IPv6

[ewx]

This weekend I set up an IPv6 tunnel for my home network (using tunnelbroker.net). The only real difficulties were (i) automatic configuration does not happen on hosts with IP forwarding enabled, and this applies to IPv4 forwarding as well as IPv6 forwarding (ii) automatic configuration and Linux's ethernet bridging don't seem to play very together very reliably.

Having IPv6 of course means that programs might actually use it, and sometimes this can be inconvenient. /etc/gai.conf lets you re-order hostname lookup results but this doesn't seem to be enough to actually stop the IPv6 address being used. Therefore I wrote a little LD_PRELOAD-based utility to completely suppress IPv6 addresses in getaddrinfo() results:

$ telnet ftp.uk.debian.org 80
Trying 2001:470:1f08:80b::2...
Connected to debian.hands.com.
Escape character is '^]'.
^]q

telnet> q
Connection closed.
$ noipv6 telnet ftp.uk.debian.org 80
Trying 83.142.228.128...
Connected to ftp.uk.debian.org.
Escape character is '^]'.
^]q

telnet> q
Connection closed.
$ 

Programs that use other APIs to look up hostnames won't be affected.

It includes a noipv4 program as well.

Get it here. Currently only works on Linux but shouldn't be hard to adapt to other Unix platforms.

Comments

[sweh.livejournal.com]

What problem with you have with autoconfig and bridging? I'm bridging between eth0 and various tunnels (for user-mode-linux instances). The only problem I've seen is that the physical device (eth0) and the bridge have the same MAC address and so have the same link-local fe80:: address, but the autoconfig address only shows up on br0. If I run an ip6 capable kernel for my UML instances then they also correctly autoconfig.

From a bridge perspective I had to redo my ebtables rules 'cos --among-src doesn't work with IPv6 but that was doable.

However I had to stop running IPv6 inside my UMLs because my host is CentOS5.5 and that Linux kernel doesn't properly do ip6tables (I think it needs a 2.6.20 or better kernel) so I wasn't able to properly restrict access from the UML instances to my network; considering I use them as "bastion hosts", proper firewall rules are important :-)

[ewx.livejournal.com]

br0 tends to decide "no IPv6 routers present" on bringing up the interface, at least some of the time. It seems to behave better at reboot than when changing configuration.

[sweh.livejournal.com]

Hmm. I wonder if the order of adding devices to a bridge or even the timing of adding devices is important; could the "router solicitation" packet be sent out before the ethernet device is added, or sent out on the wrong device or...

Hmm.

[kjaneway.livejournal.com]

Oddly enough, getting IPv6 going on the home network (and tunnelled out to HE) was one of my projects this weekend, too. :-)

[ewx.livejournal.com]

Yeah, I think it’s been a popular activity this weekend.

[sweh.livejournal.com]

It was my "Christmas Vacation" play time :-)

[mstevens.livejournal.com]

Why have IPv6 if you don't want to use it?

[ewx.livejournal.com]

Indeed, if you don't want it at all, just don't turn it on.

[mstevens.livejournal.com]

You sounded somewhat keen to get rid of it entirely.

[ewx.livejournal.com]

Is "can sometimes be inconvenient" unclear?

[mstevens.livejournal.com]

I'm currently awaiting a promised dual-stack IPv4/IPv6 router from A&A on pre-order.