Ubuntu下ipv6设置 | 少将全栈
  • 欢迎访问少将全栈,学会感恩,乐于付出,珍惜缘份,成就彼此、推荐使用最新版火狐浏览器和Chrome浏览器访问本网站。
  • 吐槽,投稿,删稿,交个朋友
  • 如果您觉得本站非常有看点,那么赶紧使用Ctrl+D 收藏少将全栈吧

Ubuntu下ipv6设置

点滴 admin 11年前 (2014-04-07) 9007次浏览 已收录 扫描二维码

在能够使用ipv6的网络下(目前教育网大多数是可以的),输入下面的命令,安装isatapd,就可以使用ipv6了:
sudo apt-get install isatapd

查看网络连接:

ifconfig

可以看到,此时ipv6已生效。ubuntu是自动支持ipv6协议的,所以不需要安装ipv6协议,也不需要更多的设置。此时参见我的另外一篇博文,更改hosts文件来访问更多的ipv6站点。

IPv6 Introduction

Internet Protocol version 6 (IPv6) is the successor to the well known IPv4 protocol, commonly known as IP.
Your Ubuntu system comes with all you will need to use IPv6. This
section focuses on getting IPv6 properly configured and running.

In the early 1990s, growth of the Internet led to various problems with IPv4, including:

  • Running out of subnets. This was deferred by conversion to Classless Inter-Domain Routing (CIDR), currently described by RFC4632

  • Running out of addresses. This was deferred by using RFC1918 private address space (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16)
    hiding behind Network Address Translation (NAT) devices, in which a
    single public IPv4 address can be shared by multiple computers, e.g. all
    the users connected through a DSL/Cable modem. But NAT has its own problems. Besides NAT, in some cases during the transition to IPv6, multiple internet connections will share IPv4 addresses via dual-stack-lite. And as of 2011, a growing number of nodes on the Internet only speak ipv6 since unassigned IPv4 addresses started to run out.

  • Routing table were getting too large. This is still a concern today.

IPv6 deals with these and many other issues:

  • 128 bit address space, with a design goal of supporting 240 subnets organizing 250 hosts. While theoretically there are
    340,282,366,920,938,463,463,374,607,431,768,211,456 addresses possible,
    this is unattainable in practice. IPv6 does offer multitudes of
    addresses per person, so we are unlikely to run out again.

  • Each
    computer can have its own globally routable address. There is no need
    for NAT in IPv6, returning us an architecture more similar to the
    peer-to-peer internet of the 1980’s.
  • Smaller
    routing tables. Due to both better geographic and more hierarchical
    allocation strategies, IPv6 subnets currently generate only 1/7th as
    many routes as IPv4 subnets. As IPv4 continues to grow into old age,
    the IPv4 routing table will likely become less stable and less complete
    as it grows beyond the capacity of certain routers on the Internet.
    These routers will be forced to begin filtering out certain IPv4 routes
    believed to be redundant but there is the increasing potential for lost
    traffic as time goes on.

There are also lots of other useful features of IPv6 such as:

  • Address autoconfiguration (RFC2462)
  • Anycast addresses (“one-out-of many”)
  • Mandatory multicast addresses
  • IPsec (IP security)
  • Simplified header structure
  • Mobile IP
  • IPv6-to-IPv4 transition mechanisms

For more information see:

Background on IPv6 Addresses

There are different types of IPv6 addresses: Unicast, Anycast and Multicast.

Unicast
addresses are the well known addresses. A packet sent to a unicast
address arrives exactly at the interface belonging to the address.

Anycast
addresses are syntactically indistinguishable from unicast addresses
but they address a group of interfaces. The packet destined for an
anycast address will arrive at the nearest (in router metric) interface.
Anycast addresses may only be used by routers.

Multicast
addresses identify a group of interfaces. A packet destined for a
multicast address will arrive at all interfaces belonging to the
multicast group.

Note: The IPv4 broadcast address (usuallyxxx.xxx.xxx.255) is expressed by multicast addresses in IPv6.

Reading IPv6 Addresses

The full form is represented as 8 hexquad parcels of 16 bits each written in lower case hexadecimal, separated by colons (:). For example2001:0db8:382b:23c1:aa49:4592:4efe:9982.

Often
an address will have long substrings of all zeros; the longest and
first run of all zero hexquads is abbreviated as a double colon (“::”).
Since :: is variable length, it can only be used once per address.
Leading “0”s are also omitted, up to three per hexquad. For example,fe80::1is the canonical form offe80:0000:0000:0000:0000:0000:0000:0001and2001:db8:b:23c1:49:4592:efe:9982is the canonical form of2001:0db8:000b:23c1:0049:4592:0efe:9982.

