Adding IPv6 to an existing server

Leave a Comment / IPv6 / By

I am adding IPv6 addresses to each of my servers. This post assumes the server is up and running FreeBSD 11.1 and you already have an IPv6 address block. This does not cover the creation of an IPv6 tunnel, such as that provided by HE.net. This assumes native IPv6.

In this post, I am using the IPv6 addresses from the IPv6 Address Prefix Reserved for Documentation (i.e. 2001:DB8::/32). You should use your own addresses.

The IPv6 block I have been assigned is 2001:DB8:1001:8d00/64.

I added this to /etc/rc.conf:

ipv6_activate_all_interfaces="YES"
ipv6_defaultrouter="2001:DB8:1001:8d00::1"
ifconfig_em1_ipv6="inet6 2001:DB8:1001:8d00:d389:119c:9b57:396b prefixlen 64 accept_rtadv" # ns1

The IPv6 address I have assigned to this host is completely random (with the given block). I found a random IPv6 address generator and used it to select d389:119c:9b57:396b as the address for this service within my address block.

I don’t have the reference, but I did read that randomly selecting addresses within your block is a better approach.

In order to invoke these changes without rebooting, I issued these commands:

[dan@tallboy:~] $ sudo ifconfig em1 inet6 2001:DB8:1001:8d00:d389:119c:9b57:396b prefixlen 64 accept_rtadv
[dan@tallboy:~] $ 

[dan@tallboy:~] $ sudo route add -inet6 default 2001:DB8:1001:8d00::1
add net default: gateway 2001:DB8:1001:8d00::1

If you do the route add first, you will get this error:

[dan@tallboy:~] $ sudo route add -inet6 default 2001:DB8:1001:8d00::1
route: writing to routing socket: Network is unreachable
add net default: gateway 2001:DB8:1001:8d00::1 fib 0: Network is unreachable

Got ping?

Let’s try a ping:

[dan@tallboy:~] $ ping6 google.ca
PING6(56=40+8+8 bytes) 2607:fc50:1001:8d00:d389:119c:9b57:396b --> 2607:f8b0:4004:801::2003
^C
--- google.ca ping6 statistics ---
4 packets transmitted, 0 packets received, 100.0% packet loss
[dan@tallboy:~] $

OH. Can I ping my gateway?

[dan@tallboy:~] $ ping6 2001:DB8:1001:8d00::1
PING6(56=40+8+8 bytes) 2001:DB8:1001:8d00:d389:119c:9b57:396b --> 2607:fc50:1001:8d00::1
^C
--- 2607:fc50:1001:8d00::1 ping6 statistics ---
2 packets transmitted, 0 packets received, 100.0% packet loss
[dan@tallboy:~] $

No.

I bet it’s my firewall.

I am using pf as my firewall. I added this rule to /etc/pf.conf:

pass quick inet6 proto ipv6-icmp all keep state

And reloaded the rules:

$ sudo pfctl -f /etc/pf.conf

Now the pings work:

[dan@tallboy:~] $ ping6 2001:DB8:1001:8d00::1
PING6(56=40+8+8 bytes) 2001:DB8:1001:8d00:d389:119c:9b57:396b --> 2001:DB8:1001:8d00::1
16 bytes from 2001:DB8:1001:8d00::1, icmp_seq=0 hlim=64 time=0.890 ms
16 bytes from 2001:DB8:1001:8d00::1, icmp_seq=1 hlim=64 time=0.876 ms
^C
--- 2001:DB8:1001:8d00::1 ping6 statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.876/0.883/0.890/0.007 ms
[dan@tallboy:~] $

Not shown in the above is a change of block. I originally had one IPv6 block assigned to me, but after a data center move, I was given another block.

Website Pin Facebook Twitter Myspace Friendfeed Technorati del.icio.us Digg Google StumbleUpon Premium Responsive

Leave a Comment

Scroll to Top