The full setup of IPv6

edited September 2014 in Proposed How-Tos
The ipv6 in vultr is not a route network block for you, which is a strange design of network, but I still have a way to make full use of this network. But it say goodbye to window.
First, the address marked as the default ip for ipv6 in control panel is not needed, as it is not a gateway for route network, any address in your network block is fine. I assume that you got an IPv6 subnet of 2001:DB8:1000::/64,
then I will assign 2001:DB8:1000::1/128 for eth0, why the /128? But in that case, if you want to build a more complex network, it will avoid problem in your route table.
So just
ip a a 2001:DB8:1000::1/128 dev eth0
If I want to assign a ipv6 address for openvpn, then it is time for NDP proxy, that is why stop windows as windows doesn't support ndp proxy.
I assign network block 2001:DB8:1000:1::/80 for tun0, then the address for tun0 is 2001:DB8:1000:1::1/80
ip a a 2001:DB8:1000:1::1/80 dev tun0
The detail of openvpn config is not covered here.
Then enable the ndp proxy, as we need to obtain the default route from ndp, so we need to change those two options.
net.ipv6.conf.eth0.accept_ra=2 net.ipv6.conf.eth0.proxy_ndp=1
then it is main step
ip -6 neigh proxy add 2001:DB8:1000:1::1 dev eth0
Then you could ping the 2001:DB8:1000:1::1 from internet.
When a client connect to your openvpn service, then got a ipv6 address from it(I assume it is 2001:DB8:1000:1::1000), you need to do
ip -6 neigh proxy add 2001:DB8:1000:1::1000 dev eth0
Then that address works.
Also using the radvd could auto add ndp proxy, but my vps is a 1G RAM running the centos 7, I don't have too much free ram, so I skip it.
Be attention with your firewall as well, I don't cover it here, in this time, the firewalld has nothing to do with FORWARD, so you need to use direct rule.

Comments

  • I saw your ticket about this. To be clear, these steps are only necessary if you have some kind of advanced network configuration. You do not need NDP proxy to get IPv6 addresses to work on your server.

    These steps are not correct for anyone who's just trying to add IPv6 addresses to eth0.
  • edited September 2014
    @devicenull
    Yes, to get the ipv6 work, the NDP is not necessary.
    But I think the prefix /128 is correct, there is nothing to with the subnet, also /64 won't cause problem. That is all to do with eht0 in this post.
    But without the ndp, there is no way to use the reset address of that /64 block. I wonder why assign a /64 block for us, but I like it.
Sign In or Register to comment.