Tuesday, March 3, 2015

IPv6 linux gateway for home network with Telenet (Belgian ISP)

This took me a while to figure out, but I finally got the missing piece figured out.  I'm using Telenet as an ISP to provide access from my home network.  I have a linux box acting as a gateway router for the home network with some basic services that I use in my home.
The ISP has IPv6 enabled on their cable modems for a while, and I've been trying to extend that IPv6 network into my home network.  After all, they're handing out a /64 to all end users.  Here's how I got it to work.

The situation looks like this. The Telenet router is the ISP provided cable modem.  After that I have my Ubuntu linux gateway.  For the examples later, eth0 is the home network, eth1 is towards the internet.


The address range for the home network can be found on the admin pages from the ISP (warning - dutch content)

To turn on IP forwarding, configure in /etc/ufw/sysctl.conf:
net/ipv4/ip_forward=1
net/ipv6/conf/all/forwarding=1
net/ipv6/conf/all/proxy_ndp=1



I'll focus on the IPv6 specific settings in the remainder of the post.
In /etc/network/interfaces:
iface eth0 inet6 static
 address 2a02:1810:2088:5b00::100
 netmask 64
 up ip route add 2a02:1810:xxxx:xxxx::/64 dev eth0 metric 100
 down ip route del 2a02:1810:xxxx:xxxx::/64 dev eth0 metric 100

Note that I added an explicit metric.  If I didn't do this, the default route that is assigned to eth1 would get the upperhand, and I wouldn't be able to properly communicate within my home network since the gateway would send all traffic out the door.

Install radvd to autoconfigure devices on the home network:
sudo apt-get install radvd

And configure it:
interface eth0
{
   AdvSendAdvert on;
   MinRtrAdvInterval 30;
   MaxRtrAdvInterval 100;

   # There's no DHCPv6
   AdvManagedFlag off;
   AdvOtherConfigFlag off;

   prefix 2a02:1810:xxxx:xxxx::/64
   {
        AdvOnLink on;
        AdvAutonomous on;
        AdvRouterAddr on;
   };
};

Now before we add the last piece, make sure you have proper firewall rules in place.  I suggest configuring /etc/default/ufw to have disable forwarding by default (and potentially the other chains too):
DEFAULT_FORWARD_POLICY="DROP"
Then specifically add firewall rules as required for your network.  Two things to know about:
  • There's no need for NAT with IPv6, so you can allow access directly to internal hosts
  • Ensure to configure the firewall on the "Mijn Telenet" ISP admin page in addition to the firewall on the linux gateway.

Now the last piece, which I couldn't figure out for the longest time: when requests come in from the internet (or responses from outgoing packets) the telenet router relies on IPv6 neighbor discovery to figure out who's behind it.  The linux gateway router doesn't proxy such requests by default.
You can compare this with ARP in IPv4.  The Telenet gateway is trying to figure out who has got a certain IPv6 address, and sends out neighbor solicitations.  The linux gateway will respond only when it hears its own address.  We can tell it to respond on behalf of the hosts on the home network by installing ndppd.

wget http://priv.nu/projects/ndppd/files/ndppd_0.2.3-1_amd64.deb
sudo dpkg -i ./ndppd_0.2.3-1_amd64.deb

Then configure it (/etc/ndppd.conf):
proxy eth1 {
    rule 2a02:1810:xxxx:xxxx::/64 {
    }
}

Now start ndppd:
sudo service ndppd start

And that's it.. now the gateway will respond to IPv6 neighbor solications on eth1 for the entire /64 network.
You should not be able to get to IPv6 enabled websites from within your home network.  Most modern Windows computers will automatically configure themselves after the setup above.  Give it a try and navigate to http://test-ipv6.vyncke.org/  and you should see a confirmation.

11 comments:

  1. Nice Blog on IPv6 linux gateway for home network with Telenet (Belgian ISP).
    Devops

    ReplyDelete
  2. Those guidelines additionally worked to become a good way to recognize that other people online have the identical fervor like mine to grasp great deal more around this condition.

    Best AWS training in bangalore

    ReplyDelete
  3. AWS Training in Bangalore - Live Online & Classroom
    myTectra Amazon Web Services (AWS) certification training helps you to gain real time hands on experience on AWS. myTectra offers AWS training in Bangalore using classroom and AWS Online Training globally. AWS Training at myTectra delivered by the experienced professional who has atleast 4 years of relavent AWS experince and overall 8-15 years of IT experience. myTectra Offers AWS Training since 2013 and retained the positions of Top AWS Training Company in Bangalore and India.

    IOT Training in Bangalore - Live Online & Classroom
    IOT Training course observes iot as the platform for networking of different devices on the internet and their inter related communication. Reading data through the sensors and processing it with applications sitting in the cloud and thereafter passing the processed data to generate different kind of output is the motive of the complete curricula. Students are made to understand the type of input devices and communications among the devices in a wireless media.

    ReplyDelete
  4. Hadoop concepts, Applying modelling through R programming using Machine learning algorithms and illustrate impeccable Data Visualization by leveraging on 'R' capabilities.With companies across industries striving to bring their research and analysis (R&A) departments up to speed, the demand for qualified data scientists is rising.
    data science training in bangalore
    Big Data and Hadoop training Unlike traditional systems, Big Data and Hadoop enables multiple types of analytic workloads to run on the same data, at the same time, at massive scale on industry-standard hardware.myTectra Big Data and Hadoop training is designed to help you become a expert Hadoop developer. myTectra offers Big Data Hadoop Training in Bangalore using Class Room.
    hadoop training in bangalore
    Looking for best Machine Learning Training in Bangalore then join myTectra the leader in Machine Learning Training in Bangalore. Classroom & Online Training
    machine learning training in bangalore

    ReplyDelete
  5. Thank you for this post. Thats all I are able to say. You most absolutely have built this blog website into something speciel. You clearly know what you are working on, youve insured so many corners.thanks
    Digital Marketing Training in Chennai

    Digital Marketing Training in Bangalore

    digital marketing training in tambaram

    digital marketing training in annanagar

    ReplyDelete
  6. Great post! I am actually getting ready to across this information, It’s very helpful for this blog.Also great with all of the valuable information you have Keep up the good work you are doing well.
    Digital Marketing online training

    full stack developer training in pune

    full stack developer training in annanagar

    full stack developer training in tambaram

    ReplyDelete
  7. Thanks a lot for sharing us about this update. Hope you will not get tired on making posts as informative as this. 
    python training institute in chennai
    python training in Bangalore
    python training in pune

    ReplyDelete
  8. Thank you for allowing me to read it, welcome to the next in a recent article. And thanks for sharing the nice article, keep posting or updating news article.
    Blueprism training in tambaram

    Blueprism training in annanagar

    Blueprism training in velachery

    ReplyDelete
  9. You’ve written a really great article here. Your writing style makes this material easy to understand.. I agree with some of the many points you have made. Thank you for this is real thought-provoking content
    java training in jayanagar | java training in electronic city

    java training in chennai | java training in USA

    ReplyDelete
  10. Thanks for splitting your comprehension with us. It’s really useful to me & I hope it helps the people who in need of this vital information. 

    angularjs Training in chennai
    angularjs Training in chennai

    angularjs-Training in tambaram

    angularjs-Training in sholinganallur

    angularjs-Training in velachery

    ReplyDelete