We try IPv6 in a home network

I have long wanted to feel what it is. A lot of news related to ipv6 flashes on the Internet. World launch day is approaching, I somehow missed last year’s testing day. And in general, the future is with him and I think it is better to be ahead than to catch up later.
And a recent article on Habré finally led me to study this question on my own experience.


Given: a home server router on Ubuntu Server 11.10, a desktop computer and a netbook on Kubuntu 11.10 and a mobile phone on Android. Theoretically, all this can ipv6, let's see what will happen in practice.
')
Installation and configuration of the tunnel through Hurricane Electric can be done on a variety of instructions on the Internet, for example, in the article mentioned above. As a result, we have: a fully configured server that has a connection with both ipv4 and ipv6. Devices on the network receive a prefix from radvd and set up their own address, but the DNS server address has to be registered with pens and the most important “but” - all devices on the network reconnect once every 1-2 minutes, which does not affect web surfing, but ICQ Immediately banned for too frequent connection attempts. We will seek a solution, as well as to understand how it all works.

I will try to retell the principle of the work of assigning ipv6 addresses in human language:

The link-local addresses that the hosts of the ipv6 network assign themselves using their MAC address and the standard prefix fe80 :: are understandable and we are not interested at the moment.

Further, the host using this link-local address sends a request to the network in search of a router ( Router Solicitation ) and if the router is there, then it answers ( Router Advertisement ), but here there are two ways:
1. If the router is just a router, then it sends back a network prefix. Next, the host itself assigns the address using this prefix and its MAC address and adds the default route to this router.
2. And if the router also has DHCPv6, then another address assignment process is launched, similar to DHCPv4.

This is affected by the Managed Address Configuration Flag (M) bit in the Router Advertisement response.
There is also a bit Other Stateful Configuration Flag (O) which says whether you need other parameters to receive, such as routes, DNS server address, NTP address, etc.

Radvd can only the first option, for everything else you need a full DHCPv6 server. I already have dnsmasq in my network which distributes addresses and sends dns requests. But unfortunately it does not know how ipv6. Or can? The latest version of dnsmasq 2.60 can both Router Advertisement and DHCPv6. Fine!
There is no fresh version in the Ubuntu repositories, only 2.59, download from the Debian Unstable repository. There one new dependency is added, it can be delivered from the native repository.

sudo apt-get install libnetfilter-conntrack3
sudo dpkg -i dnsmasq-base_2.60-2_i386.deb

Turning off the radvd, and better remove completely.
We read man and add the following to the /etc/dnsmasq.conf config:

enable-ra
dhcp-range=2001:470:aaab:aaaa::2, 2001:470:aaab:aaaa:ffff:ffff:ffff:ffff, 64, 12h

Of course, you can use not the whole / 64 subnet, but a smaller one, but let it frolic, especially the algorithm for generating addresses is different, more cunning, and not in a row like in DHCPv4.

Restart dnsmasq, restart the network on the client and voila, got both the address and the route and the DNS address equal to the router's address.
Check, everything works, aaaa.test-ipv6.com opens. DNS on the router is available at both v4 and v6 addresses. Fine!

We take in hand a phone with Android. Sadness IPv6 it does not receive. We find out that Android does not know how to get an address from DHCPv6, absolutely no version. We read man further and add the following to the dnsmasq.conf config:

dhcp-range=2001:470:aaab:aaaa::, ra-only, 64, 12h

Now our dnsmasq responds with two Router Ads, one with the M and O flags set, and the other with the reset. Android phone perceives only the second, but linux clients perceive both, and therefore receive two addresses. But it's not scary, I think. One of them dnsmasq remembers (issued by DHCPv6) and you can access clients by name. But the phone, alas, will receive only the address, it will know the DNS only with the ipv4 name (192.168.1.1).
By the way, theoretically there is a configuration M = 0, O = 1, the so-called DHCPv6 stateless , when addresses are assigned automatically, and other parameters are obtained from DHCPv6, but I'm not sure that dnsmasq knows how, Android will accept this, and the names inside the network are not interfere. There is also a “crutch” of RDNSS ( Router Advertisement Options for DNS Configuration ). It is able to radvd on the server side, and on clients you need to install rdnssd, including on Windows. For Android, it still does not help, he does not know how either.

Disable ipv4 and look for where we have problems with the configs of services. Either we replace addresses with names, or add ipv6 to ipv4 addresses. From a stationary computer, all services are available via ipv6, but on the netbook there are problems. The NFS ball is mounted using autofs , and apparently there is a bug in it and it does not resolve the server name via ipv6. If you just mount , then it is successfully mounted.
We return the usual Internet, because ipv6 is still poor, google only search, Wikipedia only through sixxs.net, several radio stations, several trackers. We are waiting for June 6th.

Configuring the ip 6 tables firewall is no different from iptables, only missing -t nat POSTROUTING. Well, I added to myself the omission of some ICMPv6 packets inside, so that you can ping outside.

What did we get? Readiness # 1 for the World IPv6 Launch home network and invaluable experience .