Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


IPv6 tunnel on a KVM VPS
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

IPv6 tunnel on a KVM VPS

kamalnasserkamalnasser Member
edited November 2012 in Help

I'm interested in trying SixXS on my KVM VPS. The host does not have IPv6, so I thought a tunnel would do it.
Did anybody try it? If yes, can I just follow the regular linux guide?

Comments

  • It works. KVM is more like a 'normal' Linux system (unlike OpenVZ), so the regular Linux guide should work.

  • rm_rm_ IPv6 Advocate, Veteran
    edited November 2012

    @kamalnasser
    yes it will work, yes you can follow any Linux guide.
    But in my experience http://tunnelbroker.net/ was much more pleasant to work with (no asinine signup and tunnel approval restrictions) than SixXS.

  • kamalnasserkamalnasser Member
    edited November 2012

    yes it will work, yes you can follow any Linux guide.
    But in my experience http://tunnelbroker.net/ was much more pleasant to work with (no asinine signup and tunnel approval restrictions) than SixXS.

    Yeah. I'm trying to sign up but they are too strict, I'll try tunnelbroker.net. Thanks
    UPDATE: Heh, that was easy :)

  • Okay so they have given me a 2001:470:1f14:8ba::2/64
    I'm still new to IPv6, what does that mean? (as in: what IPv6 addresses did I get?)

  • Your address is 2001:470:1f14:8ba::2
    Your gateway probably is 2001:470:1f14:8ba::1

  • @rds100 said: Your address is 2001:470:1f14:8ba::2

    Your gateway probably is 2001:470:1f14:8ba::1

    Yes, these I know. So I only get 1 IP which is 2001:470:1f14:8ba::2.
    I have requested a /48, and they gave me 2001:470:7946::/48. Does that mean I have 65,536 IPv6 addresses?

  • @kamalnasser said: they gave me 2001:470:7946::/48. Does that mean I have 65,536 IPv6 addresses?

    No, it means you have a /48 which is 1208925819614629174706176 IPv6 addresses.

  • rm_rm_ IPv6 Advocate, Veteran
    edited November 2012

    @kamalnasser said: Yes, these I know. So I only get 1 IP which is 2001:470:1f14:8ba::2.

    I have requested a /48, and they gave me 2001:470:7946::/48. Does that mean I have 65,536 IPv6 addresses?

    By default you get two /64s: a tunnel one and a routed one. The tunnel one is just for routing and is not recommended to be used beyond one IP (but afaik any IP from it can be utilized, provided you do that on the same server where the tunnel is configured).
    With a /48 you get 65536 of /64s.

  • kamalnasserkamalnasser Member
    edited November 2012

    Ah, thanks guys. So I should be using the /48

    ifconfig sit0 up ifconfig sit0 inet6 tunnel ::216.66.84.46 ifconfig sit1 up ifconfig sit1 inet6 add 2001:470:1f14:8ba::2/64 route -A inet6 add ::/0 dev sit1

    I have the /64 set up in my server that way. Ping6-ing 2001:470:1f14:8ba:0000::2 and 2001:470:1f14:8ba:0000::3 works.
    How do I set up the /48? The same thing, but replacing 2001:470:1f14:8ba::2/64 with 2001:470:7946::/48 ?

  • rm_rm_ IPv6 Advocate, Veteran

    @kamalnasser said: How do I set up the /48? The same thing, but replacing 2001:470:1f14:8ba::2/64 with 2001:470:7946::/48 ?

    Why not take 10 seconds to try that and see for yourself that YES it just works.

  • @rm_ said: Why not take 10 seconds to try that and see for yourself that YES it just works.

    I just don't want to do something that might break connectivity.. thanks though :)

  • kbeeziekbeezie Member
    edited November 2012

    On KVM with FreeBSD it would be as simple as editing a couple lines in your rc.conf:

    ifconfig_gif0="tunnel YourIPv4 TheirIPv4"

    ifconfig_gif0_ipv6="inet6 IPv6Addy::2 IPv6Addy::1 prefixlen 128"
    ifconfig_gif0_alias0="inet6 IPv6Addy::a:deaf:dad prefixlen 128"

    You treat a KVM VPS as if it were like a Dedicated server with a VNC hookup.

  • I set it up following their instructions, everything works. Added it to /etc/network/interfaces (as described in http://www.linode.com/wiki/index.php/IPv6 ) but in a few minutes everything suddenly stops working: ping6 kbeezie.com times out, ping6 ipv6.google.com times out, every single ping command times out.
    No idea what causes that

  • Why a /48?

