I use my Raspberry Pi as a low-cost IPv6 router and tunnel endpoint to provide IPv6 connectivity to my entire home LAN. Using SixXS as my tunnel provider, I configured my Raspberry Pi to be completely LAN-agnostic, which means I don't have to worry about my ISP changing my public IPv4 address. I even can take my Raspberry Pi IPv6 router to friends' houses to make their networks IPv6-capable as well.
IPv6 is the next-generation IP protocol designed to deal with the address exhaustion we are facing with IPv4. IPv6 addresses are 128 bits long, which is enough to address 340,282,366,920,938,000,000,000,000,000,000,000,000 individual devices.
You can do some unique things with IPv6 today. Here's a short list:
Access Google, Facebook and Wikipedia over IPv6.
Avoid using dynamic DNS to access your home/office computers when on the go.
Get IPv6 certification from Hurricane Electric (ipv6.he.net/certification).
Use IPv6-capable equipment for anything from teleconferencing to sensor networks (https://www.sixxs.net/misc/toys).
Watch Star Wars in ASCII over IPv6: Telnet to towel.blinkenlights.nl:23 (technically you can do this over IPv4 as well.)
For a more comprehensive list of what you can do, see https://www.sixxs.net/misc/coolstuff.
There are many ways to get IPv6 connectivity, including getting native support from your ISP or setting up a tunnel using an IPv6 tunnel broker. Because most ISPs are slow to provide native IPv6 support, let's set up a tunnel using SixXS (pronounced “six access”) and a Raspberry Pi. SixXS is a major IPv6 tunnel provider that supports a number of tunneling protocols.
A Raspberry Pi is a low-cost single-board computer that you can obtain for $25 or $35. It runs Linux on its ARM-based processor and is powerful enough to act as an IPv6 router without breaking a sweat. There are many uses for a Raspberry Pi—from a Web server to an XBMC-based media center or a Minecraft gaming rig.
For the purposes of this article, I assume that you have a LAN with a single dynamic IPv4 address from your ISP and that you already have a Raspberry Pi and are running Raspbian, the de facto standard Linux distribution for it. You can find documentation for how to get started with the Raspberry Pi elsewhere (elinux.org/RaspberryPiBoard). I further assume that your Raspberry Pi is a model B, which has a built-in Ethernet port. You certainly can use a Model A, but you will need to add a USB Ethernet or a Wi-Fi USB adapter to it first.
As I mentioned, SixXS supports a few different kinds of tunnel protocols, but we are interested only in one: Anything-In-Anything (AYIYA). This protocol is essentially IPv6 packets wrapped in IPv4/UDP datagrams. It has the nice property that it traverses most NAT setups without any special configuration required on the router. Additionally, when you use AYIYA with SixXS's autoconfiguration client (AICCU), you avoid using any LAN-specific configuration. This means once you have everything set up, you can take your Raspberry Pi IPv6 router anywhere. Just power it up on your friend's LAN, and it instantly becomes IPv6 connected! Let's get started.
1) Register for an account with SixXS (https://www.sixxs.net/signup/create). This is a multistep process (https://www.sixxs.net/faq/account/?faq=10steps) where some steps will require manual approval from one of the SixXS members, but it normally goes pretty quickly. Once you have registered for an account, you can request a tunnel and a subnet. You will need to provide a reason explaining why you want to use IPv6 through SixXS. Provide as detailed a reason as you can, but it might just boil down to “I want to get my local network IPv6-enabled to familiarize myself with how IPv6 works.” Make sure to select AYIYA for the tunnel type.
2) Enable IPv6 routing on your Raspberry Pi:
$ echo "net.ipv6.conf.all.forwarding=1" | ↪sudo tee -a /etc/sysctl.conf $ sudo sysctl -p
3) Once your request is approved, you will have addresses for a tunnel and a subnet. The tunnel address is what your Raspberry Pi will use to communicate with SixXS. You will use the subnet to hand out addresses to the rest of the devices on your LAN. Keep the Tunnel Information page open while you are proceeding with the setup. Be patient. Typically, SixXS reviews tunnel requests within a few hours to a few days.
4) Because every IPv6-capable device on your network immediately will receive a globally accessible IPv6 address, you need to set up a firewall to protect them. Indeed, not all devices (such as printers) come with a firewall, so it is a good idea to limit connectivity to them from the outside world. This is done using a few ip6tables commands:
$ sudo ip6tables -A INPUT -i lo -j ACCEPT $ sudo ip6tables -A INPUT -m conntrack ↪--ctstate RELATED,ESTABLISHED -j ACCEPT $ sudo ip6tables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT $ sudo ip6tables -A INPUT -s 2001:4830:xxxx:xxx::/64 -j ACCEPT $ sudo ip6tables -A INPUT -s 2001:4830:xxxx:Yxxx::/64 -j ACCEPT $ sudo ip6tables -A INPUT -p ipv6-icmp -j ACCEPT $ sudo ip6tables -A INPUT -j DROP $ sudo ip6tables -A FORWARD -m conntrack ↪--ctstate RELATED,ESTABLISHED -j ACCEPT $ sudo ip6tables -A FORWARD -p tcp -m tcp --dport 22 -j ACCEPT $ sudo ip6tables -A FORWARD -s 2001:4830:xxxx:Yxxx::/64 -j ACCEPT $ sudo ip6tables -A FORWARD -p ipv6-icmp -j ACCEPT $ sudo ip6tables -A FORWARD -j DROP
Note that we are letting two IPv6 subnets through: 2001:4830:xxxx:xxx::/64 and 2001:4830:xxxx:Yxxx::/64. The one with the Yxxx is going to be the routed subnet. That's the one the rest of the devices on your network will use. The one with just the xxx will have only two addresses on it: ::1 (the remote end of your tunnel) and ::2 (your Raspberry Pi).
