126 lines
6.4 KiB
XML
126 lines
6.4 KiB
XML
<?xml version="1.0" encoding="UTF-8" ?>
|
|
<heIPv6 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
|
xmlns="https://tunnelbroker.net/"
|
|
xsi:schemaLocation="https://tunnelbroker.net/ http://schema.xml.r00t2.io/projects/he_ipv6.xsd">
|
|
<!--
|
|
This is a sample XML configuration file to use with he_ipv6.py.
|
|
If you do not yet have an IPv6 Tunnelbroker.net allocation, you can get one (for free!) at:
|
|
https://www.tunnelbroker.net/tunnel_detail.php?tid=584532
|
|
I highly recommend their (free) certification as well if you're brand-new to IPv6:
|
|
https://ipv6.he.net/certification/
|
|
**It is VERY highly encouraged to only use one tunnel at a time on a machine. Completely unpredictable results will
|
|
incur if this is not heeded.**
|
|
-->
|
|
<creds>
|
|
<!--
|
|
Credentials are kept separate from tunnel configuration because you can have multiple (up to 5) tunnels per user.
|
|
-->
|
|
<cred id="ipv6user">
|
|
<user>ipv6user</user>
|
|
<password>someSecretPassword</password>
|
|
</cred>
|
|
<cred id="anotheruser">
|
|
<user>someotheruser</user>
|
|
<password>anotherPassword</password>
|
|
</cred>
|
|
</creds>
|
|
<tunnels>
|
|
<!--
|
|
Each tunnel MUST have an "id" and a "creds" attribute. The "creds" attribute should reference an "id" of a
|
|
creds/cred object.
|
|
The tunnel ID can be found by logging into your tunnelbroker.net panel, clicking on the tunnel you wish to use, and
|
|
looking at the URL in your browser.
|
|
It is in the format of https://www.tunnelbroker.net/tunnel_detail.php?tid=[TUNNEL ID]
|
|
So if it takes you to e.g. https://www.tunnelbroker.net/tunnel_detail.php?tid=12345, your tunnel ID would
|
|
be "12345".
|
|
-->
|
|
<tunnel id="12345" creds="ipv6user">
|
|
<!--
|
|
You can find the updateKey in the "Advanced" tab of your tunnel's configuration on your tunnelbroker.net panel.
|
|
-->
|
|
<updateKey>xXxXxXxXxXxXxXXX</updateKey>
|
|
<!--
|
|
Where to assign your allocations. The default allocation prefix is a /64 (prefix="64"), since that's what
|
|
SLAAC (RFC 2462) recommends.
|
|
It has one optional attribute, "raProvider", which can be "dnsmasq" or "radvd". Its configuration file will be
|
|
regenerated and the service restarted after the addresses are allocated to interfaces. Further system
|
|
configuration may be required. If not specified, the default is to not send router advertisements (RFC 4861). See
|
|
the "ra" child element under <assign> for further details.
|
|
If you are using dnsmasq, you will want to edit dnsmasq.conf to *include* the generated file, most likely, as it
|
|
only generates configuration for IPv6 options.
|
|
-->
|
|
<assignments raProvider="dnsmasq">
|
|
<!--
|
|
Each assignment has the following required attributes:
|
|
* "prefix" - the size of the subnet to assign to an interface, "64" (/64) by default since that's what SLAAC
|
|
recommends. Note that if you use your /64 allocation and don't specify a longer prefix, you can
|
|
only have one assignment for that allocation.
|
|
* "alloc" - this should match the prefix of the allocation. Hurricane Electric only allows you one /64 and,
|
|
optionally, one /48. Use "alloc" to reference which allocation you want to use. Uses "64" (/64)
|
|
by default.
|
|
* "iface" - which network interface on this machine the allocation should be added to.
|
|
Make sure you don't exceed your allocation size! (A /48 has 65536 /64s in it.)
|
|
The interface will be assigned :1 (the first host in the subnet) as well, so it is recommended that you do not
|
|
assign a /128 prefix.
|
|
-->
|
|
<assign prefix="64" alloc="64" iface="eth0">
|
|
<!--
|
|
Each assignment CAN have an "ra" child. The default is to not implement RA for this interface if an ra element
|
|
is not present.
|
|
It takes one optional attribute, which is only used for raProvider="dnsmasq", "tag", which is the tag name for
|
|
the interface (this should be set in an earlier included conf/the main dnsmasq.conf).
|
|
-->
|
|
<ra tag="main">
|
|
<!--
|
|
Specify RDNSS (RFC 8106). If specified, this allocation's "router IP" (<PREFIX>::1) will be passed as a
|
|
resolver via RDNSS.
|
|
It takes one (optional) attribute, "domains", which is a space-separated list of search domains, referred
|
|
to in IPv6 as DNSSL (RFC 6106).
|
|
Note that Windows does not support DNSSL, and as such you must use dhcpv6's "domains" attribute if you wish
|
|
to do that.
|
|
If "domains" is specified but the element is false, the configuration will only advertise DNSSL and not
|
|
RDNSS.
|
|
-->
|
|
<dns domains="foo.com bar.com">true</dns>
|
|
<!--
|
|
Enable DHCPv6 for this assignment. Only used for dnsmasq, has no effect for radvd. As mentioned above, you
|
|
can also specify the "domains" attribute here as well, which will pass them via a regular DHCPv6 option.
|
|
If "domains" is specified but the element is false, only the domains will be passed.
|
|
Again, this only pertains to dnsmasq since radvd offers no DHCPv6 capabilities whatsoever.
|
|
-->
|
|
<dhcpv6 domains="foo.com bar.com">true</dhcpv6>
|
|
</ra>
|
|
</assign>
|
|
<!-- Disable RA for this set (no "ra" chiled specified). -->
|
|
<assign prefix="64" alloc="48" iface="eth0"/>
|
|
<assign prefix="64" alloc="48" iface="eth1">
|
|
<ra tag="vmlan">
|
|
<!-- This will use strictly SLAAC (if using dnsmasq, obviously - radvd only does SLAAC). -->
|
|
<dhcpv6>false</dhcpv6>
|
|
<!-- And let clients choose their own resolver. -->
|
|
<dns>false</dns>
|
|
</ra>
|
|
</assign>
|
|
<assign prefix="64" alloc="48" iface="eth2">
|
|
<ra tag="wlan">
|
|
<!-- Only pass RDNSS resolvers. -->
|
|
<dns>true</dns>
|
|
<dhcpv6>false</dhcpv6>
|
|
</ra>
|
|
</assign>
|
|
</assignments>
|
|
</tunnel>
|
|
<!-- And you can, of course, specify multiple tunnels. -->
|
|
<tunnel id="54321" creds="anotheruser">
|
|
<updateKey>0000000000000000</updateKey>
|
|
<assignments>
|
|
<!--
|
|
Uses the default prefix of /64 from your standard /64 allocation from Hurricane Electric.
|
|
Most users probably want this unless they're running an IPv6 router.
|
|
-->
|
|
<assign iface="eth0"/>
|
|
</assignments>
|
|
</tunnel>
|
|
</tunnels>
|
|
</heIPv6>
|