Trying IPv6 on your home network

image

I have long wanted to feel what it is. A lot of news related to ipv6 flashes on the Internet. World launch day is approaching, last year’s testing day I somehow missed. Anyway, the future lies with him, and I think it's better to be ahead than to catch up later.
And a recent article on Haber finally encouraged me to study this issue from my own experience.


Given: a home server router on Ubuntu Server 11.10, a desktop computer and a netbook on Kubuntu 11.10, and a mobile phone on Android. Theoretically, all of this can ipv6, let's see what happens in practice.

Tunnel installation and tuning through Hurricane Electric can be done according to many instructions on the Internet, for example, on the article mentioned above. As a result, we have: a fully configured server that communicates with both ipv4 and ipv6. Devices on the network receive a prefix from radvd and configure the address for themselves, but the DNS server address must be specified with pens and the most important “but” - all devices on the network reconnect once every 1-2 minutes, which does not affect web surfing, but ICQ immediately banned for too frequent connection attempts. We will look for a solution, as well as understand how it all works.

I will try to retell the principle of how ipv6 address assignment works in human language:

Link-local addresses that IPv6 network hosts assign to themselves using their MAC address and the standard fe80 :: prefix, this is understandable and we are not interested at the moment.

Next, the host using this link-local address sends a request to the network in search of a router ( Router Solicitation ) and if there is a router there it will respond ( Router Advertisement ), but here there are two ways:
1. If the router is just a router, then it sends to response network prefix. Next, the host itself assigns an address using this prefix and its MAC address and adds a default route to this router.
2.And if the router is also DHCPv6, then another address assignment process, similar to DHCPv4, starts.

This is affected by the Managed Address Configuration Flag (M) bit in the Router Advertisement response.
There is also the Other Stateful Configuration Flag (O) bit that says whether other parameters should be received, for example, routes, DNS server address, NTP address, etc.

Radvd can only do the first option, for everything else you need a full-fledged DHCPv6 server. On my network there is already dnsmasq which deals with the distribution of addresses and forwarding dns requests. But unfortunately he does not know how to ipv6. Or can? The latest version of dnsmasq 2.60 can both Router Advertisement and DHCPv6. Fine!
There is no fresh version in Ubuntu repositories, only 2.59, we download from the Debian Unstable repository. One new dependency is added there, it can be installed from the native repository. Disable radvd, but rather completely delete. We read man and add the following to the /etc/dnsmasq.conf config: Of course, you can use not the whole / 64 subnet, but a smaller one, but let it be fun, especially since the address generation algorithm is different, trickier, and not in a row as in DHCPv4. We restart dnsmasq, restart the network on the client and voila, everyone got both the address and the route and the DNS address equal to the address of the router. We check, everything works, aaaa.test-ipv6.com opens. DNS on the router is available at both v4 and v6 addresses. Fine!

sudo apt-get install libnetfilter-conntrack3
sudo dpkg -i dnsmasq-base_2.60-2_i386.deb




enable-ra
dhcp-range=2001:470:aaab:aaaa::2, 2001:470:aaab:aaaa:ffff:ffff:ffff:ffff, 64, 12h






We pick up an Android phone. Sadness. It does not receive IPv6. We find out that Android is not able to receive the address from DHCPv6, absolutely , no version. We read man further and add the following to the dnsmasq.conf config: Now our dnsmasq responds with two Router Advertisement, one with the M and O flags set, and the other with the reset flags. An Android phone only accepts the second, but linux clients accept both, and therefore receive two addresses each. But it’s not scary, I think. One of them dnsmasq remembers (issued by DHCPv6) and you can access clients by name. But the phone, alas, will receive only the address, it will only know the DNS with the ipv4 name (192.168.1.1). By the way, theoretically there is a configuration M = 0, O = 1, the so-called DHCPv6 stateless

dhcp-range=2001:470:aaab:aaaa::, ra-only, 64, 12h


when addresses are assigned automatically, and other parameters are obtained from DHCPv6, but I'm not sure that dnsmasq can do this, Android will accept it, and names on the network will not interfere. There is also a “crutch” RDNSS ( Router Advertisement Options for DNS Configuration ). Radvd can do it on the server side, and rdnssd needs to be installed on clients, including on Windows. For Android, it still won’t help, he doesn’t know how to do it either.

Disable ipv4 and look for where we have problems with service configs. Either we replace the addresses with names, or add ipv6 to the ipv4 addresses. From a desktop computer, all services are accessible via ipv6, but there were problems on the netbook. The NFS ball is mounted using autofs , and there is apparently a bug in it and it does not resolve the server name via ipv6. If justmount do then mount successfully.
We are returning the normal Internet, for ipv6 is so far poor, google only search, Wikipedia only through sixxs.net, several radio stations, several trackers. We look forward to June 6th.

Configuring the ip 6 tables firewall is no different from iptables, only -t nat POSTROUTING is missing. Well, I added a pass for some ICMPv6 packets inside, so that you can ping from the outside.

What did we get? # 1 Ready for World IPv6 Launch Home Networking and invaluable experience .

Also popular now: