This article describes how to configure IPv6 tunnel and IPv6 network which coexist with IPv4 network. It might be suitable for testing IPv6 running IPv6 concurrently with IPv4.
Background
ISP Provider: ADSL
PPPoE/Router/Firewall: Debian Lenny
ppp0: 60.210.214.211 (public Ipv4 from ISP)
eth0: 192.168.30.254/24 (local network-A)
eth1: 192.168.31.254/24 (local network-B)
Client: Debian Unstable
eth0: 192.168.30.10/24 (local Ipv4 on network-A)
Objective/Scenario
- Get IPv6 /56 prefix from ISP
- Advertise IPv6 /64 prefix on network-A (eth0) and network-B (eth1)
- Secure IPv6 (basic)
Install required packages
Install gogo6 client on PPPoE/Router/Firewall
Debian Lenny repository does not include gogoc package, so we have to add Debian testing repository.
echo -e “deb http://ftp.au.debian.org/debian/ testing main non-free contrib” >> /etc/apt/sources.list apt-get update apt-get install -t testing gogoc
You may comment the following line in /etc/apt/sources.list
to avoid updates from Debian testing repository in the future:
deb http://ftp.au.debian.org/debian/ testing main non-free contrib
Install radvd advertising router
apt-get install radvd
Get account for gogo6 client
Visit the following site and create and sigh in: http://gogonet.gogo6.com/
To get a static IPv6 address or get a /56 network you need to get an account on the Freenet6 server. This is different from your gogoNET login. http://gogonet.gogo6.com/page/freenet6-registration
gogo6 Client Configuration
Configure gogo6 client on PPPoE/Router/Firewall
Edit /etc/gogoc/gogoc.conf and configure the following options and leave the rest as default:
Note: You may find sample of gogoc.conf in /usr/share/doc/gogoc/examples
userid=<your_userid> passwd=<your_password> server=authenticated.freenet6.net auth_method=any host_type=router prefixlen=64 if_prefix=<interface name on you local network - in our case eth0> log_stderr=0 log_file=3 log_filename=/var/log/gogoc/gogoc.log
Note from /usr/share/doc/gogoc/README.debian:
Obtaining Server Key -------------------- If you use the authentication methods to login to the broker, you will need to get the server key. The program will check for the correct key and not start without it. To obtain the key, run /usr/sbin/gogoc on the command line and agree to add the key.
(It didn't work for me so I used “auth_method=digest-md5” or you can try “auth_method=simple”
Start gogo6 client
/etc/init.d/gogoc start
Testing
Verify that IPv6 is assigned to sit1 and eth0
#ip addr show 9: sit1@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1280 qdisc noqueue state UNKNOWN link/sit 0.0.0.0 peer 116.197.146.63 inet6 2406:a000:f0ff:fffe::11d1/128 scope global valid_lft forever preferred_lft forever inet6 fe80::3cf0:20c9/64 scope link valid_lft forever preferred_lft forever inet6 fe80::c0a8:1efe/64 scope link valid_lft forever preferred_lft forever inet6 fe80::3cf1:f7d1/64 scope link valid_lft forever preferred_lft forever inet6 fe80::c0a8:108/64 scope link valid_lft forever preferred_lft forever inet6 fe80::c0a8:1ffe/64 scope link valid_lft forever preferred_lft forever 5: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP link/ether 00:1b:21:2a:56:01 brd ff:ff:ff:ff:ff:ff inet 192.168.30.254/24 brd 192.168.30.255 scope global eth0 inet6 2406:a000:f001:ad00::1/64 scope global valid_lft forever preferred_lft forever inet6 fe80::21b:21ff:fe2a:5601/64 scope link valid_lft forever preferred_lft forever 6: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP link/ether 00:1b:21:2a:56:01 brd ff:ff:ff:ff:ff:ff inet 192.168.31.254/24 brd 192.168.31.255 scope global eth1 inet6 fe80::21b:21ff:fe2a:5601/64 scope link valid_lft forever preferred_lft forever
# ip -6 route show 2406:a000:f001:ad00::/64 dev vlan4 metric 256 mtu 1500 advmss 1440 hoplimit 4294967295 unreachable 2406:a000:f001:ad00::/56 dev lo metric 1 error -101 mtu 16436 advmss 16376 hoplimit 4294967295 2406:a000:f0ff:fffe::11d1 via :: dev sit1 metric 256 mtu 1280 advmss 1220 hoplimit 4294967295 2000::/3 dev sit1 metric 1 mtu 1280 advmss 1220 hoplimit 4294967295 fe80::/64 dev eth0 metric 256 mtu 1500 advmss 1440 hoplimit 4294967295 fe80::/64 dev eth1 metric 256 mtu 1500 advmss 1440 hoplimit 4294967295 fe80::/64 via :: dev sit1 metric 256 mtu 1280 advmss 1220 hoplimit 4294967295 default dev sit1 metric 1 mtu 1280 advmss 1220 hoplimit 4294967295
# ping6 www.v6.facebook.com PING www.v6.facebook.com(2620:0:1cfe:face:b00c::3) 56 data bytes 64 bytes from 2620:0:1cfe:face:b00c::3: icmp_seq=1 ttl=47 time=166 ms 64 bytes from 2620:0:1cfe:face:b00c::3: icmp_seq=2 ttl=47 time=165 ms 64 bytes from 2620:0:1cfe:face:b00c::3: icmp_seq=3 ttl=47 time=166 ms
Ping your IPv6 address from outside
http://www.berkom.blazing.de/tools/ping.cgi
IPv6 configuration on another interfaces
IPv6 configuration on eth1
As I mentioned previously we receive /54 prefix from Freenet6 and we advertise /64 prefix to our local networks. In other words, we can have 254 networks with /64 prefix in /54 prefix. You can assign one /64 prefix per each subnets or VLAN (network-A and network-B in our example).
We receive /54 prefix as showed in “ip -6 route show”
2406:a000:f001:ad00::/56
We can create 256 networks with /64 prefix.
2406:a000:f001:ad00::/56 2406:a000:f001:ad00:0000:0000:0000:0000/56
2406:a000:f001:ad00::/64 2406:a000:f001:ad00:0000:0000:0000:0000/64 || 00 to ff = 16 x 16 = 256 networks with /64 prefix in /56 prefix network
/64 networks in /54 prefix network:
2406:a000:f001:ad00:0000:0000:0000:0000/64 2406:a000:f001:ad01:0000:0000:0000:0000/64 2406:a000:f001:ad02:0000:0000:0000:0000/64 2406:a000:f001:ad03:0000:0000:0000:0000/64 … 2406:a000:f001:adff:0000:0000:0000:0000/64
Configure IPv6 on eth1
ip -6 addr add 2406:a000:f001:ad01::1/64 dev eth1
Note: You need to configure the IP on eth1 after you restart the machine. You can use several techniques to do so automatically on your Linux distribution. IP should be up before radvd daemon starts.
Configure radvd
Disable radvd configured by gogo6 client and enable your own radvd:
Edit /usr/share/gogoc/templates/linux.sh
Comment out two lines at the end of the file, which starts gogo6 clients radvd:
# Start the radvd daemon. # Display 1 "Starting radvd: $rtadvd -u radvd -C $rtadvdconfigfile" # Exec $rtadvd -u radvd -p $rtadvd_pid -C $rtadvdconfigfile fi
Configure your own radvd:
Edit /etc/radvd.conf
interface eth0 { AdvSendAdvert on; AdvLinkMTU 1280; prefix 2406:a000:f001:ad00::1/64 { AdvOnLink on; AdvAutonomous on; }; }; interface eth1 { AdvSendAdvert on; AdvLinkMTU 1280; prefix 2406:a000:f001:ad01::1/64 { AdvOnLink on; AdvAutonomous on; }; };
Start radvd daemon:
/etc/init.d/radvd start
Troubleshoot gogo6 client
Review logs files at /var/log/gogoc/gogoc.log
or as configured in gogoc.conf
.
Firewall Configuration
Very basic shorewall6 configuration: http://www.shorewall.net/IPv6Support.html
Client Configuration
Client needs to have IPv6 enabled.