-
-
Save lism/2b8d4862818ebf92da1e033cbd37c538 to your computer and use it in GitHub Desktop.
A PowerShell script to activate (and update) a 6-in-4 tunnel in Windows 10/11 using Hurricane Electric IPv6 Tunnel Broker
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $TunnelName = "IPv6Tunnel" | |
| $TunnelID = "123456" | |
| $ServerIPv6Address = "2001:a:b:c::1" | |
| $ServerIPv4Address = "200.1.2.3" | |
| # When behind a firewall appliance that passes protocol 41, | |
| # use the IPv4 address you get from your appliance's DHCP service | |
| # instead of the IPv4 endpoint you provided to Tunnelbroker | |
| $ClientIPv6Address = "2001:a:b:c::2" | |
| #$ClientIPv4WANAddress = "100.4.5.6" # Public Address (autodetected later) | |
| $ClientIPv4NATAddress = "192.168.1.2" # Local LAN Address | |
| $Username = "your_he_username" | |
| $UpdateKey = "he_secret_token" | |
| ### End of configuration ### | |
| function PingCheck($ip) { | |
| $pingResult = Test-Connection -ComputerName $ip -Count 1 -Quiet | |
| if ($pingResult) { | |
| Write-Output "Ping $ip ... Pass." | |
| } else { | |
| Write-Output "Ping $ip ... Fail!" | |
| exit 1 | |
| } | |
| } | |
| ### End of Helper Functions ### | |
| # Check Elevated Prompt | |
| $executionPolicy = Get-ExecutionPolicy | |
| if ($executionPolicy.ExecutionPolicy -ne 'Unrestricted') { | |
| Write-Output "This script requires elevated privileges (Run as administrator). Exit." | |
| exit 2 | |
| } | |
| # Check Server Endpoint, Update Client Endpoint and (bonus) get ClientIPv4WANAddress | |
| $Credentials = New-Object System.Management.Automation.PSCredential($Username, (ConvertTo-SecureString $UpdateKey -AsPlainText -Force)) | |
| $UpdateURL = "https://${Credentials}@ipv4.tunnelbroker.net/nic/update?hostname=${TunnelID}" | |
| $Response = Invoke-WebRequest -Uri $UpdateURL -Credential $Credentials | Select-Object -Expand Content | |
| if ($Response -match "[\d\.]+$") { | |
| $clientIPv4WANAddress = $matches[0] | |
| Write-Output "Update Endpoint ... Pass. (IPv4: $clientIPv4WANAddress)" | |
| } else { | |
| Write-Output "Update Endpoint ... Fail! (URL was: $UpdateURL )" | |
| throw $Response | |
| } | |
| # Requirements | |
| netsh interface 6to4 set state disabled | |
| netsh interface isatap set state disabled | |
| netsh interface teredo set state disabled | |
| # Cleanup possible remainings | |
| netsh interface ipv6 delete address interface=$TunnelName address=$ClientIPv6Address | |
| netsh interface ipv6 delete interface $TunnelName | |
| # Setup interface, set IPv6 address | |
| netsh interface ipv6 add v6v4tunnel interface=$TunnelName localaddress=$ClientIPv4LANAddress remoteaddress=$ServerIPv4Address | |
| netsh interface ipv6 add address interface=$TunnelName address=$ClientIPv6Address | |
| # Test IPv6 Tunnel | |
| PingCheck($ServerIPv6Address) | |
| # Setup Routing | |
| netsh interface ipv6 delete route interface=$TunnelName ::/0 | |
| netsh interface ipv6 add route prefix=::/0 interface=$TunnelName nexthop=$ServerIPv6Address | |
| # Test IPv6 Web | |
| PingCheck("ipv6.google.com") | |
| Write-Output "All done. Good IPv6 surfing." |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment