Difference between revisions of "IPv6 router guide"
(Marked this version for translation)
|Line 107:||Line 107:|
Hurricane Electric (HE for short) offers free IPv6 tunnels and allocates a /64 block of addresses for you. It also allows configuration of reverse DNS. Getting a tunnel from HE is as easy as going to [
Hurricane Electric (HE for short) offers free IPv6 tunnels and allocates a /64 block of addresses for you. It also allows configuration of reverse DNS. Getting a tunnel from HE is as easy as going to [://www../ ://www.tunnelbroker.net/] and filling out a one page form.
Latest revision as of 19:59, 5 February 2014
- 1 Preliminaries
- 2 Tunnel Configuration
- 3 IPv6 Support in Applications
- 4 DNS setup
- 5 IPv6 Router
- 6 IPv6 Clients
- 7 Other Resources
- 8 Acknowledgements
Basic Kernel Configuration
Any of the 2.6 kernel trees available in Gentoo will easily support IPv6 connections. The new USAGI IPv6 stack is integrated to the kernel since Linux 2.6.0.
Now we are ready to enter the kernel source directory and begin our actual kernel configuration.
Testing IPv6 Support
After enabling the recommended options, recompile your kernel and reboot into your new IPv6-enabled kernel.
If you don't already have iproute2 installed, we urge you to do it now. iproute2 is a network configuration suite that contains
ip , the famous replacement for
iptunnel and others...
If IPv6 is working, the loopback device should show an IPv6 address:
Before going any further, make sure that you add ipv6 to your list of USE variables in make.conf , so that future emerges of packages will include IPv6 support.
Most ISPs still do not offer any native IPv6 connections. To get around this limitation, there are several "tunnel brokers" around the globe that offer free IPv6 tunnels. This will allow you to tunnel all your IPv6 connections through an IPv4 connection.
|Hurricane Electric||North America, Europe, Asia|
Below are two examples for setting up a tunnel with two popular North American tunnels, Hurricane Electric (applies for non-heartbeat tunnels from sixxs.net as well) and Freenet6.
Hurricane Electric (HE for short) offers free IPv6 tunnels and allocates a /64 block of addresses for you. It also allows configuration of reverse DNS. Getting a tunnel from HE is as easy as going to https://www.tunnelbroker.net/ and filling out a one page form.
After you have a tunnel approved and have a /64 block allocated, you can configure your Gentoo box. HE provides sample configurations based on ifconfig and the iproute utilities. The following two examples assume you have the following configuration:
|Local IPv4 Address (eth0)||22.214.171.124|
|HE IPv4 Address||126.96.36.199|
|Local IPv6 tunnel Address||2001:470:1F00:FFFF::189|
Using the iproute2 package and the
ip command, you would do the following.
Create a tunnel between the local (eth0) IPv4 and HE's remote IPv4 address:
Extract the tunneling overhead from the MTU:
Bring the tunnel up:
Assign the IPv6 address to it:
Route all global unicast IPv6 addresses through our 'sixbone' tunnel device:
Freenet6 is another free tunnel broker. Optional registration only requires a username and a valid email address. They have chosen to turn the tunnel management into a client/server setup and have created the
gateway6 client. The client is available in Portage. To install it do:
Now if you chose to connect with authentication, you need to configure
gateway6 by editing /etc/gateway6/gw6c.conf . You should only have to change the userid and passwd fields to match those assigned from Freenet6 and change the gateway server. Below is a sample config file.
Testing your connection
Now that your tunnel is configured, you can test your connection. The easiest way to do this is to use the
ping6 utility and try to ping an IPv6 host.
Further work is currently in progress to add better IPv6 support to the network init scripts. If you'd like to know the status of this and/or help out, email firstname.lastname@example.org.
IPv6 Support in Applications
Unless you had USE="ipv6" in your /etc/portage/make.conf previously, you probably need to re-emerge a bunch of packages to compile in IPv6 support for them. To get a list of all the installed packages which are affected by USE flag changes, use Portage's
-N ) option:
If you have changed a lot of USE flags, the list could be quite long. It's suggested to keep your system up-to-date, so it won't hurt if you recompile all affected packages.
