New on LowEndTalk? Please Register and read our Community Rules.
IPv6 tunnel on a KVM VPS
kamalnasser
Member
I'm interested in trying SixXS on my KVM VPS. The host does not have IPv6, so I thought a tunnel would do it.
Did anybody try it? If yes, can I just follow the regular linux guide?
Comments
It works. KVM is more like a 'normal' Linux system (unlike OpenVZ), so the regular Linux guide should work.
@kamalnasser
yes it will work, yes you can follow any Linux guide.
But in my experience http://tunnelbroker.net/ was much more pleasant to work with (no asinine signup and tunnel approval restrictions) than SixXS.
yes it will work, yes you can follow any Linux guide.
But in my experience http://tunnelbroker.net/ was much more pleasant to work with (no asinine signup and tunnel approval restrictions) than SixXS.
Yeah. I'm trying to sign up but they are too strict, I'll try tunnelbroker.net. Thanks
UPDATE: Heh, that was easy
Okay so they have given me a 2001:470:1f14:8ba::2/64
I'm still new to IPv6, what does that mean? (as in: what IPv6 addresses did I get?)
Your address is 2001:470:1f14:8ba::2
Your gateway probably is 2001:470:1f14:8ba::1
Your gateway probably is 2001:470:1f14:8ba::1
Yes, these I know. So I only get 1 IP which is 2001:470:1f14:8ba::2.
I have requested a /48, and they gave me 2001:470:7946::/48. Does that mean I have 65,536 IPv6 addresses?
No, it means you have a /48 which is 1208925819614629174706176 IPv6 addresses.
I have requested a /48, and they gave me 2001:470:7946::/48. Does that mean I have 65,536 IPv6 addresses?
By default you get two /64s: a tunnel one and a routed one. The tunnel one is just for routing and is not recommended to be used beyond one IP (but afaik any IP from it can be utilized, provided you do that on the same server where the tunnel is configured).
With a /48 you get 65536 of /64s.
Ah, thanks guys. So I should be using the /48
ifconfig sit0 up ifconfig sit0 inet6 tunnel ::216.66.84.46 ifconfig sit1 up ifconfig sit1 inet6 add 2001:470:1f14:8ba::2/64 route -A inet6 add ::/0 dev sit1I have the /64 set up in my server that way. Ping6-ing 2001:470:1f14:8ba:0000::2 and 2001:470:1f14:8ba:0000::3 works.
How do I set up the /48? The same thing, but replacing 2001:470:1f14:8ba::2/64 with 2001:470:7946::/48 ?
Why not take 10 seconds to try that and see for yourself that YES it just works.
I just don't want to do something that might break connectivity.. thanks though
On KVM with FreeBSD it would be as simple as editing a couple lines in your rc.conf:
ifconfig_gif0_ipv6="inet6 IPv6Addy::2 IPv6Addy::1 prefixlen 128"
ifconfig_gif0_alias0="inet6 IPv6Addy::a:deaf:dad prefixlen 128"
You treat a KVM VPS as if it were like a Dedicated server with a VNC hookup.
I set it up following their instructions, everything works. Added it to /etc/network/interfaces (as described in http://www.linode.com/wiki/index.php/IPv6 ) but in a few minutes everything suddenly stops working: ping6 kbeezie.com times out, ping6 ipv6.google.com times out, every single ping command times out.
No idea what causes that
Why a /48?
You can always use shortcuts
Make little tunnel.sh script like my example:
nano tunnel.sh
Save it and set up proper permissions
Then add it to crontab which will run script only on server boot:
export EDITOR=nano
crontab -e
And voila, IPv6 tunnel will be up after every server reboot without bothering with every individual /conf.d/net/network/interfaces/sysconfig/network/various/distro/details...
Warning: don't forget to replace in tunnel.sh my values with your own tunnelbroker (and local/vps) IPs - those mine are just for example.
Wonder why a cronjob when you can just add it to the interface's ifconfig file?
@kbeezie read, read before you wonder! :-)
It's just option. I shared alternative which works without learning specifications for every distribution. But then again you can help him to find out where he went wrong and adding to interface's ifconfig file didn't work ;-)
I do not trust neither crontab @reboot, nor interfaces (And the latter has the potential to royally screw up your VPS'es whole connectivity after a reboot if you make a typo somewhere); I just use /etc/rc.local for my tunnels.
@rm_ guess the same way I use rc.conf on FreeBSD.
I've read a bit more on IPv6, turns out I did not need the /48
@Spirit, thanks for that, I'll try it. However, I'm going for rc.local.
Also, can I just ip addr add a range?
@rm_ it's nothing tu trust here. It just work
(same as your way)
@kamalnasser no.
Okay ipv6 works, but when nginx listens on ipv6 it stops listening on ipv4. It's supposed to listen on both, and the net.something.ipv6only is 0 in sysctl.
nginx config:
listen [::]:80;Works on IPv6, but not IPv4.
EDIT: Found the solution at http://serverfault.com/questions/277653/nginx-name-based-virtual-hosts-on-ipv6
I found a little problem: nginx listens on IPv6. Setting up the tunnel is in rc.local, so nginx's service starts before the ipv6 tunnel is set up thus failing to listen.
I tried changing nginx's priority to 99 but still didn't change anything.
Ideas?
@kamalnasser with a listen line like "listen [::]:80;" it should not fail to listen, because this means on "any IP", even those IPs which aren't added yet. Maybe you are trying to set up a listen line with your particular IPv6 address? Try replacing it back to [::].
@kamalnasser
And that's why it should be in the network scripts and not some crontab or rc.local
It is listening to a specific ip actually, because this means easier SSL
That's what I'm going to do
@BronzeByte care to elaborate? And be specific please as I would really want to know connection between kamalnasser issue and prefered way how to set IPv6 up and what difference does it make once IPv6 is up.
@Spirit simply put, if the nginx process is started prior to the tasks in rc.local, it'll panic and error out bout being unable to bind on the IPv6 address. If instead the tunnel is setup on the network script, it'll ensure that the addresses are available prior to any user-installed application starting up.
Sure you could hack up the run levels and such to get one task to start before the other, but it's proper to set up networking in the networking scripts. (least on linux... on FreeBSD it all goes in rc.conf anyways with the *_enable="YES" at the end).
Far as what difference would it make, well if the machine rebooted, nginx wouldn't be bound and would remain down until you logged on to correct it, regardless if the tunnel is currently up and active. I guess you could also set a cron job for nginx to be restarted every so often, but that would be kind of silly.
@kbeezie thank you for explanation.
Thanks @kbeezie
EDIT: put it in /etc/network/if-up.d/z-he-ipv6 (z so other stuff load before it) and it works really fine