HOWTO: Get IPv6 in your home

Since IPv6 Day when I registered for a SixXS handle, I’ve wanted to jump on the IPv6 wagon at home. My setup is a DSL line with Telenor as my ISP. Almost needless to say, Telenor does not do native IPv6, so another route had to be taken – as noted above, SixXS seems a good choice, since they have made arrangements with several transit providers/colo’s/ISPs to provide PoP’s (point of presence) whereto mortal users, such as myself, can tunnel IPv6 traffic. Now, SixXS already provide a near foolproof FAQ to get IPv6 set up, so I’ll focus on the steps where I chose wrong and experienced some hiccups.

My first wrong choice

SixXS gives you three choices of tunnel type: AYIYA, Heartbeat and static. Since I have a (DHCP) static IP at home, I figured a static tunnel would do. It wouldn’t. The reason is that for this to work, the router have to forward IP protocol 41 packets, which the Telenor-provided Zyxel 2602 router does not. So that’s 15 credits lost on a tunnel type change to AYIYA…

AYIYA setup

The AYIYA tunnel type requires the AICCU utility to be installed on the tunnel endpoint. Since I have an UPS’ed 24/7 linux box in the basement, I figured this was a good choice and it being a Debian box, it was just a matter of issuing a

sudo apt-get install aiccu

after which I needed to insert my SixXS handle and password in /etc/aiccu.conf. After which… nothing happened… I tried fiddling with the parameters, messing with the ipv6 interface manually, adding routes etc. Nothing…

My second mistake

Having had nightmares about dropped ipv6 packets I woke up to find the tunnel up and pinging, as well as a fair latency. My mistake was to assume that the tunnel reprovisioning was instant, I guess…

T118434 weekly latency

T118434 latency

And happily:

localhost:~# ping6 -n -c 4
PING 56 data bytes
64 bytes from 2a00:1450:4010:c04::63: icmp_seq=1 ttl=54 time=52.6 ms
64 bytes from 2a00:1450:4010:c04::63: icmp_seq=2 ttl=54 time=53.0 ms

Firewalling IPv6

Just as with IPv4 one will need to firewall traffic on IPv6, and even more so since every IPv6 enabled computer/device/thingy is effectively globally available, due to the lack of NAT’ing! For now I’ve gone with a custom modified version of the stateful example found here on my linux endpoint, but have a Microtik 450G on order to act as a “real” firewall (when I get around to setting up a router that allows me to terminate proto 41 traffic).

Distributing IPv6 on the LAN

Now my linux box is IPv6 – just give it a try:

somewhere:~$ dig AAAA
;; ANSWER SECTION:            14400   IN      AAAA    2001:16d8:dd00:1cd::2


somewhere:~$ ping6
connect: Network is unreachable

(OK, so the external host I tried this from isn’t IPv6 enabled yet…) To enable IPv6 on the rest of my LAN, an IPv6 subnet is needed – luckily I have that from SixXS as default (it’s a /64 subnet, which should be just fine for most people, but SixXS will provide a /48 subnet on request). The next step is “DHCP for IPv6” which is handled by the Router Advertisement Daemon. It’s easily available on Debian as sudo apt-get install radvd. Once installed, edit /etc/radvd.conf as follows:

interface eth0 { 

Alas, this is still on the TODO list, since I simply couldn’t get it to work with the default /64 routed subnet from SixXS. Relevant links to explore are Installing a subnet and How do I give connectivity to other hosts on my subnet in the SixXS FAQ

This entry was posted in IPv6, Networking and tagged , , , , . Bookmark the permalink.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.