10.5. IPV6

IPv6, successor to IPv4, is a new version of the IP protocol designed to fix its flaws, most notably the scarcity of available IP addresses. This protocol handles the network layer; its purpose is to provide a way to address machines, to convey data to their intended destination, and to handle data fragmentation if needed (in other words, to split packets into chunks with a size that depends on the network links to be used on the path and to reassemble the chunks in their proper order on arrival).

Debian kernels include IPv6 handling in the core kernel (with the exception of some architectures that have it compiled as a module named ipv6). Basic tools such as ping and traceroute have their IPv6 equivalents in ping6 and traceroute6, available respectively in the iputils-ping and iputils-tracepath packages.

The IPv6 network is configured similarly to IPv4, in /etc/network/interfaces. But if you want that network to be globally available, you must ensure that you have an IPv6-capable router relaying traffic to the global IPv6 network.

例 10.10. Example of IPv6 configuration

  1. iface eth0 inet6 static
  2. address 2001:db8:1234:5::1:1
  3. netmask 64
  4. # Disabling auto-configuration
  5. # autoconf 0
  6. # The router is auto-configured and has no fixed address
  7. # (accept_ra 1). If it had:
  8. # gateway 2001:db8:1234:5::1

IPv6 subnets usually have a netmask of 64 bits. This means that 264 distinct addresses exist within the subnet. This allows Stateless Address Autoconfiguration (SLAAC) to pick an address based on the network interface’s MAC address. By default, if SLAAC is activated in your network and IPv6 on your computer, the kernel will automatically find IPv6 routers and configure the network interfaces.

This behavior may have privacy implications. If you switch networks frequently, e.g. with a laptop, you might not want your MAC address being a part of your public IPv6 address. This makes it easy to identify the same device across networks. A solution to this are IPv6 privacy extensions (which Debian enables by default if IPv6 connectivity is detected during initial installation), which will assign an additional randomly generated address to the interface, periodically change them and prefer them for outgoing connections. Incoming connections can still use the address generated by SLAAC. The following example, for use in /etc/network/interfaces, activates these privacy extensions.

例 10.11. IPv6 privacy extensions

  1. iface eth0 inet6 auto
  2. # Prefer the randomly assigned addresses for outgoing connections.
  3. privext 2

TIP Programs built with IPv6

Many pieces of software need to be adapted to handle IPv6. Most of the packages in Debian have been adapted already, but not all. If your favorite package does not work with IPv6 yet, you can ask for help on the debian-ipv6 mailing-list. They might know about an IPv6-aware replacement and could file a bug to get the issue properly tracked.

http://lists.debian.org/debian-ipv6/

IPv6 connections can be restricted, in the same fashion as for IPv4: the standard Debian kernels include an adaptation of netfilter for IPv6. This IPv6-enabled netfilter is configured in a similar fashion to its IPv4 counterpart, except the program to use is ip6tables instead of iptables.

10.5.1. Tunneling

CAUTION IPv6 tunneling and firewalls

IPv6 tunneling over IPv4 (as opposed to native IPv6) requires the firewall to accept the traffic, which uses IPv4 protocol number 41.

If a native IPv6 connection is not available, the fallback method is to use a tunnel over IPv4. Gogo6 is one (free) provider of such tunnels:

http://www.gogo6.com/freenet6/tunnelbroker

To use a Freenet6 tunnel, you need to register for a Freenet6 Pro account on the website, then install the gogoc package and configure the tunnel. This requires editing the /etc/gogoc/gogoc.conf file: userid and password lines received by e-mail should be added, and server should be replaced with authenticated.freenet6.net.

IPv6 connectivity is proposed to all machines on a local network by adding the three following directives to the /etc/gogoc/gogoc.conf file (assuming the local network is connected to the eth0 interface):

  1. host_type=router
  2. prefixlen=56
  3. if_prefix=eth0

The machine then becomes the access router for a subnet with a 56-bit prefix. Once the tunnel is aware of this change, the local network must be told about it; this implies installing the radvd daemon (from the similarly-named package). This IPv6 configuration daemon has a role similar to dhcpd in the IPv4 world.

The /etc/radvd.conf configuration file must then be created (see /usr/share/doc/radvd/examples/simple-radvd.conf as a starting point). In our case, the only required change is the prefix, which needs to be replaced with the one provided by Freenet6; it can be found in the output of the ifconfig command, in the block concerning the tun interface.

Then run service gogoc restart and service radvd start, and the IPv6 network should work.