Campus6

Contents

  1. IPv6 configuration of FreeBSD operating systems
    1. How should I enabled IPv6 in the kernel?
    2. How should I enable IPv6 on the system?
    3. How should I configure a specific IPv6 address to a certain interface?
    4. How should I configure additional (alias) IPv6 address to a certain interface?
    5. How can I activate the configuration changes in /etc/rc.conf?
    6. How can change the address selection policy?
      1. How can I prefer IPv4 connection even if I have IPv6 enabled?
      2. How can I prefer IPv6 connection if I installed IPv4 prefering address selection rules?
    7. PPP configuration for IPv6
    8. How can I use privacy extended addresses?
    9. Can I use DHCPv6 for configuring parameters under FreeBSD?
      1. Stateful DHCPv6 client configuration
      2. Stateless DHCPv6 client configuration
    10. How can I find more information about IPv6 configuration of FreeBSD?
  2. Connecting to IPv6 if you don't have native IPv6 connectivity
    1. How can I configure tunnel on FreeBSD?
    2. How can I check if tunnel is working correctly?
    3. How can I configure 6to4 tunnel of FreeBSD?
    4. How can I enforce Router Solicitation message to sent out on a certain interface?
    5. How can I diagnose/control IPv6 neighbor discovery protocol?
  3. How can I secure IPv6 on FreeBSD ?
    1. How can I use pf packet filter on FreeBSD ?
    2. How can I use ip6fw packet filter on FreeBSD ?
    3. How can I secure on IPv6 a certain application on FreeBSD ?
  4. IPv6 compatible applications for FreeBSD
    1. Which applications are IPv6 compatible in the base FreeBSD systems?
    2. Which application are IPv6 capable in the FreeBSD port collections?

IPv6 configuration of FreeBSD operating systems

How should I enabled IPv6 in the kernel?

From FreeBSD 4.0 (including FreeBSD 5.x, 6.x and 7.x) supports IPv6 in the GENERIC kernel. Your should have the following line in the kernel configuration:

 options         INET6                   #IPv6 communications protocols

You should not do anything unless you removed the line above from your kernel configuration.

You cannot load IPv6 support as a module.

How should I enable IPv6 on the system?

The system configuration stored on FreeBSD in the /etc/rc.conf file. You should put ipv6_enable="YES" in this file for IPv6 autoconfiguration.

In case of FreeBSD you can use /stand/sysinstall to enable IPv6. freebsd_sysinstall.gif

However this is recommended only for one interface configuration (host only). The sysinstall configuration has a side-effect also:

How should I configure a specific IPv6 address to a certain interface?

Enter to /etc/rc.conf configuration file ipv6_enable='YES' , then you should specify which interfaces you want to configure with IPv6 ipv6_network_interfaces='if0 if1' (this is not really necessary if you want IPv6 on all interfaces enabled).

Then you should configure prefix for each specified interface (e.g. ipv6_prefix_if0="fec0:0000:0000:000" (prefixlen 64 assumed) ) or you can configure all ifconfig parameters (e.g. ipv6_ifconfig_if0="fec0:0:0:5::1 prefixlen 64").

It is worth configuring default interface (e.g. ipv6_default_interface="if0") if you want to use scoped addressess (link local, or multicast).

How should I configure additional (alias) IPv6 address to a certain interface?

Configure in /etc/rc.conf file on which interface you want alias address like: ipv6_ifconfig_if0_alias0="fec0:0:0:5::2/64" .

How can I activate the configuration changes in /etc/rc.conf?

You should run /etc/netstart command to activate the network related configuration changes in /etc/rc.conf. This script is intented mostly to start networking in single user mode, but can be used to activate network con figuration changes.

But since the network is already running some errors might occur.

How can change the address selection policy?

In FreeBSD 5.2 and later you can define address selection defined RFC 3484. For this purpose you can use ip6addrctl command.

 ip6addrctl add <prefix> <precedence> <label>

 ip6addrctl show

 ip6addrctl flush

How can I prefer IPv4 connection even if I have IPv6 enabled?

