Use a D-Link DIR-825 to automatically IPv6 your network

(Please note this article is now somewhat out of date as D-Link have started to trickle out a new version of software for this router which changes its ipv6 functionality and completely fixes the ipv6 router advertisement issue – here is an EU beta version that I found after scouring the d-link forums: DIR-825 2.05EU, and I think the US version is available from the US ftp site too.)

My cable router died recently so I took the opportunity to replace it with something good. I grabbed a D-Link DIR-825 (revision B) since I knew it supported IPv6 natively after doing lots of research and finding an excellent list on SixXS.net. It was a bit pricey (£120) but I believe it was worth it for the massive feature set – including the quad-band wireless which has prooved excellent so far.

Set-up was super easy. As with most cable setups, just plug it in to the modem and you’re away since there’s no mess with internet credentials, at least in my case anyway.

Now the IPv6 bit. I have a subnet obtained from Hurrican Electric’s Tunnel Broker and when you’re given a subnet they offer you a /64 subnet, and a routed /48 subnet as well. You should only need the /64 subnet, but you can get the /48 as well if you like, we won’t use it here.

Assuming you’ve signed up at HE and acquired an IPv6 subnet, keep the tunnel details page handy so you can use them in the admin interface of the router.

In the advanced section of the DIR-825 switch to the IPv6 page. Then change the connection type to “IPv6 in IPv4 tunnel”. Now we start entering addresses…
The remote and local addresses match up with the addresses on the tunnel details page, so for the Remote IPv4 address use the “Server IPv4 address” from the tunnel details page, Remote IPv6 address is the “Server IPv6 address”, and so on for the local addresses, using the “Client” addresses.

Key here is making sure you don’t include the “/64” bit and also remember to not use the short notation for the v6 addresses. For example if you have a server ipv6 address that says: “2001:470:1234:567::1/64” you should instead enter “2001:470:1234:567:0:0:0:1″. That’s because IPv6 addresses are usually given in a more human-readable format and they miss out the pointless bits, like the zero-sections at the end (where shorthand like :: is used to mean :0:0:0: ). Do the same for the client IPv6 address too.

Now you want to type in your routed /64 address in to the LAN IPv6 Address for the router. The tunnel details page will just give you a subnet notation (e.g. 2001:470:1235:567::/64) so stick a 1 on the end before the /64 and that’ll be your router’s internal LAN address, (e.g. 2001:470:1235:567:0:0:0:1). Notice that the  3rd section of the address will be 1 number higher than your client IPv6 subnet.

Finally in the address autoconfiguration section, check the enable autoconfiguration box and switch to Stateful (DHCP v6). This will give IPv6 addresses to your clients that support DHCPv6. I believe you don’t have to do this, and you can use stateless to do it aswell, but I wanted fully public IPv6 address, so I’ve gone for stateful in my case.

And so finally we click the Save Settings button at the top, and you’re done! Time to test it out. Try ipv6.google.com for starters 🙂
Ocassionally it doesn’t work. If not check on the tunnelbroker.net site and make sure you router’s wan ip address is listed on the tunnel details page. If it isn’t you need to get that filled in, so click the link next to the client ipv4 address entry and fill it in. Hopefully you have a static IP don’t you…! There does seem to be a way of dynamically updating the client ipv4 address with hurricane electric, but that would still mean updating the config on the router which would be annoying of course.

Here’s a sanitised screen-shot of my router config for reference:

Added on 20th Feb 2011: I realised recently that IPv6 wasn’t quite working all of the time on my computers served by my router and after extensive investigation I discovered that the router wasn’t advertising it’s link-local address often enough (or at all). As a result my IPv6 clients were finding they didn’t have the necessary routes to talk IPv6 to the internet.
The solution turned out to be to add a persistent static route to the IPv6 internet via the internal Link-Local address of the router.
Here’s the fix, just run it from an admin cmd prompt, and replace the [link-local address] section with your router’s link-local address (which you can find on the ipv6 config page):

route -p add ::/0 [link-local address]

  • Andrew

    Check out the latest firmware patch 2.05 from their website (don’t use the internal check – it erroneously reports it’s up-to-date for some reason). The version from your screen-shot wasn’t working for me. They’ve updated their IPv6 support and it seems to be working flawlessly now.

  • NiXC

    Thanks Andrew. I really must update my article for the new version. I managed to get my copy of the update off one of the other european d-link sites a few weeks ago, much much better isn’t it!!!

  • Jean-Michel

    I have followed the instructions you gave. The firmware is patched to 2.05. However, my windows 7 computer is receiving a ipv6 address.

  • NiXC

    Hi Jean-Michel. In version 2.05 your address auto-configuration settings should be set to “SLAAC + Stateless DHCPv6“, perhaps that’s what you might need to try.
    You might be able to get help on the D-Link forums for your DIR-825. My instructions were for the European 2.01 version not 2.05. The latest version gained much better IPv6 support and so is different to configure.

  • Jean-Michel

    Thanks for the quick answer. I am able to ping a ipv6 address from the router. On Win7, I can’t seem to get a address from the router, so I am not receiving gateway info nor dns info.

    I will look into the forums see if there is help there.

