[1108] | 1 | v1.5 1st Sep 2003, Pekka Savola <pekkas@netcore.fi> |
---|
| 2 | |
---|
| 3 | HOW TO SET UP IPV6 WITH 6TO4 |
---|
| 4 | ---------------------------- |
---|
| 5 | |
---|
| 6 | 6TO4 IN SHORT |
---|
| 7 | ------------- |
---|
| 8 | |
---|
| 9 | 6to4 is a method of creating automatic IPv6 tunnels. You can connect to |
---|
| 10 | IPv6 Internet very easily without a need for a manually configured tunnel. |
---|
| 11 | |
---|
| 12 | For every globally unique IPv4 address, there exists a mapping for a |
---|
| 13 | subnettable /48 network (2^16 for subnetting, 2^64 bits for hosts). |
---|
| 14 | |
---|
| 15 | Return route can sometimes be non-optimal, leading to higher round-trip times. |
---|
| 16 | |
---|
| 17 | See below for references and more information. |
---|
| 18 | |
---|
| 19 | ASSUMPTIONS |
---|
| 20 | ----------- |
---|
| 21 | |
---|
| 22 | 1. You're running Red Hat Linux 7.1 or later. |
---|
| 23 | |
---|
| 24 | This is required for correct IPv6 by default settings, and IPv6 being |
---|
| 25 | enabled as a kernel module by default. |
---|
| 26 | |
---|
| 27 | 2. Your initscripts >= 6.02, for 6to4 support. |
---|
| 28 | |
---|
| 29 | 3. You have a static, globally unique IPv4 address. This is not an absolute |
---|
| 30 | requirement, but the only scenario discussed here. |
---|
| 31 | |
---|
| 32 | 4. Protocol 41 (IPv6-in-IPv4) is not being filtered in any IPv4 firewall. |
---|
| 33 | |
---|
| 34 | 5. 'iproute' package is installed. This is used by default for a lot |
---|
| 35 | more powerful tunneling capabilities. |
---|
| 36 | |
---|
| 37 | Note: even though 6to4 was supported with earlier releases of Red Hat Linux, |
---|
| 38 | below it is assumed that the initscripts package version this |
---|
| 39 | document comes with is used. |
---|
| 40 | |
---|
| 41 | INFORMATION NEEDED |
---|
| 42 | ------------------ |
---|
| 43 | |
---|
| 44 | Nothing :-). |
---|
| 45 | |
---|
| 46 | If you want to select a specific relay (rather than automatically |
---|
| 47 | selecting the closest one), you can define it with IPV6TO4_RELAY |
---|
| 48 | using the list below: |
---|
| 49 | |
---|
| 50 | http://www.kfu.com/~nsayer/6to4/ |
---|
| 51 | |
---|
| 52 | SETTING UP THE 6TO4 CONFIGURATION |
---|
| 53 | --------------------------------- |
---|
| 54 | |
---|
| 55 | Now, set up the configuration as follows: |
---|
| 56 | |
---|
| 57 | 1. Enable IPv6 and set 6to4 pseudo-interface as default gateway in |
---|
| 58 | /etc/sysconfig/network: |
---|
| 59 | |
---|
| 60 | echo "IPV6_DEFAULTDEV=tun6to4">> /etc/sysconfig/network |
---|
| 61 | |
---|
| 62 | 2. Edit your outbound (Internet) interface configuration. This can be |
---|
| 63 | e.g. ippp0, ppp0, eth0, or the like. Here, eth1 is used. |
---|
| 64 | |
---|
| 65 | |
---|
| 66 | /etc/sysconfig/network-scripts/ifcfg-eth0: |
---|
| 67 | --- |
---|
| 68 | DEVICE=eth0 |
---|
| 69 | BOOTPROTO=static |
---|
| 70 | ONBOOT=yes |
---|
| 71 | IPADDR=xx.yy.zz.ww [Globally unique IPv4 address] |
---|
| 72 | NETMASK=aa.bb.cc.dd [IPv4 settings up to this point] |
---|
| 73 | |
---|
| 74 | IPV6INIT=yes |
---|
| 75 | IPV6TO4INIT=yes |
---|
| 76 | --- |
---|
| 77 | |
---|
| 78 | Note: [i]ppp - interfaces need to be called in /etc/ppp/ip-up|down.local; |
---|
| 79 | if you are not using local files by yourself, this can easily be done with: |
---|
| 80 | |
---|
| 81 | cd /etc/ppp |
---|
| 82 | ln -s ip-up.ipv6to4 ip-up.local |
---|
| 83 | ln -s ip-down.ipv6to4 ip-down.local |
---|
| 84 | |
---|
| 85 | |
---|
| 86 | USING 6TO4 |
---|
| 87 | ---------- |
---|
| 88 | |
---|
| 89 | 6to4 automatic tunneling is brought up when the interface is brought up. |
---|
| 90 | |
---|
| 91 | You will see your 6to4 address prefix in device tun6to4 when done: |
---|
| 92 | |
---|
| 93 | inet6 addr: 2002:c15e:a001::1/16 Scope:Global |
---|
| 94 | |
---|
| 95 | Note that 'c15e:a001' is the hexadecimal representation of dotted-quad IPv4 |
---|
| 96 | address (IPADDR= above), here '193.94.160.1'. |
---|
| 97 | |
---|
| 98 | NOTE: iproute tools give more reliable data, try e.g. '/sbin/ip addr ls'. |
---|
| 99 | |
---|
| 100 | PROVIDING IPV6 TO YOUR LAN |
---|
| 101 | -------------------------- |
---|
| 102 | |
---|
| 103 | If you want to provide IPv6 for your LAN (e.g. connected on eth1) |
---|
| 104 | using your Linux system as a router, this can be done rather easily with 6to4. |
---|
| 105 | |
---|
| 106 | You will need to enable IPv6 forwarding (IPV6FORWARDING=yes in |
---|
| 107 | /etc/sysconfig/network) and install a router advertisement daemon. One such, |
---|
| 108 | 'radvd' is available in the distribution. |
---|
| 109 | |
---|
| 110 | You must configure the prefix your IPv4 maps to (see tun6to4 above) in |
---|
| 111 | /etc/radvd.conf or use certain automatic hooks. This is not covered here |
---|
| 112 | in detail; see radvd.conf(5) and /etc/sysconfig/network-scripts/ifup-ipv6 |
---|
| 113 | for details. |
---|
| 114 | |
---|
| 115 | Usually the following is enough: |
---|
| 116 | |
---|
| 117 | 1. Make sure that radvd package is installed. |
---|
| 118 | |
---|
| 119 | 2. Configure radvd as outlined in radvd.conf(5); the file could |
---|
| 120 | be something like: |
---|
| 121 | |
---|
| 122 | interface eth1 |
---|
| 123 | { |
---|
| 124 | AdvSendAdvert on; |
---|
| 125 | MinRtrAdvInterval 3; |
---|
| 126 | MaxRtrAdvInterval 10; |
---|
| 127 | prefix 0:0:0:1::/64 |
---|
| 128 | { |
---|
| 129 | Base6to4Interface eth0; |
---|
| 130 | AdvPreferredLifetime 120; |
---|
| 131 | AdvValidLifetime 300; |
---|
| 132 | }; |
---|
| 133 | }; |
---|
| 134 | |
---|
| 135 | 3. Make sure radvd starts at boot and start it now: |
---|
| 136 | |
---|
| 137 | /sbin/chkconfig radvd on |
---|
| 138 | /sbin/service radvd start |
---|
| 139 | |
---|
| 140 | 4. Make the initscripts signal radvd to recalculate the prefix when it |
---|
| 141 | changes: |
---|
| 142 | |
---|
| 143 | /etc/sysconfig/network-scripts/ifcfg-eth0: |
---|
| 144 | |
---|
| 145 | IPV6_CONTROL_RADVD=yes |
---|
| 146 | |
---|
| 147 | 5. Configure the associated routes to other 6to4 subnets to point at |
---|
| 148 | your LAN interfaces; this can be done automatically with |
---|
| 149 | IPV6TO4_ROUTING variable; please refer sysconfig.txt for details. |
---|
| 150 | In the particular example, above, this would be like: |
---|
| 151 | |
---|
| 152 | /etc/sysconfig/network-scripts/ifcfg-eth0: |
---|
| 153 | |
---|
| 154 | IPV6TO4_ROUTING="eth1-:1::0/64" |
---|
| 155 | |
---|
| 156 | However, please note that no global address is configured on the |
---|
| 157 | interface, just a route! |
---|
| 158 | |
---|
| 159 | MORE INFORMATION |
---|
| 160 | ---------------- |
---|
| 161 | |
---|
| 162 | http://www.bieringer.de/linux/IPv6/IPv6-HOWTO/IPv6-HOWTO.html is a good |
---|
| 163 | source of IPv6 related Linux-information. |
---|
| 164 | |
---|
| 165 | ftp://ftp.isi.edu/in-notes/rfc3056.txt ("Connection of IPv6 Domains via IPv4 |
---|
| 166 | Clouds") is the RFC about 6to4. |
---|
| 167 | |
---|
| 168 | ftp://ftp.isi.edu/in-notes/rfc3068.txt ("An Anycast Prefix for 6to4 Relay |
---|
| 169 | Routers") is the RFC about finding a close 6to4 relay automatically. |
---|
| 170 | |
---|
| 171 | http://www.ietf.org/internet-drafts/draft-savola-v6ops-6to4-security-02.txt |
---|
| 172 | ("Security Considerations and Enhancements for 6to4") explains some |
---|
| 173 | security considerations in 6to4. |
---|