5) Make sure your firewall is enabled at boot time, which is easy. Put the following into /etc/network/if-pre-up.d/ip6tables-load, and make it executable ($ sudo chmod 755 /etc/network/if-pre-up.d/ip6tables-load):
#!/bin/sh ip6tables-restore < /etc/ip6tables.rules exit 0
Now, put the following into /etc/network/if-post-down.d/ip6tables-save and make it executable ($ sudo chmod 755 /etc/network/if-post-down.d/ip6tables-save):
#!/bin/sh
ip6tables-save -c > /etc/ip6tables.rules
if [ -f /etc/ip6tables.downrules ]; then
ip6tables-restore < /etc/ip6tables.downrules
fi
exit 0
For good measure, execute:
$ sudo /etc/network/if-post-down.d/ip6tables-save
6) Now that your firewall is up and running, let's bring up the IPv6 tunnel. All you need to do is install the SixXS client called from the standard Raspbian. The package is called aiccu.
During the installation process, you will be asked a few questions, such as your tunnel ID (for example, T1110xx), your SixXS user name and password and so on. Note that you can set up a tunnel-specific password to avoid having your general SixXS password in plain text on your Raspberry Pi. After the installation is complete, the configuration file will be generated at /etc/aiccu.conf.
After AICCU is installed and running, you will have two new network interfaces available: sit0 and sixxs. sit0 is the IPv6-in-IPv4 tunnel, and sixxs is a virtual Ethernet interface that has the IPv6 tunnel address. You can check for these by running $ ip addr.
At this point, your Raspberry Pi has IPv6 connectivity, which you can check by pinging an IPv6-capable host:
$ ping6 google.com
7) The next step is to provide IPv6 addresses to the rest of your network using the routed subnet. First, edit your /etc/aiccu.conf and enable the “setupscript” option:
-#setupscript /usr/local/etc/aiccu-subnets.sh +setupscript /usr/local/etc/aiccu-subnets.sh
Next, create the script at /usr/local/etc/aiccu-subnets.sh with the following content:
#!/bin/sh ip addr add 2001:4830:xxxx:Yxxx::1/64 dev eth0
where 2001:4830:xxxx:Yxxx::1 is your routed subnet address. Next, restart AICCU. Check the output of $ ip addr, and make sure that 2001:4830:xxxx:Yxxx::1 is an address associated with your eth0 interface.
8) The last step is to install radvd, the router advertising dæmon, and configure it to advertise to your LAN. After the installation is complete, make sure that /etc/radvd.conf has the following content:
interface eth0 {
AdvSendAdvert on;
MinRtrAdvInterval 3;
MaxRtrAdvInterval 10;
prefix 2001:4830:xxxx:Yxxx::/64 {
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr on;
AdvValidLifetime 30;
AdvPreferredLifetime 20;
};
};
Restart radvd, and check that IPv6 is available on other devices on your network. Most modern computers will pick up the change immediately.
Going forward, AICCU will detect any changes to your LAN automatically, such as an updated public IPv4 address from your ISP, and re-adjust the tunnel settings. Your Raspberry Pi is now accessible from anywhere in the world using its IPv6 address at 2001:4830:xxxx:Yxxx::1. Your other devices will get their own public static IPv6 addresses. You can use an IPv6 connectivity test at test-ipv6.com to make sure that everything works.
As an experiment, you can bring your Raspberry Pi to a friend's house to see if you can make the network IPv6-capable there.
Once you get this basic setup up and running, you can build on top of it. For example, you can provide your network with a local caching DNS server that can resolve hostnames over IPv6 by simply installing bind9.
You also can look into other types of tunnels, such as static tunnels, or heartbeat tunnels from SixXS. Or, you could take a look at tunnel providers other than SixXS, such as Hurricane Electric's Tunnel Broker (https://tunnelbroker.net) or the Freenet6 (www.gogo6.com/freenet6).
You can use your Raspberry Pi as a Web server, serving content over IPv6. Apache2 and nginx both support IPv6 out of the box, and many guides are available for turning your Raspberry Pi into a Web server.
Another thing to try is setting up VoIPv6 on your Raspberry Pi with VOVIDA (www.linuxjournal.com/article/7047).
In conclusion, using IPv6 opens up a world of new possibilities and lets you do things you could not do before. Give it a try and have fun.
