loading

How to configure IPv6 on your server [DHCPv6]

Updated at
04/12/2023
Views
7898

1- How to configure the DHCPv6 client

We will use dhclient.
You'll need to edit the following file /etc/dhcp/dhclient6.conf :

interface "eno1" {
  send dhcp6.client-id DUID;
}

You will have to adapt the interface name (eno1) and the DUID

START YOUR DHCPV6 CLIENT AT BOOT

Once the client is configured, you'll need to create a new SystemD service.
Create the following file, adapting the interface name (eno0) and the DUID /etc/systemd/system/dhclient.service:

[Unit]
Description=dhclient for sending DUID IPv6
After=network-online.target
Wants=network-online.target

[Service]
Restart=always
RestartSec=10
Type=forking
ExecStart=/sbin/dhclient -cf /etc/dhcp/dhclient6.conf -6 -P -v eno1
ExecStop=/sbin/dhclient -x -pf /var/run/dhclient6.pid

[Install]
WantedBy=network.target

dhclient's path may vary depending on your OS. To know the exact path, use the following command: which dhclient

Then, enable it for every reboot: systemctl enable dhclient.service.

2 - HOW TO CONFIGURE THE NETWORK

CONFIGURE THE NETWORK ON UBUNTU 16 & DEBIAN 8 AND 9

Start by editing /etc/network/interfaces as follows:

auto eno1
iface eno1 inet6 static
    address IPV6ADDRESS
    netmask PREFIXLENGTH

You'll need to replace eno1 with the proper interface name.
With Debian & old versions of Ubuntu, it's usually eth0.

The network interface is initialized with the command allow-hotplug by default on Debian 9. It is possible that the network restart fails with this configuration. In this case, you can initialize the network with auto to avoid the problem.

Alternate configuration without SystemD

If you don't use SystemD to start your services, you can configure your /etc/network/interfaces as follows:

iface eno1 inet6 static
    pre-up modprobe ipv6
    pre-up dhclient -cf /etc/dhcp/dhclient6.conf -6 -P -d -v $IFACE
    address IPV6ADDRESS
    netmask PREFIXLEN

Still adapting your interface name (eno1) to your needs, as well as the IPv6 address and the Netmask.

CONFIGURE THE NETWORK USING NETPLAN

Ubuntu uses since the release of Ubuntu 18.04 LTS a new tool to configure the network, called netplan.
It replaces the classical network configuration with new configuration files, written in YAML format, and located in the /etc/netplan directory. For more information regarding netplan, refer to the official Ubuntu documentation.
Open the default configuration file /etc/netplan/01-netcfg.yaml in a text editor, and edit it as follows:

# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
  version: 2
  renderer: networkd
  ethernets:
    enp1s0:
      dhcp4: no
      dhcp6: no
      addresses:
       - "aaa.bbb.ccc.ddd/24" # The main IP address of your Dedibox server
       - "/" # An IP address from your IPv6 block and it's subnet mask
      gateway4: aaa.bbb.ccc.1 # The gateway is the IP address of your Dedibox, ending on .1
      nameservers:
       addresses: [62.210.16.6, 62.210.16.7]
      routes:
       - to: 0.0.0.0
         via: aaa.bbb.ccc.1
         on-link: true

You'll need to replace enp1s0 with the proper interface name. To find the interface name of your machine, use the ifconfig command.
Reboot your server once you have configured the new network settings.

 

CONFIGURE THE NETWORK ON CENTOS 7

After configuring your dhclient and SystemD, you'll need to edit /etc/sysconfig/network-scripts/ifcfg-eth0:

# Generated by parse-kickstart
UUID=xxxxx
DNS1=62.210.16.6
BOOTPROTO=none
DEVICE=eth0
ONBOOT=yes
TYPE=Ethernet
IPADDR=62.210.xx.xx
PREFIX=24
GATEWAY=62.210.xx.1
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6ADDR="IPV6ADDRESS/PREFIXLEN"
IPV6_AUTOCONF=yes
NAME="System eth0"

Once done with the configuration, you can reboot your server to check that the service & the configuration are correctly applied at the boot!

You will need to allow in your firewall 546/UDP Incoming & 547/UDP Outgoing.

TEST YOUR CONFIGURATION

Launch the dhclient with the following command:

dhclient -cf /etc/dhcp/dhclient6.conf -6 -P -v eth0

To check your IPv6 connectivity, you can use the PING command:

ping6 ipv6.google.com

DEBUG

If the configuration is not working for you, check your interface name with the following command:

ifconfig -a

Also, your server needs to be configured to accept RA (Router Advertisement).
By default, your server won't accept to forward packets from an interface to another if it's automatically configured (through DHCPv6).

If you need to forward IPv6 packets and use an automated configuration, you'll need to set your sysctl net.ipv6.conf.all.accept_ra to 2 in /etc/sysctl.conf.
This is usually useful for Hypervisor Host such as Proxmox.

The examples are given for eth0/eno1, if your main interface have a different name, you'll need to modify it in all of your configurations files.

TRAFFIC LIMITATION OF YOUR CLIENT

In certain cases, some DHCPv6 clients may unfortunately send several requests per second (especially dchp6c).

This triggers blocking of your server's network port by our automatic protection, as it will be seen as a source of a UDP flood.

To avoid this problem, we invite you to limit the traffic sent from your dhclient6 directly in your firewall configuration.

Following an example for IPTABLES :

ip6tables -A OUTPUT -p udp --dport 547 -m limit --limit 10/min --limit-burst 5 -j ACCEPT
ip6tables -A OUTPUT -p udp --dport 547 -j DROP

In Rescue mode

To test the IPv6 on your server in rescue mode, reboot the server in rescue mode with the “Ubuntu 14 - Trusty” mode. The dhclient is already available on it.

Create the file which will contain your DUID.

nano /etc/dhcp/dhclient6.conf

First, start the dhclient:

dhclient -cf /etc/dhcp/dhclient6.conf -6 -P -v  <interface>

After, add the IPv6 address to your network interface:

/sbin/ifconfig <interface> inet6 add IPV6ADDRESS/PREFIXLENGTH

Then you can try to ping6:

ping6 ipv6.google.com

YottaSrc footer

why choose us?

Better Pricing, Fast SSD Storage and Real 24/7
Technical Support.

control panel icon
cPanel

Managing Your Site Through CPanel With The Latest Version

security icon
FAST, RELIABLE & SECURE

99.8% Uptime Guarantee.
So Focus On Your Work!

support icon
24/7/365 Support

Day or night, rain or shine,
our team is here for you!

cloud backup icon
Daily Backup

Daily & Weekly Backup.
Your Files Are Safe!