So, it’s time to write something about IPv6. I had a spare evening and implemented IPv6 on the LAN (trusted) side of my network.<\/p>\n
But, where to begin? Well, I thought it might be handy to start with a private address space. Luckily there are a lot of online generators which will randomly (according to RFC4193) get one for you.<\/p>\n
Some of those sites are: In this writing I will use fd0c:8d8:10d3::\/48 as IPv6 space, fd0c:8d8:10d3:abba::\/64 as subnet and fd0c:8d8:10d3:abba::10 – fd0c:8d8:10d3:abba::ff as host addresses.<\/p>\n I used all three of them to start to understand the basics of the address space.<\/p>\n Next step was to assign some of those addresses to my hosts to get it working. In my setup I chose to direct configure DHCP to manage ‘my’ address space. I already have a IPv4 DHCP server running but if you don’t install it first. O yes, if you want to allow Windows hosts, also install radvd (router advirtesement daemon).<\/p>\n My system is currently running CentOS 7 and therefor I used yum to install radvd:<\/p>\n Ok, we have the necessary packages, start configuring some stuff.<\/p>\n Let’s start with configuring the hosts IPv6 address:<\/p>\n Next step is to configure DHCP:<\/p>\n Next we configure radvd:<\/p>\n And finally we need to start both services. Using CentOS 7 the syntax is:<\/p>\n And because it is just fun I liked to configure DNS since entering IPv6 addresses is not really fun to do a lot. In my case I already have a DNS server running so only the IPv6 specifics are listed here.<\/p>\n To get a good starting reverse zone file visit http:\/\/rdns6.com\/zone<\/a>. If we just fill in our network and hosts and press the generate butten we get a nice zone file:<\/p>\n Note that I use the fd0c:08d8:10d3:abba::\/64 (including subnet) to generate the zonefile.<\/p>\n The forward lookup zone can be altered to include two AAAA (quad A records):<\/p>\n After configuring DNS we need to restart it:<\/p>\n Well, that’s about it.<\/p>\n Wait, I almost forgot one thing… DHCP is not working because ip6tables is in place… I still need to figure out the relation between firewalld and ip6tables but to just let it work I decided to temporary disable the ip6 rules:<\/p>\n Ok, from this point I (in fact my client host) was able to contact the DHCP server and obtained a lease.<\/p>\n Result from a Windows host:<\/p>\n So, it’s time to write something about IPv6. I had a spare evening and implemented IPv6 on the LAN (trusted) side of my network. But, where to begin? Well, I thought it might be handy to start with a private address space. Luckily there are a lot of online generators which will randomly (according to … [Read more…]<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[4],"tags":[9,16,11],"_links":{"self":[{"href":"https:\/\/www.lambiek.eu\/blog\/wp-json\/wp\/v2\/posts\/159"}],"collection":[{"href":"https:\/\/www.lambiek.eu\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.lambiek.eu\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.lambiek.eu\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.lambiek.eu\/blog\/wp-json\/wp\/v2\/comments?post=159"}],"version-history":[{"count":10,"href":"https:\/\/www.lambiek.eu\/blog