I have recently moved my hosting to a couple of VPSes at ChicagoVPS and wanted to use IPv6 (via tunnelbroker.net)
ChicagoVPS uses OpenVZ which presents a couple of problems
$ ifconfig sit0
sit0: error fetching interface information: Device not found
$ sudo modprobe ipv6
FATAL: Module ipv6 not found.
It turns out, this is a fairly common problem though OpenVZ is supposed to support IPv6. Luckily, someone made a small userland program (tb-tun, which “tunnels” IPv6 tunnels through a TUN/TAP device.
First, it requires tun/tap device support to be enabled in the VPS, this is done in the control panel under settings

Note! – Changing this setting will reboot your VPS without warning!
Next, make sure the build-essential package is installed (it’s included in the Ubuntu template at ChicagoVPS)
$ sudo apt-get install build-essential
Now, download and install the tb-tun program
$ mkdir tb-tun
$ cd tb-tun
$ wget https://tb-tun.googlecode.com/files/tb-tun_r18.tar.gz
$ tar zxvf tb-tun_r18.tar.gz
$ gcc tb_userspace.c -l pthread -o tb_userspace
$ sudo mv tb_userspace /usr/local/sbin
Before, continuing I recommend looking up the following information:
Server IPv4 Address - This is the IPv4 address of the Tunnelbroker gateway
Client IPv4 Address - This is the IPv4 address of your server
Client IPv6 Address - This is the IPv6 address of your server (for the tunnel end-point)
Routed /64 - This is your network
Next, you need to ensure your iptables configuration allows incoming encapsulated IPv6 traffic (protocol 41). Since ufw is a PITA to get to work on OpenVZ, I’m using iptables-persistant, which simply means adding one line to /etc/iptables-persistent/rules.v4
# IPv6 tunnel
-A INPUT -p 41 -s <Server IPv4 Address> -j ACCEPT
You also need to secure your server on IPv6, /etc/iptables-persistent/rules.v6
*filter
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# Allow ping
-A INPUT -p ipv6-icmp -j ACCEPT
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT
-A INPUT -j DROP
-A FORWARD -j DROP
COMMIT
Apply the new rules
$ sudo service iptables-persistent reload
Finally, you are ready to set up your tunnel in /etc/network/interfaces
auto tb
iface tb inet6 manual
pre-up setsid /usr/local/sbin/tb_userspace tb <Server IPv4 address> <Client IPv4 address> sit > /dev/null &
up ifconfig tb up
post-up ifconfig tb inet6 add <Client IPv6 address>/64
post-up ifconfig tb inet6 add <Routed /64>:1/64
post-up ifconfig tb mtu 1480
post-up route -A inet6 add ::/0 dev tb
post-up netstat -rn6 | grep -q venet0 && route -A inet6 del ::/0 dev venet0
down ifconfig tb down
post-down route -A inet6 del ::/0 dev tb
post-down killall tb_userspace
In my setup it looks like this:
auto tb
iface tb inet6 manual
pre-up setsid /usr/local/sbin/tb_userspace tb 209.51.181.2 192.210.137.214 sit > /dev/null &
up ifconfig tb up
post-up ifconfig tb inet6 add 2001:470:1f10:74b::2/64
post-up ifconfig tb inet6 add 2001:470:1f11:74b::1:1/64
post-up ifconfig tb mtu 1480
post-up route -A inet6 add ::/0 dev tb
post-up netstat -rn6 | grep -q venet0 && route -A inet6 del ::/0 dev venet0
down ifconfig tb down
post-down route -A inet6 del ::/0 dev tb
post-down killall tb_userspace
Now, I just have one question

(Actually I know, and understand, why. It’s still annoying though)