| View previous topic :: View next topic |
| Author |
Message |
jhon987
Apprentice
Joined: 18 Nov 2013
Posts: 297
|
 Posted: Fri Aug 11, 2017 4:13 pm Post subject: Gentoo server not reachable through ipv6 |
 |
|
Can someone please explain the steps needed for a gentoo server to be accessible through an ipv6 address?
I read the guide about ipv6 router which explains a bit about forwarding (https://wiki.gentoo.org/wiki/IPv6_router_guide) but what about incoming connections? the networking guide (https://wiki.gentoo.org/wiki/Handbook:X86/Full/Networking) doesn't really get in details regarding ipv6.
My web host has documentation for other Linux distros (https://www.vultr.com/docs/configuring-ipv6-on-your-vps) but none of these files exists in gentoo.
At the moment when I try: ping6 -c 3 2001:.... I only get the following from my local machine:
| Code: | | connect: Network is unreachable |
through ssh though:
| Code: | | 3 packets transmitted, 3 received, 0% packet loss, time 2087ms |
What am I missing?
(the IP address referred to is the one with 'global' flag shown in ifconfig) |
|
| Back to top |
|
 |
Tony0945
Watchman
Joined: 25 Jul 2006
Posts: 5127
Location: Illinois, USA
|
| Posted: Fri Aug 11, 2017 5:28 pm Post subject: |
|
|
| Are you sure your ISP provides ipv6 service? Mine doesn't. |
|
| Back to top |
|
|
NeddySeagoon
Administrator
Joined: 05 Jul 2003
Posts: 54237
Location: 56N 3W
|
| Posted: Fri Aug 11, 2017 6:36 pm Post subject: |
|
|
jhon987,
First, check connectivity out from both ends.
| Code: | $ ping6 google.com
PING google.com(lhr35s01-in-x0e.1e100.net) 56 data bytes
64 bytes from lhr35s01-in-x0e.1e100.net: icmp_seq=1 ttl=57 time=17.6 ms
64 bytes from lhr35s01-in-x0e.1e100.net: icmp_seq=2 ttl=57 time=17.6 ms |
On you server, /etc/conf.d/net needs to look like
| Code: | # make sure use use iproute2
modules="iproute2"
config_eth0="5.x.y.z netmask 255.255.255.224 brd 5.x.y.z
2a01:dead:beef:c::2/64"
routes_eth0="default via 5.x.y.z
default via fe80::1" |
You need to use an IP address from the /64 you have been allocated, not the fake one above
This gets you a routing table like
| Code: | $ ip -6 route show dev eth0
2a01:dead:beef:c::/64 proto kernel metric 256 pref medium
fe80::/64 proto kernel metric 256 pref medium
ff00::/8 metric 256 pref medium
default via fe80::1 metric 2 pref medium |
If you add your server to /etc/hosts, or point an AAAA record to it you can ssh by name.
Otherwise ssh -6 2a01:dead:beef:c::2 should work.
You may need to discover the router you are connected to with a router discovery message.
_________________
Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
| Back to top |
|
|
eccerr0r
Watchman
Joined: 01 Jul 2004
Posts: 9679
Location: almost Mile High in the USA
|
| Posted: Fri Aug 11, 2017 7:43 pm Post subject: |
|
|
Oddly enough, when my router advertised that it has IPV6/SLAAC, Gentoo and I suspect NDS automatically generated a public IPV6 address for each of my machines. How are you setting up IPV6 - is your ISP routing an IPV6 address space to you router via 6rd or otherwise? Things should just work real easy as it is if router discovery/SLAAC is enabled on the router.
Or are you planning on doing tunneling to a broker like Hurricane or Freenet6? If you're doing the tunneling on the machine you want to access ipv6, then this can get a bit more involved...
_________________
Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching? |
|
| Back to top |
|
|
jhon987
Apprentice
Joined: 18 Nov 2013
Posts: 297
|
| Posted: Fri Aug 11, 2017 8:54 pm Post subject: |
|
|
@Tony0945 I suspect you've touched the bone of contention.
@NeddySeagoon as always your experienced advice are priceless
@eccerr0r just like Tony0945 you've hit the target at the bull's eye.
So, I recall I've red somewhere years ago that in order to use IPv6 I need an ISP that supports it. Now, I thought that only applies to my router/connection having an ipv6 address, didn't thought it also applies to me visiting ipv6 external IPs. All of your comments made me realize I'm probably wrong.
I know my ISP doesn't support IPv6 at the moment (or for the very least I'm not getting such support), so that's probably the issue here.
I've tried pinging google.com as per @NeddySeagoon advice yet I received:
| Code: | $ ping6 google.com
connect: Network is unreachable |
which seems to me is the answer to my question.
So, I gather that nowadays even if my ISP doesn't supports it I could still enable IPv6 through tunneling or through my router or via Unicast Addresses (http://www.funtoo.org/IPv6_Networking). Do you guys have any recommendation which one I should use? (I only need it for testing purposes...) |
|
| Back to top |
|
|
NeddySeagoon
Administrator
Joined: 05 Jul 2003
Posts: 54237
Location: 56N 3W
|
| Posted: Fri Aug 11, 2017 9:31 pm Post subject: |
|
|
jhon987,
You need an IPv6 over IPv4 tunnel because you need an IPv6 path through your ISP that doesn't provide IPv6.
Your IPv6 has to get to the internet somehow.
First step is to phone your ISP and see if you can get IPv6.
Then your router needs to support it.
If you can't get native IPv6 you need a tunnel.
To host servers over a tunnel you need a static far end IPv6 address.
You can play on your own LAN with the link address or get a bit more adventurous with site local addresses.
link address need an IPv6 transparent switch, they are not routable. Site local addresses need an IPv6 aware router, (if you want to route them)
_________________
Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
| Back to top |
|
|
eccerr0r
Watchman
Joined: 01 Jul 2004
Posts: 9679
Location: almost Mile High in the USA
|
| Posted: Fri Aug 11, 2017 11:55 pm Post subject: |
|
|
It's actually kind of funny with me.
Normally my ISP wants me to have a fairly late model router that supports IPV6. Eventually I was able to get one from a thrift shop, and thus IPV6 worked for me.
At that point I was trying to get my pfSense router to work on my network as it has a neat LCD that shows me system status. I sort of didn't quite understand ipv6 at that point and my pfSense router seems to sometimes botch up ipv6 since it too was advertising as a IPV6 router, and probably depending on luck of the draw, it would or wouldn't work.
However, one day, that IPV6 ISP router died, and I had to revert back to an IPV4 router. I assumed IPV6 was now just a memory. Turns out I was wrong. I had more or less copied off my ISP's 6rd tunnel endpoint configuration onto my pfSense router, and after mucking with a bit, pfSense started routing ipv6 properly and thus enjoying it once more.
The pfSense router now handles both ipv4 NAT and ipv6 SLAAC/routing.
Someday I should set up the 6RD routing on one of my vhosts - that pfSense 1U rackmount box is quite noisy...
_________________
Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching? |
|
| Back to top |
|
|
jhon987
Apprentice
Joined: 18 Nov 2013
Posts: 297
|
| Posted: Sat Aug 12, 2017 5:47 am Post subject: |
|
|
| Thanks |
|
| Back to top |
|
|
|
Networking & Security