\/wp-json\/wp\/v2\/posts\/159\/revisions"}],"predecessor-version":[{"id":180,"href":"https:\/\/www.lambiek.eu\/blog\/wp-json\/wp\/v2\/posts\/159\/revisions\/180"}],"wp:attachment":[{"href":"https:\/\/www.lambiek.eu\/blog\/wp-json\/wp\/v2\/media?parent=159"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.lambiek.eu\/blog\/wp-json\/wp\/v2\/categories?post=159"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.lambiek.eu\/blog\/wp-json\/wp\/v2\/tags?post=159"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\nhttp:\/\/www.simpledns.com\/private-ipv6.aspx<\/a>
\nhttps:\/\/www.ultratools.com\/tools\/rangeGenerator<\/a>
\nhttp:\/\/unique-local-ipv6.com\/<\/a><\/p>\n\r\n============================================================================================================================\r\n Package Arch Version Repository Size\r\n============================================================================================================================\r\nInstalling:\r\n radvd x86_64 1.9.2-7.el7 base 85 k\r\n\r\nTransaction Summary\r\n============================================================================================================================\r\nInstall 1 Package\r\n\r\nTotal download size: 85 k\r\nInstalled size: 158 k\r\nIs this ok [y\/d\/N]: y\r\n<\/pre>\n
\r\nvi \/etc\/sysconfig\/network-scripts\/ifcfg-enp0s3\r\nIPV6ADDR=fd0c:8d8:10d3:abba::1\/64\r\n\r\n#to just add the IPv6 address to the running host enter:\r\nip addr add fd0c:8d8:10d3:abba::1\/64 dev enp0s3\r\n<\/pre>\n
\r\nvi \/etc\/dhcp\/dhcpd6.conf\r\n#\r\n# DHCPv6 Server Configuration file.\r\n# see \/usr\/share\/doc\/dhcp*\/dhcpd6.conf.example\r\n# see dhcpd.conf(5) man page\r\n#\r\n# 'My' address space:\r\n#Prefix\/L: fd\r\n#Global ID: 0c08d810d3\r\n#Subnet ID: abba\r\n#Combine\/CID: fd0c:08d8:10d3:abba::\/64\r\n#IPv6 addresses: fd0c:08d8:10d3:abba::\/64:XXXX:XXXX:XXXX:XXXX\r\n#Private address space: fd0c:8d8:10d3::\/48\r\n#Start Range: fd0c:8d8:10d3:abba:0:0:0:0\r\n#End Range: fd0c:8d8:10d3:abba:ffff:ffff:ffff:ffff\r\n#No. of hosts: 18446744073709551616\r\n\r\nauthoritative;\r\n\r\n# IPv6 address valid lifetime\r\n# (at the end the address is no longer usable by the client)\r\n# (set to 30 days, the usual IPv6 default)\r\ndefault-lease-time 2592000;\r\n\r\n# IPv6 address preferred lifetime\r\n# (at the end the address is deprecated, i.e., the client should use\r\n# other addresses for new connections)\r\n# (set to 7 days, the usual IPv6 default)\r\npreferred-lifetime 604800;\r\n\r\n# T1, the delay before Renew\r\n# (default is 1\/2 preferred lifetime)\r\n# (set to 1 hour)\r\noption dhcp-renewal-time 3600;\r\n\r\n# T2, the delay before Rebind (if Renews failed)\r\n# (default is 3\/4 preferred lifetime)\r\n# (set to 2 hours)\r\noption dhcp-rebinding-time 7200;\r\n\r\n# Enable RFC 5007 support (same than for DHCPv4)\r\nallow leasequery;\r\n\r\n# Global definitions for name server address(es) and domain search list\r\noption dhcp6.name-servers fd0c:08d8:10d3:abba::1;\r\noption dhcp6.domain-search \"example.com\";\r\n\r\n# The delay before information-request refresh\r\n# (minimum is 10 minutes, maximum one day, default is to not refresh)\r\n# (set to 6 hours)\r\noption