Bering-uClibc 5.x - User Guide - IPv6 Networking - External Network Connections

From bering-uClibc
Revision as of 12:40, 22 December 2014 by Davidmbrooke (Talk | contribs) (PPPoE: - Minor wording changes)

Jump to: navigation, search
IPv6 Networking - External Network Connections
Bering-uClibc 5.x - User Guide Next


Native IPv6

Ethernet (e.g. Cable Modem or ISP-supplied ADSL Router)

If you are fortunate enough to be using Bering-uClibc as a router / firewall with an ISP who provides a native IPv6 connection, or you are using Bering-uClibc as a client (rather than a router) on an IPv6-enabled network then external IPv6 networking will work on Bering-uClibc Release 5.1.3 onwards. (A relatively recent version of dhcpcd is required to enable DHCPv6 support, and 5.1.3 was the first release to incorporate a suitable version.)

By default, file /etc/dhcpcd.conf is set for IPv4-only DHCP behaviour and the configuration file entry ipv4only needs to be commented-out (for dual-stack IPv4 & IPv6) or replaced with ipv6only if DHCPv4 is not required.

Take care to configure Shorewall6 (assuming you are using it) to enable DHCP on the external interface, specifying dhcp in file /etc/shorewall6/interfaces.

There are a significant number of configurable options for DHCPv6 in file /etc/dhcpcd.conf, for example if you wish to configure RFC 3633 IPv6 address Prefix Delegation. See the dhcpcd documentation for further details.

PPPoE

Using IPv6 with a PPPoE connection requires a combination of multiple tools. With IPv4 the PPP Link Control Protocol (LCP) takes care of communicating the IPv4 address, the details of DNS servers etc. to the PPP client but the IPv6 Control Protocol (IPV6CP) described in RFC 2472 will only configure a Link-Local IPv6 address for the PPP client. An alternative mechanism (typically DHCPv6) needs to be used to communicate the other details so it is necessary to run a DHCPv6 client like dhcpcd or dibbler-client on the PPP link and to configure this for IPv6 only to stop it interfering with the IPv4 settings which are typically set using LCP. (It's then also necessary to use a further tool like dnsmasq or radvd to communicate Router Advertisement details to internal networks, if you are running an IPv6 router.)

PPP Configuration

The following assumes an already-working IPv4 PPPoE configuration. As long as your PPP provider supports IPv6 and IPV6CP, the minimal requirement is to switch on IPV6CP support in pppd by adding the following line to file /etc/ppp/options:

+ipv6

Without this you will get error messages like the following in file /var/log/ppp.log:

Unsupported protocol 'IPv6 Control Protocol' (0x8057) received

DHCPCD Configuration

TODO

Tunnel from IPv6 Tunnelbroker

SixXS

AICCU Package

If you use SixXS as your IPv6 tunnelbroker, you will probably want to install the aiccu.lrp Package, which provides AICCU, the Automatic IPv6 Connectivity Client Utility.

AICCU makes it easy for users to get IPv6 connectivity. After having requested an account, tunnel and optionally a subnet, AICCU can be used to automatically configure the tunnel. AICCU supports TIC (Tunnel Information & Control protocol), which it uses for retrieving the tunnel configuration information, AYIYA, which allows tunnels to be created even behind firewalls and NAT's.

The procedure to configure Bering-uClibc 5.x is as follows:

  • Make sure you have the tun kernel Module loaded. Note that this relies on the crc32 kernel Module, which should be automatically loaded in most setups anyway.
  • Configure Shorewall to accept the SixXS tunnel traffic. Add the following to /etc/shorewall/rules:
SixXS(ACCEPT)   fw      net
  • Install the aiccu.lrp Package and configure it using lrcfg.
    • Specify your own username and password.
    • Specify the relevant protocol and server. For example:
protocol tic
server tic.sixxs.net
  • Start the aiccu daemon:
svi aiccu start
  • Check for error messages in /var/log/syslog
  • If all is well, you should have a new network interface called "sixxs" which is effectively the IPv6 equivalent of your external IPv4 interface (e.g. eth0 or ppp0).
  • In the event of problems you may find the "test" mode of the "aiccu" command useful for diagnosis.

Workaround for Fast-Changing Public IPv4 Addresses

Although AICCU supports tunnels via non-static IPv4 addresses, we have found that tunnels via DSL-providers (like T-DSL connections in Germany), that change the IP address in an 24-hour-interval, do not work reliably. A workaround is to add the script below, named as 0aiccu, to /etc/ppp/ip-up-d. It restarts aiccu after ppp has re-established the pppoe connection.

#!/bin/sh
if pidof aiccu
       then /etc/init.d/aiccu stop
fi
while  pidof aiccu ; do
  sleep 15;                                                                 
  pidof aiccu;
done
/etc/init.d/aiccu start

IPv6 DNS Servers

Most IPv4 DNS servers will happily serve out IPv6 "AAAA" address records, so normally it is adequate to use IPv4 for DNS even when using IPv6 for other protocols. However, in case some sites only provide full IPv6 DNS services over IPv6 it can be useful to include some IPv6 DNS servers, usually alongside IPv4 DNS servers.

SixXS provide a recursive DNS cache service over IPv6 as detailed on the SixXS website.

Note: As per the warning on the SixXS site, the AICCU utility needs to resolve the IPv4 address of tic.sixxs.net at startup, which will not be possible if your only DNS servers are only accessible via the AICCU tunnel (unless you have a static, public IPv4 address and a static tunnel).

There are three separate DNS cache servers, one for each continent:

  • nscache.eu.sixxs.net - Europe
  • nscache.us.sixxs.net - United States
  • nscache.ap.sixxs.net - Asia Pacific

An entry for the IPv6 address(es) of the relevant local resolver (found using e.g. dig AAAA nscache.eu.sixxs.net can either be added directly to /etc/resolv.conf or, if you are using the dhcpcd Package, it can be added to /etc/resolv.conf.head so that it is included at the start of the automatically-generated /etc/dhcpc/resolv.conf which is then typically referenced by the dnsmasq Package as described on the dnsmasq page. An example of suitable contents for /etc/resolv.conf.head for a system located in Europe might be:

nameserver 2001:14b8:0:3401::6
nameserver 2001:7b8:3:4f:202:b3ff:fe46:bec

Since the Bering-uClibc 4.0 release, file /etc/resolv.conf.head is backed up automatically when the configuration is saved so this no longer needs to be added to the "local" Package.

Hurricane Electric

TODO



Up Next