-
-
Save socketz/72322d155f0529537b39e7dee3a05356 to your computer and use it in GitHub Desktop.
A PowerShell script to activate (and update) a 6-in-4 tunnel in Windows 10/11 using Hurricane Electric IPv6 Tunnel Broker
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Requires -RunAsAdministrator | |
| $TunnelName = "IPv6Tunnel" | |
| $TunnelID = "123456" | |
| $ServerIPv6Address = "2001:a:b:c::1" | |
| $ServerIPv4Address = "200.1.2.3" | |
| # When behind a firewall appliance that passes protocol 41, | |
| # use the IPv4 address you get from your appliance's DHCP service | |
| # instead of the IPv4 endpoint you provided to Tunnelbroker | |
| $ClientIPv6Address = "2001:a:b:c::2" | |
| #$ClientIPv4WANAddress = "100.4.5.6" # Public Address (autodetected later) | |
| $ClientIPv4NATAddress = "192.168.1.2" # Local LAN Address | |
| $Username = "your_he_username" | |
| $UpdateKey = "he_secret_token" | |
| ### End of configuration ### | |
| function PingCheck($ip) { | |
| $pingResult = Test-Connection -ComputerName $ip -Count 1 -Quiet | |
| if ($pingResult) { | |
| Write-Output "Ping $ip ... Pass." | |
| } else { | |
| Write-Output "Ping $ip ... Fail!" | |
| exit 1 | |
| } | |
| } | |
| ### End of Helper Functions ### | |
| # Check Elevated Prompt | |
| $elevated = ([Security.Principal.WindowsPrincipal] ` | |
| [Security.Principal.WindowsIdentity]::GetCurrent() | |
| ).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator) | |
| if ($elevated -eq $false) { | |
| Write-Output "This script requires elevated privileges (Run as administrator). Exit." | |
| exit 2 | |
| } | |
| # Check Server Endpoint, Update Client Endpoint and (bonus) get ClientIPv4WANAddress | |
| $Credentials = New-Object System.Management.Automation.PSCredential($Username, (ConvertTo-SecureString $UpdateKey -AsPlainText -Force)) | |
| exit 1 | |
| $UpdateURL = "https://${Credentials}@ipv4.tunnelbroker.net/nic/update?hostname=${TunnelID}" | |
| $Response = Invoke-WebRequest -Uri $UpdateURL -Credential $Credentials | Select-Object -Expand Content | |
| if ($Response -match "[\d\.]+$") { | |
| $clientIPv4WANAddress = $matches[0] | |
| Write-Output "Update Endpoint ... Pass. (IPv4: $clientIPv4WANAddress)" | |
| } else { | |
| Write-Output "Update Endpoint ... Fail! (URL was: $UpdateURL )" | |
| throw $Response | |
| } | |
| # Requirements | |
| Write-Output "Disabling other IPv6 interfaces" | |
| netsh interface 6to4 set state disabled | |
| netsh interface isatap set state disabled | |
| netsh interface teredo set state disabled | |
| # Cleanup possible remainings | |
| Write-Output "Cleanup possible remainings" | |
| netsh interface ipv6 delete address interface=$TunnelName address=$ClientIPv6Address | |
| netsh interface ipv6 delete interface $TunnelName | |
| # Setup interface, set IPv6 address | |
| Write-Output "Setup interface..." | |
| netsh interface ipv6 add v6v4tunnel interface=$TunnelName localaddress=$ClientIPv4NATAddress remoteaddress=$ServerIPv4Address | |
| netsh interface ipv6 add address interface=$TunnelName address=$ClientIPv6Address | |
| # Test IPv6 Tunnel | |
| Write-Output "Testing IPv6 tunnel doing a ping to ServerIPv6" | |
| PingCheck($ServerIPv6Address) | |
| # Setup Routing | |
| Write-Output "IPv6 Routing Setup" | |
| netsh interface ipv6 delete route interface=$TunnelName ::/0 | |
| netsh interface ipv6 add route prefix=::/0 interface=$TunnelName nexthop=$ServerIPv6Address | |
| # Test IPv6 Web | |
| Write-Output "Testing IPv6 tunnel doing a ping to ipv6.google.com" | |
| PingCheck("ipv6.google.com") | |
| Write-Output "All done. Good IPv6 surfing." |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
And what is the point of this
exit?https://gist.github.com/socketz/72322d155f0529537b39e7dee3a05356#file-ipv6tunnel-ps1-L46