Skip to content
Six (IPv6 in IPv4) Userlspace Tunnel
Erlang Shell
Find file
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.

sut, an IPv6 in IPv4 Userlspace Tunnel (RFC 4213)



  • Sign up for an IPv6 tunnel with Hurricane Electric

  • Start the IPv6 tunnel:

    • Serverv4 = HE IPv4 tunnel end

    • Clientv4 = Your local IP address

    • Clientv6 = The IPv6 address assigned by HE to your end of the tunnel

      sut:start([{serverv4, ""}, {clientv4, ""}, {clientv6, "2001:3:3:3::2"}]).
    • Set up MTU and routing (as root)

      ifconfig sut-ipv6 mtu 1480
      ip route add ::/0 dev sut-ipv6
    • Test the tunnel!



start(Options) -> {ok, Ref}
start_link(Options) -> {ok, Ref}

    Types   Options = [Option]
            Option = {ifname, Ifname}
                | {serverv4, IPv4Address}
                | {clientv4, IPv4Address}
                | {clientv6, IPv6Address}
                | {filter_out, Fun}
                | {filter_in, Fun}
            Ifname = string() | binary()
            IPv4Address = string() | tuple()
            IPv6Address = string() | tuple()
            Fun = fun()
            Ref = pid()

    Starts a IPv6 over IPv4 configured tunnel.

    The default tun device is named "sut-ipv6". To specify the name,
    use {ifname, <<"devname">>}. Note the user running the tunnel
    must have sudo permissions to confifgure this device.

    {serverv4, Server4} is the IPv4 address of the peer.

    {clientv4, Client4} is the IPv4 address of the local end. If the
    client is on a private network (the tunnel will be NAT'ed by
    the gateway), specify the private IPv4 address here.

    {clientv6, Client6} is the IPv6 address of the local end. This
    address will usually be assigned by the tunnel broker.

    {filter_in, Fun} allows filtering and arbititrary transformation
    of IPv6 packets received from the network. All packets undergo
    the mandatory checks specified by RFC 4213 before being passed
    to user checks.

    {filter_out, Fun} allows filtering and manipulation of IPv6
    packets received from the tun device.

    Filtering functions take 2 argments: the packet payload (a binary)
    and the tunnel state:


        -record(sut_state, {

    Filtering functions should return ok to allow the packet or {ok,
    binary()} if the packet has been altered by the function.

    Any other return value causes the packet to be dropped. The
    default filter for both incoming and outgoing packets is a noop:

        fun(_Packet, _State) -> ok end.

destroy(Ref) -> ok

    Types   Ref = pid()

    Shutdown the tunnel. On Linux, the tunnel device will be removed.


  • Support other checks required by RFC

  • Make a firewall ruleset to Erlang compiler

Something went wrong with that request. Please try again.