Since IPv6 Day when I registered for a SixXS handle, I’ve wanted to jump on the IPv6 wagon at home. My setup is a DSL line with Telenor as my ISP. Almost needless to say, Telenor does not do native IPv6, so another route had to be taken – as noted above, SixXS seems a good choice, since they have made arrangements with several transit providers/colo’s/ISPs to provide PoP’s (point of presence) whereto mortal users, such as myself, can tunnel IPv6 traffic. Now, SixXS already provide a near foolproof FAQ to get IPv6 set up, so I’ll focus on the steps where I chose wrong and experienced some hiccups.
My first wrong choice
SixXS gives you three choices of tunnel type: AYIYA, Heartbeat and static. Since I have a (DHCP) static IP at home, I figured a static tunnel would do. It wouldn’t. The reason is that for this to work, the router have to forward IP protocol 41 packets, which the Telenor-provided Zyxel 2602 router does not. So that’s 15 credits lost on a tunnel type change to AYIYA…
AYIYA setup
The AYIYA tunnel type requires the AICCU utility to be installed on the tunnel endpoint. Since I have an UPS’ed 24/7 linux box in the basement, I figured this was a good choice and it being a Debian box, it was just a matter of issuing a
sudo apt-get install aiccu
after which I needed to insert my SixXS handle and password in /etc/aiccu.conf
. After which… nothing happened… I tried fiddling with the parameters, messing with the ipv6 interface manually, adding routes etc. Nothing…
My second mistake
Having had nightmares about dropped ipv6 packets I woke up to find the tunnel up and pinging, as well as a fair latency. My mistake was to assume that the tunnel reprovisioning was instant, I guess…
And happily:
localhost:~# ping6 -n -c 4 ipv6.google.com PING ipv6.google.com(2a00:1450:4010:c04::63) 56 data bytes 64 bytes from 2a00:1450:4010:c04::63: icmp_seq=1 ttl=54 time=52.6 ms 64 bytes from 2a00:1450:4010:c04::63: icmp_seq=2 ttl=54 time=53.0 ms
Firewalling IPv6
Just as with IPv4 one will need to firewall traffic on IPv6, and even more so since every IPv6 enabled computer/device/thingy is effectively globally available, due to the lack of NAT’ing! For now I’ve gone with a custom modified version of the stateful example found here on my linux endpoint, but have a Microtik 450G on order to act as a “real” firewall (when I get around to setting up a router that allows me to terminate proto 41 traffic).
Distributing IPv6 on the LAN
Now my linux box is IPv6 – just give it a try:
somewhere:~$ dig bystrup.net AAAA ... ;; ANSWER SECTION: bystrup.net. 14400 IN AAAA 2001:16d8:dd00:1cd::2
and
somewhere:~$ ping6 bystrup.net connect: Network is unreachable
(OK, so the external host I tried this from isn’t IPv6 enabled yet…) To enable IPv6 on the rest of my LAN, an IPv6 subnet is needed – luckily I have that from SixXS as default (it’s a /64 subnet, which should be just fine for most people, but SixXS will provide a /48 subnet on request). The next step is “DHCP for IPv6” which is handled by the Router Advertisement Daemon. It’s easily available on Debian as sudo apt-get install radvd
. Once installed, edit /etc/radvd.conf
as follows:
interface eth0 { ... };
Alas, this is still on the TODO list, since I simply couldn’t get it to work with the default /64 routed subnet from SixXS. Relevant links to explore are Installing a subnet and How do I give connectivity to other hosts on my subnet in the SixXS FAQ