IPv6
From LinodeWiki
Contents |
[edit] What?
If you follow this tutorial, your Linode should be able to communicate over the internet with IPv6 (the new version of IP addresses).
[edit] How?
- Verify that your node is pingable from outside addresses. If not, change your firewall to allow ipv6.he.net to ping your server.
- Sign up with Hurricane Electric's Tunnel Broker. There are many other tunnel brokers you can choose from, but because HE colocates some of Linode's servers this document will refer to them. Enter all of your contact information when prompted, and enter the primary IP address of your node when asked.
- Login to the HE Tunnel Broker.
- Click on the long name of your created tunnel, to see its details.
- Click on the Example Configs pulldown at the bottom of your config details page. This used to be in the left hand column.
- Select either Linux-route2 or Linux-net-tools. If the ip command is installed on your server, then you should choose route2, otherwise choose Linux-net-tools.
- Click on "Show Config".
- If you are using route2, pretend that the modprobe ipv6 command is not listed. IPv6 support is compiled into the Linode kernels.
- Run the commands listed at your Linode's console.
- You should now be connected through the internet via IPv6! Test the connection by typing ping6 server . If you don't know of any servers, use irc6.oftc.net. The ping6 utility might not be on your node, you will have to find a package in your distribution to install it.
- If the ping fails with messages like Operation not permitted, then a firewall might be blocking the traffic to HE's tunnel.
- If the ping is successful, you are now connected and people can connect to you via your new IPv6 address! Start publishing your IPv6 records in DNS (via AAAA records).
[edit] The "right way" to set up your tunnel
[edit] Debian
Add the following to /etc/network/interfaces, replacing bolded details.
auto hetunnel # to have the interface auto restart on every reboot
iface hetunnel inet6 v4tunnel
address HESupplied-ClientIPv6address
netmask 64
ttl 64
gateway HESupplied-ServerIPv6address
endpoint HESupplied-ServerIPv4address
local localIPv4address # needed if you have more than one v4 address
[edit] Ubuntu
The configuration is the same as for Debian, but the network will fail to start because ifup tries to load ipv6 as a module and fails due to it being builtin. This is possibly due to a bug in modprobe.
YMMV - Recent ubuntu distributions may not need this step. Some users have reported using the debian steps above, or the steps directly from he.net without problem. It may be best to try and ifup the interface first, and do this if necessary.
- Confirmed as an unnecessary step on Ubuntu 10.04LTS 07/02/2010 Jtsage
As root/sudo divert the old modprobe, this means that any subsequent upgrade won't blow away your script
dpkg-divert --add --rename --divert /sbin/modprobe.real /sbin/modprobe
Create a replacement /sbin/modprobe script:
#!/bin/bash
/sbin/modprobe.real "$@"
ret=$?
if [ "$1" == "-Q" ] ; then
exit 0
fi
exit $ret
[edit] Fedora Core 6/CentOS 5
Add the following to /etc/sysconfig/network
NETWORKING_IPV6=yes
IPV6_DEFAULTDEV=sit1
And create /etc/sysconfig/network-scripts/ifcfg-sit1 containing
DEVICE=sit1
BOOTPROTO=none
ONBOOT=yes
IPV6INIT=yes
IPV6TUNNELIPV4=HESupplied-ServerIPv4address
IPV6ADDR=HESupplied-ClientIPv6address
You can now reboot, or start the interface manually
# ifup sit1
If all worked correctly you should see interface config similar to
# ifconfig sit1
sit1 Link encap:IPv6-in-IPv4
inet6 addr: HESupplied-ClientIPv6Address/64 Scope:Global
inet6 addr: fe80::NNNN:NNNN/64 Scope:Link
UP POINTOPOINT RUNNING NOARP MTU:1480 Metric:1
RX packets:100 errors:0 dropped:0 overruns:0 frame:0
TX packets:116 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:9496 (9.2 KiB) TX bytes:14776 (14.4 KiB)
And be able to ping a IPv6 enabled site such as www.kame.net
# ping6 -n www.kame.net
PING www.kame.net(2001:200:0:8002:203:47ff:fea5:3085) 56 data bytes
64 bytes from 2001:200:0:8002:203:47ff:fea5:3085: icmp_seq=0 ttl=53 time=192 ms
64 bytes from 2001:200:0:8002:203:47ff:fea5:3085: icmp_seq=1 ttl=53 time=197 ms
64 bytes from 2001:200:0:8002:203:47ff:fea5:3085: icmp_seq=2 ttl=53 time=193 ms
[edit] Gentoo
Add the following to /etc/conf.d/net, replacing the bolded details.
modules_hetunnel=("iptunnel")
depend_hetunnel() {
need net.eth0
}
iptunnel_hetunnel="mode sit remote HESupplied-ServerIPv4address local local-IPv4address ttl 255"
config_hetunnel=("HESupplied-ClientIPv6address")
routes_hetunnel=("::/0 dev hetunnel")
[edit] 6to4
There is another, automatic gateway between the IPv4 and IPv6 worlds called 6to4. This works by using an anycast address, 192.88.99.1, which automatically routes to the "closest" 6to4 router. IPv6 addresses are assigned based upon your IPv4 address; for instance, 207.142.131.202 would become 2002:CF8E:83CA::/48.
Setup is almost entirely automatic.
[edit] CentOS
/etc/sysconfig/network
NETWORKING_IPV6=yes
IPV6_DEFAULTDEV="tun6to4"
/etc/sysconfig/network-scripts/ifcfg-eth0
IPV6INIT="yes"
IPV6TO4INIT="yes"
IPV6TO4_RELAY="192.88.99.1"
Restart your networking (/etc/init.d/network restart) and then take a look at your ifconfig. You can then try "ping6 ipv6.chat.freenode.net" (or another host of choice) to test your connectivity.
[edit] Debian / Ubuntu
Visit the Debian 6to4 config generator to automatically generate a configuration based on your ipv4 address.
