HOWTO on Route64 for IPv6 TunnelBroker set up#1147
Open
pljones wants to merge 1 commit into
Open
Conversation
ann0see
reviewed
Jun 7, 2026
ann0see
reviewed
Jun 7, 2026
pljones
force-pushed
the
route64-ipv6-setup
branch
2 times, most recently
from
06a493d to
f1ab34b
Compare
Contributor
Author
|
I stuck the Affero licence on when I was about to put this in jamulussoftware/jamulus docs/ -- do we license the wiki differently? (I'm happy with a CC BY-SA 4.0) |
pljones
force-pushed
the
route64-ipv6-setup
branch
from
f1ab34b to
0e52cc3
Compare
Member
|
I think it's some CC license: https://creativecommons.org/licenses/by-sa/4.0/deed.en |
pljones
force-pushed
the
route64-ipv6-setup
branch
2 times, most recently
from
4196949 to
49ea4f3
Compare
Contributor
Author
|
We might want to make the Wiki licence more clearly explained -- the link for "I've verified that this Pull Request follows the general code principles" goes to the jamulussoftware/jamulus contribution guidelines, which don't really talk about the Wiki. |
pljones
force-pushed
the
route64-ipv6-setup
branch
from
49ea4f3 to
111f45d
Compare
ann0see
reviewed
Jun 7, 2026
Contributor
Author
|
Ah! OK, I'll
|
pljones
force-pushed
the
route64-ipv6-setup
branch
from
111f45d to
444fc9c
Compare
ann0see
requested changes
Jun 7, 2026
ann0see
left a comment
ann0see
left a comment
Member
There was a problem hiding this comment.
Please add a header like in the other files
---
layout: post
title: "..."
heading: "..."
author: "pljones"
lang: "en"
---
ann0see
reviewed
Jun 7, 2026
ann0see
reviewed
Jun 7, 2026
ann0see
reviewed
Jun 7, 2026
ann0see
reviewed
Jun 7, 2026
ann0see
reviewed
Jun 7, 2026
ann0see
reviewed
Jun 7, 2026
ann0see
reviewed
Jun 7, 2026
pljones
force-pushed
the
route64-ipv6-setup
branch
3 times, most recently
from
22512e6 to
505cdaa
Compare
Contributor
Author
|
https://jamuluswebsite.drealm.info/kb/index.html has the preview of the rendered site. |
pljones
force-pushed
the
route64-ipv6-setup
branch
2 times, most recently
from
5eb9a9c to
3654f34
Compare
pljones
commented
Jun 9, 2026
ann0see
reviewed
Jun 9, 2026
pljones
force-pushed
the
route64-ipv6-setup
branch
from
3654f34 to
48c7a6b
Compare
mcfnord
reviewed
Jun 23, 2026
|
|
||
| ## 3. Check Your Router/Modem | ||
|
|
||
| The following presumes you currently have _no existing IPv6 usage on your LAN_ |
Contributor
There was a problem hiding this comment.
Suggested change
| The following presumes you currently have _no existing IPv6 usage on your LAN_ | |
| This section presumes you currently have _no existing IPv6 usage on your LAN_ |
mcfnord
reviewed
Jun 23, 2026
| ``` | ||
| If you see RAs from anything other than your server, disable IPv6 on the router. | ||
|
|
||
| - **Firewall** — ensure the router passes through UDP on the Wireguard port |
Contributor
There was a problem hiding this comment.
Suggested change
| - **Firewall** — ensure the router passes through UDP on the Wireguard port | |
| - **Firewall** — ensure the router passes UDP traffic through on the Wireguard port |
I'm not sure what this means. How does a router pass through UDP?
mcfnord
reviewed
Jun 23, 2026
|
|
||
| ## 7. Suppress SLAAC Address on the Server | ||
|
|
||
| The server will autoconfigure an EUI-64 address from the RA it sends to the LAN. |
Contributor
There was a problem hiding this comment.
Suggested change
| The server will autoconfigure an EUI-64 address from the RA it sends to the LAN. | |
| The server will autoconfigure an EUI-64 address using the RA it sends to the LAN. |
(I don't know anything about this topic.)
mcfnord
reviewed
Jun 23, 2026
| ## 7. Suppress SLAAC Address on the Server | ||
|
|
||
| The server will autoconfigure an EUI-64 address from the RA it sends to the LAN. | ||
| This causes source address selection problems (services reply from the wrong address). |
Contributor
There was a problem hiding this comment.
Suggested change
| This causes source address selection problems (services reply from the wrong address). | |
| This causes problems when selecting source addresses, because services reply from the wrong address. |
mcfnord
reviewed
Jun 23, 2026
| sudo systemctl enable nftables | ||
| ``` | ||
| You probably want to get familiar with the content of `/etc/nftables.conf`. | ||
| I find it vastly easier to edit the file and reload the service than to use `nft` commands for ongoing maintenance. |
Contributor
There was a problem hiding this comment.
Suggested change
| I find it vastly easier to edit the file and reload the service than to use `nft` commands for ongoing maintenance. | |
| For ongoing maintenance, I find it much easier to edit the file and reload the service than to use `nft` commands. |
mcfnord
reviewed
Jun 23, 2026
| ``` | ||
| You probably want to get familiar with the content of `/etc/nftables.conf`. | ||
| I find it vastly easier to edit the file and reload the service than to use `nft` commands for ongoing maintenance. | ||
| In fact, I keep a copy under version control then copy it over the original when I commit. |
Contributor
There was a problem hiding this comment.
