ipv6 on the home network

As part of my goals for this year, I wanted to learn more about ipv6. I have the impression that my knowledge, like many of my contemporaries, was quite a bit more theoretical than practical.

I was partially inspired by the posts of Tom Perrine on his own adventures in ipv6 exploration, but my requirements differed just a bit from his. He wanted an off the shelf with reasonable cost for consumer grade equipment. I wanted to just get it working and not spend any money right now.

Last year sometime it was pointed out to me that Hurricane Electric offers ipv6 tunnels for free. So a few days ago I finally got around to signing up for one. The tunnelbroker.net signup was quick and painless.

What was not so painless was confirming that my current WiFi AP/Router, a Netgear WGR614v9, was not going to work with this. This caused me to step back and look at my network design again. Thankfully, being someone of a linux junky, I had a home server running Ubuntu 10.04 LTS on the network as well. After moving some things around and reconfiguring what was plugged into where, I ended up with my linux server plugged directly into the cable modem on eth0 with eth1 going to the switch, which had the WiFi AP plugged in, but no longer acting as the DHCP server.

Next up was getting my ipv6 tunnel talking. After using the example configurations from Hurricane Electric, which worked, I ended up with the following in my /etc/network/interfaces

auto 6in4
iface 6in4 inet6 v4tunnel
    address 2001:470:1f10:3bd::2
    netmask 64
    endpoint 209.51.181.2
    gateway 2001:470:1f10:3bd::1
    ttl 255

Now I could reach ipv6 sites from my server, but couldn't get there from the devices on my LAN.

So I started looking for how to hand out ipv6 addresses to the LAN, enter radvd. At first, I could get an ipv6 address on the LAN, but that was it, I couldn't even ping the server. A fellow member of LOPSA, StevenR, in the #lopsa IRC channel, pointed out that there are two prefix's handed out by Tunnel Broker. There is the ipv6 tunnel endpoint, which is a /64 address, and a routed /64 subnet.

ipv6 endpoint:      2001:470:1f10:3bd::2/64
ipv6 routed subnet: 2001:470:1f11:3bd::1/64

Notice that the routed subnet is one digit different. So that was the first part of the problem, so I ended up with the following /etc/radvd.conf

interface eth1
{
    AdvSendAdvert on;
    prefix 2001:470:1f11:3bd::2/64
    {
        AdvOnLink on;
        AdvAutonomous on;
    };
};

Devices on the network could now get an ipv6 address, but still could not route. For that to work, one more change needed to be made to /etc/network/interfaces

auto eth1
iface eth1 inet static
    address 172.27.1.2
    netmask 255.255.255.0
    up ip route add 2011:470:1f11:3bd::/64 eth1

And now, I can reach ipv6 addresses from devices on the LAN:

mharlow@wanderer ~ $ ping6 -n -c 5 ipv6.google.com
PING ipv6.google.com(2001:4860:400a:800::1012) 56 data bytes
64 bytes from 2001:4860:400a:800::1012: icmp_seq=1 ttl=58 time=42.7 ms
64 bytes from 2001:4860:400a:800::1012: icmp_seq=2 ttl=58 time=22.0 ms
64 bytes from 2001:4860:400a:800::1012: icmp_seq=3 ttl=58 time=23.1 ms
64 bytes from 2001:4860:400a:800::1012: icmp_seq=4 ttl=58 time=21.5 ms
64 bytes from 2001:4860:400a:800::1012: icmp_seq=5 ttl=58 time=22.4 ms

--- ipv6.google.com ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4005ms
rtt min/avg/max/mdev = 21.589/26.381/42.745/8.197 ms

And now, I am progressing through the Hurricane Electric ipv6 certification.

IPv6 Certification Badge for
greppy

So to sum up:

Get an ipv6 tunnel from Tunnel Broker.

/etc/network/interfaces

# public/wan interface
auto eth0
iface eth0 inet dhcp

# private/lan interface
auto eth1
iface eth1 inet static
    address 172.27.1.2
    netmask 255.255.255.0
    # gateway 172.27.1.1
    up ip route add $Client_IPv6_Address_Prefix/64 eth1

auto 6in4
iface 6in4 inet6 v4tunnel
    address $Client_IPv6_Address
    netmask 64
    endpoint $Server_IPv4_Address
    gateway $Server_IPv6_Address
    ttl 255

/etc/radvd.conf

interface eth1
{
        AdvSendAdvert on;
        prefix $Client_IPv6_Address 
        {
                AdvOnLink on;
                AdvAutonomous on;
        };
};