IPv6 router guide/ja

This guide Article description::provides details on setting up IPv6 routing on a Gentoo Linux system.

Basic kernel configuration
バージョンv2.6.0以降のカーネルは、IPv6接続を簡単にサポートします. Linux v2.6.0以降、新しいUSAGI IPv6スタックがカーネルに統合されています.

カーネルソースディレクトリに入り、カーネル構成を開始します：

Testing IPv6 support
推奨オプションを有効にした後、カーネルを再コンパイルしてから、新しいIPv6対応カーネルで再起動します.

If the package is not yet installed, it is highly recommended to do so before continuing with this guide. iproute2 is a network configuration suite that contains, the famous replacement for , , and others...

If IPv6 is working, the loopback device should show an IPv6 address:

Before proceeding any further, make sure to add  to the list of USE variables in, so that future emerges of packages will include IPv6 support.

Basic configuration
Most ISPs still do not offer any native IPv6 connections. To get around this limitation, there are several "tunnel brokers" around the globe that offer free IPv6 tunnels. This will allow to tunnel all the IPv6 connections through an IPv4 connection.

Below is an example for setting up a tunnel with a popular North American tunnel Hurricane Electric.

Hurricane Electric
Hurricane Electric (HE for short) offers free IPv6 tunnels and allocates a /64 block of addresses for each customer. It also allows configuration of reverse DNS. Getting a tunnel from HE is as easy as going to https://www.tunnelbroker.net/ and filling out a one page form.

After a tunnel is approved and a /64 block is allocated, start to configure the system. HE provides sample configurations based on and the iproute utilities. The following two examples assume that the following configuration is used:

Using the package and the  command, do the following.

Create a tunnel between the local (eth0) IPv4 and HE's remote IPv4 address:

Extract the tunneling overhead from the MTU:

Bring the tunnel up:

Assign the IPv6 address to it:

Route all global unicast IPv6 addresses through our 'he6' tunnel device:

The following example shows how to establish this at boot time:

To make this device start on boot:

When tunneling IPv6 over IPv4, the packets will first come through the IPv4 chain before being passed to the IPv6 chain.

Testing the connection
Now that the tunnel is configured, test the connection. The easiest way to do this is to use the  utility and try to ping an IPv6 host.

Re-emerging packages
Unless  was already set in  previously, it is probably necessary to re-emerge a bunch of packages to compile in IPv6 support for them. To get a list of all the installed packages which are affected by USE flag changes, use Portage's   option:

When many USE flags have been changed, the list could be quite long. It's suggested to keep the system up-to-date, so it won't hurt if all affected packages are rebuilt.

IPv6 specific packages
There are a few packages which specifically deal with IPv6 items. Most of these are located in the category.

IPv6 and DNS
Just as DNS for IPv4 uses A records, DNS for IPv6 uses AAAA records. (This is because IPv4 is an address space of 2^32 while IPv6 is an address space of 2^128). For reverse DNS, the INT standard is deprecated but still widely supported. ARPA is the latest standard. Support for the ARPA format will be described here.

BIND configuration
Recent versions of BIND include excellent IPv6 support. This section will assume at least minimal knowledge about the configuration and use of BIND. We will assume that bind is not running in a chroot. If this assumption is wrong, simply append the chroot prefix to most of the paths in the following section.

First add entries for both forward and reverse DNS zone files in.

Now zone files and entries will need added for all hosts:

DJBDNS configuration
There are currently some third-party patches available to the package that allow it to do IPv6 name serving. DJBDNS can be installed with these patches by emerging it with  in the USE variable.

After djbdns is installed, it can be setup by running and answering a few questions about which IP addresses to bind to, where to install tinydns, etc.

Assuming has been installed into, edit. This file will contain all the data needed to get tinydns handling DNS for the IPv6 delegation.

Lines prefixed with a  will have both an AAAA and a PTR record created. Those prefixed with a  will only have an AAAA record created. Besides manually editing the file, it is possible to use the scripts  and  to add new entries. After changes are made to the file, simply run   from. This will create, which tinydns will use as its source of information for DNS requests.

Configure routing
Further configuration is required when using the system as a router for other clients wishing to connect to the outside world with IPv6: the forwarding of IPv6 packets. This can be enabled in one of two ways.


 * Set the value 1 in the forwarding pseudo-file; this change is non-persistent:




 * Use the command:

To enable forwarding at boot, edit and add the following line.

Traffic should now be forwarded from this box through the tunnel we've established with our broker.

To assign IPv6 addresses to clients, the IPv6 specification allows for both stateless and stateful IP assignment. Stateless assignment uses a process called Router Advertisement and allows clients to obtain an IP and a default route by simply bringing an interface up. It is called "stateless" because there is no record of IPs assigned and the host they are assigned to. Stateful assignment is handled by DHCPv6. It is "stateful" because the server keeps a state of the clients who have requested IPs and received them.

Stateless configuration
Stateless configuration is easily accomplished using the Router Advertisement Daemon, or :

After having emerged, create the file to contains information to defined what IP block from which to assign IPs. Here is a sample file using the prefix assigned from the tunnel broker.

Further information is available in. can now be started and set it to be enabled at boot.

Stateful configuration
To have a stateful configuration, install and configure.

Configure the dibbler client by editing.

Now start the dibbler client, and configure it to start at boot:

Using radvd
Clients behind this router should now be able to connect to the rest of the net via IPv6. If using radvd, configuring hosts should be as easy as bringing the interface up. (This is probably already done by the net.ethX init scripts).

Should this not work ensure that the IPv6 firewall is allowing ICMPv6 packets through:

External resources
There are many excellent resources online pertaining to IPv6.


 * www.ipv6.org - General IPv6 information
 * www.linux-ipv6.org/ - USAGI project
 * www.deepspace6.net - Linux/IPv6 site
 * www.kame.net - *BSD implementation

On IRC, try the channel on Libera.Chat. Connect to the Libera.Chat servers using an IPv6 enabled client by connecting to irc.ipv6.libera.chat.