You can use ip6addrctl to control your address selection policy. You can run the following script:

 #!/bin/sh
 #prefer ipv4
 ip6addrctl flush
 ip6addrctl add ::ffff:0:0/96    50      0
 ip6addrctl add ::1/128          40      1
 ip6addrctl add ::/0             30      2
 ip6addrctl add 2002::/16        20      3
 ip6addrctl add ::/96            10      4
 ip6addrctl show

or installing the following config file with <tt>ip6addrctl install</tt>:

 #Prefix                          Prec Label      Use
 ::1/128                           50     0        0
 ::/0                              40     1        8
 2002::/16                         30     2        0
 ::/96                             20     3        0
 ::ffff:0.0.0.0/96                 100     4        0

or on FreeBSD 6.0 or later you can run :

 /etc/rc.d/ip6addrctl prefer_ipv4

How can I prefer IPv6 connection if I installed IPv4 prefering address selection rules?

You can run the following script

 #!/bin/sh
 #prefer ipv6
 ip6addrctl flush >/dev/null 2>&1
 ip6addrctl add ::1/128          50      0
 ip6addrctl add ::/0             40      1
 ip6addrctl add 2002::/16        30      2
 ip6addrctl add ::/96            20      3
 ip6addrctl add ::ffff:0:0/96    10      4
 ip6addrctl show

or simply

 ip6addrctl flush

since IPv6 prefered by default.

PPP configuration for IPv6

The IPv6 supported in user ppp by default in the recent FreeBSD systems ( FreeBSD 5.2 and later ). If the PPP server supports IPv6 FreeBSD ppp automaticaly negotiates the ip6cp parameters. To disable this you can say in your ppp configuration files:

ipv6cp disable

To show these parameters use the ppp command interface:

PPP ON scone> show ipv6cp
* IPV6CP (IPv6) related information is shown here *

How can I use privacy extended addresses?

Privacy addresses are not enabled by default. Their generation is activated with a sysctl:

sysctl net.inet6.ip6.use_tempaddr=1 

To prefer privacy addresses and use them over the normal addresses, a second sysctl has to be set:

sysctl net.inet6.ip6.prefer_tempaddr=1

Can I use DHCPv6 for configuring parameters under FreeBSD?

The KAME DHCPv6 software was developed for KAME IPv6 stack/snapshot and is now improved and maintained separately from KAME in the WIDE project (and thus named WIDE DHCPv6). For FreeBSD it is available via the net/dhcp6 port.It can act as DHCPv6 client, server or relay agent.

Stateful DHCPv6 client configuration

If configured for stateful DHCPv6, the KAME client can ask for address assignments and other informations. In the below example, it asks for a permanent address (ia-na), a delegated prefix (ia-pd) and DNS-information. In the (two) empty id assoc ... { } blocks, more configuration for the address and prefix delegation queries could be configured.

The configuration file lives in /usr/local/etc/dhcp6c.conf: (if is the used interface).

interface if {
 send ia-na 1;
 send ia-pd 0;
 send domain-name-servers,domain-name;
};
id assoc na 1 {
};
id assoc pd {
};

Note: the numbers of both ID associations (ia-na and ia-pd) were not chosen arbitrarily; our tested version worked only with this combination.

Stateless DHCPv6 client configuration

With the information-only option, the KAME DHCPv6 client sends requests for stateless DHCPv6 information. In the example below, it asks for the addresses of the nameservers and the clients’ own domain-name.

The configuration file lives in /usr/local/etc/dhcp6c.conf (if is the used interface).

interface if {
 information-only;
 send domain-name-servers,domain-name;
}

How can I find more information about IPv6 configuration of FreeBSD?

You can find further information in the following files of the installed FreeBSD system http://www.freebsd.org/cgi/cvsweb.cgi/src/share/doc/IPv6/IMPLEMENTATION /usr/share/doc/IPv6/IMPLEMENTATION  http://www.freebsd.org/cgi/cvsweb.cgi/src/share/examples/IPv6/USAGE /usr/share/examples/IPv6/USAGE

Connecting to IPv6 if you don't have native IPv6 connectivity

You can connect IPv6 service of NIIF/HUNGARNET if you are or your institution is member of HUNGARNET. Otherwise you might connect via tunnels (e.g. with Tunnelbrokers)? And complain to your ISP why they don't provide IPv6 service.

