# ipv6 set-up

## lalebarde

Hi all,

I am willing to set-up my PC for using ipv6, since my ISP provides it. I have performed some homeworks about ipv6, but I wonder why I cannot ping6 at my local address (the firewall is full ACCEPT).

```
# ping6 fe80::8626:3bff:fe19:f562/64

unknown host

# ping6 fe80::9097:c3ff:fe7c:4204/64

unknown host

# ping6 fe80::9051:5bff:feb4:ab6a/64

unknown host
```

I need some insight please.

Here is my set-up :

```

Internet ----- ADSL modem/router ----- eth0 PC1 qtap0 ----- br0 ----- em0 VPC2 

                   FreeBox        |          Gentoo              qemu FreeBSD

                                     |

                                     |-- eth0 PC2 Gentoo
```

```
# dmesg | grep -i ipv6

[    1.143219] IPv6 over IPv4 tunneling driver

[   37.096994] br0: no IPv6 routers present

[   37.240773] eth0: no IPv6 routers present

[   44.492819] qtap0: no IPv6 routers present

[ 4307.330342] br0: no IPv6 routers present

[ 4307.713438] qtap0: no IPv6 routers present

[ 4382.463953] br0: no IPv6 routers present

[ 4454.803635] qtap0: no IPv6 routers present
```

```
# grep -i ipv6 .config

CONFIG_IPV6=y

# CONFIG_IPV6_PRIVACY is not set

# CONFIG_IPV6_ROUTER_PREF is not set

# CONFIG_IPV6_OPTIMISTIC_DAD is not set

# CONFIG_IPV6_MIP6 is not set

CONFIG_IPV6_SIT=y

# CONFIG_IPV6_SIT_6RD is not set

CONFIG_IPV6_NDISC_NODETYPE=y

# CONFIG_IPV6_TUNNEL is not set

# CONFIG_IPV6_MULTIPLE_TABLES is not set

# CONFIG_IPV6_MROUTE is not set

# IPv6: Netfilter Configuration

CONFIG_NF_DEFRAG_IPV6=y

CONFIG_NF_CONNTRACK_IPV6=y

CONFIG_IP6_NF_MATCH_IPV6HEADER=y
```

```
# cat /etc/conf.d/net | nocomment

dns_domain_lo="MAISON"

modules="iproute2"

bridge_br0="qtap0"

brctl_br0="setfd 0"

rc_need_br0="net.qtap0"

config_eth0="192.168.0.10/24"

routes_eth0="default via 192.168.0.1"

dns_servers_eth0="212.27.40.240 212.27.40.241"

config_br0="192.168.99.1/24"

config_qtap0="null"

tuntap_qtap0="tap"

tunctl_qtap0="-u alain"

mac_qtap0="02:5a:4b:3c:2d:1e"

modules="wpa_supplicant"

wpa_supplicant_eth0="-Dwext"

config_wlan0=( "dhcp" ) 
```

```
# ifconfig 

br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500

        inet 192.168.99.1  netmask 255.255.255.0  broadcast 192.168.99.255

        inet6 fe80::9097:c3ff:fe7c:4204  prefixlen 64  scopeid 0x20<link>

        ether 92:51:5b:b4:ab:6a  txqueuelen 0  (Ethernet)

        RX packets 39878  bytes 2444674 (2.3 MiB)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 56808  bytes 78151328 (74.5 MiB)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500

        inet 192.168.0.10  netmask 255.255.255.0  broadcast 192.168.0.255

        inet6 fe80::8626:3bff:fe19:f562  prefixlen 64  scopeid 0x20<link>

        ether 84:26:3b:19:f5:62  txqueuelen 1000  (Ethernet)

        RX packets 3  bytes 314 (314.0 B)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 7  bytes 568 (568.0 B)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

        device interrupt 17  

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 16436

        inet 127.0.0.1  netmask 255.0.0.0

        inet6 ::1  prefixlen 128  scopeid 0x10<host>

        loop  txqueuelen 0  (Boucle locale)

        RX packets 172221  bytes 9795894 (9.3 MiB)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 172221  bytes 9795894 (9.3 MiB)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

qtap0: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST>  mtu 1500

        inet6 fe80::9051:5bff:feb4:ab6a  prefixlen 64  scopeid 0x20<link>

        ether 92:51:5b:b4:ab:6a  txqueuelen 500  (Ethernet)

        RX packets 39878  bytes 3002966 (2.8 MiB)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 63989  bytes 78623930 (74.9 MiB)

        TX errors 0  dropped 0 overruns 1  carrier 0  collisions 0

sit0: flags=193<UP,RUNNING,NOARP>  mtu 1480

        inet6 ::127.0.0.1  prefixlen 96  scopeid 0x90<compat,host>

        inet6 ::192.168.99.1  prefixlen 96  scopeid 0x80<compat,global>

        inet6 ::192.168.0.10  prefixlen 96  scopeid 0x80<compat,global>

        sit  txqueuelen 0  (IPv6-dans-IPv4)

        RX packets 0  bytes 0 (0.0 B)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 0  bytes 0 (0.0 B)

        TX errors 5  dropped 0 overruns 0  carrier 0  collisions 0
```

```
# uname -a

Linux JANUS 2.6.37-tuxonice #10 SMP PREEMPT Mon Jan 21 12:41:58 CET 2013 x86_64 Intel(R) Core(TM) i7 CPU 860 @ 2.80GHz GenuineIntel GNU/Linux
```

