Bering-uClibc 7.x - User Guide - IPv6 Networking - External Network Connections

From bering-uClibc
Revision as of 10:52, 12 July 2024 by Davidmbrooke (Talk | contribs) (SixXS: Updated to reflect the sunset of SixXS in 2017)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
IPv6 Networking - External Network Connections
Bering-uClibc 7.x - User Guide Next


Native IPv6

Ethernet (e.g. Cable Modem or ISP-supplied ADSL Router)

If you are fortunate enough to be using Bering-uClibc as a router / firewall with an ISP who provides a native IPv6 connection, or you are using Bering-uClibc as a client (rather than a router) on an IPv6-enabled network then external IPv6 networking will work on Bering-uClibc Release 5.2 onwards. (A relatively recent version of dhcpcd is required to enable DHCPv6 support, and 5.2 will be the first release to incorporate a suitable version.)

By default, file /etc/dhcpcd.conf is set for IPv4-only DHCP behaviour and the configuration file entry ipv4only needs to be commented-out (for dual-stack IPv4 & IPv6) or replaced with ipv6only if DHCPv4 is not required.

Take care to configure Shorewall6 (assuming you are using it) to enable DHCP on the external interface, specifying dhcp in file /etc/shorewall6/interfaces.

There are a significant number of configurable options for DHCPv6 in file /etc/dhcpcd.conf, for example if you wish to configure RFC 3633 IPv6 address Prefix Delegation. See the dhcpcd documentation for further details.

PPPoE

Using IPv6 with a PPPoE connection requires a combination of multiple tools. With IPv4 the PPP Link Control Protocol (LCP) takes care of communicating the IPv4 address, the details of DNS servers etc. to the PPP client but the IPv6 Control Protocol (IPV6CP) described in RFC 2472 will only configure a Link-Local IPv6 address for the PPP client. An alternative mechanism (typically DHCPv6) needs to be used to communicate the other details so it is necessary to run a DHCPv6 client like dhcpcd or dibbler-client on the PPP link and to configure this for IPv6 only to stop it interfering with the IPv4 settings which are typically set using LCP. (It's then also necessary to use a further tool like dnsmasq or radvd to communicate Router Advertisement details to internal networks, if you are running an IPv6 router.)

PPP Configuration

The following assumes an already-working IPv4 PPPoE configuration. As long as your PPP provider supports IPv6 and IPV6CP, the minimal requirement is to switch on IPV6CP support in pppd by adding the following line to file /etc/ppp/options: 

+ipv6

Without this you will get error messages like the following in file /var/log/ppp.log: 

Unsupported protocol 'IPv6 Control Protocol' (0x8057) received

Unlike IPv4, bringing up an IPv6 PPP connection does not create a default route automatically. This can be done by creating a script which runs whenever an IPv6 PPP connection is established. Assuming that Package pppscrpt.lrp has been loaded, create a script called e.g. /etc/ppp/ipv6-up.d/10-defaultroute containing the following: 

#!/bin/sh
/sbin/ip -6 route add default via ${PPP_REMOTE} dev ${PPP_IFACE}

and another called e.g. /etc/ppp/ipv6-down.d/90-defaultroute containing: 

#!/bin/sh
/sbin/ip -6 route del default via ${PPP_REMOTE} dev ${PPP_IFACE}

which should ensure that default routes are created and removed automatically, as required.

DHCPCD Configuration

The following assumes that dhcpcd is not being used for other purposes (in particular not for IPv4) and that you want to grab a block of IPv6 addresses via Prefix Delegation to assign to other networks connected to a router.

Edit /etc/dhcpcd.conf to read something like the following: 

# Turn off IPv4 support
ipv6only

# Generate an RFC 4361-compliant DHCP Unique IDentifier, or read it from /etc/dhcpcd.duid
duid

# Turn on Rapid Commit support
option rapid_commit

# Request details of DNS Servers
option domain_name_servers

# A ServerID is required by RFC2131
require dhcp_server_identifier

# We provide a hook script to lookup the hostname if not set by the DHCP
# server, but we should not run it by default
nohook hostname


# Only operate on the listed interfaces
allowinterfaces ppp0 eth1 eth2

# Turn off IPv6 Router Solicitation globally (so it can be turned back on selectively for individual interfaces)
noipv6rs

# Subsequent lines apply only to interface ppp0
interface ppp0
    # Turn IPv6 Router Solicitation back on for this interface
    ipv6rs

    # Request an address using DHCPv6 for interface ppp0, using iaid 1
    ia_na 1

    # Request a block of IPv6 addresses using DHCPv6 Prefix Delegation via ppp0 (using iaid 2) and
    # allocate a portion of the allocated address range to eth1 (which has sla_id 1) and another portion to eth2 (which has sla_id 2)
    ia_pd 2 eth1/1 eth2/2

IAID stands for Interface Association IDentifier and is a unique way to identify each Interface on a Host (in conjunction with the DUID). SLA_ID stands for Site-Level Aggregation IDentifier and is a unique way to identify each separate subnet at a site (in conjunction with the DUID).

By configuring Router Solicitation on ppp0, this should mean that Router Advertisement packets are requested and - once received - used to configure routing on the ppp0 interface. However there are differences of opinion about whether it is correct to send RA packets on a PPP link, so some ISPs don't, and hence it is best to configure a default route a described in the PPP section above.

It is of course necessary to start and stop dhcpcd when the PPP interface is brought up and taken down, which can be achieved using further scripts in the /etc/ppp/ipv6-up.d/ and /etc/ppp/ipv6-down.d/ directories.

DNSMASQ Configuration

The final link in the chain is to have a Router Advertisement daemon tell clients connected to the various internal networks about the allocated address ranges. Either dnsmasq or radvd can be used to do this. Assuming you already have dnsmasq running for other reasons (IPv4 DHCP, DNS etc.) that is normally the best choice.

Simply add lines like the following to /etc/dnsmasq.conf: 

# Do stateless DHCP, SLAAC, and generate DNS names for SLAAC addresses from DHCPv4 leases
dhcp-range = ::1,constructor:eth1, ra-stateless, ra-names, 4h
dhcp-range = ::1,constructor:eth2, ra-stateless, ra-names, 4h

The "constructor" syntax means that dnsmasq looks at the addresses assigned to the specified interface (by dhcpcd) and advertises routing based on those.

Tunnel from IPv6 Tunnelbroker

SixXS

SixXS used to be a popular provider of IPv6 tunnels, especially in Europe, starting operations in 2000. The aiccu.lrp Package was used to implement the Automatic IPv6 Connectivity Client Utility (AICCU) to provide SixXS connectivity for Bering-uClibc systems.

In 2017, SixXS announced they would no longer provide IPv6 tunnel services - see their 'sunset' web page which includes some nice graphs of usage. They advised users to switch to an ISP that provides native IPv6 connectivity instead.

The aiccu.lrp Package is no longer included in the Bering-uClibc distribution.

Hurricane Electric

TODO


Up Next
Retrieved from "http://bering-uclibc.zetam.org/index.php?title=Bering-uClibc_7.x_-_User_Guide_-_IPv6_Networking_-_External_Network_Connections&oldid=5853"