How can I configure tunnel on FreeBSD?

You can configure IPv4/IPv6 tunnel on FreeBSD using gif0, gif1, ... interfaces. First you should create gif0, gif1, etc as a cloned interface with cloned_interfaces="gif0 gif1 gif2 gif3" in  /etc/rc.conf. Second you should configure the tunnel endpoints in <tt>/etc/rc.conf</tt> with e.g. gifconfig_gif0="10.1.1.1 10.1.1.2" where 10.1.1.1 is address of your side and 10.1.1.2 is address of remote side. Then you might want to configure IPv6 address on the tunnel in /etc/rc.conf e.g. ipv6_ifconfig_gif0="2001:db8:1:2::1 prefixlen 64". This is not strictly necessary if you and your applications can rely on ipv6 linklocal address. However you should configure static routes what networks are available towards gif0 like in this interface:

 ipv6_static_routes="net1"      # An example to set 2001:db8:0000:0006::/64
                                #  route toward gif0 interface.
 ipv6_route_net1="2001:db8:0000:0006:: -prefixlen 64 gif0"

How can I check if tunnel is working correctly?

First try invoking the following command

 ping6 -n ff02::1%gif0

If you see two packets, one from your local node and another from the remote node, the tunnel is working fine. If you have an IPv4 reachability problem betwe en x.x.x.x and y.y.y.y, you will see only one reply or no reply. Here are items to look at if you are having trouble:

How can I configure 6to4 tunnel of FreeBSD?

You can configure 6to4 tunnel on FreeBSD using stf0 interface. First, you need to configure 6to4 tunnel interface on you node. If you picked x.y.z.u IPv4 address from one of you interfaces as 6to4 gateway interface address then you can use IPv6 subnet prefix, 2002:xxyy:zzuu:0000-FFFF::/64, for use in the tunnel.

To configure this address you should configure stf_interface_ipv4addr="x.y.z.u" in /etc/rc.conf. You should also configure the ipv4 prefixlength valid for 6to4 prefixes with stf_interface_ipv4plen. It is recommended to set this to 32.

With the promulgation of RFC 3068, everyone using 6to4 should now set their default router to 2002:c058:6301:: which is a special magic anycast address for the nearest (in BGP terms, anyhow) Relay Router.

There's also a list of public 6to4 relay routers you can choose from. This one is not recommended anymore.

Note that you cannot use ff02::1 test on stf0 interface, as the interface is not capable of IPv6 multicasting. Since stf0 interface is not enabled by default GENERIC kernel, you may need to r ecompile your kernel (this is due to security reasons - see stf(4) manpage).

You can also use net/hf6to4 port to setup 6to4 tunnel.

How can I enforce Router Solicitation message to sent out on a certain interface?

You can run rtsol if0 to send out Router Solicitation message on if0 interface. You should receive Router Advertisment as a reply from the router to this message if your router is configured to perform router advertisment.

How can I diagnose/control IPv6 neighbor discovery protocol?

You can control and diagnose IPv6 neighbor discovery protocol with ndp command.

How can I secure IPv6 on FreeBSD ?

How can I use pf packet filter on FreeBSD ?

How can I use ip6fw packet filter on FreeBSD ?

Have a look at FreeBSD ip6fw section of page IPv6 Firewalls and Security . You will find there a tutorial about IPv6 usage of FreeBSD ip6fw and some configuration examples.

How can I secure on IPv6 a certain application on FreeBSD ?

Almost all the builtin applications of FreeBSD compiled with tcpwrapper. Have look at page TCPwrapper.

IPv6 compatible applications for FreeBSD

Which applications are IPv6 compatible in the base FreeBSD systems?

Which application are IPv6 capable in the FreeBSD port collections?

You can find IPv6 ready ports in the FreeBSD port collections on FreeBSD webpage, however if you need some help for configuration you can fin information in our IPv6 application FAQ

Campus6: IPv6hostsfreebsd (last edited 2009-02-17 16:57:10 by mohacsi)