Blog is now IPv6 Enabled

Although my awesome hosting company dreamhost are not serving up via IPv6 yet, I’ve IPv6 enabled by blog for them by using apache reverse proxy on my home machine.

I configured apache much like: http://linux.yyz.us/ipv6/proxy.html with a few differences

1. I didnt use NameVirtualHost, just put a specific IP in. NameVirtualHosts just feel a bit unnecessary with IPv6, and this way i can point several aliases at the entry without defining them all. This may be considered a small security issue, as other people could point their illegitimate domain names at your site and it would still work and look official.

2. So i didnt have to register all of the aliases, i did not enable ProxyPreserveHost

3. As bryars.eu would resolve to AAAA and A, I didn’t want Apache to get in a loop and proxy to itself, so i added an alias v4 to ensure v4 only forwarding.

For some reason it was sending 301 redirects until the DNS was all sorted

# Contents of /etc/apache2/sites-available/bryars.eu-proxy
<VirtualHost [2001:470:9272:1::2]>
 ServerName bryars.eu
 CustomLog /var/log/apache2/bryars.eu-proxy.log combined

 ProxyRequests Off
 <proxy http://v4.bryars.eu/*>
 Order deny,allow
 Allow from all
 </proxy>
 ProxyPass             /       http://v4.bryars.eu/
 ProxyPassReverse      /       http://v4.bryars.eu/
</VirtualHost>

Also added the IP address to my /etc/network/interfaces so it would get allocated when the tunnel came up, by adding the following line to my tunnel interface stanza:

up ip addr add 2001:470:9272:1::2/64 dev $IFACE preferred_lft 0

The preferred_lft 0 is to mark the ip as deprecated so it doesn’t get used as the default address for outgoing connections. For more information see: http://www.davidc.net/networking/ipv6-source-address-selection-linux

Debian IPv6 Configuration and Lessons Learned

I’ve had a few issues configuring IPv6 on Debian

If due to a misconfiguration a v4tunnel interface you have brought up with ifup has failed, you need to manually delete it before trying again or this annoying error will happen:


# ifup somev6tunnel
ioctl: No buffer space available
# ip tunnel del somev6tunnel
# ifup somev6tunnel
#

I was trying to configure a 6to4 tunnel but without specifying a local interface address by using local any endpoint any, but that gives an unhelpful and yet increasingly familiar error message.


# ifup 6to4
ioctl: No buffer space available

Linux doesn’t like both local and remote values unset, so I thought, aha I’ll just use local any endpoint 192.88.99.1, it appeared to work. I have since realised that it only works for talking to non 6to4 hosts, if I tried to talk to another 6to4 host, it routed the packets through the gateway instead of directly and the return packets were also lost. So, I just specified the local address and it works.

My working 6to4 debian /etc/network/interfaces


auto 6to4
iface 6to4 inet6 v4tunnel
address 2002:561e:XXXX::1 # ipv6calc -I ipv4addr -O ipv6addr -A conv6to4 86.30.XX.XX
netmask 16
local 192.168.1.2 # address assigned by wifi router
endpoint any
gateway ::192.88.99.1 # 6to4 anycast address

Though its best to use a managed tunnel, like Hurricane Electrics tunnelbroker.net

The is the Debian network interfaces config i used to connect to my tunnelbroker.net ipv6 tunnel, reconfigure the tunnel endpoint dynamically, and also add one of my routed /48 subnets to the interface (so i can use pretty reverse dns addresses from my host).


auto he-ipv6
iface he-ipv6 inet6 v4tunnel
address 2001:470:1f08:xxxx::2
netmask 64
endpoint 216.66.80.26
gateway ::216.66.80.26
# Docs to generate pass etc from http://ipv4.tunnelbroker.net/ipv4_end.php
up wget --no-check-certificate -O - 'https://ipv4.tunnelbroker.net/ipv4_end.php?ipv4b=AUTO&pass=9c4db7a186c8xxxxxxxxxxxxxx&user_id=ef2ffab0c775dxxxxxx&tunnel_id=19xxx' 2>/dev/null
up ip addr add 2001:470:XXXX:1::1/64 dev $IFACE