1 | v1.5 1st Sep 2003, Pekka Savola <pekkas@netcore.fi> |
---|
2 | |
---|
3 | HOW TO SET UP IPV6 WITH 6TO4 |
---|
4 | ---------------------------- |
---|
5 | |
---|
6 | 6TO4 IN SHORT |
---|
7 | ------------- |
---|
8 | |
---|
9 | 6to4 is a method of creating automatic IPv6 tunnels. You can connect to |
---|
10 | IPv6 Internet very easily without a need for a manually configured tunnel. |
---|
11 | |
---|
12 | For every globally unique IPv4 address, there exists a mapping for a |
---|
13 | subnettable /48 network (2^16 for subnetting, 2^64 bits for hosts). |
---|
14 | |
---|
15 | Return route can sometimes be non-optimal, leading to higher round-trip times. |
---|
16 | |
---|
17 | See below for references and more information. |
---|
18 | |
---|
19 | ASSUMPTIONS |
---|
20 | ----------- |
---|
21 | |
---|
22 | 1. You're running Red Hat Linux 7.1 or later. |
---|
23 | |
---|
24 | This is required for correct IPv6 by default settings, and IPv6 being |
---|
25 | enabled as a kernel module by default. |
---|
26 | |
---|
27 | 2. Your initscripts >= 6.02, for 6to4 support. |
---|
28 | |
---|
29 | 3. You have a static, globally unique IPv4 address. This is not an absolute |
---|
30 | requirement, but the only scenario discussed here. |
---|
31 | |
---|
32 | 4. Protocol 41 (IPv6-in-IPv4) is not being filtered in any IPv4 firewall. |
---|
33 | |
---|
34 | 5. 'iproute' package is installed. This is used by default for a lot |
---|
35 | more powerful tunneling capabilities. |
---|
36 | |
---|
37 | Note: even though 6to4 was supported with earlier releases of Red Hat Linux, |
---|
38 | below it is assumed that the initscripts package version this |
---|
39 | document comes with is used. |
---|
40 | |
---|
41 | INFORMATION NEEDED |
---|
42 | ------------------ |
---|
43 | |
---|
44 | Nothing :-). |
---|
45 | |
---|
46 | If you want to select a specific relay (rather than automatically |
---|
47 | selecting the closest one), you can define it with IPV6TO4_RELAY |
---|
48 | using the list below: |
---|
49 | |
---|
50 | http://www.kfu.com/~nsayer/6to4/ |
---|
51 | |
---|
52 | SETTING UP THE 6TO4 CONFIGURATION |
---|
53 | --------------------------------- |
---|
54 | |
---|
55 | Now, set up the configuration as follows: |
---|
56 | |
---|
57 | 1. Enable IPv6 and set 6to4 pseudo-interface as default gateway in |
---|
58 | /etc/sysconfig/network: |
---|
59 | |
---|
60 | echo "IPV6_DEFAULTDEV=tun6to4">> /etc/sysconfig/network |
---|
61 | |
---|
62 | 2. Edit your outbound (Internet) interface configuration. This can be |
---|
63 | e.g. ippp0, ppp0, eth0, or the like. Here, eth1 is used. |
---|
64 | |
---|
65 | |
---|
66 | /etc/sysconfig/network-scripts/ifcfg-eth0: |
---|
67 | --- |
---|
68 | DEVICE=eth0 |
---|
69 | BOOTPROTO=static |
---|
70 | ONBOOT=yes |
---|
71 | IPADDR=xx.yy.zz.ww [Globally unique IPv4 address] |
---|
72 | NETMASK=aa.bb.cc.dd [IPv4 settings up to this point] |
---|
73 | |
---|
74 | IPV6INIT=yes |
---|
75 | IPV6TO4INIT=yes |
---|
76 | --- |
---|
77 | |
---|
78 | Note: [i]ppp - interfaces need to be called in /etc/ppp/ip-up|down.local; |
---|
79 | if you are not using local files by yourself, this can easily be done with: |
---|
80 | |
---|
81 | cd /etc/ppp |
---|
82 | ln -s ip-up.ipv6to4 ip-up.local |
---|
83 | ln -s ip-down.ipv6to4 ip-down.local |
---|
84 | |
---|
85 | |
---|
86 | USING 6TO4 |
---|
87 | ---------- |
---|
88 | |
---|
89 | 6to4 automatic tunneling is brought up when the interface is brought up. |
---|
90 | |
---|
91 | You will see your 6to4 address prefix in device tun6to4 when done: |
---|
92 | |
---|
93 | inet6 addr: 2002:c15e:a001::1/16 Scope:Global |
---|
94 | |
---|
95 | Note that 'c15e:a001' is the hexadecimal representation of dotted-quad IPv4 |
---|
96 | address (IPADDR= above), here '193.94.160.1'. |
---|
97 | |
---|
98 | NOTE: iproute tools give more reliable data, try e.g. '/sbin/ip addr ls'. |
---|
99 | |
---|
100 | PROVIDING IPV6 TO YOUR LAN |
---|
101 | -------------------------- |
---|
102 | |
---|
103 | If you want to provide IPv6 for your LAN (e.g. connected on eth1) |
---|
104 | using your Linux system as a router, this can be done rather easily with 6to4. |
---|
105 | |
---|
106 | You will need to enable IPv6 forwarding (IPV6FORWARDING=yes in |
---|
107 | /etc/sysconfig/network) and install a router advertisement daemon. One such, |
---|
108 | 'radvd' is available in the distribution. |
---|
109 | |
---|
110 | You must configure the prefix your IPv4 maps to (see tun6to4 above) in |
---|
111 | /etc/radvd.conf or use certain automatic hooks. This is not covered here |
---|
112 | in detail; see radvd.conf(5) and /etc/sysconfig/network-scripts/ifup-ipv6 |
---|
113 | for details. |
---|
114 | |
---|
115 | Usually the following is enough: |
---|
116 | |
---|
117 | 1. Make sure that radvd package is installed. |
---|
118 | |
---|
119 | 2. Configure radvd as outlined in radvd.conf(5); the file could |
---|
120 | be something like: |
---|
121 | |
---|
122 | interface eth1 |
---|
123 | { |
---|
124 | AdvSendAdvert on; |
---|
125 | MinRtrAdvInterval 3; |
---|
126 | MaxRtrAdvInterval 10; |
---|
127 | prefix 0:0:0:1::/64 |
---|
128 | { |
---|
129 | Base6to4Interface eth0; |
---|
130 | AdvPreferredLifetime 120; |
---|
131 | AdvValidLifetime 300; |
---|
132 | }; |
---|
133 | }; |
---|
134 | |
---|
135 | 3. Make sure radvd starts at boot and start it now: |
---|
136 | |
---|
137 | /sbin/chkconfig radvd on |
---|
138 | /sbin/service radvd start |
---|
139 | |
---|
140 | 4. Make the initscripts signal radvd to recalculate the prefix when it |
---|
141 | changes: |
---|
142 | |
---|
143 | /etc/sysconfig/network-scripts/ifcfg-eth0: |
---|
144 | |
---|
145 | IPV6_CONTROL_RADVD=yes |
---|
146 | |
---|
147 | 5. Configure the associated routes to other 6to4 subnets to point at |
---|
148 | your LAN interfaces; this can be done automatically with |
---|
149 | IPV6TO4_ROUTING variable; please refer sysconfig.txt for details. |
---|
150 | In the particular example, above, this would be like: |
---|
151 | |
---|
152 | /etc/sysconfig/network-scripts/ifcfg-eth0: |
---|
153 | |
---|
154 | IPV6TO4_ROUTING="eth1-:1::0/64" |
---|
155 | |
---|
156 | However, please note that no global address is configured on the |
---|
157 | interface, just a route! |
---|
158 | |
---|
159 | MORE INFORMATION |
---|
160 | ---------------- |
---|
161 | |
---|
162 | http://www.bieringer.de/linux/IPv6/IPv6-HOWTO/IPv6-HOWTO.html is a good |
---|
163 | source of IPv6 related Linux-information. |
---|
164 | |
---|
165 | ftp://ftp.isi.edu/in-notes/rfc3056.txt ("Connection of IPv6 Domains via IPv4 |
---|
166 | Clouds") is the RFC about 6to4. |
---|
167 | |
---|
168 | ftp://ftp.isi.edu/in-notes/rfc3068.txt ("An Anycast Prefix for 6to4 Relay |
---|
169 | Routers") is the RFC about finding a close 6to4 relay automatically. |
---|
170 | |
---|
171 | http://www.ietf.org/internet-drafts/draft-savola-v6ops-6to4-security-02.txt |
---|
172 | ("Security Considerations and Enhancements for 6to4") explains some |
---|
173 | security considerations in 6to4. |
---|