This guide will take you through how to setup a IPv6 Tunnel with Tunnelbroker.net (but can also work with other suppliers if desired) on an Apple Router (either a Airport Express, Time Capsule or Airport Extreme). The benefit of IPv6 is great not only for gaming on Xbox One which supports IPv6 to remove NAT issues, but also for accessing the next generation of network services out of the box in a native configuration (think, no more port forwarding, no more networking issues caused by poorly built routers).
Of course, if your ISP was decent in the first place you wouldn’t need a tunnel and would have native IPv6 from them, but this is the next best method which will provide each of your devices with a unique, public IPv6 address while not affecting your current IPv4 setup. I’ll also detail how to put up a Firewall on the router for IPv6 as well as setting up Google’s Public DNS on IPv6.
Step 1: Signing up for a Tunnel
Browse to Tunnelbroker.net and setup an account for you use by clicking Register on the Top left. You are required to give them an account name, email and your address to get them setup, but this is understandable as they are acting like a second ISP for you (for your IPv6 traffic!).
Once your account is made, select ‘Create Regular Tunnel’ on the left hand side (not the BGP option).
On the Create new tunnel page you will be presented with the below options:
Setting up a new Tunnel on Tunnelbroker.net
You will need to fill in your current IPv4 Endpoint. This is your current IP address (v4). It will likely be displaying it for you already underneath in the ‘You are viewing from’ however if you are using a web proxy or your ISP provides one for you it may not be your real IPv4 address. In which case, try googling ‘What is my IP’ or look on your router’s settings page to gain this address.
Once you have that, you need to pick an endpoint. It may suggest one already based on your location but you are welcome to pick any of your choosing. One nice thing to note at this stage, if you pick say a North America location and are based in say Europe, you can use Netflix (which is IPv6 enabled) and use it to trick the site into thinking your in America. However picking a server far away from your actual location will slow down your network traffic as any IPv6 traffic will go via their server adding an extra hop in your internet packets. Pick wisely on this!
Once done, click Create tunnel and you are set!
Step 2: Setting up your Tunnel on your Apple Router
Ok, keep the Tunnelbroker site open on your newly created tunnel (click into it to display it’s settings if it hasn’t already opened up) and also open up Airport Utility to edit your Router’s setting. On Airport Utility browse to the Internet Tab and select ‘Internet Options…’ at the bottom. Now refer to the below picture on how to copy the settings from Tunnelbroker to your Airport / Time Capsule device:
You will notice that when copying the Server IPv6 Address, Client IPv6 Address and Router /64 that for three of the entries you will need to remove the /64 however keep it for the IPv6 Delegated Prefix. It’s quite a maze to figure out, and took me quite a few tries to get it spot on, so I hope the picture above makes it really easy.
Once done, click ‘Save’ and move onto the next step.
Step 3: Setting up IPv6 DNS
Great, so now you have a tunnel setup (but not active yet until you save settings). Now it’s time to setup a DNS server which can be connected to over IPv6. This is important, as without it its unlikely your ever use your IPv6 addresses connecting to websites. For this guide, I used Googles Public DNS servers however you can easily use OpenDNS’s, Tunnelbrokers or any other servers you have access to.
So back on the Internet tab, you will likely see two DNS servers already entered, these are provided by your ISP, you can leave them how they are if you wish, or replace them with Google’s IPv4 DNS servers which are 126.96.36.199 and 188.8.131.52.
Next up, it’s time to put in two IPv6 DNS server’s, Google’s ones are: 2001:4860:4860::8888 and 2001:4860:4860::8844
Good Job, DNS is setup. One more optional step to go.
Step 4: Optional – Blocking incoming IPv6 connections
IPv6 is great, however unless each device in your home network is protected with a firewall and has no open services (like network shares, SSH servers with weak passwords etc) you could find by enabling the tunnel you have opened every device to dangers the internet. This is because where before you had one internet address and that was your routers, now every PC is able to do two way traffic on the internet as if the router never existed, removing its protective barrier. Now you could use this time to sort out each device and make sure it’s safe, however there is a quick way to lock down your IPv6 inbound traffic (without affecting outbound) until you are comfortable with each devices setup.
On your router’s settings, click on the Network Tab and select ‘Network Options…’ at the bottom. You will be presented with the below:
Just tick the ‘Block Incoming IPv6 connections’. This will put a firewall up on your Router and ensure inbound connections only match outbound and stop people port scanning / connecting directly to your devices uninvited.
Once your happy with all your settings, Click ‘Update’ and all the above steps will be saved to your Apple Router and the device will reboot. All going well, it will come back with a green status light which means the IPv6 tunnel is setup. I’d recommend refreshing your network connections on your devices (reboot if required), and seeing if they are given an IPv6 address. You can test connectivity by visiting Test your IPv6.
If it comes back with a yellow light, click it and see what the error message is. Perhaps you entered some details wrong? Double check and retry. If your still having problems just reply in the comments and hopefully we can get you sorted in no time!
Hope my guide has helped, and welcome to the IPv6 world.