1- How to configure the DHCPv6 client
We will use dhclient
.
You'll need to edit the following file /etc/dhcp/dhclient6.conf
:
interface "eno1" { send dhcp6.client-id DUID; }
You will have to adapt the interface name (eno1
) and the DUID
START YOUR DHCPV6 CLIENT AT BOOT
Once the client is configured, you'll need to create a new SystemD
service.
Create the following file, adapting the interface name (eno0
) and the DUID /etc/systemd/system/dhclient.service
:
[Unit] Description=dhclient for sending DUID IPv6 After=network-online.target Wants=network-online.target [Service] Restart=always RestartSec=10 Type=forking ExecStart=/sbin/dhclient -cf /etc/dhcp/dhclient6.conf -6 -P -v eno1 ExecStop=/sbin/dhclient -x -pf /var/run/dhclient6.pid [Install] WantedBy=network.target
dhclient
's path may vary depending on your OS. To know the exact path, use the following command: which dhclient
Then, enable it for every reboot: systemctl enable dhclient.service.
2 - HOW TO CONFIGURE THE NETWORK
CONFIGURE THE NETWORK ON UBUNTU 16 & DEBIAN 8 AND 9
Start by editing /etc/network/interfaces
as follows:
auto eno1 iface eno1 inet6 static address IPV6ADDRESS netmask PREFIXLENGTH
You'll need to replace eno1 with the proper interface name.
With Debian & old versions of Ubuntu, it's usually eth0
.
The network interface is initialized with the command allow-hotplug
by default on Debian 9. It is possible that the network restart fails with this configuration. In this case, you can initialize the network with auto
to avoid the problem.
Alternate configuration without SystemD
If you don't use SystemD
to start your services, you can configure your /etc/network/interfaces
as follows:
iface eno1 inet6 static pre-up modprobe ipv6 pre-up dhclient -cf /etc/dhcp/dhclient6.conf -6 -P -d -v $IFACE address IPV6ADDRESS netmask PREFIXLEN
Still adapting your interface name (eno1
) to your needs, as well as the IPv6 address and the Netmask.
CONFIGURE THE NETWORK USING NETPLAN
Ubuntu uses since the release of Ubuntu 18.04 LTS a new tool to configure the network, called netplan
.
It replaces the classical network configuration with new configuration files, written in YAML format, and located in the /etc/netplan
directory. For more information regarding netplan, refer to the official Ubuntu documentation.
Open the default configuration file /etc/netplan/01-netcfg.yaml
in a text editor, and edit it as follows:
# This file describes the network interfaces available on your system # For more information, see netplan(5). network: version: 2 renderer: networkd ethernets: enp1s0: dhcp4: no dhcp6: no addresses: - "aaa.bbb.ccc.ddd/24" # The main IP address of your Dedibox server - "/" # An IP address from your IPv6 block and it's subnet mask gateway4: aaa.bbb.ccc.1 # The gateway is the IP address of your Dedibox, ending on .1 nameservers: addresses: [62.210.16.6, 62.210.16.7] routes: - to: 0.0.0.0 via: aaa.bbb.ccc.1 on-link: true
You'll need to replace enp1s0
with the proper interface name. To find the interface name of your machine, use the ifconfig
command.
Reboot your server once you have configured the new network settings.
CONFIGURE THE NETWORK ON CENTOS 7
After configuring your dhclient
and SystemD
, you'll need to edit /etc/sysconfig/network-scripts/ifcfg-eth0
:
# Generated by parse-kickstart UUID=xxxxx DNS1=62.210.16.6 BOOTPROTO=none DEVICE=eth0 ONBOOT=yes TYPE=Ethernet IPADDR=62.210.xx.xx PREFIX=24 GATEWAY=62.210.xx.1 DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6ADDR="IPV6ADDRESS/PREFIXLEN" IPV6_AUTOCONF=yes NAME="System eth0"
Once done with the configuration, you can reboot your server to check that the service & the configuration are correctly applied at the boot!
You will need to allow in your firewall 546/UDP Incoming & 547/UDP Outgoing.
TEST YOUR CONFIGURATION
Launch the dhclient
with the following command:
dhclient -cf /etc/dhcp/dhclient6.conf -6 -P -v eth0
To check your IPv6 connectivity, you can use the PING
command:
ping6 ipv6.google.com
DEBUG
If the configuration is not working for you, check your interface name with the following command:
ifconfig -a
Also, your server needs to be configured to accept RA
(Router Advertisement).
By default, your server won't accept to forward packets from an interface to another if it's automatically configured (through DHCPv6
).
If you need to forward IPv6 packets and use an automated configuration, you'll need to set your sysctl
net.ipv6.conf.all.accept_ra
to 2
in /etc/sysctl.conf
.
This is usually useful for Hypervisor Host such as Proxmox
.
The examples are given for eth0
/eno1
, if your main interface have a different name, you'll need to modify it in all of your configurations files.
TRAFFIC LIMITATION OF YOUR CLIENT
In certain cases, some DHCPv6 clients may unfortunately send several requests per second (especially dchp6c).
This triggers blocking of your server's network port by our automatic protection, as it will be seen as a source of a UDP flood.
To avoid this problem, we invite you to limit the traffic sent from your dhclient6 directly in your firewall configuration.
Following an example for IPTABLES :
ip6tables -A OUTPUT -p udp --dport 547 -m limit --limit 10/min --limit-burst 5 -j ACCEPT ip6tables -A OUTPUT -p udp --dport 547 -j DROP
In Rescue mode
To test the IPv6 on your server in rescue mode, reboot the server in rescue mode with the “Ubuntu 14 - Trusty” mode. The dhclient
is already available on it.
Create the file which will contain your DUID.
nano /etc/dhcp/dhclient6.conf
First, start the dhclient
:
dhclient -cf /etc/dhcp/dhclient6.conf -6 -P -v <interface>
After, add the IPv6 address to your network interface:
/sbin/ifconfig <interface> inet6 add IPV6ADDRESS/PREFIXLENGTH
Then you can try to ping6:
ping6 ipv6.google.com