(→IPv6 Specific Packages: ipv6 page/packages ref. out-of-date) |
|||
Line 33: | Line 33: | ||
|ipv6calc||Converts an IPv6 address to a compressed format | |ipv6calc||Converts an IPv6 address to a compressed format | ||
|- | |- | ||
|iptables-ipv6||Contains IPv6 support for iptables | |<s>iptables-ipv6</s>||<s>Contains IPv6 support for iptables</s> | ||
|- | |- | ||
|radvd||Router advertisement daemon for IPv6 | |radvd||Router advertisement daemon for IPv6 | ||
|- | |- | ||
|dhcpv6_client||Client for DHCPv6 protocol (RFC 3315) | |<s>dhcpv6_client</s>||<s>Client for DHCPv6 protocol (RFC 3315)</s> | ||
|- | |- | ||
|dhcpv6||DHCP server and client for IPv6 | |<s>dhcpv6</s>||<s>DHCP server and client for IPv6</s> | ||
|- | |- | ||
|ip6sic||Tool for stress-tesing on IPv6 network stack | |ip6sic||Tool for stress-tesing on IPv6 network stack |
Revision as of 21:27, 25 February 2014
IPv6
This guide explains how to setup IPv6 on a Fedora Core system since version #6. This includes some basic DNS configurations and clients configuration for IPv6 addresses.
Kernel
All kernels available in Fedora Core support IPv6 connections.
In case you need custom kernel configuration, there is a list of important kernel options related to IPv6:
Networking ---> Networking options ---> <M> The IPv6 protocol [*] IPv6: Privacy Extensions support [*] IPv6: Router Preference (RFC 4191) support [*] IPv6: Route Information (RFC 4191) support (EXPERIMENTAL) <M> IPv6: AH transformation <M> IPv6: ESP transformation <M> IPv6: IPComp transformation <M> IPv6: IPv6-in-IPv6 tunnel Networking ---> Networking options ---> Network packet filtering --> IPv6: Netfilter configuration ---> (Options related to filtering of IPv6 packets) Device drivers --> Network device support --> Universal TUN/TAP device driver support (Option is only required if you are using for 6to4 conversion)
IPv6 Specific Packages
There are some packages which deal with IPv6.
Package | Description |
ipv6calc | Converts an IPv6 address to a compressed format |
radvd | Router advertisement daemon for IPv6 |
ip6sic | Tool for stress-tesing on IPv6 network stack |
IPv6 Router
If we want to use our system as a router for other clients which want to connect to the outside world. We need to enable forwarding of IPv6 packets. We can do it this way:
There are two ways, how IPv6 specification deals with assigning of IPv6 addresses to clients.
- Stateful assignment uses the dynamic host configuration protocol which is well known from IPv4 world. It is called "stateful" because the server keeps a state of the clients who have requested IPs and received them.
- Stateless assignment is a new feature in IPv6 which uses a process called Router Advertisement and allows clients to obtain an IP and a default route by simply bringing an interface up. It is called "stateless" because there is no record of IPs assigned and the host they are assigned to.
Stateless configuration
Stateless configuration is easy realized with radvd(Router Advertisement Daemon). Just put one of these on your network and your configuration problems for clients should be greatly reduced.
First we need is to install it:
sudo yum install radvd
After then we set up radvd configuration file /etc/radvd.conf. It's necessary to adjust the prefix and interface at least. Here is a sample radvd.conf:
interface eth0 { AdvSendAdvert on; MinRtrAdvInterval 30; MaxRtrAdvInterval 100; prefix 2001:db8:1:0::/64 { AdvOnLink on; AdvAutonomous on; AdvRouterAddr off; }; };
More informations about radvd setting are available in man radvd.conf
At the end we start radvd and let it start at boot time.
sudo systemctl enable radvd.service sudo systemctl start radvd.service
Stateful configuration
Stateful configuration is provided by dhcpv6. So we install it at first:
Then we must configure the DHCPv6 server by editing /etc/dhcp6s.conf
option dns_server 2003::6:1 ibm.com; prefer-life-time 10000; valid-life-time 20000; renew-time 5000; rebind-time 8000; interface eth1 { link AAA { allow unicast; send unicast; allow rapid-commit; send server-preference 5; renew-time 1000; rebind-time 2400; prefer-life-time 2000; valid-life-time 3000; range 3ffe:ffff:100::10 to 3ffe:ffff:100::110/64; prefix 3ffe:ffef:104::/64; pool { prefer-life-time 3600; valid-life-time 7200; range fec0:ffff::10 to fec0:ffff::110/64; prefix fec0:fffe::/48; }; }; };
And at the end we start dhcpv6 and let it start at boot time too.
IPv6 Client
Clients behind radvd router should be connected immediately, after we bring their interface up. We only need to have the network configuration set up properly. Sample /etc/sysconfig/network:
NETWORKING=yes HOSTNAME=localhost.localdomain NETWORKING_IPV6=yes
If the router is set up to use DHCPv6, our clients will need to have the dhcpv6_client package installed.
