Using Raspberry Pi as IPv6 router for network

Question

I've succeeded in setting up IPv6 for my Raspberry Pi with tunnelbroker.net. However, I would like to share the /64 I got amongst the other devices in my network. The router of the network is a Virgin Media Super Hub (VMDG480), and has no IPv6 support.

Here is my /etc/network/interfaces for the Raspberry Pi:

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
    address 192.168.0.3
    gateway 192.168.0.1
    netmask 255.255.255.0
    network 192.168.0.0
    broadcast 192.168.0.255

auto he-ipv6
iface he-ipv6 inet6 v4tunnel
    address 2001:470:1f09:4f8::2
    netmask 64
    endpoint 216.66.80.26
    local 192.168.0.3
    ttl 255
    gateway 2001:470:1f08:4f8::1

Here's the info I got from tunnelbroker:

 Client IPv6 Address: 2001:470:1f08:4f8::2/64
 Routed /64: 2001:470:1f09:4f8::/64
 Routed /48: 2001:470:6c92::/48

I've tried using radvd, dibbler and isc-dhcp-server - none were able to provide other computers in my network with IPv6 connectivity. Can someone help shed some light on the situation?

Answer 1

It works a little differently: you don't share the /64 from the tunnel, you use new /64s from the routed /48 for your networks. The /48 gives you 2001:470: 6c92::/64 (which is 2001:470:6c92:0000::/64) up to 2001:470:6c92:ffff::/64. That gives you 65536 /64s, which is usually enough to give each network its own /64.

First you will have to enable IPv6 forwarding in your kernel, so that your Raspberry Pi will act as a router. Add this line to /etc/sysctl.conf:

net.ipv6.conf.all.forwarding=1

It is probably already in there, but commented out.

Then you'll have to configure IPv6 on your eth0 interface. Add something like:

iface eth0 inet6 static
    address 2001:470:6c92:1::1
    netmask 64

Then you configure radvd (Router Advertisement Daemon) so that your Raspberry Pi advertises to the local network that IPv6 is available and it will function as the default gateway. A basic configuration in /etc/radvd.conf will be something like:

interface eth0
{
    AdvSendAdvert on;
    prefix 2001:470:6c92:1::/64
    {
        AdvOnLink on;
        AdvAutonomous on;
    };
};

It advertises that it is the default gateway and that other systems may auto-configure themselves.

Warning: the moment you start radvd all systems on your LAN will get IPv6 addresses and an IPv6 default gateway. Unless you have configured an IPv6 firewall on the Raspberry Pi all systems will be directly connected to the IPv6 internet. Please make sure their configurations are secure to run like that, or configure an IPv6 firewall on the Raspberry Pi before enabling radvd.

If you only want specific systems to use the Raspberry Pi for IPv6 connectivity then don't run radvd. Instead just configure IPv6 manually on those systems. Use an address from 2001:470:6c8b:1::/64 .The all-zeroes address is the subnet-router any cast address by convention, although I almost never see this used in practice. Address 2001:470:6c92:1::1 was used for the Raspberry Pi, so you can use anything from 2001:470:6c92:1::2 (= 2001:0470:6c92:0001:0000:0000:0000:0002) to 2001:470:6c92:1:ffff:ffff:ffff:ffff. Configure 2001:470:6c92:1::1 as the default gateway and you should be online :)

There is also some advice on https://wiki.ubuntu.com/IPv6#Configure_your_Ubuntu_box_as_a_IPv6_router that might apply to your configuration. Look at the "ufw and Routing" section. It basically tells you to add the following lines in /etc/ufw/sysctl.conf:

net/ipv6/conf/default/forwarding=1
net/ipv6/conf/all/forwarding=1

To change this line in /etc/default/ufw:

DEFAULT_FORWARD_POLICY="DROP"

And to add the following lines to /etc/ufw/before6.rules:

-A ufw6-before-forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw6-before-forward -i eth0 -o he-ipv6 -m conntrack --ctstate NEW -j ACCEPT

Answer 2

I had to add ipv6 to /etc/modules first, to enable ipv6. Perhaps this helps others, too.