paaland/#0_6rd.sh

## #0_6rd.sh
#!/usr/bin/env sh
# https://kradalby.no/setting-up-6rd-on-my-linux-router.html

PREFIX=2a01:79c::
PREFIX_LENGTH=30
RELAY_PREFIX=213.167.115.92
RELAY_PREFIX_LENGTH=0
PUBLIC=$(curl http://canihazip.com/s)

ipv6calc --action 6rd_local_prefix --6rd_prefix $PREFIX/$PREFIX_LENGTH --6rd_relay_prefix $RELAY_PREFIX/$RELAY_PREFIX_LENGTH $PUBLIC

## #1_setup_tunnel.txt
# Source: https://geekmagnet.org/blog/computer-products/charter-ipv6-trial-setup-on-edgerouter-lite-erl/
# Change prefix to the one calculated (e.g. 2a01:79d:aaaa:bbbb::/62)

set interfaces tunnel tun0 address '2a01:79c:## prefix ##::/62'
set interfaces tunnel tun0 description 'Altibox 6RD'
set interfaces tunnel tun0 encapsulation sit
set interfaces tunnel tun0 local-ip ## Public IP ##
set interfaces tunnel tun0 multicast disable
set interfaces tunnel tun0 ttl 255
set interfaces tunnel tun0 6rd-default-gw '::213.167.115.92'
set interfaces tunnel tun0 6rd-prefix '2a01:79c::/30'

## #2_add_interface.txt
# Change prefix to the one calculated

# I've set a physical address on the interface (needed for my setup to work at least)
set interfaces ethernet eth1 address '2a01:79c:## prefix ##::1/64'
set interfaces ethernet eth1 ipv6 dup-addr-detect-transmits 1
set interfaces ethernet eth1 ipv6 router-advert cur-hop-limit 64
set interfaces ethernet eth1 ipv6 router-advert link-mtu 1280
set interfaces ethernet eth1 ipv6 router-advert managed-flag false
set interfaces ethernet eth1 ipv6 router-advert max-interval 300
set interfaces ethernet eth1 ipv6 router-advert name-server 2a01:79c:## prefix ##::1
set interfaces ethernet eth1 ipv6 router-advert other-config-flag false
set interfaces ethernet eth1 ipv6 router-advert prefix '2a01:79c:## prefix ##::/64' autonomous-flag true
set interfaces ethernet eth1 ipv6 router-advert prefix '2a01:79c:## prefix ##::/64' on-link-flag true
set interfaces ethernet eth1 ipv6 router-advert prefix '2a01:79c:## prefix ##::/64' valid-lifetime 2592000
set interfaces ethernet eth1 ipv6 router-advert reachable-time 0
set interfaces ethernet eth1 ipv6 router-advert retrans-timer 0
set interfaces ethernet eth1 ipv6 router-advert send-advert true

# I've set a physical address on the interface (needed for my setup to work at least)
set interfaces switch switch0 address '2a01:79c:## prefix ##::2/64'
set interfaces switch switch0 ipv6 dup-addr-detect-transmits 1
set interfaces switch switch0 ipv6 router-advert cur-hop-limit 64
set interfaces switch switch0 ipv6 router-advert link-mtu 1280
set interfaces switch switch0 ipv6 router-advert managed-flag false
set interfaces switch switch0 ipv6 router-advert max-interval 300
set interfaces switch switch0 ipv6 router-advert name-server 2a01:79c:## prefix ##::1
set interfaces switch switch0 ipv6 router-advert other-config-flag false
set interfaces switch switch0 ipv6 router-advert prefix '2a01:79c:## prefix ##::/64' autonomous-flag true
set interfaces switch switch0 ipv6 router-advert prefix '2a01:79c:## prefix ##::/64' on-link-flag true
set interfaces switch switch0 ipv6 router-advert prefix '2a01:79c:## prefix ##::/64' valid-lifetime 2592000
set interfaces switch switch0 ipv6 router-advert reachable-time 0
set interfaces switch switch0 ipv6 router-advert retrans-timer 0
set interfaces switch switch0 ipv6 router-advert send-advert true

## #3_ipv6_firewall.txt
# Duped the settings from https://medium.com/@nurblieh/ipv6-on-the-edgerouter-lite-c95e3cc8d49d#.1fs2zxnm6#firewall
# Edit: https://geekmagnet.org/blog/computer-products/charter-ipv6-trial-setup-on-edgerouter-lite-erl/

#Create a policy for WAN->LAN Clients:
edit firewall ipv6-name WAN6_IN
set default-action drop
set rule 10 action accept
set rule 10 description "allow established"
set rule 10 protocol all
set rule 10 state established enable
set rule 10 state related enable
set rule 20 action drop
set rule 20 description "drop invalid packets"
set rule 20 protocol all
set rule 20 state invalid enable
set rule 30 action accept
set rule 30 description "allow ICMPv6"
set rule 30 protocol icmpv6
top

#Now create a policy for WAN->Router (aka local):
edit firewall ipv6-name WAN6_LOCAL
set default-action drop
set rule 10 action accept
set rule 10 description "allow established"
set rule 10 protocol all
set rule 10 state established enable
set rule 10 state related enable
set rule 20 action drop
set rule 20 description "drop invalid packets"
set rule 20 protocol all
set rule 20 state invalid enable
set rule 30 action accept
set rule 30 description "allow ICMPv6"
set rule 30 protocol icmpv6
top
	#!/usr/bin/env sh
	# https://kradalby.no/setting-up-6rd-on-my-linux-router.html

	PREFIX=2a01:79c::
	PREFIX_LENGTH=30
	RELAY_PREFIX=213.167.115.92
	RELAY_PREFIX_LENGTH=0
	PUBLIC=$(curl http://canihazip.com/s)

	ipv6calc --action 6rd_local_prefix --6rd_prefix $PREFIX/$PREFIX_LENGTH --6rd_relay_prefix $RELAY_PREFIX/$RELAY_PREFIX_LENGTH $PUBLIC
	# Source: https://geekmagnet.org/blog/computer-products/charter-ipv6-trial-setup-on-edgerouter-lite-erl/
	# Change prefix to the one calculated (e.g. 2a01:79d:aaaa:bbbb::/62)

	set interfaces tunnel tun0 address '2a01:79c:## prefix ##::/62'
	set interfaces tunnel tun0 description 'Altibox 6RD'
	set interfaces tunnel tun0 encapsulation sit
	set interfaces tunnel tun0 local-ip ## Public IP ##
	set interfaces tunnel tun0 multicast disable
	set interfaces tunnel tun0 ttl 255
	set interfaces tunnel tun0 6rd-default-gw '::213.167.115.92'
	set interfaces tunnel tun0 6rd-prefix '2a01:79c::/30'
	# Change prefix to the one calculated

	# I've set a physical address on the interface (needed for my setup to work at least)
	set interfaces ethernet eth1 address '2a01:79c:## prefix ##::1/64'
	set interfaces ethernet eth1 ipv6 dup-addr-detect-transmits 1
	set interfaces ethernet eth1 ipv6 router-advert cur-hop-limit 64
	set interfaces ethernet eth1 ipv6 router-advert link-mtu 1280
	set interfaces ethernet eth1 ipv6 router-advert managed-flag false
	set interfaces ethernet eth1 ipv6 router-advert max-interval 300
	set interfaces ethernet eth1 ipv6 router-advert name-server 2a01:79c:## prefix ##::1
	set interfaces ethernet eth1 ipv6 router-advert other-config-flag false
	set interfaces ethernet eth1 ipv6 router-advert prefix '2a01:79c:## prefix ##::/64' autonomous-flag true
	set interfaces ethernet eth1 ipv6 router-advert prefix '2a01:79c:## prefix ##::/64' on-link-flag true
	set interfaces ethernet eth1 ipv6 router-advert prefix '2a01:79c:## prefix ##::/64' valid-lifetime 2592000
	set interfaces ethernet eth1 ipv6 router-advert reachable-time 0
	set interfaces ethernet eth1 ipv6 router-advert retrans-timer 0
	set interfaces ethernet eth1 ipv6 router-advert send-advert true

	# I've set a physical address on the interface (needed for my setup to work at least)
	set interfaces switch switch0 address '2a01:79c:## prefix ##::2/64'
	set interfaces switch switch0 ipv6 dup-addr-detect-transmits 1
	set interfaces switch switch0 ipv6 router-advert cur-hop-limit 64
	set interfaces switch switch0 ipv6 router-advert link-mtu 1280
	set interfaces switch switch0 ipv6 router-advert managed-flag false
	set interfaces switch switch0 ipv6 router-advert max-interval 300
	set interfaces switch switch0 ipv6 router-advert name-server 2a01:79c:## prefix ##::1
	set interfaces switch switch0 ipv6 router-advert other-config-flag false
	set interfaces switch switch0 ipv6 router-advert prefix '2a01:79c:## prefix ##::/64' autonomous-flag true
	set interfaces switch switch0 ipv6 router-advert prefix '2a01:79c:## prefix ##::/64' on-link-flag true
	set interfaces switch switch0 ipv6 router-advert prefix '2a01:79c:## prefix ##::/64' valid-lifetime 2592000
	set interfaces switch switch0 ipv6 router-advert reachable-time 0
	set interfaces switch switch0 ipv6 router-advert retrans-timer 0
	set interfaces switch switch0 ipv6 router-advert send-advert true
	# Duped the settings from https://medium.com/@nurblieh/ipv6-on-the-edgerouter-lite-c95e3cc8d49d#.1fs2zxnm6#firewall
	# Edit: https://geekmagnet.org/blog/computer-products/charter-ipv6-trial-setup-on-edgerouter-lite-erl/

	#Create a policy for WAN->LAN Clients:
	edit firewall ipv6-name WAN6_IN
	set default-action drop
	set rule 10 action accept
	set rule 10 description "allow established"
	set rule 10 protocol all
	set rule 10 state established enable
	set rule 10 state related enable
	set rule 20 action drop
	set rule 20 description "drop invalid packets"
	set rule 20 protocol all
	set rule 20 state invalid enable
	set rule 30 action accept
	set rule 30 description "allow ICMPv6"
	set rule 30 protocol icmpv6
	top

	#Now create a policy for WAN->Router (aka local):
	edit firewall ipv6-name WAN6_LOCAL
	set default-action drop
	set rule 10 action accept
	set rule 10 description "allow established"
	set rule 10 protocol all
	set rule 10 state established enable
	set rule 10 state related enable
	set rule 20 action drop
	set rule 20 description "drop invalid packets"
	set rule 20 protocol all
	set rule 20 state invalid enable
	set rule 30 action accept
	set rule 30 description "allow ICMPv6"
	set rule 30 protocol icmpv6
	top