Configure IPv6 in Debian and Ubuntu
Set yourself up IPv6 in a few simple steps.
We will configure Debian Squeeze. Ubuntu is basically the same.
Go to the site Hurricane Electric , register. We log in on the site and create a tunnel: enter your IPv4 address and choose a server closer. We are assigned one / 64 subnet in which the server and client will be located as the end points of the tunnel.
')
In the / 64 tunnel subnet, the first address is the server address, the second is the client address (that is, ours).
If you have a local network and you want all the machines in it to also receive IPv6 addresses, then we request another / 64 subnet (“routed / 64”). If you have 2 or more local networks behind the router, then we are requesting a / 48 subnet (“routed / 48”), which we will cut into the required number / 64. All subnets assigned to us will be routed through our server.
We configure the tunnel - the he-ipv6 interface. Here we use the subnet / 64 for the tunnel. Instead of “variables” we enter what we got in the first step.
Add to the end / etc / network / interfaces
Turn on and check:
Unfortunately, ipv6.google.com is Google’s only DNS record that is resolved to IPv6 for everyone. Google decided not to reolve all services in IPv6 because it is configured incorrectly or incorrectly disabled on quite a large number of machines, so the user may see a delay while the browser is trying to connect to the server via IPv6, and in fact IPv6 connections not.
Learn more: www.google.com/intl/en/ipv6
Thus, Google decided to include IPv6 in DNS across individual providers. Hurricane Electric refers to just such providers. They provide a DNS server 2001: 470: 20 :: 2, through which all domains of Google services are resolved, including to IPv6 addresses.
You can immediately enter this server into /etc/resolv.conf, or you can raise the local caching bind and gain some speed.
There are two ways to configure: you can rezolvit through this server only Google addresses (but you need to know their list), but you can rezolvit everything at all (and not use the provider's DNS servers at all). I suggest the second method, it is simpler, and besides, I do not have a list of all the addresses of Google services.
Edit the file /etc/bind/named.conf.options
Checking:
If all is well, then you can use. Enter in /etc/resolv.conf
If there is no local network, then everything is ready :)
To configure machines on the local network, I suggest using stateless autoconfiguration. This is somewhat reminiscent of DHCP, but the difference is that this protocol is staleless, that is, the server does not store a list of addresses issued. The principle of operation is as follows: the server is allocated one / 64, from which it distributes addresses to customers. The uniqueness of the obtained IPv6 address is ensured by the fact that the client’s MAC address is included in it (slightly converted).
Suppose we have a local network on eth0, and a provider on eth1. So far, IPv6 is configured only on the he-ipv6 interface. Therefore, eth0 looking to the local network should receive a static IPv6 address for establishing connections with clients. But we cannot assign an eth0 address from our tunnel / 64, since then it will turn out that the two interfaces are looking at the same subnet. You can split our / 64 into two, but then stateless autoconfiguration will not work. Therefore, we have taken another one / 64, from which we will distribute addresses to the local network (it is important to emphasize: these are real external IPv6 addresses). Let us be given 2001: XXXX: YYYY: ZZZZ :: / 64.
If we have several networks behind the router, then we have also taken / 48, from which we will use the necessary number of subnets / 64. Let them give us 2001: XXXX: YYYY :: / 48. We add another network number - it will take as many as 2 bytes and we get: 2001: XXXX: YYYY: 1 :: / 64. Thus, we could have as many as 65536 different networks. The server address will be 2001: XXXX: YYYY: 1 :: 1. Further I do not develop the example with several networks, I think that it is quite simple to generalize configuration files to the case of several networks.
So, we have one network behind the router, 2001: XXXX: YYYY: ZZZZ :: / 64. Add to the end / etc / network / interfaces
Install the daemon for stateless autoconfiguration:
/etc/radvd.conf
We include forwarding:
/etc/sysctl.conf
Restart radvd:
Now all computers from the local network should automatically receive IPv6 addresses and gateway addresses. The process can be monitored on the server using the radvdump command, and on clients it is possible to check the presence of an address using ip -6 a.
DNS server will have to register clients manually, stateless autoconfiguration does not know how.