  • Jean-Michel:

    I have the same experience. I can ping ipv6 sites from the router, but not from Windows which looks like it is using Win7 Teredo.

    I suspect that I have to run something like
    netsh interface teredo set state disabled
    netsh interface ipv6 add v6v4tunnel IP6Tunnel ipv4-1 ipv4-2
    netsh interface ipv6 add address IP6Tunnel ipv6::2
    netsh interface ipv6 add route ::/0 IP6Tunnel ipv6::1
    where the ip addresses were given by tunnelbroker when I set up my tunnel.

    I’m not sure what else running netsh might do, so I am waiting to get more info from someone more knowledgeable.

    Lester

  • NiXC

    If your router can already ping using ipv6 why are you trying to setup a tunnel on your windows machine? You set the tunnel to terminate on your router, then your machines talk to your router to get out to the internet. By setting up a tunnel on your windows machine you’re attempting to tunnel out of your network using ipv4 when your router is already configured with your tunnel! That can’t work surely as the tunnel can only be brought up once.
    I recommend you remove your windows tunnel configs (however you do that with netsh) and manually set an ipv6 address and gateway setting in your network settings for the adapter on your windows machine which will route ipv6 traffic via your router. Perhaps that will help. If it does you’re just getting the same issue Jean-Michel is with not receiving ipv6 address and gateway config settings automatically on your machines.

  • No. The router could NOT ping ipv6 sites until AFTER I created the tunnel.

    Under my Win7 Ultimate, Teredo was set up by default, but this still is not a true ipv6 connection. For example, I could not get tp http://ipv6.google.com, and now I still can’t get there. Under my Linode VPS, which has a true ipv6 connection, I can get to that site just fine.

    Now, I may be missing some important point here. You are saying that instead of creating a tunnel to my router, I should set separate tunnels to all PCs connected to the router? I don’t see as very efficient, and I do do understand why this is necessary? For example, I have already set OpenDNS ipv6 DNS
    2620:0:ccc::2
    2620:0:ccd::2
    on all ipv6 Win7 PCs and router, and so shouldn’t the tunnel through the router be all that is necessary?

    I have some reasons for not simply playing with netsh:
    http://www.techpowerup.com/forums/showthread.php?t=118071

    Lester

  • NiXC

    Thanks for posting Lester.
    Not really sure what you’re trying to do. You only need one tunnel, either on a single machine to which you need to ‘route’ (not tunnel) all IPv6 traffic on your network, or you open the tunnel on the router and then you route all the traffic via the router – which is what it’s for.

  • Kim Nilsson

    Hello NiXC
    I note you’re using Hurricane as IPv6 provider in your guide.
    Do you know how to use gogo6/Freenet6 as provider? Their tunnel software requires a login/password to use the subnet.
    /Kim

  • NiXC

    Hi Kim. Interesting point – yes I had a go with gogo6 a while back and couldn’t really get past having to use a client to get it going. I also tried sixxs.net – they do have a method for giving you IPv6 to a router, but their checks and barriers were so annoying I never got much further than being able to login to their site! Stupid really.
    So far Hurricane Electric have been the easiest to setup, for me at least, I’d have to recommend them far above the others.

  • Michael Fletcher

    I’ve been digging into problems with Tunnel’d IPv6 and I think i’ve come up with the actual problem but not a solution.

    All of my machines were getting IPv6 addresses (both windows, mac, linux) but none of them seemed to work. In each case they were missing a default IPv6 route. All I was able to do was ping the gateway itself using the local lan address.

    I started looking at the packets using a network sniffer and the Router Advertisements all had a Router lifetime value of “0” which is RFC4816 speak for “don’t use this router as the default router”. So Windows/Linux is exactly right by not setting a default route.

    The strange thing was that when I reboot the router I would briefly get a router advertisement with a lifetime of 1800s, the corrert prefix and dns server but then another router advertisement would come along 5 seconds later with a router advertisement of 0.

    Other observations
    … using 6to4 I would get working IPv6 address. The difference again seemed to be the Router Lifetime. But I want to use a permanent tunnel. I have found 6to4 unreliable.
    … the router never responds to router solicitations. It only sends a router advertisement when it wants to.
    … the router never responds to DHCPv6 when that is configured.

    I’m going to say there are a lot of bugs with the IPv6 in IPv4 tunnel.

  • Srijit

    My router (DIR-615) is not behind NAT. I have a unique public IP. I think the setup till router is ok as I can ping IPV6 from router’s web interface. I have configured DHCP v as u have have done. But my clients are not getting the DHCP IPv6 address. I tried adding the Link Local Address as u mentioned but a simple ping shows “Unreachable”. Any suggestions?

  • Strange, perhaps your clients aren’t getting an ipv6 address via dhcp as expected. Worth checking that first via ipconfig (or ifconfig on mac/linux). Maybe try changing the dhcp settings around on your router, trying the different options.
    Also maybe worth checking your clients haven’t had the ipv6 interface disabled or unticked in the network configuration settings.

    Personally i’ve switched to using 6to4 mode via a fritz!box router instead. 6to4 would probably suit you (if it works on your connection) as it’s only really sensible if you have a static wan address, which you do. If you haven’t got dhcp working though i suppose that’s not going to help.