A third form is to write the last 32 bits in the well known dotted decimal IPv4 style. For example2002::10.0.0.1corresponds to the (hexadecimal) long representation2002:0000:0000:0000:0000:0000:0a00:0001with canonical form2002::a00:1.

By now the reader should be able to understand the following:

# ip addr 2: eth0: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc pfifo_fast state UP qlen 1000  link/ether 00:25:ad:2c:af:17 brd ff:ff:ff:ff:ff:ff  inet 192.168.1.2/24 scope global eth0  inet6 fe80::225:adff:fe2c:af17/64 scope link  valid_lft forever preferred_lft forever

fe80::225:adff:fe2c:af17of interface eth0 is an autoconfigured link-local address. It is
generated as an IEEE EUI-64 style identifier from the device’s hardware
IEEE EUI-48(MAC) address as part of the autoconfiguration.

For further information on the structure of IPv6 addresses see RFC3513.

Special IPv6 address ranges

Address
ranges are specified using a prefix. This is similar to the IPv4 concept
of a network prefix and netmask, but in IPv6 we always use CIDR
notation to specify the number of bits at the start of the mask that are
1. For example, the address rangefe80::/10includes all addresses that are the same as the addressfe80::in the first 10 bits, i.e. all beginning with the bit pattern1111111010. One hex digit corresponds to four bits:1111isf,1110ise.10is the most significant two bits of1000which is8in hex, but since this length is not a multiple of 4, the range also includes addresses with this digit set to9(1001),a(1010) andb(1011). Obviously a network prefix of length 128 specifies an individual address.

IPv6 address

Prefix length (bits)

Description

Notes

::

128

unspecified

Used for default route and router solicitations. cf.0.0.0.0in IPv4

::1

128

loopback address

cf.127.0.0.1in IPv4

::ffff:a.b.c.d

96

IPv4 mapped IPv6 address

The lower 32 bits are the IPv4 address. Used in socket API’s to represent IPv4 hosts.

fe80::

10

link-local

Unroutable autoconfigured addresses used on a LAN, e.g. for DHCPv6

fc00::

7

unique local

Addresses used only within an autonomous system, unroutable globally. Cf. RFC 1918 addresses such as used in NAT.

ff00::

8

multicast

2000::

3

global unicast

All global unicast addresses currently begin with 2.

Some IPv6 address prefixes have been deprecated, and should no longer be used.

deprecated IPv6 address

Prefix length (bits)

Description

Notes

3ffe::

16

6bone prefix

Used 1998-2006.

::a.b.c.d

96

embedded IPv4

96 zero bits followed by 32 IPv4 bits. Also called “IPv4 compatible IPv6 address”. Replaced by mapped addresses.

fec0::

10

site-local

Replaced by Unique Local Addresses

Some address prefixes are special use:

special IPv6 address

Prefix length (bits)

Description

Notes

2001:db8::

32

documentation examples

Not to be routed.

2001:0::

32

Teredo tunnels

the remaining bits come from a Teredo server and the client NAT device.

2002::

16

6to4 tunnels

the next 32 bits are the client IPv4 address

Getting Connected

Here you have more than one option:

Native IPv6 connections

Contact your
Internet Service Provider to see if they offer IPv6 yet. Only a few
Internet Service Providers (ISP) currently offer native IPv6 service,
though by 2015 probably all of them will.

If
your uplink involves a wifi router or broadband modem, those devices
will need to support IPv6. Cable-Modems need to support DOCSIS 3.0 or
2.0+IPv6. As of 2010, very few DSL-Modems support IPv6; this will
change by 2012.

If
your hardware or ISP does not support native IPv6, which is the best
kind, you might still be able to use IPv6 tunneled over IPv4 instead.

Tunneled IPv6

If your
uplink only passes IPv4 traffic, you will need to tunnel your IPv6
traffic to a compatible relay somewhere. Most tunnels use IPv4 protocol
41 encapsulation (6in4), where the data payload is just the IPv6 packet
itself. Not all firewalls and NATs can properly pass protocol 41.
Alternatively providers might provide AYIYA or TSP tunnels which send
their tunneled packets over UDP, which is generally accepted by most
firewalls and supported by most NATs Note: ICMP is protocol 1, IGMP is protocol 2, TCP is protocol 6, UDP is protocol 17.

point to point tunnels

Various companies and organizations provide free IPv6 in IPv4 tunneling.

