Enabling IPv6 on a home network

IPv6 is the next generation internet protocol. Currently few ISPs provide it to the customers, and therefore uptake is slow. However if you wish to have access to the IPv6 world now then there are options. If you only have a single machine than a tunnel is fine, but however if you wish to add it to an entire network then you need something more. If you have a spare old machine lying around, or a machine running Linux that is always on, then you can configure that as a router and use it to provide IPv6 to your LAN.

I have IPv6 connectivity to all the machines that are connected to my network. To achieve this, I use an Ubuntu Linux box as a router, which has a tunnel configured. This allows all the computers to connect onto the IPv6 internet transparently. This is a guide on how I did it.

I use sixxs.net as my IPv6 tunnel provider. They provide the use of the aiccu client which allows the configuration and setup of the tunnel automatically. It creates a interface sixxs which is one end of the tunnel. First things first, you need to register an account at sixxs.net. After your account is approved you are able to create an IPv6 tunnel. This will only allow you to connect one machine, but it is essential before you will be able to enable access to other machines. This will take a while to get approved, but once approved you can install the aiccu client. On Ubuntu you can install it using:

sudo apt-get install aiccu

During setup it will ask you to enter information regarding your tunnel, most likely your sixxs.net login information. Once entered it should authenticate and complete the installation. If it hasn’t started automatically, you need to start it.

sudo service aiccu startOr on older version of Ubuntu try sudo /etc/init.d/aiccu start

Then it will configure the tunnel and you should be able to connect to IPv6 sites. You can try this by typing traceroute6 ipv6.google.com. The next thing to do is to provide IPv6 addresses to your network. To do this, you must apply for a Subnet from sixxs. You will receive a /48 subnet, for which you assign /64s to your network. To distribute your prefix announcement onto your network you need something like radvd installed. Again on Ubuntu it is as simple as typing

sudo apt-get install radvd

Now once radvd is installed, you need to edit the configuration file. This is usually stored in /etc/radvd.conf. So open it up and you want to enter the following:

interface eth0
{
  AdvSendAdvert on;
  AdvManagedFlag on;
  prefix 2001:4232:532::/64
  {
    AdvOnLink on;
    AdvAutonomous on;
    AdvRouterAddr on;
  };
};

The prefix is from the subnet that sixxs has assigned you. In this case I was assigned 2001:4232:532::/48, so I chose to use the /64 of this for simple setup.

Now of course your interface that is connected to your IPv4 LAN, so what will now be the interface on your router not connected to IPv6 web, should have a static IP assigned to it. This makes it easier to remember, and use. So I just assigned 2001:4232:523::1 to eth0. I won’t cover how to do this, as it is relatively simple if you have done any networking in Linux before.

You now need to tell the linux kernel that you want it to forward traffic for IPv6. To enable IPv6 forwarding you need to edit /etc/sysctl.conf and add the following lines:

net.ipv6.conf.all.forwarding=1
net.ipv6.conf.default.forwarding=1

Now save this file and reboot. When the machine comes back up, check that aiccu and radvd have started ( I find I always have to start aiccu manually). If this is the case then your other machines should have Global IPv6 addresses assigned to them using the prefix you gave radvd. However I found this was not enough to allow my other machines to connect to the internet. After specifying the default route on the router as the IP at the sixxs end of the tunnel, all traffic from eth0 was then routed out over my tunnel, and all the other machines appeared to have native IPv6 connectivity, and were globally addressable. You therefore need to ensure that your machines have firewalls installed, and if you like setup IPv6 iptables on the router. This is what I have done to filter traffic that is not wanted in the network. Also as your IPv6 address will be based on your MAC Address, you can be easily tracked based on it. Windows by default enabled privacy extensions, but Linux does not. To enable this on your Linux clients edit /etc/sysctl.conf and add these lines:

net.ipv6.conf.wlan0.use_tempaddr=2
net.ipv6.conf.all.use_tempaddr=2
net.ipv6.conf.default.use_tempaddr=2

If you have eth0 then replace wlan0 with eth0 or add an extra line for each different interface. all and default should cover all of them, but I like to specify them individually as well just to be safe. I will write another article regarding IPv6 tables at a later date.