Since client addresses are based on MAC addresses, the result is the following addresses: 2001: 528d: d4b6: 1: 215: f2ff: fe55: 2d85. Working with this is quite difficult, it is impossible to remember. Multicast dns comes to the rescue and its implementation in the form of Avahi.
We check the presence of lines in /etc/avahi/avahi-daemon.conf:
Now all computers on the local network will receive names like hostname.local. These names will be resolved to IPv4 addresses by default. In order for them to be resolved by default in IPv6, we rule the line in /etc/nsswitch.conf.
It was:
It became:
Now you can use hostname.local names and by default IPv6 connections will be established.
Keep a caching proxy on the local network? Small problem: Squid got full IPv6 support only in version 3.1.0.x, which is now in experimental repository. In fact, nothing really experimental, I have been working normally for 4 months.
We install squid3, in the resolving ACL we enter our networks / 64 and / 48.
Successful experiments!
UPD. On linuxforum , we noticed that Hurricane Electric produces two / 64, so you do not need to request / 48 from one local network. Updated topic.
UPD2. In connection with the appeared copy-paste I remind you that reprinting is allowed only with my permission.
We will configure Debian Squeeze. Ubuntu is basically the same.
Step 1. Register the tunnel
Go to the site Hurricane Electric , register. We log in on the site and create a tunnel: enter your IPv4 address and choose a server closer. We are assigned one / 64 subnet in which the server and client will be located as the end points of the tunnel.
')
In the / 64 tunnel subnet, the first address is the server address, the second is the client address (that is, ours).
If you have a local network and you want all the machines in it to also receive IPv6 addresses, then we request another / 64 subnet (“routed / 64”). If you have 2 or more local networks behind the router, then we are requesting a / 48 subnet (“routed / 48”), which we will cut into the required number / 64. All subnets assigned to us will be routed through our server.
Step 2. Configure IPv6
We configure the tunnel - the he-ipv6 interface. Here we use the subnet / 64 for the tunnel. Instead of “variables” we enter what we got in the first step.
Add to the end / etc / network / interfaces
auto he-ipv6
iface he-ipv6 inet6 v4tunnel
address $CLIENT_IPv6
netmask 64
endpoint $SERVER_IPv4
local $CLIENT_IPv4
gateway $SERVER_IPv6
ttl 64Turn on and check:
# ifup he-ipv6
# ping -n ipv6.google.comStep 3. DNS and Google
Unfortunately, ipv6.google.com is Google’s only DNS record that is resolved to IPv6 for everyone. Google decided not to reolve all services in IPv6 because it is configured incorrectly or incorrectly disabled on quite a large number of machines, so the user may see a delay while the browser is trying to connect to the server via IPv6, and in fact IPv6 connections not.
Learn more: www.google.com/intl/en/ipv6
Thus, Google decided to include IPv6 in DNS across individual providers. Hurricane Electric refers to just such providers. They provide a DNS server 2001: 470: 20 :: 2, through which all domains of Google services are resolved, including to IPv6 addresses.
You can immediately enter this server into /etc/resolv.conf, or you can raise the local caching bind and gain some speed.
# apt-get install bind9There are two ways to configure: you can rezolvit through this server only Google addresses (but you need to know their list), but you can rezolvit everything at all (and not use the provider's DNS servers at all). I suggest the second method, it is simpler, and besides, I do not have a list of all the addresses of Google services.
Edit the file /etc/bind/named.conf.options
acl mynetworks {
localhost;
192.168.0.0/16; // ,
2001:XXXX:XXXX:XXXX::/64; // IPv6 /64
2001:XXXX:XXXX::/48; // IPv6 /48,
};
options {
directory "/var/cache/bind";
allow-query { mynetworks; };
forwarders {
2001:470:20::2;
};
auth-nxdomain no;
listen-on-v6 { any; };
};Checking:
# dig +short google.com @::1 AAAA
2a00:1450:8003::63
2a00:1450:8003::67
2a00:1450:8003::68
2a00:1450:8003::69
2a00:1450:8003::6a
2a00:1450:8003::93If all is well, then you can use. Enter in /etc/resolv.conf
nameserver ::1If there is no local network, then everything is ready :)
Step 4. Routing
To configure machines on the local network, I suggest using stateless autoconfiguration. This is somewhat reminiscent of DHCP, but the difference is that this protocol is staleless, that is, the server does not store a list of addresses issued. The principle of operation is as follows: the server is allocated one / 64, from which it distributes addresses to customers. The uniqueness of the obtained IPv6 address is ensured by the fact that the client’s MAC address is included in it (slightly converted).