----------

## kurly

The fe80 addresses are "Link Local" and are not your public IPs.  It seems that none of your interfaces have an actual public IPv6 IP associated with them.

If you really just want to see a ping go through, try ping6 fe80::8626:3bff:fe19:f562%eth0   (You will not have to append an interface name on a public IP.)

----------

## NeddySeagoon

lalebarde,

How do you get a public IPv6 address?

Your IPv4 setup is all static, do you need to add IPv6 addresses to it?

```
modules="iproute2"

# baselayout 2

# no brackets for baselayout2

config_eth0="212.110.180.12/24 

             2001:41c8:123:112::2/64"

routes_eth0="default via 212.110.180.254 

             default via 2001:41c8:123:112::1"
```

Most providers allocate users a /64, which is the square of the entire IPv4 address space.

----------

## lalebarde

Thanks both of you. I progress, but when I connect to ipv6 test servers like http://test-ipv6.com/, it tels me  *Quote:*   

> No IPv6 address detected

 

```
# cat /etc/conf.d/net | nocomment 

dns_domain_lo="MAISON"

modules="iproute2"

bridge_br0="qtap0"

brctl_br0="setfd 0"

rc_need_br0="net.qtap0"

config_eth0="192.168.0.10/24

             xxxx:xxxx:xxxx:xxxx:862b:2bff:fe99:f465/64

        xxxx:xxxx:xxxx:xxxx::0:10/64"  

routes_eth0="default via 192.168.0.1

             xxxx:xxxx:xxxx:xxxx::1/64" 

dns_servers_eth0="212.27.40.240

                  212.27.40.241

        2a01:e00::1

        2a01:e00::2"

config_br0="192.168.99.1/24

            xxxx:xxxx:xxxx:xxxx:9251:5bff:feb4:ab6a/64" 

mac_br0="92:51:5b:b4:ab:6a" 

config_qtap0="null"

tuntap_qtap0="tap"

tunctl_qtap0="-u alain"

mac_qtap0="02:5a:4b:3c:2d:1e"

modules="wpa_supplicant"

wpa_supplicant_eth0="-Dwext"

config_wlan0=( "dhcp" ) 
```

```
# ifconfig 

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500

        inet 192.168.0.10  netmask 255.255.255.0  broadcast 192.168.0.255

        inet6 fe80::862b:2bff:fe99:f465  prefixlen 64  scopeid 0x20<link>

        inet6 xxxx:xxxx:xxxx:xxxx:862b:2bff:fe99:f465  prefixlen 64  scopeid 0x0<global>

        inet6 xxxx:xxxx:xxxx:xxxx::10  prefixlen 64  scopeid 0x0<global>

        ether 84:2b:2b:99:f4:65  txqueuelen 1000  (Ethernet)

        RX packets 2183  bytes 1326364 (1.2 MiB)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 2218  bytes 308806 (301.5 KiB)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

        device interrupt 17  

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 16436

        inet 127.0.0.1  netmask 255.0.0.0

        inet6 ::1  prefixlen 128  scopeid 0x10<host>

        loop  txqueuelen 0  (Boucle locale)

        RX packets 4011  bytes 255667 (249.6 KiB)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 4011  bytes 255667 (249.6 KiB)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
```

When I switch-off ip6tables, ping6 fe80::862b:2bff:fe99:f465%eth0 works, but not ping6 xxxx:xxxx:xxxx:xxxx:862b:2bff:fe99:f465%eth0

My ISP is well configured onto ipv6.

What do I miss ?

----------

## lalebarde

I can see in dmesg that : *Quote:*   

> IPv6 over IPv4 tunneling driver

  which may be my problem. How can I desactivate it to use my ISP ipv6 support ?

