تحميل

How to configure IPv6 on your server [DHCPv6]

Updated at
04/12/2023
Views
7898

1- How to configure the DHCPv6 client

We will use dhclient.
You'll need to edit the following file /etc/dhcp/dhclient6.conf :

interface "eno1" {
  send dhcp6.client-id DUID;
}

You will have to adapt the interface name (eno1) and the DUID

START YOUR DHCPV6 CLIENT AT BOOT

Once the client is configured, you'll need to create a new SystemD service.
Create the following file, adapting the interface name (eno0) and the DUID /etc/systemd/system/dhclient.service:

[Unit]
Description=dhclient for sending DUID IPv6
After=network-online.target
Wants=network-online.target

[Service]
Restart=always
RestartSec=10
Type=forking
ExecStart=/sbin/dhclient -cf /etc/dhcp/dhclient6.conf -6 -P -v eno1
ExecStop=/sbin/dhclient -x -pf /var/run/dhclient6.pid

[Install]
WantedBy=network.target

dhclient's path may vary depending on your OS. To know the exact path, use the following command: which dhclient

Then, enable it for every reboot: systemctl enable dhclient.service.

2 - HOW TO CONFIGURE THE NETWORK

CONFIGURE THE NETWORK ON UBUNTU 16 & DEBIAN 8 AND 9

Start by editing /etc/network/interfaces as follows:

auto eno1
iface eno1 inet6 static
    address IPV6ADDRESS
    netmask PREFIXLENGTH

You'll need to replace eno1 with the proper interface name.
With Debian & old versions of Ubuntu, it's usually eth0.

The network interface is initialized with the command allow-hotplug by default on Debian 9. It is possible that the network restart fails with this configuration. In this case, you can initialize the network with auto to avoid the problem.

Alternate configuration without SystemD

If you don't use SystemD to start your services, you can configure your /etc/network/interfaces as follows:

iface eno1 inet6 static
    pre-up modprobe ipv6
    pre-up dhclient -cf /etc/dhcp/dhclient6.conf -6 -P -d -v $IFACE
    address IPV6ADDRESS
    netmask PREFIXLEN

Still adapting your interface name (eno1) to your needs, as well as the IPv6 address and the Netmask.

CONFIGURE THE NETWORK USING NETPLAN

Ubuntu uses since the release of Ubuntu 18.04 LTS a new tool to configure the network, called netplan.
It replaces the classical network configuration with new configuration files, written in YAML format, and located in the /etc/netplan directory. For more information regarding netplan, refer to the official Ubuntu documentation.
Open the default configuration file /etc/netplan/01-netcfg.yaml in a text editor, and edit it as follows:

# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
  version: 2
  renderer: networkd
  ethernets:
    enp1s0:
      dhcp4: no
      dhcp6: no
      addresses:
       - "aaa.bbb.ccc.ddd/24" # The main IP address of your Dedibox server
       - "/" # An IP address from your IPv6 block and it's subnet mask
      gateway4: aaa.bbb.ccc.1 # The gateway is the IP address of your Dedibox, ending on .1
      nameservers:
       addresses: [62.210.16.6, 62.210.16.7]
      routes:
       - to: 0.0.0.0
         via: aaa.bbb.ccc.1
         on-link: true

You'll need to replace enp1s0 with the proper interface name. To find the interface name of your machine, use the ifconfig command.
Reboot your server once you have configured the new network settings.

 

CONFIGURE THE NETWORK ON CENTOS 7

After configuring your dhclient and SystemD, you'll need to edit /etc/sysconfig/network-scripts/ifcfg-eth0:

# Generated by parse-kickstart
UUID=xxxxx
DNS1=62.210.16.6
BOOTPROTO=none
DEVICE=eth0
ONBOOT=yes
TYPE=Ethernet
IPADDR=62.210.xx.xx
PREFIX=24
GATEWAY=62.210.xx.1
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6ADDR="IPV6ADDRESS/PREFIXLEN"
IPV6_AUTOCONF=yes
NAME="System eth0"

Once done with the configuration, you can reboot your server to check that the service & the configuration are correctly applied at the boot!

You will need to allow in your firewall 546/UDP Incoming & 547/UDP Outgoing.

TEST YOUR CONFIGURATION

Launch the dhclient with the following command:

dhclient -cf /etc/dhcp/dhclient6.conf -6 -P -v eth0

To check your IPv6 connectivity, you can use the PING command:

ping6 ipv6.google.com

DEBUG

If the configuration is not working for you, check your interface name with the following command:

ifconfig -a

Also, your server needs to be configured to accept RA (Router Advertisement).
By default, your server won't accept to forward packets from an interface to another if it's automatically configured (through DHCPv6).

If you need to forward IPv6 packets and use an automated configuration, you'll need to set your sysctl net.ipv6.conf.all.accept_ra to 2 in /etc/sysctl.conf.
This is usually useful for Hypervisor Host such as Proxmox.

The examples are given for eth0/eno1, if your main interface have a different name, you'll need to modify it in all of your configurations files.

TRAFFIC LIMITATION OF YOUR CLIENT

In certain cases, some DHCPv6 clients may unfortunately send several requests per second (especially dchp6c).

This triggers blocking of your server's network port by our automatic protection, as it will be seen as a source of a UDP flood.

To avoid this problem, we invite you to limit the traffic sent from your dhclient6 directly in your firewall configuration.

Following an example for IPTABLES :

ip6tables -A OUTPUT -p udp --dport 547 -m limit --limit 10/min --limit-burst 5 -j ACCEPT
ip6tables -A OUTPUT -p udp --dport 547 -j DROP

In Rescue mode

To test the IPv6 on your server in rescue mode, reboot the server in rescue mode with the “Ubuntu 14 - Trusty” mode. The dhclient is already available on it.

Create the file which will contain your DUID.

nano /etc/dhcp/dhclient6.conf

First, start the dhclient:

dhclient -cf /etc/dhcp/dhclient6.conf -6 -P -v  <interface>

After, add the IPv6 address to your network interface:

/sbin/ifconfig <interface> inet6 add IPV6ADDRESS/PREFIXLENGTH

Then you can try to ping6:

ping6 ipv6.google.com

YottaSrc footer

لماذا تختارنا؟

أفضل الأسعار, تخزين SSD سريع و دعم فني
24/7 حقيقي

control panel icon
cPanel

إدارة موقعك من خلال CPanel بأحدث إصدار

security icon
سريع وموثوق وآمن

ضمان وقت تشغيل بنسبة 99.8٪.
لذا ركز على عملك!

support icon
دعم 24/7/365

ليلاً أو نهارًا ، مطر أو شمس ،
فريقنا هنا من أجلك!

cloud backup icon
نسخ احتياطي يومي

نسخ احتياطي يومي وأسبوعي.
ملفاتك آمنة!