6to4 tunnels

  • Tunnel via 6to4 (RFC3068).
    Your firewall has to pass protocol 41 (IPv6 in IP) and you need a
    global, public IPv4 address. The relay address is the special anycast
    destination 192.88.99.1 or a relay that is local; your IPv6 address uses
    the special 2002::/16 prefix. A good script to bring a 6to4 tunnel up
    or down can be found at anyweb

UDP over NAT tunnels

  • AYIYA or TSP from the above providers
  • The Teredo protocol client is the Miredo package. It can be used by dual-stack clients on private IPv4
    addresses behind NAT routers or firewalls which don’t pass protocol 41.
    Your IPv6 address uses the special 2001:0::/32 prefix.

Get connected with Hurricane Electric

First you need to register on the TunnelBroker.net Website. You will be emailed your username and password. Login and in
the User Functions Box on the left side click the Create Regular Tunnel
link. Put in your IPv4 address and Select a server close to you. Go to
the tunnel details page. Rungksudogedit/etc/network/interfacesand add the following, editing as directed by the comments:

auto he-ipv6 iface he-ipv6 inet6 v4tunnel  endpoint 216.218.226.238  address  2001:470:a:d29f::2  netmask  64  up ip -6 route add default dev he-ipv6  down ip -6 route del default dev he-ipv6

Replace
the endpoint setting (216.218.226.238) with the Server IPv4 address
field from the tunnel details page and the address setting
(2001:470:a:d29f::2) with Client IPv6 address field from the tunnel
details page. Save the file.

Right
click on the network manager icon in the tray and click Edit
Connections. Select the connection to your local network and click Edit.
Go to the IPv6 Settings tab and set the Method to Manual. Click Add.
For the address put the first address in your Routed 64. (In this
example it would be 2001:470:a:d29f::1 .) For the prefix put in 64. For
the gateway, put in the address from the “Client IPv6 address” of the
tunnel details page (in this example it would be 2001:470:a:d29f::2).
Click apply.

Runsudoifuphe-ipv6and you should have IPv6 connectivity.

To configure your box to give out addresses to the LAN from your /64, see Configure your Ubuntu box as an IPv6 router.

Get connected with SixXS

First you
need an account on the SixXS Website. Please consider that they manually
approve your information and that you should provide them with correct
data about you. The system is very easy to use. For the creation of your
account you are going to receive some credit points. You can then use
these credits for requesting new tunnels and subnets. A tunnel costs you
15 credits. If you are able to use the requested tunnels you are going
to receive 10 Credits after a week.

You need to perform the following steps:

  1. Create an account
  2. Request a tunnel

    • 2.1. Wait for tunnel approval
  3. Request a subnet

    • 3.1. Wait for subnet approval

The approval of your requests are done manually, so be patient. Normally you will receive the approval within the hour.

Note: If you only want to connect one computer, you can skip Step 3 and
perform subsections “Synchronize with a timeserver” and “Install aiccu”.

After your tunnel and the subnet are approved, you should have received an email like the following:

Dear Generic User,  The SixXS Staff have honored your request for a subnet on the following tunnel: -------  PoP Name     : chzrh01 (ch.thermelec [AS20932])  Subnet IPv6  : 2001:xxxx:xxxx::/48  Routed to    : 2001:xxxx:xxxx:xx::2/64  Your IPv4    : ayiya -------  Please visit your home on the website for more information and options regarding this subnet.  Regards,  The SixXS tunnelrobot.

Note: The addresses suplied in this howto are fakes. Please use your
addresses supplied in your e-mail. Otherwise you will not have a working
network. This means replace2001:xxxx:xxxx::/48with your address!

Subnet IPv6: This is the address of your /48 subnet routed to you. We need this
address later to configure the prefix of the Router Advertising daemon
and for your Routers local IPv6 network address. For a local subnet only
/64 subnet should be used. Because of that we configure radvd with a
/64 bit prefix and also the network interface.

Routed to: This is the address of your sixxs tunnel interface.

Your IPv4: If you have no static IPv4 address, ayiya should stand here. Otherwise your public IPv4 address.

Replace
also eth0 with the name of the network interface connected to your
local network. The command line tool ip is your friend if you do not
know.

Synchronize with a timeserver

If you have
no ntp daemon installed to keep your time synchronised. Then install
openntpd or any other ntp daemon you want. This is because we are going
to install aiccu, the IPv6 auto tunneling daemon, from SixXS. The tunnel
will not work if the time difference of your clock is bigger than 120
seconds.

