Due to additional security measures, we have implemented Multi-Factor Authentication (MFA) on this Support Portal. Please log in using your registered email ID or phone number. In case of any difficulty, kindly reach out to Seqrite Support by emailing us at "support@seqrite.com".

How-To Articles

How to configure 6to4 tunnel in UTM.

19-02-2020 16:55:25


6to4 tunneling is an integration method where an IPv6 packet is encapsulated within an IPv4. 6to4 is very useful when trafficking IPv6 data over an IPv4 network, it especially works best in WAN settings where a remote network is still running IPv4 protocols. All you do in this migration type is simply to create or configure a tunnel that will carry IPv6 traffic across an IPv4 network.

One benefit of 6to4 is that it doesn't require configured tunnels. It can be implemented in border device without a great deal of device configuration.

Two computers using 6to4 can talk to each other using IPv6 by encapsulating that traffic inside of protocol IPv4 packets. 6to4 tunnels use a prefix of the form “2002:tunnel-IPv4-address::/48” to tunnel IPv6 traffic over IPv4.

With 6to4 tunnels, the tunnel destination is determined by the border device IPv4 address. The border device at each end of a 6to4 tunnel must support both the IPv4 and IPv6 protocol stacks.

This article describes how you can tunnel IPv6 traffic through IPv4 networks using Seqrite UTM.

Applicable Version: All


As shown in the diagram below both Head Office Host A and Branch Office Host B LAN are configured with IPv6 addresses. Traffic is to travel to and from the Head office to Branch Office.

How 6to4 Works

The logic behind 6to4 tunneling may not be readily apparent. Let's trace the path of an IPv6 packet from Host A to Host B . The packet begins as a normal IPv6 packet with IPv6 source and destination addresses. These addresses do not change for the life of the packet.

UTM receives the IPv6 packet and checks the destination IPv6 address and closest (and only) matching route is 6to4 Tunnel configured on the UTM.

 This is where 6to4 comes into play. As the IPv6 packet is routed out of Tunnel it is encapsulated into IPv4 address configured on WAN interface ( of the UTM. The source address of the packet will be the normal IPv4 address of the UTM WAN interface, but the destination address will be set to which is the relay server IP address. is a specially assigned globally announced Anycast address of the "nearest" 6to4 relay server. Relay server handling 6to4 traffic announce into the IPv4 internet and process protocol 41 traffic for

The encapsulated packet is routed through the IPv4 cloud until it reaches UTM2 WAN interface ( The IPv4 header is stripped upon entering UTM2's interface. The remaining IPv6 packet is routed onto the IPv6 LAN toward Host B.


You can configure IPv6 tunnel over IPv4 in Seqrite UTM using GUI

Configuration on Seqrite UTM.

You can configure IPv6 tunnel over IPv4 from HO to BO and vice versa by following the instructions below.

1.      Navigate to Network > IPv6. Enable the IPv6 mode.

2.      In the 6to4 area, click the status button to enable the 6to4 mode.

3.      Select an Interface. This Interface should be a public WAN with IPv4 address and    on which the 6to4 tunnel is to be created. 

Note: You must configure the WAN interface before enabling the 6to4 tunnel.

4.      Select the Public IPv4 address.

5.      Enter 6to4 relay Server Address. This option helps to set the relay server, you can either set it or use the default

6.      Click Apply.

Please contact Seqrite Technical Support for more assistance