IPv6 (Internet Protocol Version Six) is the next generation upgrade to the current standard, IPv4. Adopted by most of the major Cell Phone companies (for their 3g networks) as well as many others, IPv6 looks to solve many of the shortcomings if the current version (IPv4) such as lack of built in security, configuration and routing difficulties, QoS, and most of all, IP address shortages. --TomO'Hern

Learn more about IPv6 at http://en.wikipedia.org/wiki/IPv6

6to4

From http://en.wikipedia.org/wiki/6to4:

• 6to4 (sometimes written 6 to 4) is a system that allows IPv6 packets to be transmitted over an IPv4 network (generally the IPv4 internet) without the need to configure explicit tunnels.

Configuring 6to4 on Ubuntu/Debian

Assuming your public IPv4 address is 72.1.140.203, first figure out what the address is in IPv6-style notation:

$ printf "2002:%02x%02x:%02x%02x::1\n" 72 1 140 203
2002:4801:8ccb::1

Then add the following to /etc/network/interfaces:

auto 6to4
iface 6to4 inet6 v4tunnel
        address 2002:4801:8ccb::1
        netmask 16
        gateway ::192.88.99.1
        endpoint any
        local 72.1.140.203
        post-up echo 1 > /proc/sys/net/ipv6/conf/all/forwarding

Save the file, then run:

$ ifup 6to4
$ ping6 ipv6.google.com
PING ipv6.google.com(2001:4860:b006::67) 56 data bytes
64 bytes from 2001:4860:b006::67: icmp_seq=1 ttl=53 time=200 ms

Configuring 6to4 on DD-WRT v24

Note that IPv6 support is not included in all flavors of DD-WRT. Refer to the table here to find a flavor that will work.

The instructions below have been tested on a WRT54G v2 running DD-WRT v24-sp2 (07/21/09) std-nokaid (SVN revision 12533). The firmware filename was dd-wrt.v24_nokaid_generic.bin.

Note that this version of DD-WRT has several IPv6-related bugs:

• The ipv6 kernel module isn't always loaded on boot, even after enabling IPv6 in the web interface.
• radvd does not automatically start at boot, even after enabling it in the web interface.

A workaround for these problems is included in the shell script below.

1. On the web interface, navigate to Administration -> Management.

2. Under IPv6 Support, set enable both IPv6 and radvd.

3. Under radvd config, paste the following:

   interface br0 { 
           MinRtrAdvInterval 3;
           MaxRtrAdvInterval 10;
           AdvLinkMTU 1280;
           AdvSendAdvert on;
           prefix 0:0:0:1::/64 { 
                   AdvOnLink on; 
                   AdvAutonomous on; 
                   AdvValidLifetime 86400;
                   AdvPreferredLifetime 86400;
                   Base6to4Interface vlan1;
                   AdvRouterAddr on; 
           };
     }; 

4. At the bottom of the page, click Save then Apply Changes.

5. Navigate to Administration -> Commands.

6. Paste the following in the box:

   set -e
   insmod ipv6 || true
   echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
   ip4=$(ip -4 addr show dev vlan1 | awk '/inet / {print $2}' | cut -d/ -f1)
   if [ -n "$ip4" ]; then
     prefix=$(printf '%02x%02x:%02x%02x\n' $(echo $ip4 | sed 's/\./ /g'))
     ip tunnel add 6to4 mode sit remote any local $ip4
     ip link set dev 6to4 up
     ip addr add 2002:$prefix::1/16 dev 6to4
     ip addr add 2002:$prefix:1::1/64 dev br0
     ip -6 route add ::/0 via ::192.88.99.1 dev 6to4 metric 1026
     nvram get radvd_conf | tr -d '\r' > /tmp/radvd.conf
     killall radvd || true
     radvd -C /tmp/radvd.conf &
   fi 

7. Click Save Startup.

8. Reboot (power-cycle) your router.

9. After the router reboots, all of the IPv6-enabled computers on your LAN should have a publicly-routable 6to4 address (beginning with 2002:). To test that everything is working, you can use ping6:

   $ ping6 ipv6.google.com
   PING ipv6.google.com(2001:4860:b006::67) 56 data bytes
   64 bytes from 2001:4860:b006::67: icmp_seq=1 ttl=53 time=200 ms 

More (mostly out of date/broken) information about IPv6 on DD-WRT can be found on their wiki at http://www.dd-wrt.com/wiki/index.php/IPv6.

Configuring 6to4 on OpenWRT Kamikaze

1. Ensure the following modules are installed and loaded:
   • sit, tun, tunnel4, tunnel6, ip6_tunnel, ipv6
2. Install the following init script to setup the 6to4 tunnel:

   /etc/init.d/6to4

   # 2008 weedy2887@gmail.com
   # 2009 crash@neg9.org
   
   START=42
   
   prep() {
           lanif="$(uci -P /var/state get network.lan.ifname)"
           wanif="$(uci -P /var/state get network.wan.ifname)"
           # retrieve the public IPv4 address
           ipv4=$(ifconfig $wanif | grep 'inet addr' | awk '{print $2}' | cut -d':' -f 2)
           # get the IPv6 prefix from the IPv4 address
           ipv6prefix=$(echo $ipv4 | awk -F. '{ printf "2002:%02x%02x:%02x%02x", $1, $2, $3, $4 }')
           # the local subnet (any 4 digit hex number)
           ipv6subnet=1
           
           # The 6to4 relay: here are a few, use the anycast address when possible
           # For others see http://www.kfu.com/~nsayer/6to4/#list or google
           #relay6to4=144.232.8.254 #jakllsch@freenode told me
           #relay6to4=66.117.34.140 # Old Cox?
           # anycast:
           relay6to4=192.88.99.1
           # uni-leipzig.de:
           #relay6to4=139.18.25.33
           # 6to4.ipv6.bt.com
           #relay6to4=194.73.82.244
           # microsoft
           #relay6to4=131.107.33.60
           # japan kddilab.6to4.jp
           #relay6to4=192.26.91.178
   }
   
   start() {
           prep
   
           echo "Creating tunnel interface..."
           ip tunnel add 6to4 mode sit ttl 64 remote any local $ipv4
           echo "Setting tunnel interface up..."
           ip link set dev 6to4 up
           echo "Assigning ${ipv6prefix}::1/16 address to tunnel interface..."
           ip -6 addr add ${ipv6prefix}::1/16 dev 6to4
           echo "Adding route to IPv6 internet on tunnel interface via relay..."
           ip -6 route add 2000::/3 via ::${relay6to4} dev 6to4 metric 1
           echo "Assigning ${ipv6prefix}:${ipv6subnet}::1/64 address to $lanif (local lan interface)..."
           ip -6 addr add ${ipv6prefix}:${ipv6subnet}::1/64 dev $lanif
           echo "Enabling IPv6 forwarding on all interfaces..."
           echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
           echo "Done."
   }
   
   stop() {
           prep
   
           echo "Removing $lanif (internal lan) interface IPv6 address..."
           ip -6 addr del ${ipv6prefix}:${ipv6subnet}::1/64 dev $lanif
           echo "Removing routes to 6to4 tunnel interface..."
           ip -6 route flush dev 6to4
           echo "Setting tunnel interface down..."
           ip link set dev 6to4 down
           echo "Removing tunnel interface..."
           ip tunnel del 6to4
           echo "Removing IPv6 forwarding on all interfaces..."
           echo 0 > /proc/sys/net/ipv6/conf/all/forwarding
           echo "Done."
   }

3. Add the following rule to the firewall configuration, to allow IP Protocol Type 41 (IPv6 encapsulation within IPv4):

   /etc/config/firewall

   config 'rule'
           option 'proto' '41'
           option 'target' 'ACCEPT'

   This ends up becoming the following iptables rule:

   iptables -A input -p ipv6 -j ACCEPT

4. Enable and start the tunnel:

   chmod +x /etc/init.d/6to4
   /etc/init.d/6to4 enable
   /etc/init.d/6to4 start

5. Enable and restart the firewall:

   /etc/init.d/firewall enable
   /etc/init.d/firewall restart

   • You should now have a 2002: IPv6 address on a new interface called '6to4' - check with ip -6 addr show 6to4

   • If all went well, you should be able to access other IPv6 hosts on the Internet - try ping6 ipv6.google.com to test

6. To distribute routable 6to4 IPv6 addresses to clients on the LAN, you must either use a IPv6 DHCP server, or use radvd for stateless auto-configuration (preferred) - below is how to setup radvd:

   1. Install radvd:

      • opkg install radvd

   2. The radvd init script wasn't working at the time of this writing; we'll just write our own and run it via rc.local [Fixes to this are welcome!]

      • Add the following to /etc/radvd.conf:

        interface br-lan {
          MinRtrAdvInterval 3;
          MaxRtrAdvInterval 10;
          AdvLinkMTU 1280;
          AdvSendAdvert on;
          prefix 0:0:0:1::/64 {
           AdvOnLink on;
           AdvAutonomous on;
           AdvValidLifetime 86400;
           AdvPreferredLifetime 86400;
           Base6to4Interface eth0;
           AdvRouterAddr on;
          };
        };

   3. Disable the stock radvd init script:

      • /etc/init.d/radvd disable

   4. Add the following to /etc/rc.local just before the exit 0 line:

      # Start IPV6 router advertisement daemon
      radvd -C /etc/radvd.conf -m stderr_syslog -p /var/run/radvd.pid

7. That should be it - hosts on your LAN should now receive routable 6to4 IPv6 addresses (starting with 2002:) and be able to access and be accessed by other IPv6 hosts on the Internet.

8. It's highly recommended that you add firewall rules to your router to prevent people from accessing your machines - it's much easier to expose all of your machines on the Internet with IPv6 than what we're used to with a single IPv4 address and NAT. Be mindful of this, and configure your firewalls appropriately.

   • You can install the kmod-ip6tables and ip6tables packages and then create IPv6 firewall rules on the router, and/or you can configure your hosts' firewalls as appropriate.

Other Links

PersonalTelco's IPv6 Page

CategoryTerminology CategoryHowTo