Suppose we have a local network on eth0, and a provider on eth1. So far, IPv6 is configured only on the he-ipv6 interface. Therefore, eth0 looking to the local network should receive a static IPv6 address for establishing connections with clients. But we cannot assign an eth0 address from our tunnel / 64, since then it will turn out that the two interfaces are looking at the same subnet. You can split our / 64 into two, but then stateless autoconfiguration will not work. Therefore, we have taken another one / 64, from which we will distribute addresses to the local network (it is important to emphasize: these are real external IPv6 addresses). Let us be given 2001: XXXX: YYYY: ZZZZ :: / 64.
If we have several networks behind the router, then we have also taken / 48, from which we will use the necessary number of subnets / 64. Let them give us 2001: XXXX: YYYY :: / 48. We add another network number - it will take as many as 2 bytes and we get: 2001: XXXX: YYYY: 1 :: / 64. Thus, we could have as many as 65536 different networks. The server address will be 2001: XXXX: YYYY: 1 :: 1. Further I do not develop the example with several networks, I think that it is quite simple to generalize configuration files to the case of several networks.
So, we have one network behind the router, 2001: XXXX: YYYY: ZZZZ :: / 64. Add to the end / etc / network / interfaces
iface eth0 inet6 static
address 2001:XXXX:YYYY:ZZZZ::1
netmask 64Install the daemon for stateless autoconfiguration:
# apt-get install radvd/etc/radvd.conf
interface eth0
{
AdvSendAdvert on;
MaxRtrAdvInterval 30;
prefix 2001:XXXX:YYYY:ZZZZ::1/64
{
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr off;
AdvValidLifetime 300;
AdvPreferredLifetime 120;
};
};We include forwarding:
/etc/sysctl.conf
net.ipv6.conf.all.forwarding=1# sysctl -w net.ipv6.conf.default.forwarding=1
# echo 1 > /proc/sys/net/ipv6/conf/all/forwardingRestart radvd:
# invoke-rc.d radvd restartNow all computers from the local network should automatically receive IPv6 addresses and gateway addresses. The process can be monitored on the server using the radvdump command, and on clients it is possible to check the presence of an address using ip -6 a.
DNS server will have to register clients manually, stateless autoconfiguration does not know how.
Step 5. Avahi
Since client addresses are based on MAC addresses, the result is the following addresses: 2001: 528d: d4b6: 1: 215: f2ff: fe55: 2d85. Working with this is quite difficult, it is impossible to remember. Multicast dns comes to the rescue and its implementation in the form of Avahi.
# apt-get install avahi-daemon avahi-utilsWe check the presence of lines in /etc/avahi/avahi-daemon.conf:
[server]
use-ipv4=yes
use-ipv6=yesNow all computers on the local network will receive names like hostname.local. These names will be resolved to IPv4 addresses by default. In order for them to be resolved by default in IPv6, we rule the line in /etc/nsswitch.conf.
It was:
hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4It became:
hosts: files mdns_minimal [NOTFOUND=return] dns mdnsNow you can use hostname.local names and by default IPv6 connections will be established.
Step 6. Squid + IPv6
Keep a caching proxy on the local network? Small problem: Squid got full IPv6 support only in version 3.1.0.x, which is now in experimental repository. In fact, nothing really experimental, I have been working normally for 4 months.
We install squid3, in the resolving ACL we enter our networks / 64 and / 48.
Successful experiments!
UPD. On linuxforum , we noticed that Hurricane Electric produces two / 64, so you do not need to request / 48 from one local network. Updated topic.
UPD2. In connection with the appeared copy-paste I remind you that reprinting is allowed only with my permission.
Source: https://habr.com/ru/post/82397/
All Articles