One of the personal projects I wanted to attack for a long time was to completely migrate over to IPv6. And by that I mean my home network, servers and even mobiles.
The goal was to use native IPv6 where possible and to use the dual stack transition strategy only when necessary (as with the PlayStation 3, but more on that later).
My home network consists of:
- a FritzBox 7490
- Ubuntu (14.04)
- several Macs (10.6.8)
- several Android devices
This report is not complete as I do not own a Windows Box, but I hear if your PC runs Vista or later, you’re perfectly good to go. Windows XP (at the time of writing not officially supported anymore) seems to support IPv6 via Dual Stack but isn’t able to resolve hostnames on v6-only networks.
With the FritzBox as the center of my digital life it seems like a good starting point. You can enable IPv6 routing under Internet » Zugangsdaten » IPv6.
Set up and forget
If you just want to browse the Internet using IPv6, all you have to do is to enable the 6to4 option and you’re good to go. You should now obtain a randomly assigned /64 bit Prefix that automatically propagates through your network to all IPv6 ready clients via DHCPv6.
This way the prefix will change every time your DSL line reconnects!
The almost real deal
If you host services at home, like I do, you want to make sure you always obtain the same prefix. So best apply for a SixXs.net Account.
After the SixX staff approves your account you can apply for a Dynamic Tunnel. Then all you have to do is to enter your credentials into the FritzBox’s configuration form and watch the tunnel go up.
Obviously since there will be no NAT protecting you from outside access anymore you will have to double check your Firewall settings. But laziness should not hinder progress.
By default the FritzBox’s Firewall will protect your hosts. You can allow access for certain hosts under Internet » Freigaben » IPv6.
To check your inbound firewall you can use nmap’s ~
jan@espresso:~$ nmap -6 espresso Starting Nmap 6.40 ( http://nmap.org ) at 2014-10-18 20:01 CEST Nmap scan report for espresso (2a01:xxxx:xxxx:0:ba27:ebff:fexx:xxxx) Host is up (0.00037s latency). rDNS record for 2a01:xxxx:xxxx:0:ba27:ebff:fexx:xxxx: espresso Not shown: 999 closed ports PORT STATE SERVICE 22/tcp open ssh
This obviously means applying security patches throughout your network is a must by now.
Now let’s take our tunnel for a test run: http://ipv6-test.com/
I now see that this topic is far too comprehensive for a single post, so… snip