After having done this, we need to configure client by editing /etc/dhcp6c.conf.
interface eth0 { send rapid-commit; request prefix-delegation; request domain-name-servers; request temp-address; iaid 11111; address { 3ffe:10::10/64; prefer-life-time 6000; valid-life-time 8000; }; renew-time 11000; rebind-time 21000; };
Also, the config file for the particular interface needs to be set up. Adding the line IPV6INIT=yes to /etc/sysconfig/network-scripts/ifcfg-<interface> will enable IPv6 initialization.
Don't forget to restart the network service after everything is set up correctly.
The easiest way how to test our connection is to use ping6 command and ping an IPv6 host.
PING www.kame.net(orange.kame.net) 56 data bytes 64 bytes from orange.kame.net: icmp_seq=1 ttl=52 time=300 ms 64 bytes from orange.kame.net: icmp_seq=2 ttl=52 time=285 ms
or visit www.kame.net and see the turtle. If it's dancing, your IPv6 connection is alright :-).
DNS
Just as DNS for IPv4 uses A records, DNS for IPv6 uses AAAA records. For reverse DNS, the INT standard is deprecated but still widely supported, therefore we describe ARPA format here.
BIND include excellent IPv6 support since version 9.x. So the first thing we need to do(after we install it) is to add entries for both forward and reverse DNS zone files in /etc/named.conf.
/* We allow bind to listen to IPv6 addresses. * options { [...] listen-on-v6 { any; } [...] }; /* Provide the forward DNS for the domain 'ipv6-rules.com' */ zone "ipv6-rules.com" IN { type master; file "ipv6-rules.com"; }; /* This format for reverse DNS is "bitwise." It's done by taking the IPv6 prefix, reversing the order of the numbers and putting a period between each number. We can use ipv6calc to calculate it */ zone "6.9.2.0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa" { type master; file "rev-ipv6-rules.com.arpa"; };
Now we must create those zone files and add entries for all of our hosts. Zone files are usually located under /var/named. Here are some samples of ipv6-rules.com
$TTL 2h @ IN SOA ipv6-rules.com. webmaster.ipv6-rules.com. ( 2003052501 ; Serial 28800 ; Refresh 14400 ; Retry 3600000 ; Expire 86400 ) ; Minimum NS ns1.ipv6-rules.com IN AAAA 2001:470:1f00:296::1 ; address for ipv6-rules.com host1 IN AAAA 2001:470:1f00:296::2 ; address for host1.ipv6-rules.com host2 IN AAAA 2001:470:1f00:296::3:3 ; address for host2.ipv6-rules.com
and rev-ipv6-rules.com.arpa.
$TTL 3d ; Default TTL (bind 8 needs this, bind 9 ignores it) @ IN SOA ipv6-rules.com. webmaster.ipv6-rules.com. ( 2003052501 ; Serial number (YYYYMMdd) 24h ; Refresh time 30m ; Retry time 2d ; Expire time 3d ) ; Default TTL IN NS ns1.ipv6-rules.com. ; IPv6 PTR entries $ORIGIN 6.9.2.0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa. 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR ipv6-rules.com. 2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR host1.ipv6-rules.com. 3.0.0.0.3.0.0.0.0.0.0.0.0.0.0.0 IN PTR host2.ipv6-rules.com.
Tunnel Configuration
Most ISPs still do not offer any native IPv6 connections. To get around this limitation, there are several "tunnel brokers" around the globe that offer free IPv6 tunnels. This will allow you to tunnel all your IPv6 connections through an IPv4 connection.
Some tunnel brokers:
- Sixxs
- Freenet6
- Hurricane Electric
- Miredo - A linux implementation of the teredo protocol (No registration required)
Another way to get IPv6 connection is to use IPv6 automatic tunnelling ("6to4"). It's a method designed to ease the introduction of IPv6 into existing IPv4 networks. The designers of IPv6 created a special prefix, 2002, under which the entire IPv4 address space can be mapped, with enough address bits left over for 65,536 subnets behind the IPv4 address. A 6to4 host tunnels IPv6 packets over IPv4 to a special anycast prefix, which selects the closest IPv6 router, thus providing seamless connectivity to the IPv6 universe. No special setup required at the ISP at all.
This method is not usable, if you are located behind a NAT-device.
Configuration is very simple.Enable IPv6 and set 6to4 pseudo-interface as default gateway in /etc/sysconfig/network:
echo "NETWORKING_IPV6=yes" >> /etc/sysconfig/network echo "IPV6_DEFAULTDEV=tun6to4">> /etc/sysconfig/network
and edit your outbound (Internet) interface configuration. This can be e.g. ippp0, ppp0, eth0, or the like. eth0 is used here.
echo "IPV6INIT=yes" >> /etc/sysconfig/network-scripts/ifcfg-eth0 echo "IPV6TO4INIT=yes">> /etc/sysconfig/network-scripts/ifcfg-eth0
More info about tunneling is available in files:
/usr/share/doc/initscripts-*/ipv6-6to4.howto
/usr/share/doc/initscripts-*/ipv6-tunnel.howto
Other Resources
Some other sources with useful information: