HE IPv6 隧道配置与部署笔记
本笔记详细记录了 Hurricane Electric IPv6 隧道(6in4)在 Linux 系统上的配置、脚本编写、权限赋予及 systemd 服务部署流程。适合需要快速搭建 IPv6 网络环境的用户参考。
1. 配置文件说明
路径: /etc/he-ipv6.conf
SERVER_IPV4="填_HE_Server_IPv4"
LOCAL_IPV4="填_你服务器网卡上的私有IPv4(VPC IP)"
CLIENT_IPV6="填_HE_Client_IPv6(通常::2)"
SERVER_IPV6="填_HE_Server_IPv6(通常::1)"
ROUTED_IPV6="填_ROUTED_IPv6地址,这个是实际要出网用的地址"2. 隧道管理脚本
路径: /usr/local/sbin/he-ipv6.sh
#!/usr/bin/env bash
set -euo pipefail
CONF="/etc/he-ipv6.conf"
[ -r "$CONF" ] || { echo "Missing $CONF"; exit 1; }
source "$CONF"
TUN="he-ipv6"
require() {
local v="$1"
[ -n "${!v:-}" ] || { echo "Missing $v in $CONF"; exit 1; }
}
require SERVER_IPV4
require LOCAL_IPV4
require CLIENT_IPV6
require SERVER_IPV6
require ROUTED_IPV6
start() {
stop
ip tunnel add "$TUN" mode sit remote "$SERVER_IPV4" local "$LOCAL_IPV4" ttl 255
ip link set "$TUN" up
# ip link set "$TUN" mtu 1280
ip -6 addr add "${CLIENT_IPV6}/64" dev "$TUN"
ip -6 addr add "${ROUTED_IPV6}/64" dev "$TUN"
ip -6 route add default via "$SERVER_IPV6" dev "$TUN" table 200
ip -6 rule add from "$CLIENT_IPV6" lookup 200
ip -6 rule add from "$ROUTED_IPV6" lookup 200
ping6 -c 1 -W 2 "$SERVER_IPV6" >/dev/null 2>&1 || true
}
stop() {
ip -6 route del default dev "$TUN" metric 2048 2>/dev/null || true
ip -6 rule del from "$CLIENT_IPV6" lookup 200 2>/dev/null || true
ip -6 rule del from "$ROUTED_IPV6" lookup 200 2>/dev/null || true
ip -6 route flush table 200 2>/dev/null || true
ip -6 addr flush dev "$TUN" 2>/dev/null || true
ip link del "$TUN" 2>/dev/null || true
}
case "${1:-}" in
start) start ;;
stop) stop ;;
restart) stop; start ;;
*) echo "Usage: $0 {start|stop|restart}"; exit 2 ;;
esac脚本要点:
- 自动校验配置文件和核心参数
- 支持 start、stop、restart 操作
- 自动清理旧规则,避免路由泄露
- 推荐设置 MTU 为 1280,解决部分网站加载问题
3. 赋予执行权限
chmod +x /usr/local/sbin/he-ipv6.sh4. 脚本启动与管理命令
he-ipv6.sh start he-ipv6.sh stop he-ipv6.sh status5. systemd 服务配置
路径: /etc/systemd/system/he-ipv6.service
[Unit]
Description=Hurricane Electric IPv6 (6in4) tunnel
Wants=network-online.target
After=network-online.target
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/local/sbin/he-ipv6.sh start
ExecStop=/usr/local/sbin/he-ipv6.sh stop
[Install]
WantedBy=multi-user.target说明:
- 服务类型为 oneshot,启动后保持状态
- 网络就绪后自动启动
- 支持安全停止与重启
6. 启用并启动服务
systemctl daemon-reload
systemctl enable --now he-ipv6.service
systemctl status he-ipv6.service --no-pagerTips:
- 若遇到 IPv6 网络异常,可先执行 he-ipv6.sh stop 再 start 重置隧道。
- 建议将配置文件妥善备份,避免误删导致服务不可用。
如有更多问题,欢迎留言交流。