dhcp6.info-refresh-time 21600;\r\n\r\n# The path of the lease file\r\ndhcpv6-lease-file-name \"\/var\/lib\/dhcpd\/dhcpd6.leases\";\r\n\r\nsubnet6 fd0c:08d8:10d3:abba::\/64 {\r\n interface enp0s3;\r\n range6 fd0c:08d8:10d3:abba::10 fd0c:08d8:10d3:abba::ff;\r\n}\r\n\r\n#Add a reservation for the client host for use in DNS\r\nhost host2 {\r\n hardware ethernet aa:bb:cc:dd:ee:ff;\r\n fixed-address6 fd0c:08d8:10d3:abba::10;\r\n fixed-prefix6 fd0c:08d8:10d3:abba::\/64;\r\n}\r\n<\/pre>\n\r\nvi \/etc\/radvd.conf\r\n\r\ninterface enp0s3\r\n{\r\n AdvSendAdvert on;\r\n MinRtrAdvInterval 30;\r\n MaxRtrAdvInterval 100;\r\n prefix fd0c:08d8:10d3:abba::\/64\r\n {\r\n AdvOnLink on;\r\n AdvAutonomous on;\r\n AdvRouterAddr off;\r\n };\r\n};\r\n<\/pre>\n\r\nsystemctl enable dhcpd6\r\nln -s '\/usr\/lib\/systemd\/system\/dhcpd6.service' '\/etc\/systemd\/system\/multi-user.target.wants\/dhcpd6.service'\r\nsystemctl start dhcpd6\r\nsystemctl enable radvd\r\nln -s '\/usr\/lib\/systemd\/system\/radvd.service' '\/etc\/systemd\/system\/multi-user.target.wants\/radvd.service'\r\nsystemctl start radvd\r\n<\/pre>\n
\r\nvi \/etc\/named.conf\r\n\r\noptions {\r\n \/* other directives *\/\r\n listen-on-v6 { ::1; fd0c:08d8:10d3:abba::1; };\r\n allow-query { localhost; localnets; fd0c:08d8:10d3:abba::\/64; }\r\n\r\n zone \"a.b.b.a.3.d.0.1.8.d.8.0.c.0.d.f.ip6.arpa\" in {\r\n type master;\r\n file \"master.a.b.b.a.3.d.0.1.8.d.8.0.c.0.d.f.ip6.arpa\";\r\n };\r\n};\r\n<\/pre>\n\r\n;\r\n; fd0c:8d8:10d3:abba::\/64\r\n;\r\n; Zone file built with the IPv6 Reverse DNS zone builder\r\n; http:\/\/rdns6.com\/\r\n;\r\n$TTL 1h\t; Default TTL\r\n@\tIN\tSOA\tns1.example.com.\tadmin.example.com. (\r\n\t2014101701\t; serial\r\n\t1h\t\t; slave refresh interval\r\n\t15m\t\t; slave retry interval\r\n\t1w\t\t; slave copy expire time\r\n\t1h\t\t; NXDOMAIN cache time\r\n\t)\r\n\r\n;\r\n; domain name servers\r\n;\r\n@\tIN\tNS\tns1.example.com.\r\n\r\n\r\n; IPv6 PTR entries\r\n1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.a.b.b.a.3.d.0.1.8.d.8.0.c.0.d.f.ip6.arpa. IN PTR host1.example.com.\r\n0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.a.b.b.a.3.d.0.1.8.d.8.0.c.0.d.f.ip6.arpa. IN PTR host2.example.com.\r\n<\/pre>\n
\r\nvi \/var\/named\/chroot\/var\/named\/master.example.com\r\nhost1 IN AAAA fd0c:08d8:10d3:abba::1\r\nhost2 IN AAAA fd0c:08d8:10d3:abba::10\r\n<\/pre>\n
\r\nnamed-checkconf\r\n#should not give any result\r\nnamed-checkzone fd0c:08d8:10d3:abba \/var\/named\/chroot\/var\/named\/master.a.b.b.a.3.d.0.1.8.d.8.0.c.0.d.f.ip6.arpa\r\n#should not give shocking results and end with OK\r\nsystemctl restart named-chroot #or named if you do not have a chrooted DNS system.\r\n<\/pre>\n
\r\nip6tables -F\r\n<\/pre>\n
\r\nC:\\Users\\Admin>ping -6 host1.example.com\r\n\r\nPinging host1.example.com [fd0c:08d8:10d3:abba::1] with 32 bytes of data:\r\nReply from fd0c:08d8:10d3:abba::1: time<1ms\r\nReply from fd0c:08d8:10d3:abba::1: time<1ms\r\n\r\nPing statistics for fd0c:08d8:10d3:abba::1:\r\n Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),\r\nApproximate round trip times in milli-seconds:\r\n Minimum = 0ms, Maximum = 0ms, Average = 0ms\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"