Skip to content

Instantly share code, notes, and snippets.

@emory
Forked from CHTJonas/UniFi Tunnelbroker.md
Created September 16, 2020 12:38
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save emory/6c346550d8f74b9b8deea7fa0fbc295a to your computer and use it in GitHub Desktop.
Save emory/6c346550d8f74b9b8deea7fa0fbc295a to your computer and use it in GitHub Desktop.
Tunnelbroker config for UniFi Security Gateway

UniFi Tunnelbroker Configuration

This GitHub Gist details the manual configuration needed on a UniFi controller to enable IPv6 tunneling with Hurricane Electric's Tunnelbroker service.

Setup

This is what works for me personally. Stuff you'll need to do to adapt this to your ends:

  • Replace "local-ip" with your USG's public IPv4 address.
  • Replace "remote-ip" with the address of your Tunnelbroker tunnel server.
  • Replace "address" with the IPv6 address that your are allocated.

Installation

Follow these instructions and drop your config.gateway.json file in the correct location eg. /usr/lib/unifi/data/sites/$NAME/.

{
"interfaces": {
"tunnel": {
"tun0": {
"address": [
"YOUR-ALLOCATED-IPV6-PREFIX-FROM-TUNNELBROKER"
],
"description": "Tunnelbroker IPv6 Tunnel",
"encapsulation": "sit",
"firewall": {
"in": {
"ipv6-name": "WANv6_IN"
},
"local": {
"ipv6-name": "WANv6_LOCAL"
},
"out": {
"ipv6-name": "WANv6_OUT"
}
},
"local-ip": "YOUR-ROUTER-PUBLIC-IPV4-ADDRESS",
"multicast": "disable",
"remote-ip": "YOUR-TUNNELBROKER-REMOTE-IPV4-ADDRESS",
"ttl": "255"
}
}
},
"protocols": {
"static": {
"interface-route6": {
"::/0": {
"next-hop-interface": {
"tun0": "''"
}
}
}
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment