It turns out that if your firewall is a full Linux box, adding IPv6 is relatively easy. I suspect that the main barrier to consumer adoption
is the prevalence of crappy home routers.
There are several free IPv6 tunnel services out there if you aren’t among the blessed with ISP support. I’m not. SIXXS seems to be designed to be resistant to abuse, whereas Hurricane Electric wants you to succeed. I’ve run SIXXS tunnels before, but HE was a much smoother process.
- get an address assigned
- configure it on your router
- install radvd on your router
- set up an ip6tables firewall
- on each Linux client, add “iface eth0 inet6 auto” or similar. You won’t need further config…
- if you are running a server, check each service to see if you have IPv6 compatibility turned on. On Debian, if something seems not to be working after you’ve touched the appropriate config, check /etc/default for a “-4” or similar.
- on Mac clients, check Network Preferences=>Advanced=>TCP/IP and look for an IPv6 autoconfiguration to turn on.
- create AAAA address records for servers you want to have reachable from the outside world.
Note that IPv6 address autoconfig (SLAAC) will always return the same address for a given MAC. If you change a NIC, you can either force the MAC to be the same as the old one, or update your DNS. (If you don’t run any services at all from that machine, you might not care.)
Finally, you’ll want to go back and adjust your ip6tables firewall to allow the various services you’ve just tested.