IPv6/IPv4 tunnels
Prior name: Tornevall Networks RaspTunnel.
What is it?
Tornevall Networks RaspTunnel was an experimental project where micro servers in a DMZ-controlled environment is hosting the primary IPv6 connectivity. Main purpose is ipv6 GRE-tunneling with the help from your primary router, which should be configured to route traffic to a DMZ-address, where this micro server, known as Raspberry pi, are the tunnel gateway.
The Tornevall Tunneling is a semi-production project where we were adding microservers into a DMZ-controller environments. The main purpose was to get full IPv6 connectivity through GRE tunneling. The backside of GRE tunneling usually is that it is REQUIRED to put such tunnels primarily as an external first-connection device (by means: The device hosting the GRE tunnel must be your primary inbound connection, which is where the DMZ comes in).
For the moment, to create more stability, we instead build all solutions on OpenVPN which also gives the possibility to aquire local IPv4 addresses if necessary . Or if you like, LAN access.
What is the goal?
There are a few top providers that support IPv6 connectivity already. For example Spacedump AB and Hurricane Electric. Many providers offers connectivity through SIT/GRE/TUN/TAP drivers. One of the goals is to be a in-between layer of the regular tunnels, as they are required to be (like described above) located un-NAT'ed to work. Besides, we offer a reverse-PTR-DNS editor at https://auth.tornevall.net, specifically written to make DNS editing easier.
How does it work?
No prior configuration or ip rule settings are required anymore. You only need OpenVPN and permission. Then it is up to you how your local endpoint are configured. Either we give you a simple IPv4/32 or IPv6/128 address, or we give you a /64 IPv6 subnet, as this is the smalles required size of a IPv6 subnet for DHCPv6 to work properly.
IPv6 Networks
DHCP delegation is normally installed clientside. It is also recommended to run dhcp on a /64-prefix. On prefixes higher (65 and up), it may not work properly.
Hurricane electric assigns prefixes by automation. The tunnel types there are based on the SIT-protocol. By requesting directly from them, there won't be any slowdowns in the routing.
Protocols
Supporting GRE but prefers OpenVPN. See below.
Remote Servers
| Remote Host | Description |
|---|---|
| tunnel-prd.tornevall.net | Round robin based remote server |
| tunnel02.tornevall.net | |
| tunnel03.tornevall.net |
Networks
| Network/PrfLen | Host Prflen | Prefix/Length* | Inbound Address | OpenVPN Tunnel Assignments | Local Prflen Delegations | Location | if-gw |
|---|---|---|---|---|---|---|---|
2a01:299:a0::/48 | 48 | LOCAL | LOCAL | 64+ | 64 | PRIMARY | SP |
2001:470:dcb5::/48 | 48 | LOCAL | LOCAL** | 64+ | 64 | SE | HE |
2001:470:83e7::/48 | 48 | LOCAL | LOCAL | 64+ | 64 | FREMONT/US | HE |
2607:5500:3000:78a::2/48 | 64 | 68 | 2607:5500:3000:78a:2000::1/68 | 80 | TX/US | HW | |
2a01:4f9:c010:3142::1/64 | 64 | 68 | 2a01:4f9:c010:3142:2000::1/68 | 96+ | 96 | FI | HZ |
2a02:c207:2042:5731::1/64 | 64 | 68 | 2a02:c207:2042:5731:2000::1/68 | 80 | DE | CB |
* If prefix/length is set to LOCAL, the uplink is assigned directly at Tornevall Networks. If the networks are defined other ways for example 68, the entry point assignment is not set at Tornevall Networks SE-level. It is probably assigned elsewhere as a tunnel or similar.
** Special assignments, with (probably) exclusive access (smtp, irc, or a static primary network). Normally, this is not something we assign externally.
Red marked ip ranges is networks that is not ready for assignments yet.
Visual view