Install aiccu

aiccu is the SixXS client application. If aiccu runs in the daemon mode, it
will make sure your tunnel endpoint is always up to date due to the
heartbeat protocol, this thus allows one to have a dynamic IPv4
endpoint. Note that AICCU is only needed for heartbeat and AYIYA tunnels. Static tunnels can be configured using interfaces(5).

Install aiccu:

sudo aptitude install aiccu

The installer will automatically prompt for username, password, and the tunnel_id you want to configure.

Note: If you don’t know the tunnel_id then go to http://www.sixxs.net/home/ and check your tunnel information.

Note: The Tunnel id should also be in your “Tunnel Approval” email.

Configure local network interface

We also
have to configure the local network interface with an IPv6 address. I
prefer an easy to memorize address for my router so I choose2001:xxxx:xxxx::1. According the information I got from sixxs, this is the First address I can use. Open the config file/etc/network/interfaceswith an editor and add:

iface eth0 inet6 static  address 2001:xxxx:xxxx::1  netmask 64

Note: replace eth0 with the interface name you used in the/etc/radvd.confconfig file.

To configure your box to give out addresses to the LAN from your /64, see Configure your Ubuntu box as an IPv6 router.

Reboot or restart services

You can
simply reboot now if you want that all changes taking effect or if this
is not an option because you run other services that are needed run:

  1. Restart network

sudo ip link set eth0 down  sudo ip link set eth0 up

  1. Let aiccu configure your tunnel

sudo /etc/init.d/aiccu restart

So
that’s really all. You should now be able to connect to the IPv6
internet with every IPv6 capable client automatically. See section
“Conclusion” for testing.

Get connected with freenet6 / TSP

Tunnel
Setup Protocol (TSP) is a signalling protocol used to negotiate tunnel
setup parameters between two tunnel end-points. This protocol is most
commonly used to create IPv6-In-IPv4 tunnels, allowing a person to use
IPv6 on his native IPv4 network.

TSPC
(client) starts an end-to-end tunnel with the TSP server(tunnel
broker). After negotiation of tunnel setup parameters has been done the
software goes into daemon mode and maintains the tunnel alive.

Gogo6

Like it was
mentioned above, TSPC requires a TSP Server (tunnel broker) to work.
The default configuration file is ready for you to use your tunnel,
however, it’s configured for anonymous access only, which has a few
limitations.

I recommend registering on GOGO6. The following sections of this page will be dedicated to those who created an account there.

TSP in Ubuntu

The client software is called tspc in Intrepid and earlier, gw6c in Karmic and Lucid, and gogoc from Maverick onwards and is available on official repositories.

Configuring TSPC

Configuration file: /etc/gogoc/gogoc.conf Configuration file: /etc/gw6c/gw6c.conf Configuration file: /etc/tsp/tspc.conf

On this configuration file there are three things that we need to change (username, password and server).

Locate
the username field and change it to the information you entered on the
Go6.net website. Do the same for the password field.

As
for the server, the one used by default (anon.freenet6.net) is used
only for anonymous accounts. Since we registered an account we will have
to use broker.freenet6.net for our tunnel to work.

Testing the tunnel

Check /var/log/tspc.log to see if any errors were reported. This will only work for tspc. For gogoc or gw6c,
you will need to edit the configuration file and set log_file to a
value between 1 and 3, with 3 being the most verbose. The log file will
then be /var/log/gogoc.log or /var/log/gw6c.log respectively.

For a network test using ping6 see the “Conclusion” section

Configure your Ubuntu box as a IPv6 router

  1. Edit/etc/sysctl.conf

Uncomment the line which containsnet.ipv6.conf.default.forwarding=1. This is a common step to enable IPv6 routing.

You can learn how to install and enable DHCPv6 on your network here.

Alternatively,
if you want to use radvd which will advertise your prefix and let the
network’s systems select their own IP address:

  1. Install radvd

sudo aptitude install radvd

  1. Edit/etc/radvd.conf(see following sample)

Note: If the computer is only routing IPv6, then only uncomment
net.ipv6.conf.default.forwarding=1 and leave the IPv4 stuff unchanged.

Note: /etc/radvd.conf: This file does not exist after a fresh install. You
can look at the sample configuration files in
usr/share/doc/radvd/examples/ for further studies.

