One of the personal projects I wanted to attack for a long time was to completely migrate over to IPv6. And by that I mean my home network, servers and even mobiles.

The goal was to use native IPv6 where possible and to use the dual stack transition strategy only when necessary (as with the PlayStation 3, but more on that later).

My home network consists of:

  • a FritzBox 7490
  • Ubuntu (14.04)
  • several Macs (10.6.8)
  • several Android devices
  • Chromecast

This report is not complete as I do not own a Windows Box, but I hear if your PC runs Vista or later, you’re perfectly good to go. Windows XP (at the time of writing not officially supported anymore) seems to support IPv6 via Dual Stack but isn’t able to resolve hostnames on v6-only networks.

FritzBox

With the FritzBox as the center of my digital life it seems like a good starting point. You can enable IPv6 routing under Internet » Zugangsdaten » IPv6.

Fritz Box IPv6 Settings

Set up and forget

If you just want to browse the Internet using IPv6, all you have to do is to enable the 6to4 option and you’re good to go. You should now obtain a randomly assigned /64 bit Prefix that automatically propagates through your network to all IPv6 ready clients via DHCPv6.

This way the prefix will change every time your DSL line reconnects!

The almost real deal

If you host services at home, like I do, you want to make sure you always obtain the same prefix. So best apply for a SixXs.net Account.

After the SixX staff approves your account you can apply for a Dynamic Tunnel. Then all you have to do is to enter your credentials into the FritzBox’s configuration form and watch the tunnel go up.

Security convsiderations

Obviously since there will be no NAT protecting you from outside access anymore you will have to double check your Firewall settings. But laziness should not hinder progress.

By default the FritzBox’s Firewall will protect your hosts. You can allow access for certain hosts under Internet » Freigaben » IPv6.

Fritz Box IPv6 Sharing Settings

Port Scanner

To check your inbound firewall you can use nmap’s ~-6~ switch.

jan@espresso:~$ nmap -6 espresso

Starting Nmap 6.40 ( http://nmap.org ) at 2014-10-18 20:01 CEST
Nmap scan report for espresso (2a01:xxxx:xxxx:0:ba27:ebff:fexx:xxxx)
Host is up (0.00037s latency).
rDNS record for 2a01:xxxx:xxxx:0:ba27:ebff:fexx:xxxx: espresso
Not shown: 999 closed ports
PORT   STATE SERVICE
22/tcp open  ssh

This obviously means applying security patches throughout your network is a must by now.

Connectivity check

Now let’s take our tunnel for a test run: http://ipv6-test.com/

IPv6 connectivity check

Cliffhanger

I now see that this topic is far too comprehensive for a single post, so… snip