DrillDown Icon How can I bring my LAN and WLAN that terminate on Cyberoam under a single subnet?
DrillDown Icon Configure Virtual LAN in Cyberoam
DrillDown Icon Configure Gateway Load Balancing and Failover
DrillDown Icon How to assign multiple IP addresses on WAN Interface?
DrillDown Icon How to check Gateway wise Data transfer?
DrillDown Icon Configure DHCP over VPN in Cyberoam
DrillDown Icon Identity
DrillDown Icon Firewall
DrillDown Icon VPN
DrillDown Icon IPS
DrillDown Icon Web Filter
DrillDown Icon Application Filter
DrillDown Icon Web Application Firewall (WAF)
DrillDown Icon IM
DrillDown Icon Quality of Service (QoS)
DrillDown Icon Anti Virus
DrillDown Icon Anti Spam
DrillDown Icon Logs & Reports
DrillDown Icon Clients
DrillDown Icon Cyberoam Maintenance
DrillDown Icon Compatibility
DrillDown Icon Archives
DrillDown Icon Visio Stencils for Cyberoam security appliances
DrillDown Icon Product Technical Support
DrillDown Icon Cyberoam Virtual Security
DrillDown Icon Cyberoam iView
DrillDown Icon Cyberoam Central Console
DrillDown Icon Cyberoam's On-Cloud Management Service
  Subscribe Print PreviewPrint Current Article and All Sub-Articles
 
Establish a 6in4 IP tunnel using a Tunnel Broker Service

Applicable Version: 10.00 onwards

Overview

Cyberoam supports Four (4) methods of IP tunneling to promote interoperability between IPv4 and IPv6 networks. It is a mechanism to encapsulate one network protocol as payload for another network protocol i.e. either an IPv6 packet is encapsulated in to an IPv4 packet, for communication between IPv6 enabled hosts/networks via an IPv4 network or vice-a-versa. 

Cyberoam supports following types of IP Tunneling methods: 

  6in4 Tunnel: It is commonly referred as Manual Tunnel and used for IPv6 to IPv6 communication over IPv4 backbone. The source 
   and destination IPv4 addresses must be manually configured. It is recommended for point-to-point communication.
 
 6to4 Tunnel: It is commonly referred to as Automatic Tunnel and used for IPv6 to IPv6 communication over IPv4 backbone. The destination 
   IPv4 address of the tunnel can be automatically acquired, but the source address needs to be provided manually. It is recommended for 
   point-to-multi point communication.
  6rd Tunnel: It is used for IPv6 to IPv6 communication over IPv4 backbone. The 6RD tunnel is an extension of the 6to4 Automatic Tunnel. 
   The tunnel can be established by pre-defined ISP provided prefix.
  4in6 Tunnel:It is used for IPv4 to IPv4 communication over IPv6 backbone, the source and destination IPv6 addresses must be manually 
   configured. It is recommended for point-to-point communication.
 

Note: 

The devices at the ends of an IPv6 over IPv4 tunnel or IPv4 over IPv6 tunnel must support IPv4/IPv6 dual stack.

Scenario

Establish a 6in4 tunnel using the tunnel broker service named Hurricane Electric (HE). 

Hurricane Electric (HE) provides free IPv6 tunnel broker service to allow users to connect to IPv6 networks over IPv4 backbone. To create a 6to4 tunnel, users must register at http://www.tunnelbroker.net.

Prerequisite

Register with HE at http://www.tunnelbroker.net.

Configuration

This configuration consists of Two (2) parts: 

2.    Cyberoam Configuration

HE Configuration

   Login to your HE Account and click Create Regular Tunnel.
 

 
   Specify the IPv4 address of your local endpoint, select the tunnel server and click Create Tunnel.


On tunnel creation, HE provides the following information which is to be used in IP Tunnel configuration in Cyberoam.

 Server IPv4 Address:
This is the IPv4 address of the server at the tunnel broker (server endpoint) end of the tunnel.
 Server IPv6 Address: This is the IPv6 address of the server at the tunnel broker end of the tunnel.
 Client IPv4 Address: This is the public (WAN) facing IPv4 address of the Cyberoam (client endpoint) end of the tunnel. This IP 
   address must be entered during the tunnel creation process at HE. This address must be pingable by the tunnel broker.
 Client IPv6 Address: This is the IPv6 address assigned by the tunnel broker. This will be used during the configuration process 
   in Cyberoam.
 Available DNS Resolvers: These are recursive caching name servers that you can use through your tunnel either over IPv6 or IPv4. 
   They will also allow you to access Google's websites along with other organizations who have white-listed the servers as part of their 
   IPv6 participation programs.
 Routed IPv6 Prefixes: A 64 bit or, on request, a 48 bit network block is assigned by the tunnel broker. In this article, we statically 
   assign the LAN interface of Cyberoam with an IPv6 address within this 64 bit network block. IPv6 enabled hosts behind the LAN will 
   automatically obtain an IPv6 address within this block.
 rDNS Delegations: These are the Name Servers delegated by Hurricane Electric with authority for the "Routed /64" and "Routed /48" 
   above.


