Many years ago now I setup IPv6 across all my machines, both at home and public servers. Back then (2007), only 1 of my 3 ISPs (Bytemark) was offering any IPv6 support at all, so for my Linode server I used a static tunnel from Hurricane Internet, and for home connectivity a dynamic tunnel from Sixxs. Now, 5 years on, the situation has improved somewhat. Linode offer IPv6 as standard with any virtual machine hosted on their network. I get my home DSL connectivity from UKFSN, who resell Enta.net services and sometime last year I learnt that they are providing IPv6 service to their customers.
In my home network, I used a LinkSys modem for the ADSL PPP login. A separate OpenWRT 54GL provides the LAN/WLAN subnet, and routes traffic to the subnet used by the LinkSys modem. While OpenWRT supports IPv6 very well, my LinkSys modem has zero support. So over the past 5 years, the LinkSys has done the IPv4 PPP login, while the aiccu tunnel daemon on my OpenWRT machine does the IPv6 tunnel login. This was never ideal, but functionally it works fine. With native IPv6 connectivity though, the PPP client is responsible for both IPv4 and IPv6 connectivity. So I faced the problem of how to enable this given, that the LinkSys ADSL modem has zero IPv6 support.
The answer to this conundrum is to move the responsibility for the PPP login off the ADSL modem entirely, by putting it into “Bridged” mode. In such a setup, the modem is solely responsible for negotiating the DSL link on the line. It then forwards all traffic from the DSL link to its LAN port, using the PPPoE (PPP-over-Ethernet) protocol. The OpenWRT box now runs the PPP daemon to establish the IP layer connectivity to the DSL ISP. This sounds complicated, but it is all surprisingly easy to configure.
- On the LinkSys router, find the DSL setup options and change the mode from “PPPoA” to “Bridged”. The loginname/password details are now irrelevant here (and indeed grayed out on my router admin page)
- On the OpenWRT router, edit the /etc/config/network section and add PPPoE config section, taking care to add the ‘ipv6=1’ option. Contrary to instructions from my ISP, I didn’t need to configure any IPv6 address/subnet on the ppp0 interface, it is automatically handled via link-local addresses.
config 'interface' 'wan' option 'ifname' 'eth0.1' option 'proto' 'pppoe' option 'username' 'NNNNNNN@adsllogin.co.uk' option 'password' 'XXXXXXX' option 'defaultroute' '1' option 'peerdns' '1' option 'ipv6' '1'
- Restart networking on the OpenWRT box (/etc/init.d/network restart). If all went to plan the OpenWRT box now has a login to the DSL ISP with both IPv4 and IPv6 connectivity
ppp0 Link encap:Point-to-Point Protocol inet addr:XX.YY.ZZ.AA P-t-P:BB.CC.DD.EE Mask:255.255.255.255 inet6 addr: fe80::XXXX:YYYY::ZZZZ/10 Scope:Link UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1 RX packets:169629 errors:0 dropped:0 overruns:0 frame:0 TX packets:120721 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:3 RX bytes:228671985 (218.0 MiB) TX bytes:11603336 (11.0 MiB)
- Provide IPv6 connectivity to the LAN using RADVD. With OpenWRT this is trivially achieved by editing /etc/config/radvd. UKFSN/Enta provided me with a /56 subnet for local LAN use. I just allocated the first /64 of this to my LAN for now. The rest I will for creating various subnets between virtual machines I test with
config prefix option interface 'lan' option prefix '2001:XXXX:YYYY:ZZZZ::/64' option AdvOnLink 1 option AdvAutonomous 1 option AdvRouterAddr 0 option ignore 0
- Don’t forget to ensure that a firewall is up for the IPv6 link – there’s no NAT to “protect” you, so you want to setup a “deny all” rule for incoming connectivity on the “ppp0” device.
The upshot is that 5 years on from my initial setup, I now have native IPv6 connectivity everywhere. No more IPv6-in-IPv4 tunnels required. I’ve not compared the download speeds of my native IPv6 connection against the Sixxs IPv6 tunnel I used previously, but I can say that the ping times have improved. Previously IPv6 pings were about 10ms slower than IPv4 pings. Now the ping times are identical, which is nice :-)