VPS Documentation

IPv6 Tunneling to IPv4

Learn how to tunnel IPv6 traffic through an IPv4 network using different techniques such as 6to4, Teredo, and Cloudflare tunnels. These methods allow IPv6 connectivity even if your ISP only provides IPv4 support.

  • Using 6to4:

    6to4 is an automatic tunneling mechanism that allows IPv6 traffic to be transported over an IPv4 network. It assigns IPv6 addresses from the 2002::/16 block based on your IPv4 address.

    • Check System Support: Ensure your system supports 6to4 tunneling. Most modern Linux distributions and Windows versions do.
    • Enable the 6to4 Interface: Run the following command to create the tunnel interface: 
      • ip tunnel add tun6to4 mode sit remote any local YOUR_IPV4_ADDRESS ttl 255
    • Assign an IPv6 Address: Use your IPv4 address to generate a 6to4 address: 
      • ip addr add 2002:YOUR_IPV4_HEX::1/16 dev tun6to4
    • Set Up Routing: Ensure IPv6 traffic is routed through the tunnel:
      • ip link set tun6to4 up
ip -6 route add ::/0 dev tun6to4
    • Test Connectivity: Use ping6 google.com to confirm IPv6 access.
  • Using Teredo:

    Teredo is a tunneling protocol that allows IPv6 connectivity even when behind NAT. It encapsulates IPv6 packets inside UDP.

    • Install and Enable Teredo: Different operating systems handle Teredo differently.
    • For Windows: Open a command prompt as Administrator and run:
      • netsh interface teredo set state client
    • Check Teredo status with:
      • netsh interface teredo show state
    • For Linux: Install miredo (Teredo client) with:
      • sudo apt install miredo
    • Start the service:
      • sudo systemctl start miredo
    • Ensure Firewall Allows Teredo: UDP port 3544 must be open:
      • sudo ufw allow 3544/udp
    • Test IPv6 Connectivity: Run:
      • ping6 ipv6.google.com
  • Using Cloudflare Tunnels for SSH:

    Cloudflare's Argo Tunnel allows you to securely expose your SSH service via a domain, eliminating the need for port forwarding.

    • Sign Up for Cloudflare: Create an account at Cloudflare and add your domain.
    • Install Cloudflared on Your Server:
      • sudo apt install cloudflared
    • Authenticate Cloudflared: Run:
      • cloudflared tunnel login
    • Follow the authentication link provided in the output.
    • Create a Tunnel for SSH:
      • cloudflared tunnel create my-ssh-tunnel
    • Route the Tunnel to Your SSH Server:
      • cloudflared tunnel route ip my-ssh-tunnel 127.0.0.1
    • Configure the Tunnel in a Config File:
      • sudo mkdir -p /etc/cloudflared/
sudo nano /etc/cloudflared/config.yml

      Add the following content to the config file:

      tunnel: my-ssh-tunnel
credentials-file: /root/.cloudflared/my-ssh-tunnel.json

ingress:
  - hostname: ssh.example.com
    service: ssh://localhost:22
  - service: http_status:404
    • Start the Cloudflare Tunnel:
      • cloudflared tunnel run my-ssh-tunnel
    • Update Cloudflare DNS: Add a CNAME record in Cloudflare pointing ssh.example.com to my-ssh-tunnel.
    • Connect to SSH via Cloudflare Tunnel: Use the following command from a client machine: 
      • ssh -o ProxyCommand="cloudflared access ssh --hostname ssh.example.com" [email protected]
    • Verify Connection: If successful, you should now be able to SSH into your server using the Cloudflare tunnel.
Generating an SSH Key

Follow these steps to generate an SSH key pair for secure authentication:

  • Using OpenSSH (Linux/macOS/Windows with OpenSSH):
    • Open a terminal and run: 
      ssh-keygen -t rsa -b 4096 -C "[email protected]"
    • Press Enter to save the key in the default location (~/.ssh/id_rsa), or specify a custom path.
    • Optionally, enter a passphrase for extra security (recommended).
    • Your public key is stored as ~/.ssh/id_rsa.pub. Share this key securely with the remote server.
    Troubleshooting:
    • Command not found? Install OpenSSH: 
      sudo apt install openssh-client  # Debian/Ubuntu
      brew install openssh  # macOS (Homebrew)
    • Permission issues? Ensure your ~/.ssh directory has the correct permissions: 
      chmod 700 ~/.ssh && chmod 600 ~/.ssh/id_rsa
  • Using PuTTY (Windows):
    • Download and open PuTTYgen.
    • Select RSA and set the key size to 4096 bits.
    • Click "Generate" and move your mouse randomly in the blank area to create entropy.
    • Once generated, save the private key as a .ppk file.
    • Copy and save the public key for use on the server.
    Troubleshooting:
    • Cannot connect with PuTTY? Ensure your private key is converted to OpenSSH format: 
      puttygen private.ppk -O private-openssh -o id_rsa
    • Key authentication failing? Verify that the public key is correctly added to ~/.ssh/authorized_keys on the remote server.
Using Your SSH Key

Follow these steps to SSH into a server using your key:

  • Connect to the Server:
    • Use the following command: ssh -i ~/.ssh/id_rsa username@your-server-ip
    • If your key is stored in the default location, you can simply run: ssh username@your-server-ip
  • Using PuTTY (Windows):
    • Download PuTTY if you haven’t already.
    • Open PuTTY and navigate to Connection → SSH → Auth.
    • Click "Browse" and select your private key file (.ppk).
    • Go back to "Session", enter your server IP, and click "Open".
    • Log in with your username when prompted.
  • Verify Connection:
    • If successful, you should see a shell prompt on the server.
    • If denied, ensure your public key is added to ~/.ssh/authorized_keys on the server:
      • Run: cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
      • Ensure correct permissions: chmod 600 ~/.ssh/authorized_keys
    • Check SSH folder permissions:
      • Run: chmod 700 ~/.ssh (makes sure the directory is secure).
      • Run: chmod 600 ~/.ssh/id_rsa (restricts private key access).
    • Restart SSH service on the server (if you have access): sudo systemctl restart ssh
    • Ensure the SSH server is listening on the correct port (default is 22):
      • Check with: sudo netstat -tulnp | grep ssh
      • If SSH is running on a different port, connect using: ssh -p PORT username@your-server-ip
    • Check for any firewall rules blocking SSH:
      • On Ubuntu/Debian: sudo ufw status
      • On CentOS/RHEL: sudo firewall-cmd --list-all
      • Ensure SSH is allowed: sudo ufw allow OpenSSH
    • Confirm the SSH daemon is configured correctly:
      • Check /etc/ssh/sshd_config for settings like PermitRootLogin and PubkeyAuthentication.
      • Restart SSH after changes: sudo systemctl restart ssh

Still Need Help?

If you're still experiencing issues, please reach out to us for further assistance. It helps us troubleshoot faster if you can provide the following information:

For more help, visit our Contact Us page.

Back to Docs Selection