Setting Up an IPv6 home network with Ubuntu
The following text is almost the same for Debian setups.
If you are reading this page your ISP probably does not provide IPv6 connectivity yet.
However you can offer a full IPv6 connectivity to all your local computers without even touching them !
This is rather simple and requires only a few things :
- you are the owner of a very basic Linux box (RaspberryPi with Debian Wheezy for example),
- you have a fully functional IPv4 Internet access,
- local computers OS support IPv6 out of the box (ie : Windows 7, Vista, any recent Linux...)
- you read carefully the following steps
In the below examples we have the following interfaces:
- eth0 connects the local computers
- sixxs is the tunnel interface
Contents
SixXS tunnel configuration on Ubuntu/Debian
The prerequisite here is that you already have a valid SixXS account, tunnel and subnet. You can easily ask for these elements at the main site. E.g. for tunnel here.
Note: as of Ubuntu Saucy (13.10), installation appears to fail with a message stating that /usr/share/aiccu/conf-templates/aiccu.conf and /etc/aiccu.conf are different. However, this difference is normal, as the /usr version is a generic template whereas the /etc one is specific to your setup, and contains your own handle and password.
The apparent failure to install does not seem to affect the functioning of aiccu, but the package manager(s) will flag it as 'partially configured'.
Next step, install aiccu via the software center, or from a terminal with the following command:
$ sudo apt-get install aiccu
The installation script asks you to enter your SixXS username and password.
Note: The installation might not finish if the installation process can not start aiccu. This could be the case if no tunnel is configured or enabled. If this is the case do not interrupt the installation. Start another Terminal and issue, as mentioned in this artikel https://www.sixxs.net/wiki/Aiccu/InstallationOnUbuntu, the command:
$ sudo aiccu stop #or just kill it if it wont be able to stop
Then you can start aiccu : "service aiccu start" (or even "sudo /etc/init.d/aiccu start" on older versions of Ubuntu) and check your interface is up and running (default is "aiccu" but I have named it "sixxs"):
lenovix:~$ ifconfig sixxs
sixxs Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
adr inet6: fe80::2/64 Scope:Lien
adr inet6: 2001:db8:1000:cafe::2/64 Scope:Global
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1280 Metric:1
Packets reçus:38640 erreurs:0 :0 overruns:0 frame:0
TX packets:31741 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:500
Octets reçus:21915435 (21.9 MB) Octets transmis:5795831 (5.7 MB)
lenovix:~$
OK, now some connectivity checks :
lenovix:~$ ping6 2001:200:dff:fff1:216:3eff:feb1:44d7 PING 2001:200:dff:fff1:216:3eff:feb1:44d7(2001:200:dff:fff1:216:3eff:feb1:44d7) 56 data bytes 64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: icmp_seq=1 ttl=47 time=394 ms 64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: icmp_seq=2 ttl=47 time=383 ms ^C --- 2001:200:dff:fff1:216:3eff:feb1:44d7 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 2999ms rtt min/avg/max/mdev = 372.237/381.619/394.864/8.602 ms lenovix:~$
Sounds good !
Turn your Ubuntu server into an IPv6 router
First of all, enable IPv6 forwarding by uncommenting the following line in /etc/sysctl.conf :
net.ipv6.conf.all.forwarding=1
Now you have to install radvd, in order to enable your box to run SLAAC (see RFC 4862) and send RA to computers located on your local LAN.
The nice thing here is that, even if your provider does not provide ipv6 connectivity, since most of the ADSL boxes bridge traffic between wired and wireless medias, all your local computers will receive RAs coming from your Linux box !
sudo apt-get install radvd
Now edit the config file and pick a /64 from your /48 subnet to be advertised on the LAN.
Here below is my config file :
lenovix:~$ cat /etc/radvd.conf
interface eth0 {
AdvSendAdvert on ;
# Advertise at least every 30 seconds
MaxRtrAdvInterval 30;
# in order to force non RFC 6106 compliant clients to get a dns address
AdvOtherConfigFlag on ;
prefix 2001:db8:1000:baba::/64 {
AdvOnLink on;
AdvAutonomous on;
};
RDNSS IPv6_ADDRESS_OF_SIXXSNSCACHE_1 IPv6_ADDRESS_OF_SIXXSNSCACHE_2 {
};
};
lenovix:~$
As you can see, RAs are sent on eth0 every 30 seconds, containing flag O=1, and RDNSS option containing ipv6 addresses of SixXS nscache that you may find here : [1]
This config enables DHCPv6 Stateless mode (see RFC 3736) as well as RA option for DNS config (see RFC 6106).
Though this could seem redundant, remember that a lot of OS are not RFC6106 compliant yet (even Windows 7).
Because flag "O" says hosts to rely on DHCPv6 to get a DNS address, you also have to set up a DHCPv6 server :
sudo apt-get install wide-dhcpv6-server
and fill in the config file. Here is how mine looks like :
lenovix:~$ cat /etc/wide-dhcpv6/dhcp6s.conf option domain-name-servers IPv6_ADDRESS_OF_SIXXSNSCACHE_1 IPv6_ADDRESS_OF_SIXXSNSCACHE_2 ; lenovix:~$
Then start the server :
lenovix:~$ sudo /etc/init.d/wide-dhcpv6-server start * Starting WIDE DHCPv6 server on eth0 dhcp6s [ OK ] lenovix:~$ sudo /etc/init.d/wide-dhcpv6-server status Status of dhcp6s: dhcp6s is running on eth0. lenovix:~$
Set up ufw. ufw blocks forward traffic by default. You need to add two rules to /etc/ufw/before6.rules to allow traffic from your local LAN to the outside world :
-A ufw6-before-forward -i eth0 -s YOUR_ROUTED_IPv6_NETWORK/64 -o sixxs -m state --state NEW -j ACCEPT -A ufw6-before-forward -m state --state RELATED,ESTABLISHED -j ACCEPT
In the most recent version of ufw DHCPv6 traffic is allowed, otherwise you have to add to /etc/ufw/before6.rules :
-A ufw6-before-input -p udp -s fe80::/10 --sport 547 -d fe80::/10 --dport 546 -j ACCEPT
Check your configuration
On any Windows computer sitting on the same LAN, I can check my config :
C:\Users\jdoe>netsh
netsh>
netsh>int ipv6
netsh interface ipv6>sho int
Idx Met MTU State Name
--- ---------- ---------- ------------ ---------------------------
1 50 4294967295 connected Loopback Pseudo-Interface 1
11 10 1500 disconnected Wireless Network Connection
10 20 1280 connected Local Area Connection
netsh interface ipv6>
netsh interface ipv6>sho add 10
Address 2001:db8:1000:baba:f2de:f1ff:feab:cdef Parameters ==> this is cool, I have a global address coming from my pool
---------------------------------------------------------
Interface Luid : Local Area Connection
Scope Id : 0.0
Valid Lifetime : 23h59m43s
Preferred Lifetime : 3h59m43s
DAD State : Preferred
Address Type : Public
Skip as Source : false
Address fe80::f2de:f1ff:feab:cdef%10 Parameters
---------------------------------------------------------
Interface Luid : Local Area Connection
Scope Id : 0.10
Valid Lifetime : infinite
Preferred Lifetime : infinite
DAD State : Preferred
Address Type : Other
Skip as Source : false
netsh interface ipv6>sho dns 10
Configuration for interface "Local Area Connection"
DNS servers configured through DHCP: IPv6_ADDRESS_OF_SIXXSNSCACHE_1
IPv6_ADDRESS_OF_SIXXSNSCACHE_2
Register with which suffix: Primary only
netsh interface ipv6>
netsh interface ipv6> exit
Troubleshooting
At any time you can use "radvdump" on the Linux machine to see the contents of ICMP RA messages sent on the LAN. You can also run "wireshark" on any local computer and filter "icmpv6" to check if you correctly receive the expected RA messages and options.
Now you have a fully functional ipv6 connectivity on any local computer with "zero touch" config
Enjoy !!
