Tuesday, December 3, 2013

I have entered the IPv6 Arena.
My setup was a mash up of configurations from various folks, and connectivity is achieved through a tunnel from the folks at Hurricane Electric.

Before I launch into how I did my configuration: DANGER! DANGER Will Scarlet! - IPv6 is routable, all of it all the time; we have all got lazy sitting behind our NAT routers, not worrying about stuff getting at us directly from the internet. Once you correctly setup one machine on your network as an IPv6 gateway, the chances are that ALL your machines will suddenly be publicly available via IPv6.
You have been warned!


Before you start, your external IP address should be returning ICMP packets if it is pinged. On Virgin Media cable this is turned off by default. You will need to turn it back on or you won't be able to establish the tunnel.
Sign up for an IPv6 Tunnel at Hurricane Electric's website (http://tunnelbroker.net/ or select Free IPv6 Tunnel Broker from the HE home page).
After filling out the new user form, it will ask you to pick your nearest end point. I'm in the UK and I couldn't see any advantage to trying to pick a site in the US for my tunnel, so I picked London. You can only connect one tunnel to your external IP, and once you're setup, all your internal network machines will have public addresses via a routed network. If you delete and setup your tunnel again those addresses will change.
This is where I made my first mistake, I assume you're only just familiar with IPv6 addresses, so read them carefully. My IPv6 address for my router was only 1 digit different from my routed network address, and this got me confused.
The Example configurations will lead you in the right direction, but I actually found them to be less than complete. I'm using Ubuntu 13.10, my IPv6 endpoint has a static network configuration (I am not using Network Manager, all my network configuration is done in /etc/network/interfaces).

auto he-ipv6
iface he-ipv6 inet6 v4tunnel
address 2001:XXXX:YYYA:ZZZZ::2
netmask 64
local 192.168.x.y
ttl 255
up ip -6 route add default dev he-ipv6
down ip -6 route del default dev he-ipv6

iface eth0 inet6 static
address 2001:XXXX:YYYB:ZZZZ::1
netmask 64

My mistake initially was not to realise that A and B were different :D

When you've setup your tunnel (you may stop there if only want one machine on your network to have IPv6 access to the internet), you will want to add two more things. Your internal network adapter will need an IPv6 address from the "routed IPv6" network (not the network that's wasted on your tunnel). And then you will need to advertise your route. 
The beauty of IPv6 is that it's all very self configuring, apart from a few niggles.
Once the tunnel's up, and the internal network interface has a "routed" address on it, you will need to advertise it to your local net. Install RADVD. It doesn't need any configuration, but here's where complication sets in: RADVD can advertise the IPv6 DNS, but Windows will only get IPv6 DNS from DHCPv6. Basically you end up setting up DHCPv6 just to advertise DNS for windows machines.
If your router also happens to be a webcache you can skip the routed address and RADVD in favour of http proxying over IPv4 and getting the cache server to do all the IPv6 magic.
My next trick is to try and make an all IPv6 machine that can still talk to the IPv4 internet.