diff options
Diffstat (limited to 'doc/ipv6-6to4.howto')
| -rw-r--r-- | doc/ipv6-6to4.howto | 173 |
1 files changed, 173 insertions, 0 deletions
diff --git a/doc/ipv6-6to4.howto b/doc/ipv6-6to4.howto new file mode 100644 index 00000000..131f4ce4 --- /dev/null +++ b/doc/ipv6-6to4.howto @@ -0,0 +1,173 @@ +v1.5 1st Sep 2003, Pekka Savola <pekkas@netcore.fi> + +HOW TO SET UP IPV6 WITH 6TO4 +---------------------------- + +6TO4 IN SHORT +------------- + +6to4 is a method of creating automatic IPv6 tunnels. You can connect to +IPv6 Internet very easily without a need for a manually configured tunnel. + +For every globally unique IPv4 address, there exists a mapping for a +subnettable /48 network (2^16 for subnetting, 2^64 bits for hosts). + +Return route can sometimes be non-optimal, leading to higher round-trip times. + +See below for references and more information. + +ASSUMPTIONS +----------- + +1. You're running Red Hat Linux 7.1 or later. + + This is required for correct IPv6 by default settings, and IPv6 being + enabled as a kernel module by default. + +2. Your initscripts >= 6.02, for 6to4 support. + +3. You have a static, globally unique IPv4 address. This is not an absolute + requirement, but the only scenario discussed here. + +4. Protocol 41 (IPv6-in-IPv4) is not being filtered in any IPv4 firewall. + +5. 'iproute' package is installed. This is used by default for a lot + more powerful tunneling capabilities. + +Note: even though 6to4 was supported with earlier releases of Red Hat Linux, +below it is assumed that the initscripts package version this +document comes with is used. + +INFORMATION NEEDED +------------------ + +Nothing :-). + +If you want to select a specific relay (rather than automatically +selecting the closest one), you can define it with IPV6TO4_RELAY +using the list below: + +http://www.kfu.com/~nsayer/6to4/ + +SETTING UP THE 6TO4 CONFIGURATION +--------------------------------- + +Now, set up the configuration as follows: + +1. Enable IPv6 and set 6to4 pseudo-interface as default gateway in + /etc/sysconfig/network: + + echo "IPV6_DEFAULTDEV=tun6to4">> /etc/sysconfig/network + +2. Edit your outbound (Internet) interface configuration. This can be + e.g. ippp0, ppp0, eth0, or the like. Here, eth1 is used. + + +/etc/sysconfig/network-scripts/ifcfg-eth0: +--- +DEVICE=eth0 +BOOTPROTO=none +ONBOOT=yes +IPADDR=xx.yy.zz.ww [Globally unique IPv4 address] +NETMASK=aa.bb.cc.dd [IPv4 settings up to this point] + +IPV6INIT=yes +IPV6TO4INIT=yes +--- + + Note: [i]ppp - interfaces need to be called in /etc/ppp/ip-up|down.local; + if you are not using local files by yourself, this can easily be done with: + + cd /etc/ppp + ln -s ip-up.ipv6to4 ip-up.local + ln -s ip-down.ipv6to4 ip-down.local + + +USING 6TO4 +---------- + +6to4 automatic tunneling is brought up when the interface is brought up. + +You will see your 6to4 address prefix in device tun6to4 when done: + + inet6 addr: 2002:c15e:a001::1/16 Scope:Global + +Note that 'c15e:a001' is the hexadecimal representation of dotted-quad IPv4 +address (IPADDR= above), here '193.94.160.1'. + +NOTE: iproute tools give more reliable data, try e.g. '/sbin/ip addr ls'. + +PROVIDING IPV6 TO YOUR LAN +-------------------------- + +If you want to provide IPv6 for your LAN (e.g. connected on eth1) +using your Linux system as a router, this can be done rather easily with 6to4. + +You will need to enable IPv6 forwarding (IPV6FORWARDING=yes in +/etc/sysconfig/network) and install a router advertisement daemon. One such, +'radvd' is available in the distribution. + +You must configure the prefix your IPv4 maps to (see tun6to4 above) in +/etc/radvd.conf or use certain automatic hooks. This is not covered here +in detail; see radvd.conf(5) and /etc/sysconfig/network-scripts/ifup-ipv6 +for details. + +Usually the following is enough: + +1. Make sure that radvd package is installed. + +2. Configure radvd as outlined in radvd.conf(5); the file could + be something like: + + interface eth1 + { + AdvSendAdvert on; + MinRtrAdvInterval 3; + MaxRtrAdvInterval 10; + prefix 0:0:0:1::/64 + { + Base6to4Interface eth0; + AdvPreferredLifetime 120; + AdvValidLifetime 300; + }; + }; + +3. Make sure radvd starts at boot and start it now: + + /sbin/chkconfig radvd on + /sbin/service radvd start + +4. Make the initscripts signal radvd to recalculate the prefix when it + changes: + + /etc/sysconfig/network-scripts/ifcfg-eth0: + + IPV6_CONTROL_RADVD=yes + +5. Configure the associated routes to other 6to4 subnets to point at + your LAN interfaces; this can be done automatically with + IPV6TO4_ROUTING variable; please refer sysconfig.txt for details. + In the particular example, above, this would be like: + + /etc/sysconfig/network-scripts/ifcfg-eth0: + + IPV6TO4_ROUTING="eth1-:1::0/64" + + However, please note that no global address is configured on the + interface, just a route! + +MORE INFORMATION +---------------- + +http://www.bieringer.de/linux/IPv6/IPv6-HOWTO/IPv6-HOWTO.html is a good +source of IPv6 related Linux-information. + +ftp://ftp.isi.edu/in-notes/rfc3056.txt ("Connection of IPv6 Domains via IPv4 +Clouds") is the RFC about 6to4. + +ftp://ftp.isi.edu/in-notes/rfc3068.txt ("An Anycast Prefix for 6to4 Relay +Routers") is the RFC about finding a close 6to4 relay automatically. + +http://www.ietf.org/internet-drafts/draft-savola-v6ops-6to4-security-02.txt +("Security Considerations and Enhancements for 6to4") explains some +security considerations in 6to4. |