IPv6 Specific Packages
There are a few packages which specifically deal with IPv6 items. Most of these are located in /usr/portage/net-misc .
|net-misc/ipv6calc||Converts an IPv6 address to a compressed format|
|net-misc/netcat6||netcat version that supports IPv6 and IPv4|
|dev-perl/Socket6||IPv6 related part of the C socket.h defines and structure manipulators|
IPv6 and DNS
Just as DNS for IPv4 uses A records, DNS for IPv6 uses AAAA records. (This is because IPv4 is an address space of 2^32 while IPv6 is an address space of 2^128). For reverse DNS, the INT standard is deprecated but still widely supported. ARPA is the latest standard. Support for the ARPA format will be described here.
Recent versions of BIND include excellent IPv6 support. This section will assume you have at least minimal knowledge about the configuration and use of BIND. We will assume you are not running bind in a chroot. If you are, simply append the chroot prefix to most of the paths in the following section.
First you need to add entries for both forward and reverse DNS zone files in /etc/bind/named.conf .
Now we must create those zone files and add entries for all of our hosts:
There are currently some third-party patches to DJBDNS available at http://www.fefe.de/dns/ that allow it to do IPv6 nameserving. DJBDNS can be installed with these patches by emerging it with ipv6 in your USE variables.
After djbdns is installed, it can be setup by running
tinydns-setup and answering a few questions about which IP addresses to bind to, where to install tinydns, etc.
Assuming we've installed
tinydns into /var/tinydns , we can now edit /var/tinydns/root/data . This file will contain all the data needed to get tinydns handling DNS for your IPv6 delegation.
Lines prefixed with a
6 will have both an AAAA and a PTR record created. Those prefixed with a
3 will only have an AAAA record created. Besides manually editing the data file, you can use the scripts
add-alias6 to add new entries. After changes are made to the data file, you simply need to run
make from /var/tinydns/root . This will create /var/tinydns/root/data.cfb , which tinydns will use as its source of information for DNS requests.
Further configuration is required if we want to use our system as a router for other clients wishing to connect to the outside world with IPv6. We need to enable forwarding of IPv6 packets. We can do this in one of two ways.
Or we set the value 1 in the forwarding pseudo-file:
Or we use the
To enable forwarding at boot, you'll need to edit /etc/sysctl.conf and add the following line.
Traffic should now be forwarded from this box through the tunnel we've established with our broker.
To assign IPv6 addresses to clients, the IPv6 specification allows for both stateless and stateful IP assignment. Stateless assignment uses a process called Router Advertisement and allows clients to obtain an IP and a default route by simply bringing an interface up. It is called "stateless" because there is no record of IPs assigned and the host they are assigned to. Stateful assignment is handled by DHCPv6. It is "stateful" because the server keeps a state of the clients who've requested IPs and received them.
Stateless configuration is easily accomplished using the Router Advertisement Daemon, or
After having emerged
radvd , we need to create /etc/radvd/radvd.conf that contains information about what IP block to assign IPs from. Here is a sample radvd.conf file using the prefix we've been assigned from our tunnel broker.
Further information is available in
man radvd.conf . We can now start
radvd and set it to start at boot.
If you'd like to have stateful configuration, you'll need to install and configure
Now we must configure the dibbler client by editing /etc/dibbler/client.conf .
We can now start the dibbler client, and configure it to start at boot.
Clients behind this router should now be able to connect to the rest of the net via IPv6. If using radvd, configuring hosts should be as easy as bringing the interface up. (This is probably already done by your net.ethX init scripts).
There are many excellent resources online pertaining to IPv6.
|www.ipv6.org||General IPv6 Information|
On IRC, you can try
#ipv6 on Freenode . You can connect to the Freenode servers using an IPv6 enabled client by connecting to irc.ipv6.freenode.net .
We would like to thank the following authors and editors for their contributions to this guide:
- Peter Johanson
- Jorge Paulo
- Sven Vermeulen
- Camille Huot
- Pasi Valminen