Cyberoam Configuration  

You must be logged on to the Web Admin Console as an administrator with Read-Write permission for relevant feature(s).

Step 1: Create 6in4 Tunnel

Go to Network > Interface > IP Tunnel and click Add to create a new IP Tunnel according to parameters given below.
 

Parameters

Value

Description

Tunnel Name

CR_HE

Specify a name to identify theTunnel

Tunnel Type

6in4

Specify the Tunnel Type.

 

Available Options:
-      6in4
-      6to4
-      6rd
-      4in6

Zone

WAN

Select the zone to create the tunnel for, from the options available. The tunnel will cater to the traffic of selected zone.

 

Available Options:
-      LAN
-      DMZ
-      WAN

Local End Point

203.88.56.45

Specify IP Address of the Local End Point (as specified in HE configuration) of the tunnel.

 

Specify IPv4 Address for 6to4, 6in4 and 6rd tunnels.

Specify IPv6 Address for 4in6 tunnel.

Remote End Point

66.220.18.42

Specify IP Address of the Remote End Point of the tunnel. Here, specify Server IPv4 Address mentioned in the HE Tunnel Details page.

 

Specify IPv4 Address for 6in4 tunnel.

Specify IPv6 Address for 4in6 tunnel.

 

Click OK to create the tunnel. 

Step 2: Add Default Static Route

On clicking OK, the Add Static Unicast Route For IP Tunnel ‘CR_HE' screen appears which enables you to create static routes for remote network. Set route parameters as desired and click OK to save the configuration. Here, we have routed all traffic to the tunnel CR_HE.
 
 

Step 3: Configure LAN Network on IPv6

Go to Network > Interface > Interface and configure the LAN Interface as shown below. Specify the Static IPv6 Address of the LAN interface in the Routed IPv6 Prefixes mentioned in the HE Tunnel Details page.
 
 

Step 4: Enable Router Advertisement on LAN Interface

Go to Network > Router Advertisement > Router Advertisement and click Add to add an advertisement as per parameters below.    

Parameters

Value

Description

Interface

PortD

Select an interface for router advertisement.

 

All IPv6 enabled physical interfaces, LAG, VLAN and Bridge interfaces can be selected.

Other Flag

Enable

Select to set the Other Flag. When this flag is set, DHCPv6 client obtains other network parameters like DNS server, Domain Name, NIS, NISP, SIP, SNTP, BCMS servers from DHCPv6 server.

 

The option must be selected if a DHCPv6 Server is available.

Prefix Advertisement Configuration

2001:470:d:96d::

Prefix Advertisement includes zero or more prefix options containing information that the default gateway advertises. This information is used by stateless address auto configuration to auto-generate a global IPv6 Address.

 

Here, specify the Routed IPv6 Prefix from the HE Tunnel Details page that you configured in the LAN Interface.

 

 

 

Click OK to save advertisement. 

Step 5: Configure DHCP Server

Go to Network > DHCP > Server and configure a new server as per parameters below. This is specifically required to assign DNS Server Address to clients.  

Parameters

Value

Description

Name

IPv6DHCP

Provide a name to identify DHCPv6 server uniquely.

Interface

PortD

Select any internal interface to set it as DHCPv6 server. DHCP service can be configured on virtual sub-interface but cannot be configured on Interface alias.

Dynamic Lease IP

2001:470:d:96d::100 - 2001:470:d:96d::200

Specify range of IPv6 Address from which DHCP server must assign to the clients and subnet mask for the IPv6 Address range. It is also possible to configure multiple IPv6 range for a same interface.

 

You can provide multiple IP range for the DHCP Server.

 

 
 

Click OK to save DHCP configuration. 

The above configuration allows Cyberoam to establish a 6in4 tunnel using the Tunnel Broker ServiceHurricane Electric (HE).

 

 

 

 

                                                                                                                                                                                           Document Version: 1.0 – 1 May, 2015 

Attachments
Related Articles

Article ID: 3118