IPv6 for my home network




1.1. Intro


This is just a log of the activities to get my home network connected to the IPv6 net.The server uses Opensuse 11.2 as OS.

Starting network setup:


                              /---Client machines
Telekom----FritzBox DSL Router----Server
                                     \-virtual machines




1.2. Getting IPv6 addresses


As soon as your provider does not offer direct IPv6 connect, you have to use a "tunnel" to wrap IPv6 packets into IPv4 packets and send them to a host that has direct IPv6 connectivity - the tunnel endpoint.
So you need a "Tunnel" and a subnet to get your private network connected. There are several organisations that offer free tunnels, tunnel endpoints and subnets. I choosed sixxs.
Create a account there and request a tunnel. In my case i had to use a "AYIYA" tunnel to get over the limitations of my DSL router - it cannot handle IPv6 packets (protocol 41).

Once you have the tunnel, continue to request a subnet.

1.3. Security


Install the Suse standard firewall for the server. The server will be your tunnel endpoint and it will be attackable as soon as ipv6 connectivity is reached. We will configure it later.

1.4. Install and configure aiccu


You can get aiccu for opensuse from http://download.opensuse.org/repositories/network:/utilities. Install it and edit /etc/aiccu.conf. You just have to setup your username and password. Enable startup and start it:

chkconfig -a aiccu
rcaiccu start


Now you should be able to ping a IPv6 address from the server:
ping6 ipv6.google.com


1.5. Address your subnet


Once you have your IPv6 subnet from sixxs, it will get routed to your tunnel endpoint. First you have to enable address distribution to your hosts. This can be easily done with radvd. Install radvd:

zypper in radvd


Configure /etc/radvd.conf:

interface br0
{
  AdvSendAdvert on;
  prefix  2001:4dd0:abcd:1234::/64
  {

  };
};


Whatever subnet you have got from sixxs, you should pick one /64 (=leading 8 bytes) subnet and use it to configure it as prefix.
Here i use br0 as network interface. This is because the server is a xen dom0 host and eth0 is enslaved to the virtual bridge. You usually will use eth0.

In /etc/sysconfig/network/ifcfg-br0 you also have to set one IP of this subnet. Add the line:
IPADDR_IPv6='2001:4dd0:abcd:1234::1/64'


restart network or if you don't want to restart br0 add it manually:

ip addr add 2001:4dd0:abcd:1234::1/64 dev br0


In /etc/sysctl.conf edit:
net.ipv6.conf.all.forwarding = 1


and do it manually:
sysctl net/ipv6/conf/all/forwarding=1


but this is not enough - enable also in /etc/sysconfig/sysctl
IPV6_FORWARD="yes"


Enable and start radvd:

chkconfig -a radvd
rcradvd start


You should now see that all links at the machines get additional IPv6 addresses from your subnet with global scope. But you still cannot use them.

1.6. IPv6 connect your subnet


Edit /etc/sysconfig/SuSEfirewall2 and set:

FW_ROUTE="yes"
FW_FORWARD="2001:4dd0:abcd:1234::/64,::/0"


Restart your firewall and the subnet members should be able to ping6 too! And the members should be protected by the firewall also.