----------

## lalebarde

That was due to CONFIG_IPV6_SIT in the kernel. Here is my new setting :

```
# egrep -i "ipv6|ip6" .config

CONFIG_IPV6=y

CONFIG_IPV6_PRIVACY=y

# CONFIG_IPV6_ROUTER_PREF is not set

# CONFIG_IPV6_OPTIMISTIC_DAD is not set

# CONFIG_IPV6_MIP6 is not set

# CONFIG_IPV6_SIT is not set

# CONFIG_IPV6_TUNNEL is not set

# CONFIG_IPV6_MULTIPLE_TABLES is not set

# CONFIG_IPV6_MROUTE is not set

# IPv6: Netfilter Configuration

CONFIG_NF_DEFRAG_IPV6=y

CONFIG_NF_CONNTRACK_IPV6=y

# CONFIG_IP6_NF_QUEUE is not set

CONFIG_IP6_NF_IPTABLES=y

# CONFIG_IP6_NF_MATCH_AH is not set

# CONFIG_IP6_NF_MATCH_EUI64 is not set

# CONFIG_IP6_NF_MATCH_FRAG is not set

CONFIG_IP6_NF_MATCH_OPTS=m

# CONFIG_IP6_NF_MATCH_HL is not set

CONFIG_IP6_NF_MATCH_IPV6HEADER=y

# CONFIG_IP6_NF_MATCH_MH is not set

# CONFIG_IP6_NF_MATCH_RT is not set

# CONFIG_IP6_NF_TARGET_HL is not set

CONFIG_IP6_NF_TARGET_LOG=y

CONFIG_IP6_NF_FILTER=y

CONFIG_IP6_NF_TARGET_REJECT=y

CONFIG_IP6_NF_MANGLE=y

# CONFIG_IP6_NF_RAW is not set

# CONFIG_IP6_NF_SECURITY is not set
```

External ipv6 test servers like http://ipv6-test.com/ or http://test-ipv6.com/ still see me as only ipv4. I contacted my ISP. They confirmed me my box version is compatible with ipv6 and configured so, but they are still in beta for ipv6 and then they do not provide support for it.

When I switch off the ipchain, I can ping6 ipv6 local address, but not global ones :

```
# ping6 xxxx:xxxx:xxxx:xxxx:862b:2bff:fe99:f465%eth0

unknown host

# ping6 fe80::862b:2bff:fe99:f465%eth0

PING fe80::862b:2bff:fe99:f465%eth0(fe80::862b:2bff:fe99:f465) 56 data bytes

64 bytes from fe80::862b:2bff:fe99:f465: icmp_seq=1 ttl=64 time=0.029 ms

64 bytes from fe80::862b:2bff:fe99:f465: icmp_seq=2 ttl=64 time=0.048 ms

^C

--- fe80::862b:2bff:fe99:f465%eth0 ping statistics ---

2 packets transmitted, 2 received, 0% packet loss, time 999ms

rtt min/avg/max/mdev = 0.029/0.038/0.048/0.011 ms
```

With ipchain, ping6 do not answer. How could I authorise local ping6 while still blocking ping from the web ? I tried the following, but without success :

```
ip6tables -I INPUT 1 -p icmp -s xxxx:xxxx:xxxx:xxxx::/64 -j ACCEPT
```

----------

## lalebarde

I called again my ISP and they confirmed me my box is well configured with ipv6. The point is that browsers and other software may by default use ipv4. So, they are not a good diagnostic source. I checked my Firefox and Opera settings, they both authorise ipv6. I installed a Firefox pluggin named Sixornot which tells me if a web site works with ipv6 or ipv4. Here I can see that I can connect to them with ipv6.

My problem is that I am still a network newbbie and have sticked to ping. Here is a traceroute result from http://www.traceroute.org/

```
1   wblindix.v6.sdv.fr         2001:810:0:2::ff         4.821 ms

2   border-gateway1.v6.sdv.fr         2001:810:0:10::226         0.932 ms

3   border-gateway2.v6.sdv.fr         2001:810:0:10::227         1.622 ms

4   2001:1b48:2:103::16d         2001:1b48:2:103::16d         0.885 ms

5   2001:1b48:2:3::5a         2001:1b48:2:3::5a         8.097 ms

6   2001:1b48:2:3::56         2001:1b48:2:3::56         8.073 ms

7   th2-crs16-1-Te1-8-0-7.routers.proxad.net         2001:1b48:2:1::6         8.568 ms

8   bzn-crs16-1-be2000.intf.routers.proxad.net         2a01:e00:1:6::1         8.536 ms

9   zzzz:yyyy:yyyy:yyyy::2         zzzz:yyyy:yyyy:yyyy::2         8.275 ms

10   zzzz:xxxx:xxxx:xxxx::1         zzzz:xxxx:xxxx:xxxx::1         45.895 ms
```

It reaches my modem (zzzz:xxxx:xxxx:xxxx::1), but not my PC (zzzz:xxxx:xxxx:xxxx::9).

Still, if someone can enlight me on the way to authorise local ping6 & icmp in ip6tables.....

----------