Suggested change
| In fact, I keep a copy under version control then copy it over the original when I commit. | |
| In fact, I keep a copy under version control and copy it over the original when I commit. |
mcfnord
reviewed
Jun 23, 2026
| You probably want to get familiar with the content of `/etc/nftables.conf`. | ||
| I find it vastly easier to edit the file and reload the service than to use `nft` commands for ongoing maintenance. | ||
| In fact, I keep a copy under version control then copy it over the original when I commit. | ||
| So long as I avoid completely locking myself out with a bad ruleset, this works well for me. |
Contributor
There was a problem hiding this comment.
Suggested change
| So long as I avoid completely locking myself out with a bad ruleset, this works well for me. | |
| This works well so long as I avoid locking myself out with a bad ruleset. |
mcfnord
reviewed
Jun 23, 2026
| I find it vastly easier to edit the file and reload the service than to use `nft` commands for ongoing maintenance. | ||
| In fact, I keep a copy under version control then copy it over the original when I commit. | ||
| So long as I avoid completely locking myself out with a bad ruleset, this works well for me. | ||
| (Remember to check the ruleset with `sudo nft -c list ruleset` before applying, to catch syntax errors and |
Contributor
There was a problem hiding this comment.
Suggested change
| (Remember to check the ruleset with `sudo nft -c list ruleset` before applying, to catch syntax errors and | |
| (Always enter `sudo nft -c list ruleset` to check the ruleset before applying, to catch syntax errors and |
mcfnord
reviewed
Jun 23, 2026
| to not set a default IPv6 route | ||
| - `MinRtrAdvInterval 5` / `MaxRtrAdvInterval 10` — send RAs frequently enough that | ||
| clients don't lose their default route between advertisements | ||
| - `RDNSS` — provides IPv6 DNS servers; without this Android won't use IPv6 for name resolution |
Contributor
There was a problem hiding this comment.
Suggested change
| - `RDNSS` — provides IPv6 DNS servers; without this Android won't use IPv6 for name resolution | |
| - `RDNSS` — provides IPv6 DNS servers; without this Android won't use IPv6 for name resolution. |
mcfnord
reviewed
Jun 23, 2026
| - `AdvDefaultLifetime 1800` — critical for Android; too short a lifetime causes Android | ||
| to not set a default IPv6 route | ||
| - `MinRtrAdvInterval 5` / `MaxRtrAdvInterval 10` — send RAs frequently enough that | ||
| clients don't lose their default route between advertisements |
Contributor
There was a problem hiding this comment.
Suggested change
| clients don't lose their default route between advertisements | |
| clients don't lose their default route between advertisements. |
mcfnord
reviewed
Jun 23, 2026
| ``` | ||
|
|
||
| Notes: | ||
| - `AdvDefaultLifetime 1800` — critical for Android; too short a lifetime causes Android |
Contributor
There was a problem hiding this comment.
Suggested change
| - `AdvDefaultLifetime 1800` — critical for Android; too short a lifetime causes Android | |
| - `AdvDefaultLifetime 1800` — critical for Android! If the lifetime is too short, Android won't set a default IPv6 route. |
mcfnord
reviewed
Jun 23, 2026
| - Ensure `AdvDefaultLifetime` is at least 1800 in radvd.conf | ||
| - Ensure the router/modem is NOT sending Router Advertisements | ||
| (check with `sudo tcpdump -i en0 -v "icmp6 and dst ff02::1"`) | ||
| - Toggle WiFi off/on on the phone after changing radvd config |
Contributor
There was a problem hiding this comment.
Suggested change
| - Toggle WiFi off/on on the phone after changing radvd config | |
| - Toggle WiFi off/on on the phone after changing radvd config. |
mcfnord
reviewed
Jun 23, 2026
|
|
||
| ### Android not getting default IPv6 route | ||
| - Ensure `AdvDefaultLifetime` is at least 1800 in radvd.conf | ||
| - Ensure the router/modem is NOT sending Router Advertisements |
Contributor
There was a problem hiding this comment.
Suggested change
| - Ensure the router/modem is NOT sending Router Advertisements | |
| - Ensure the router/modem is NOT sending Router Advertisements. |
mcfnord
reviewed
Jun 23, 2026
| Check the FORWARD chain allows `en0 → wg0`. | ||
|
|
||
| ### Android not getting default IPv6 route | ||
| - Ensure `AdvDefaultLifetime` is at least 1800 in radvd.conf |
Contributor
There was a problem hiding this comment.
Suggested change
| - Ensure `AdvDefaultLifetime` is at least 1800 in radvd.conf | |
| - Ensure `AdvDefaultLifetime` is at least 1800 in radvd.conf. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Short description of changes
Provides a step by step guide to setting up an IPv6 tunnel into an IPv4 only host.
Context: Fixes an issue? Related issues
Adds a Knowledge Base article.
Status of this Pull Request
Still working on the last hop.All working now.
What is missing until this pull request can be merged?
Inbound isn't working yet.All working now. Guide field-tested by @dtinth - thanks!
Does this need translation?
No translation for Knowledge Base.
Checklist