Got IPv6?
7 09 2007One of my current playgrounds is IPv6. I’ve got a few dynamic tunnels via SixXS (via AYIYA) already. Using them with AICCU is a quite simple. Sometimes the bandwidth over the tunnel is even higher than the IPv4 link its tunneled through. Weird thing, maybe some admins don’t apply any traffic shaping to IPv6 connections?
Whatever, yesterday I went a step further and set up my first real subnet (with autoconfiguration). It was actually not too complicated, my home net has IPv6 connection now, routed (and firewalled) by my workstation for now. It is quite straight forward and works currently only with one interface. You’ve got to set IFACE and your PREFIX in /etc/default/sixxs and sudo ./sixxs start eth0 (replace eth0 with your internal interface) should start all the stuff needed. [This paragraph is actually about the script I mentioned a fewlines further down, man was I tired yesterday -- mss]
I first tried to do it via a 6to4 setup. Well, that didn’t work too well. It was actually quite easy to create a small ifupdown script to set up a working 6to4 address. But either m0n0wall’s Protocol 41 NATting is broken, the public 6to4 gateways I tried have some real issue, or the Linux driver is broken. Whetever it is, when the carrying IPv4 packet was fragmented, my machine was not able to reassemble it. Took me a while to find out that its only fragmented packets which didn’t work, about half these sites worked. Wireshark didn’t like the packets either even though they looked good to me. I guess its the NAT which makes troubles, got to check that out when I’m in the mood.
I tried 6to4 instead of the easier SixXS approach first because even though those 24h-DSL-reconnects can be quite annoying, a new IP each 24h offers me at least a little bit of anonymity. When I use my SixXS tunnel everybody can see that it was me (or at least somebody on one of my networks).
Well, in the end I went for the latter solution anyway. Currently I use this little ifupdown script on my workstation to assign the addresses and start the services. If you try it, remember that it works for me and might eat your cat (and will wipe your existing firewall rules).
Most important stuff learned while setting up that stuff:
- When assigning an IPv6 address, always specify a prefix length. Else it will be /128 which is most probably not what you want.
- If you don’t want outgoing connections from your gateway to have the tunnel endpoint address, apply this trick.
- You might want to route the rest of your /48 to lo, see here.
- SixXS is cool, but I still want a 6to4 gateway, will probably have to set up my own.
I got IPv6 a while ago, but I’m using 6to4 with my public IPv4 address. I’m tunnelling either via ssh, openvpn or even ipsec to bring it back to my laptop when I’m not at home/office. It works quite well, and it produces a strange feeling restoring the end to end character of the internet. Cool to know there is more people in apache-land “practicing” it.
Santiago, did you set up your own 6to4 gateway or do you use a public one? On top of the problem with fragmentation my throughput was lot worse with 6to4 than with the SixXS tunnels. Might also be an issue of the (probably) flaky NAT I have in between.
I’m using the anycast one, as in:
I got it to work, but I needed a somehow nasty trick: my linux box thinks the 6to4 tunnel is terminated at my private ipv4, as the cheap router NATs protocol 41. This implies I need to do configuration playing with two different addresses.
Other than this, I’m really happy on how much simpler and cleaner is ipv6 routing, it mostly just works. So I’m using it to expose other machines for ssh access, etc.