routerbox/utils/he_ipv6/example.tunnelbroker.xml

126 lines
6.4 KiB
XML

<?xml version="1.0" encoding="UTF-8" ?>
<heIPv6 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="https://tunnelbroker.net/"
xsi:schemaLocation="https://tunnelbroker.net/ http://schema.xml.r00t2.io/projects/he_ipv6.xsd">
<!--
This is a sample XML configuration file to use with he_ipv6.py.
If you do not yet have an IPv6 Tunnelbroker.net allocation, you can get one (for free!) at:
https://www.tunnelbroker.net/tunnel_detail.php?tid=584532
I highly recommend their (free) certification as well if you're brand-new to IPv6:
https://ipv6.he.net/certification/
**It is VERY highly encouraged to only use one tunnel at a time on a machine. Completely unpredictable results will
incur if this is not heeded.**
-->
<creds>
<!--
Credentials are kept separate from tunnel configuration because you can have multiple (up to 5) tunnels per user.
-->
<cred id="ipv6user">
<user>ipv6user</user>
<password>someSecretPassword</password>
</cred>
<cred id="anotheruser">
<user>someotheruser</user>
<password>anotherPassword</password>
</cred>
</creds>
<tunnels>
<!--
Each tunnel MUST have an "id" and a "creds" attribute. The "creds" attribute should reference an "id" of a
creds/cred object.
The tunnel ID can be found by logging into your tunnelbroker.net panel, clicking on the tunnel you wish to use, and
looking at the URL in your browser.
It is in the format of https://www.tunnelbroker.net/tunnel_detail.php?tid=[TUNNEL ID]
So if it takes you to e.g. https://www.tunnelbroker.net/tunnel_detail.php?tid=12345, your tunnel ID would
be "12345".
-->
<tunnel id="12345" creds="ipv6user">
<!--
You can find the updateKey in the "Advanced" tab of your tunnel's configuration on your tunnelbroker.net panel.
-->
<updateKey>xXxXxXxXxXxXxXXX</updateKey>
<!--
Where to assign your allocations. The default allocation prefix is a /64 (prefix="64"), since that's what
SLAAC (RFC 2462) recommends.
It has one optional attribute, "raProvider", which can be "dnsmasq" or "radvd". Its configuration file will be
regenerated and the service restarted after the addresses are allocated to interfaces. Further system
configuration may be required. If not specified, the default is to not send router advertisements (RFC 4861). See
the "ra" child element under <assign> for further details.
If you are using dnsmasq, you will want to edit dnsmasq.conf to *include* the generated file, most likely, as it
only generates configuration for IPv6 options.
-->
<assignments raProvider="dnsmasq">
<!--
Each assignment has the following required attributes:
* "prefix" - the size of the subnet to assign to an interface, "64" (/64) by default since that's what SLAAC
recommends. Note that if you use your /64 allocation and don't specify a longer prefix, you can
only have one assignment for that allocation.
* "alloc" - this should match the prefix of the allocation. Hurricane Electric only allows you one /64 and,
optionally, one /48. Use "alloc" to reference which allocation you want to use. Uses "64" (/64)
by default.
* "iface" - which network interface on this machine the allocation should be added to.
Make sure you don't exceed your allocation size! (A /48 has 65536 /64s in it.)
The interface will be assigned :1 (the first host in the subnet) as well, so it is recommended that you do not
assign a /128 prefix.
-->
<assign prefix="64" alloc="64" iface="eth0">
<!--
Each assignment CAN have an "ra" child. The default is to not implement RA for this interface if an ra element
is not present.
It takes one optional attribute, which is only used for raProvider="dnsmasq", "tag", which is the tag name for
the interface (this should be set in an earlier included conf/the main dnsmasq.conf).
-->
<ra tag="main">
<!--
Specify RDNSS (RFC 8106). If specified, this allocation's "router IP" (<PREFIX>::1) will be passed as a
resolver via RDNSS.
It takes one (optional) attribute, "domains", which is a space-separated list of search domains, referred
to in IPv6 as DNSSL (RFC 6106).
Note that Windows does not support DNSSL, and as such you must use dhcpv6's "domains" attribute if you wish
to do that.
If "domains" is specified but the element is false, the configuration will only advertise DNSSL and not
RDNSS.
-->
<dns domains="foo.com bar.com">true</dns>
<!--
Enable DHCPv6 for this assignment. Only used for dnsmasq, has no effect for radvd. As mentioned above, you
can also specify the "domains" attribute here as well, which will pass them via a regular DHCPv6 option.
If "domains" is specified but the element is false, only the domains will be passed.
Again, this only pertains to dnsmasq since radvd offers no DHCPv6 capabilities whatsoever.
-->
<dhcpv6 domains="foo.com bar.com">true</dhcpv6>
</ra>
</assign>
<!-- Disable RA for this set (no "ra" chiled specified). -->
<assign prefix="64" alloc="48" iface="eth0"/>
<assign prefix="64" alloc="48" iface="eth1">
<ra tag="vmlan">
<!-- This will use strictly SLAAC (if using dnsmasq, obviously - radvd only does SLAAC). -->
<dhcpv6>false</dhcpv6>
<!-- And let clients choose their own resolver. -->
<dns>false</dns>
</ra>
</assign>
<assign prefix="64" alloc="48" iface="eth2">
<ra tag="wlan">
<!-- Only pass RDNSS resolvers. -->
<dns>true</dns>
<dhcpv6>false</dhcpv6>
</ra>
</assign>
</assignments>
</tunnel>
<!-- And you can, of course, specify multiple tunnels. -->
<tunnel id="54321" creds="anotheruser">
<updateKey>0000000000000000</updateKey>
<assignments>
<!--
Uses the default prefix of /64 from your standard /64 allocation from Hurricane Electric.
Most users probably want this unless they're running an IPv6 router.
-->
<assign iface="eth0"/>
</assignments>
</tunnel>
</tunnels>
</heIPv6>