Skip to content

Instantly share code, notes, and snippets.

@atlemagnussen

atlemagnussen/linux-ipv6-router-setup.md

Last active March 6, 2024 20:13
Show Gist options
  • Save atlemagnussen/89ec56fec6bed726082b023f9866fc0e to your computer and use it in GitHub Desktop.
Save atlemagnussen/89ec56fec6bed726082b023f9866fc0e to your computer and use it in GitHub Desktop.
Download ZIP
Linux IPv6 router setup
Raw
linux-ipv6-router-setup.md

IPv6 router

First check sysctl for any disable_ipv6 settings and toggle them off

sudo sysctl -q -a | grep disable_ipv6

Interfaces

Request a prefix (subnet/range of IPv6 addresses) from your ISP Useful article from Debian Wiki

Edit /etc/network/interfaces

# working
iface enp2s0 inet6 auto
  dhcp 1
  request_prefix 1

# this potentially works just as good
#iface enp2s0 inet6 dhcp
#  request_prefix 1
#  accept_ra 2

Restart interface

 sudo ifdown enp2s0
 sudo ifup enp2s0

If it works you should have something in a file like this /var/lib/dhcp/dhclient6.enp2s0.leases:

lease6 {
  interface "enp2s0";
  ia-pd xx:xx:xx:xx {
    starts 1709723993;
    renew 14400;
    rebind 23040;
    iaprefix 2a01:7666:57c:ce00::/56 {
      starts 1709723993;
      preferred-life 28800;
      max-life 28800;
    }
  }
  option dhcp6.client-id xxx;
  option dhcp6.server-id yyy;
}

Router advertisements

Use radvd software

This is your prefix: 2a01:7666:57c:ce00::/56
Pick a subnet of /64 from this. This means for example 2a01:7666:57c:ce01::/64. and configure this into /etc/radvd.conf

interface enp1s0
{
   AdvSendAdvert on;
   MinRtrAdvInterval 3;
   MaxRtrAdvInterval 10;
   prefix 2a01:7666:57c:ce01::/64 {
     AdvOnLink on;
     AdvAutonomous on;
     AdvRouterAddr on;
     AdvValidLifetime 3600;
     AdvPreferredLifetime 3600;
   };
};

Restart radvd

sudo systemctl restart radvd.service

Also check status for any errors

Now go to your client and see if they pick up on it.

Clients can also have sysctl settings that cause things to not work:

  • disable_ipv6 must be 0
  • accept_ra must be 1

You can debug on a client by using radvdump tool, this will print any receiving router advertisements.

NB! as the prefix might change you should automate things

IPv6 DNS

If you want DNS to work even with IPv4 disabled. Edit your bind9 config to include IPv6 upstream DNS servers:

edit /etc/bind/named.conf.options

options {
        directory "/var/cache/bind";

        recursion yes;                 # enables resursive queries
        allow-recursion { trusted; };  # allows recursive queries from "trusted" clients
        listen-on { 192.168.1.1; };    # ns1 private IP address - listen on private network only
        allow-transfer { none; };      # disable zone transfers by default

        forwarders {
                8.8.8.8;
                1.1.1.1;
                8.8.4.4;
                1.0.0.1;
                2001:4860:4860:0:0:0:0:8888; # IPv6 google
                2001:4860:4860:0:0:0:0:8844;
        };

        dnssec-validation auto;

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };
};

Add your routers IPv6 address to radvd.conf, can be link local

interface enp1s0
{
   AdvSendAdvert on;
   MinRtrAdvInterval 3;
   MaxRtrAdvInterval 10;
   prefix 2a01:7666:57c:ce01::/64 {
     AdvOnLink on;
     AdvAutonomous on;
     AdvRouterAddr on;
     AdvValidLifetime 3600;
     AdvPreferredLifetime 3600;
   };
   RDNSS fe80::5d6:c6aa:feff:888f
   {
   };
};
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment