Index.
- Introduction.
- Prepare the system for IPv6.
- Creating the tunnel.
- Download.
Introduction.
Our Home Server with it’s virtual gateway server is now IPv4 only. Because most Internet Service Providers do not deliver IPv6 access, we will have to do that ourself using a tunnel broker like SixXS or Hurricane Electric. Hurricane Electric seems easier with providing access, but their service depends on the fact that your modem and Internet Service Provider are not blocking IP protocol number 41. Only some Fritz modems seem to be IPv6 ready. SixXS uses a little daemon that uses regular IPv4 that works over NAT to create a IPv6 tunnel so that is what we will use. We will install that daemon on our virtual gateway server because that is the most logical place. To get a tunnel from SixXS you need to create an account and then request a tunnel. Mostly after a day you receive your tunnel.
Before you request your tunnel, check out all the so called PoP’s in your country, check using IPv6 traceroutes which one is the nearest to you (least hops) and has the lowest ping roundtrip times.
Prepare the system for IPv6.
The first step is to make sure the IPv6 kernel module is loaded as soon as possible when the system boots. To do this add in /etc/mkinitcpio.conf ipv6 to the MODULES=() lline. Then run mkinitcpio -p kernel26 to install it in the kernel ramdisks.
Then, edit /etc/sysctl.conf and add the lines:
# Disable IPv6 on the external IPv4 interface net.ipv6.conf.eth1.disable_ipv6 = 1
Reboot the gateway server. If you now do ifconfig eth1 you should not see any inet6 address on that interface anymore. On eth0, eth2 and lo interfaces there should be a inet6 Scope:Link address.
Creating the tunnel.
First install the aiccu package, you can find it at the i686 or x86_64 download pages. You can install the package and dependencies with the following command:
[root@gateway ~]# pacman -S libtasn1 gnutls resolving dependencies... looking for inter-conflicts... Targets (2): libtasn1-2.9-1 gnutls-2.12.6.1-1 Total Download Size: 1.58 MB Total Installed Size: 5.39 MB Proceed with installation? [Y/n] :: Retrieving packages from extra... libtasn1-2.9-1-i686 105.4K 558.9K/s 00:00:00 [######################] 100% gnutls-2.12.6.1-1-i686 1510.5K 1269.3K/s 00:00:01 [######################] 100% (2/2) checking package integrity [######################] 100% (2/2) checking for file conflicts [######################] 100% (1/2) installing libtasn1 [######################] 100% (2/2) installing gnutls [######################] 100% [root@gateway ~]# pacman -U /root/aiccu-20070115-5-i686.pkg.tar.xz resolving dependencies... looking for inter-conflicts... Targets (1): aiccu-20070115-5 Total Download Size: 0.00 MB Total Installed Size: 0.12 MB Proceed with installation? [Y/n] (1/1) checking package integrity [######################] 100% (1/1) checking for file conflicts [######################] 100% (1/1) installing aiccu [######################] 100% [root@gateway ~]#
Next edit or create /etc/aiccu.conf:
# AICCU Configuration # Login information (defaults: none) username ABCDE-SIXXS/T63029 password mysecret # Protocol and server to use for setting up the tunnel (defaults: none) protocol tic server tic.sixxs.net # Interface names to use (default: aiccu) # ipv6_interface is the name of the interface that will be used as a tunnel interface # On *BSD the ipv6_interface should be set to gifX (eg gif0) for proto-41 tunnels # or tunX (eg tun0) for AYIYA tunnels. ipv6_interface six0 # The tunnel_id to use (default: none) # (only required when there are multiple tunnels in the list) tunnel_id T63029 # Be verbose? (default: false) verbose true # Daemonize? (default: true) # Set to false if you want to see any output # When true output goes to syslog # # WARNING: never run AICCU from DaemonTools or a similar automated # 'restart' tool/script. When AICCU does not start, it has a reason # not to start which it gives on either the stdout or in the (sys)log # file. The TIC server *will* automatically disable accounts which # are detected to run in this mode. # daemonize true # Automatic Login and Tunnel activation? automatic true # Require TLS? # When set to true, if TLS is not supported on the server # the TIC transaction will fail. # When set to false, it will try a starttls, when that is # not supported it will continue. # In any case if AICCU is build with TLS support it will # try to do a 'starttls' to the TIC server to see if that # is supported. requiretls false # PID File pidfile /var/run/aiccu.pid
Of course you need to set your own username, tunnel id and password in this file. You can start the tunnel with /etc/rc.d/aiccu start. With the ifconfig command you should see that there is now a six0 network interface that has a IPv6 tunnel address. Then do some additional tests to see that it works:
[root@gateway ~]# /etc/rc.d/aiccu start :: Starting aiccu daemon [DONE] [root@gateway ~]# ifconfig six0 six0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet6 addr: fe80::18f8:fe00:2ab:2/64 Scope:Link inet6 addr: 2001:1af8:fe00:2ab::2/64 Scope:Global UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1280 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:3 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:500 RX bytes:0 (0.0 b) TX bytes:144 (144.0 b) [root@gateway ~]# sysctl net.ipv6.conf.eth1.disable_ipv6=1 net.ipv6.conf.eth1.disable_ipv6 = 1 [root@gateway ~]# traceroute6 ipv6.google.com traceroute to ipv6.l.google.com (2a00:1450:8005::63) from 2001:1af8:fe00:2ab::2, .. 1 gw-684.haa-01.nl.sixxs.net (2001:1af8:fe00:2ab::1) 25.846 ms 25.908 ms 24 .. 2 2001:1af8:4050::1 (2001:1af8:4050::1) 25.157 ms 24.042 ms 24.28 ms 3 be25.crs.evo.leaseweb.net (2001:1af8::19) 27.385 ms 21.261 ms 25.19 ms 4 swissix.google.com (2001:7f8:24::4a) 53.065 ms 53.09 ms 100.408 ms 5 2001:4860::1:0:11 (2001:4860::1:0:11) 54.785 ms 47.18 ms 47.819 ms 6 2001:4860::1:0:4b3 (2001:4860::1:0:4b3) 47.97 ms 49.343 ms 48.955 ms 7 2001:4860::8:0:2db0 (2001:4860::8:0:2db0) 49.47 ms 51.133 ms 60.873 ms 8 2001:4860::2:0:66e (2001:4860::2:0:66e) 52.442 ms 51.332 ms 51.575 ms 9 2001:4860:0:1::69 (2001:4860:0:1::69) 61.118 ms 58.74 ms 53.254 ms 10 ey-in-x63.1e100.net (2a00:1450:8005::63) 54.345 ms 54.742 ms 54.015 ms [root@gateway ~]#
If you get this far, then this part of the IPv6 installation is finished. Put the aiccu daemon in the DAEMONS=() list in /etc/rc.conf between network and netfs and leave the tunnel running. You now need to earn enough credits (ISK) to request your own IPv6 subnet, that will take a week.
Download.
The files needed for this article are in the following archive.
