Posted on Thu 15 January 2015

IPv6 is relatively easy

It turns out that if your firewall is a full Linux box, adding IPv6 is relatively easy. I suspect that the main barrier to consumer adoption
is the prevalence of crappy home routers.

There are several free IPv6 tunnel services out there if you aren’t among the blessed with ISP support. I’m not. SIXXS seems to be designed to be resistant to abuse, whereas Hurricane Electric wants you to succeed. I’ve run SIXXS tunnels before, but HE was a much smoother process.

Checklist:

  • get an address assigned
  • configure it on your router
  • install radvd on your router
  • set up an ip6tables firewall
  • on each Linux client, add “iface eth0 inet6 auto” or similar. You won’t need
    further config…
  • if you are running a server, check each service to see if you have
    IPv6 compatibility turned on. On Debian, if something seems not to be working
    after you’ve touched the appropriate config, check /etc/default for a “-4”
    or similar.
  • on Mac clients, check Network Preferences=>Advanced=>TCP/IP and look for an
    IPv6 autoconfiguration to turn on.
  • create AAAA address records for servers you want to have reachable from the
    outside world.

Note that IPv6 address autoconfig (SLAAC) will always return the same address for a given MAC. If you change a NIC, you can either force the MAC to be the same as the old one, or update your DNS. (If you don’t run any services at all from that machine, you might not care.)

Finally, you’ll want to go back and adjust your ip6tables firewall to allow the various services you’ve just tested.


© -dsr-. Send feedback or comments via email — by continuing to use this site you agree to certain terms and conditions.

Built using Pelican. Derived from the svbhack theme by Giulio Fidente on github.