  • SpiritSpirit Member
    edited November 2012

    You can always use shortcuts :)

    Make little tunnel.sh script like my example:

    nano tunnel.sh

    #!/bin/sh
    ip tunnel add he-ipv6 mode sit remote 209.51.161.14 local 67.250.250.250 ttl 255
    ip link set he-ipv6 up
    ip addr add 2001:470:1f06:67c::2/64 dev he-ipv6
    ip route add ::/0 dev he-ipv6
    ip -f inet6 addr
    
    ip addr add 2001:470:1f07:67c::2/64 dev he-ipv6
    ip addr add 2001:470:1f07:67c::3/64 dev he-ipv6
    ip addr add 2001:470:1f07:67c::4/64 dev he-ipv6
    
    ip addr add 2001:470:8980::2/48 dev he-ipv6
    ip addr add 2001:470:8980::3/48 dev he-ipv6
    ip addr add 2001:470:8980::4/48 dev he-ipv6

    Save it and set up proper permissions

    chmod 700 tunnel.sh

    Then add it to crontab which will run script only on server boot:

    export EDITOR=nano
    crontab -e

    @reboot cd /root; ./tunnel.sh >/dev/null 2>&1

    And voila, IPv6 tunnel will be up after every server reboot without bothering with every individual /conf.d/net/network/interfaces/sysconfig/network/various/distro/details...

    Warning: don't forget to replace in tunnel.sh my values with your own tunnelbroker (and local/vps) IPs - those mine are just for example.

  • Wonder why a cronjob when you can just add it to the interface's ifconfig file?

  • SpiritSpirit Member
    edited November 2012

    @kbeezie read, read before you wonder! :-)

    @kamalnasser said: Added it to /etc/network/interfaces (as described in http://www.linode.com/wiki/index.php/IPv6 ) but in a few minutes everything suddenly stops working

    @Spirit said: You can always use shortcuts :)

    @Spirit said: IPv6 tunnel will be up after every server reboot without bothering with every individual /conf.d/net/network/interfaces/sysconfig/network/various/distro/details...

    It's just option. I shared alternative which works without learning specifications for every distribution. But then again you can help him to find out where he went wrong and adding to interface's ifconfig file didn't work ;-)

  • rm_rm_ IPv6 Advocate, Veteran

    I do not trust neither crontab @reboot, nor interfaces (And the latter has the potential to royally screw up your VPS'es whole connectivity after a reboot if you make a typo somewhere); I just use /etc/rc.local for my tunnels.

  • @rm_ guess the same way I use rc.conf on FreeBSD.

  • kamalnasserkamalnasser Member
    edited November 2012

    I've read a bit more on IPv6, turns out I did not need the /48 ;)
    @Spirit, thanks for that, I'll try it. However, I'm going for rc.local.
    Also, can I just ip addr add a range?

  • SpiritSpirit Member
    edited November 2012

    @rm_ it's nothing tu trust here. It just work :)
    (same as your way)

    @kamalnasser no.

  • kamalnasserkamalnasser Member
    edited November 2012

    Okay ipv6 works, but when nginx listens on ipv6 it stops listening on ipv4. It's supposed to listen on both, and the net.something.ipv6only is 0 in sysctl.
    nginx config:

    listen [::]:80;

    Works on IPv6, but not IPv4.

    EDIT: Found the solution at http://serverfault.com/questions/277653/nginx-name-based-virtual-hosts-on-ipv6

  • I found a little problem: nginx listens on IPv6. Setting up the tunnel is in rc.local, so nginx's service starts before the ipv6 tunnel is set up thus failing to listen.
    I tried changing nginx's priority to 99 but still didn't change anything.
    Ideas?

  • rm_rm_ IPv6 Advocate, Veteran
    edited November 2012

    @kamalnasser with a listen line like "listen [::]:80;" it should not fail to listen, because this means on "any IP", even those IPs which aren't added yet. Maybe you are trying to set up a listen line with your particular IPv6 address? Try replacing it back to [::].

  • @kamalnasser

    And that's why it should be in the network scripts and not some crontab or rc.local

  • @rm_ said: Maybe you are trying to set up a listen line with your particular IPv6 address? Try replacing it back to [::].

    It is listening to a specific ip actually, because this means easier SSL ;)

    @BronzeByte said: And that's why it should be in the network scripts and not some crontab or rc.local

    That's what I'm going to do

  • SpiritSpirit Member
    edited November 2012

    @BronzeByte care to elaborate? And be specific please as I would really want to know connection between kamalnasser issue and prefered way how to set IPv6 up and what difference does it make once IPv6 is up.

  • kbeeziekbeezie Member
    edited November 2012

    @Spirit simply put, if the nginx process is started prior to the tasks in rc.local, it'll panic and error out bout being unable to bind on the IPv6 address. If instead the tunnel is setup on the network script, it'll ensure that the addresses are available prior to any user-installed application starting up.

    Sure you could hack up the run levels and such to get one task to start before the other, but it's proper to set up networking in the networking scripts. (least on linux... on FreeBSD it all goes in rc.conf anyways with the *_enable="YES" at the end).

    Far as what difference would it make, well if the machine rebooted, nginx wouldn't be bound and would remain down until you logged on to correct it, regardless if the tunnel is currently up and active. I guess you could also set a cron job for nginx to be restarted every so often, but that would be kind of silly.

  • SpiritSpirit Member
    edited November 2012

    @kbeezie thank you for explanation.

  • kamalnasserkamalnasser Member
    edited November 2012

    Thanks @kbeezie :)
    EDIT: put it in /etc/network/if-up.d/z-he-ipv6 (z so other stuff load before it) and it works really fine

Sign In or Register to comment.