Sample/etc/radvd.conf:

interface eth0 {  AdvSendAdvert on;  prefix 2001:xxxx:xxxx::/64  {  AdvOnLink on;  AdvAutonomous on;  }; };

eth0 is the interface which is used for the Router Advertising messages
(RAs). If you are not sure about the interface, check with ttip
addr/tt on the command line.

The prefix you have to take from the information given by SixXS or Hurricane Electric.

Restart the router advertising daemon to propagate your IPv6 address space

sudo /etc/init.d/radvd restart

Now
router should automatically send “Router Advertising Messages” to your
network and your IPv6 clients should auto configure them self.

Get connected with Miredo

Ubuntu includes a package named miredo that can tunnel IPv6 through IPv4 connections. Miredo is an
implementation of Teredo, which is a way to tunnel IPv6-traffic over
IPv4-UDP-traffic. As IPv4-UDP will pass NAT-devices, miredo will work
behind most NAT-devices. A further advantage of miredo/teredo is that
you don’t need to define tunnel-endpoints or tunnel-accounts: just
activate miredo, and you’ll have IPv6 connectivity.

Install miredo:

sudo aptitude install miredo

After
this command, you should see an IPv6 address beginning with “2001:0:”
in your network settings (use ’ip addr’). If so, you’re connected to the
IPv6 world.

For more information, see the miredo package information.

IPv6 enabled software and services

The basic
unix tools normally have ipv6 support. Network tools like “ping” or
“traceroute” have a IPv6 companion like “ping6” or “traceroute6”. Tools
like ssh are working out of the box.

Web

Almost
every web browser I know can communicate over IPv6. There are a lot of
IPv6 enabled Websites out there, but they are sometimes hard to find.
For a start you can search with ipv6.google.com or see the dancing “Kame” on kame.net. More links are available at Gogo6, SixXS or sixy.ch.

IRC

IRSSI supports IPv6 as well as our favorite IRC network (Freenode).

IRSSI needs to be configured to prefer IPv6 to IPv4. In order to do this, please use the command /SET resolve_prefer_ipv6 ON when on IRSSI. As for Freenode, connect to ipv6.chat.freenode.net to
test your new IPv6 tunnel or choose another server from their IRC Servers list

Troubleshooting

If you get a “Not starting gogoc – no server key” error, see http://gogonet.gogo6.com/forum/topics/ubuntu-not-starting-gogoc-no or http://www.tumblr.com/tagged/gogoc

Conclusion

You should now be able to ping and surf IPv6 enabled sites like ipv6.google.com or http://www.kame.net. For a ping performping6ipv6.google.com.
It’s a good idea to think about firewalling within your clients,
because all clients have now a public reachable IPv6 IP. In Ubuntu this
is also an very easy task with the new UbuntuFirewall (ufw or uncomplicated firewall), just edit /etc/default/ufw to have IPV6=yes and reload the firewall to get started.

Have fun!!!

ufw and Routing

To allow routing you need to uncoment the following lines in /etc/ufw/sysctl.conf

 net/ipv6/conf/default/forwarding=1  net/ipv6/conf/all/forwarding=1

If you only want outgoing connections you also need to change

DEFAULT_FORWARD_POLICY="DROP"

in /etc/default/ufw and add the following lines to /etc/ufw/before6.rules

 -A ufw6-before-forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT  -A ufw6-before-forward -i eth0 -o sixxs -m conntrack --ctstate NEW -j ACCEPT

where eth0 is your internal interface.

IPv6 on APT Repositories

IPv6 is
available on Canonical-maintained APT repositories including
security.ubuntu.com and archive.ubuntu.com as of 2013 March 12. See Launchpad bug report and RT ticket (SSO login required).

Disabling IPv6

The Ubuntu Community wiki has instructions on disabling IPv6.

Some people chose to do this because of primarily two issues:

  • DNS server dropping queries for AAAA records
  • Broken
    IPv6 connectivity. This is less of a problem with Happy Eyeballs, but
    nonetheless can cause problems when certain network configuration is
    beyond the control of the end user. Whenever possible, you should
    attempt to correct the source of the broken IPv6 connectivity instead of
    disabling IPv6.

See the article for more details.

Copyright Notice

The IPv6
introduction was largely copied and modified from the FreeBSD Handbook.
Copyright 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004,
2005, 2006, 2007, 2008 The FreeBSD Documentation Project.


CategoryDocumentation

喜欢 (0)
[🍬谢谢你请我吃糖果🍬🍬~]
分享 (0)
关于作者:
少将,关注Web全栈开发、项目管理,持续不断的学习、努力成为一个更棒的开发,做最好的自己,让世界因你不同。