Index.
- Introduction.
- Prepare the system for IPv6.
- Creating the tunnel.
- Download.
14-Jun-2011: initial release. 22-Mar-2012: update ipv6 module loading. 28-Jul-2012: configuration updates. 06-Jan-2013: adjusted for Slackware. 21-Nov-2013: 'requiretls true' may now be used. 18-Apr-2015: Fixed new name of the network-scripts-ipv6 package.
Introduction.
Our Home Server with it’s virtual gateway server is now IPv4 only. Because most Internet Service Providers do not deliver IPv6 access, we will have to do that ourself using a tunnel broker like SixXS or Hurricane Electric. Hurricane Electric seems easier with providing access, but their service depends on the fact that your modem and Internet Service Provider are not blocking IP protocol number 41. Only some Fritz modems seem to be IPv6 ready. SixXS uses a little daemon that uses regular IPv4 connection. This solution works in almost all cases, so this is what I use. We will install that daemon on our virtual gateway server because that is the most logical place. To get a tunnel from SixXS you need to create an account and then request a tunnel. Mostly after a day you receive your tunnel.
Before you request your tunnel, check out all the so called PoP’s in your country, check using IPv4 traceroutes which one is the nearest to you (least hops) and has the lowest ping roundtrip times.
Prepare the system for IPv6.
First upgrade the network-scripts package with the package network-scripts-ipv6 from this server. This package has support for IPv6 in the network configuration and extra hooks for additional /etc/rc.d scripts. The extra hooks are to start and stop the SixXS tunnel, vde networks and virtual box servers. Note that you must upgrade the /etc/rc.d/rc.inet1.conf file with the new one, it has a number of new settings for IPv6.
All network interfaces have some sysctl settings to enable or disable some IPv6 settings. On network interfaces that don’t have any IPv6 configuration, IPv6 is completely disabled.
You must also build and install the aiccu package, this is the SixXS tunnel daemon.
Creating the tunnel.
Edit or create /etc/aiccu.conf:
# AICCU Configuration # Login information (defaults: none) username ABCDE-SIXXS/T63029 password mysecret # Protocol and server to use for setting up the tunnel (defaults: none) protocol tic server tic.sixxs.net # Interface names to use (default: aiccu) # ipv6_interface is the name of the interface that will be used as a tunnel interface # On *BSD the ipv6_interface should be set to gifX (eg gif0) for proto-41 tunnels # or tunX (eg tun0) for AYIYA tunnels. ipv6_interface six0 # The tunnel_id to use (default: none) # (only required when there are multiple tunnels in the list) tunnel_id T63029 # Be verbose? (default: false) verbose true # Daemonize? (default: true) # Set to false if you want to see any output # When true output goes to syslog # # WARNING: never run AICCU from DaemonTools or a similar automated # 'restart' tool/script. When AICCU does not start, it has a reason # not to start which it gives on either the stdout or in the (sys)log # file. The TIC server *will* automatically disable accounts which # are detected to run in this mode. # daemonize true # Automatic Login and Tunnel activation? automatic true # Require TLS? # When set to true, if TLS is not supported on the server # the TIC transaction will fail. # When set to false, it will try a starttls, when that is # not supported it will continue. # In any case if AICCU is build with TLS support it will # try to do a 'starttls' to the TIC server to see if that # is supported. requiretls true # PID File pidfile /var/run/aiccu.pid
Of course you need to set your own username, tunnel id and password in this file. You can start the tunnel with /etc/rc.d/aiccu start. With the ifconfig command you should see that there is now a six0 network interface that has a IPv6 tunnel address. Then do some additional tests to see that it works:
root@gateway:~# chmod 755 /etc/rc.d/rc.aiccu root@gateway:~# /etc/rc.d/rc.aiccu start Starting aiccu daemon done. root@gateway:~# ifconfig six0 six0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet6 addr: fe80::18f8:fe00:2ab:2/64 Scope:Link inet6 addr: 2001:1af8:fe00:2ab::2/64 Scope:Global UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1280 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:3 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:500 RX bytes:0 (0.0 b) TX bytes:144 (144.0 b) root@gateway:~# sysctl net.ipv6.conf.eth1.disable_ipv6=1 net.ipv6.conf.eth1.disable_ipv6 = 1 root@gateway:~# traceroute6 ipv6.google.com traceroute to ipv6.l.google.com (2a00:1450:8005::63) from 2001:1af8:fe00:2ab::2, .. 1 gw-684.haa-01.nl.sixxs.net (2001:1af8:fe00:2ab::1) 25.846 ms 25.908 ms 24 .. 2 2001:1af8:4050::1 (2001:1af8:4050::1) 25.157 ms 24.042 ms 24.28 ms 3 be25.crs.evo.leaseweb.net (2001:1af8::19) 27.385 ms 21.261 ms 25.19 ms 4 swissix.google.com (2001:7f8:24::4a) 53.065 ms 53.09 ms 100.408 ms 5 2001:4860::1:0:11 (2001:4860::1:0:11) 54.785 ms 47.18 ms 47.819 ms 6 2001:4860::1:0:4b3 (2001:4860::1:0:4b3) 47.97 ms 49.343 ms 48.955 ms 7 2001:4860::8:0:2db0 (2001:4860::8:0:2db0) 49.47 ms 51.133 ms 60.873 ms 8 2001:4860::2:0:66e (2001:4860::2:0:66e) 52.442 ms 51.332 ms 51.575 ms 9 2001:4860:0:1::69 (2001:4860:0:1::69) 61.118 ms 58.74 ms 53.254 ms 10 ey-in-x63.1e100.net (2a00:1450:8005::63) 54.345 ms 54.742 ms 54.015 ms root@gateway:~#
If you get this far, then this part of the IPv6 installation is finished. You now need to earn enough credits (ISK) to request your own IPv6 subnet, that will take a week.
Download.
See the download page for the script and configuration files.