Wouldn't it be *so* cool to be on the next generation internet protocol yourself? Take advantage of the 128-bit address space? Use an IPv6 address for every machine you have? Easily reach other machines? This is possible!
IPv6 can be accessed directly, but few ISPs (Internet Service Providers) do support this. So how should you do it? There are 3 different ways:
The last option is a bit slower (and generates more overhead and network traffic), but is cool in the way that you can use is from wherever you are (even behind a router). So we are going to use this option.
However, you need to have a network to connect with... But if you are a friend of the author of this document, you might be lucky (This is the moment that all those google-people can press there BACK buttons, no more info to find here guys ;-)
In this case, you set up an TLS secured tunnel from your PC (client) to a server. Through this tunnel you set up an IPv6 connection, and the server will act as gateway. Since we are using static IPv6 addresses, a reverse connection (IPv6 network -> your PC) will also work, and you can run a public server and access your computer from anywere (with another IPv6 computer). It is even possible to have your own subnet, where one computer in your home-network acts as an IPv6 gateway for all other machines!
Disclaimer: the server I'm connected through myself uses a semi-static IP address. Whenever my ISP decides to change it, all connections will stop working until they are reconfigured. Also IPv6 connectivity is still not a good as IPv4, you may encounter temporarely connection failure. Don't rely on this connection for important things.
First, you will need to have some tools installed on your system, issue the following commands as root:
On Gentoo Linux
# emerge -av iproute2 openvpn iptables |
On Ubuntu/Debian Linux
# apt-get install iproute2 openvpn iptables |
Next you need to enable all necessarily kernel options in order to get this to work. There are here 2 options:
If you do decide to compile your own kernel, follow these instructions, otherwise just skip ahead and keep your fingers crossed ;-)
How to get the sources?
How to get the kernel sources depends on your distribution. For example on Gentoo Linux, you can simply run a:
# emerge -av gentoo-sources |
(or vanilla-sources or any other patch-set you like).
You should first search the internet for the best way to get the kernel-sources. If everything else fails, just download the vanilla sources from Kernel.org, please make sure you download the whole source-tree ('F') and not only a patch-set.
When you have downloaded and extracted the sources, change to the directory containing the sources and run the following command:
# make menuconfig |
Select here ate least the following options (You can either compile them inside the kernel or as modules. When you use modules, please make sure you load 'tun' and 'ipv6' automatically at boot time. Consult your distribution's website and/or forums for more information):
After doing this run a:
# make |
And after this:
# make modules_install # cp arch/x86/boot/bzImage /boot/[name of your kernel] |
NOTE: If you are running an amd64 system, use arch/x86_64/boot/bzImage.
NOTE2: You might need to mount your boot partition first.
Now we have to set up your OpenVPN connection. Issue the following commands (still as root) to install the hofhom.nl 'common' files:
# cd /etc/openvpn # wget http://hofhom.nl/req_ipv6/common.tgz # tar xzf common.tgz # rm -f common.tgz |
After we have done this, it's time to fill in the details.
Next, you have to email me to get the following information:
Just tell me if you have any special requests.
You will recieve some configuration options and a archive file, first install the latter:
# cd /etc/openvpn # tar xzf [path_to_archive]/[archive].tgz |
Now edit the /etc/openvpn/mynet.conf file and configure your connection according to the recieved data. By reading the comments, you can also enable IPv6 NAT and have your own subnet (you will still need to configure other machines on your network to make it actually work)
After this is done, your connection should be set up and it's time to test it. Just fire up OpenVPN (as root):
# openvpn --config /etc/openvpn/openvpn.conf |
If everthing goes allright, you will see after some time something like this:
[openvpn] Initialization Sequence Completed |
Now you can test your connection, just fire up your favorite webbrowser (with IPv6 support) and go to http://ipv6.google.com/. Few people can say they searched with that google ;-)
You might also try http://ipv6.hofhom.nl/ if you don't like google, but be warned: Google is really everywhere....
If you can't connect, but OpenVPN didn't complain, it might be the case that the connection isn't 'ready' yet. I experienced myself that after some time of inactivity, it takes a second or ten to get the connection to work again. This is probably caused by the so called upstream tunneling through the unicast IPv6 upstream tunneling routers, which are used to connect the IPv4 network to the native IPv6 network.
You might also want to test an other browser (f.e. Mozilla Firefox).
Start OpenVPN at boot
This is destribution specific, on Gentoo Linux systems, use:
# rc-update add openvpn default |
Warning: the be sure your internet connection is up when openvpn is started, set rc_depend_strict to "YES" in /etc/rc.conf, or NET_DEPEND_STRICT in /etc/conf.d/rc on pre-OpenRC systems.
It is at this time not known to me how you do something like this in Debian/Ubuntu Linux, please mail me if you know.
Now comes the best thing, configure servers to use IPv6:
Sendmail
Add the following to /etc/mail/senmail.mc:
DAEMON_OPTIONS(`Port=smtp, Name=MTA, Family=inet6')dnl |
After which you run 'make' in the config directory and restart sendmail.
Apache
Edit the following line in /etc/[Apache config dir]/httpd.conf:
Listen *:80 |
And restart apache, this will listed on any address port 80 (including IPv6 addresses)
SSH
Edit the following lines in /etc/ssh/sshd_config:
AddressFamily any ListenAddress 0.0.0.0 ListenAddress :: |
And restart sshd
Xinet.d
Everything that runs through xinet.d automatically uses IPv6!
That's all, good luck, and may the IPv6 protocol win terrain and get more reliable!