Recently my friend asked me to help him to set up multiple ipv6 tunnels on a single linux box. After some reading and initial config decided to drop it as a post for future use.
Some years ago I was doing the same thing but for multiple ISP broadbands on a single machine. Multiple ipv6 tunnels will also have multiple gateways so what I need is a multiple ipv6 routing tables!
Linux Kernel Driver DataBase is telling that since 2.6.19 linux has support for CONFIG_IPV6_MULTIPLE_TABLES
(Support multiple routing tables) and since 2.6.20 CONFIG_IPV6_SUBTREES
(Enable routing by source address or prefix). So that means should be supported by default kernel thease days.
PREPARATIONS
Testing and implementation was made using linux server located in https://online.net as they provide a native ipv6 out of the box. As for tunnel brokers I've decided to try couple of them that left:
Hardware
1 x debian (9) linux with:
- public avaliable IP
- iproute2
Tunnels
- 2001:abc:4321:ff00::/48 (native)
- 2001:470:1234:00ff::/64 (tunnelbroker ipv6 tunnel)
- 2a05:abc:1234:babb:abaa::/80 (6project ipv6 tunnel)
- 2a01:0d0:ffff:ff00::/64 (netassist ip tunnel)
SYSTEM CONFIG
All we need is already there so only thing we need is to set it up as boot.
Lets do it debian way!
/etc/iproute2/rt_tables
Adding new routing tables 100
,101
,102
#
# reserved values
#
255 local
254 main
253 default
100 ipv6-he
101 ipv6-6project
102 ipv6-NetAssist
0 unspec
#
# local
#
#1 inr.ruhep
/etc/network/interfaces
Ensure that its reading configs from interfaces.d/
This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
All ipv6 interfaces exept enp1s0
are using seperate routing tables!
Create interfaces files with names you like
root::/etc/network # tree
.
|____interfaces.d
| |____ipv6-NetAssist
| |____ipv6-he
| |____enp1s0
| |____ipv6-6project
|____interfaces
|____if-pre-up.d
...
/etc/network/interfaces.d/enp1s0
This is example config of a native ipv6 transport.
allow-hotplug enp1s0
auto enp1s0
iface enp1s0 inet static
address 51.xx.xxx.xx
netmask 255.255.255.0
gateway 51.xx.xxx.1
iface enp1s0 inet6 static
address 2001:abc:4321:ff00::1
netmask 48
accept_ra 2
pre-up echo 0 > /proc/sys/net/ipv6/conf/enp1s0/accept_dad
pre-up sleep 5; dhclient -cf /etc/dhcp/dhclient6.conf -pf /run/dhclient6.enp1s0.pid -6 -P enp1s0
pre-down dhclient -x -pf /run/dhclient6.enp1s0.pid
up ip -6 a a 2001:abc:4321:ff00::2/128 dev enp1s0
down ip -6 a d 2001:abc:4321:ff00::2/128 dev enp1s0
accept_ra
- accept router advertisements, and autoconfigure this interface with received data.
/etc/network/interfaces.d/ipv6-6project
Server IPv4 Address: 158.xx.xx.xx
Server IPv6 Address: 2a05:abc:1234:babb:abaa::1
Client IPv6 Address: 2a05:abc:1234:babb:abaa::2
Routed Prefix: 2a05:abc:1234:babb:abaa::/64
auto ipv6-6project
iface ipv6-6project inet6 v4tunnel
address 2a05:abc:1234:babb:abaa::2
netmask 80
endpoint 158.xx.xx.xx
mtu 1280
ttl 64
up ip -6 rule add from 2a05:abc:1234:babb:abaa::2 table ipv6-6project
up ip -6 route add default via 2a05:abc:1234:babb:abaa::1 table ipv6-6project
up ip -6 a a 2a05:abc:1234:babb:abaa::/128 dev ipv6-6project
down ip -6 a d 2a05:abc:1234:babb:abaa::/128 dev ipv6-6project
down ip -6 rule del table ipv6-6project
down ip -6 route flush table ipv6-6project
/etc/network/interfaces.d/ipv6-he
Server IPv4 Address: 212.xx.xx.xx
Server IPv6 Address: 2001:470:1234:00ff::1
Client IPv6 Address: 2001:470:1234:00ff::2
Routed Prefix: 2001:470:1234:00ff::/64
auto ipv6-he
iface ipv6-he inet6 v4tunnel
address 2001:470:1234:00ff::2
netmask 64
endpoint 212.xx.xx.xx
mtu 1280
ttl 255
up ip -6 rule add from 2001:470:1234:00ff::2 table ipv6-he
up ip -6 route add default via 2001:470:1234:00ff::1 table ipv6-he
up ip -6 a a 2001:470:1234:00ff::3/128 dev ipv6-he
down ip -6 a d 2001:470:1234:00ff::3/128 dev ipv6-he
down ip -6 rule del table ipv6-he
down ip -6 route flush table ipv6-he
/etc/network/interfaces.d/ipv6-NetAssist
Server IPv4 Address: 62.xxx.xx.xx
Server IPv6 Address: 2a01:0d0:ffff:ff00::1
Client IPv6 Address: 2a01:0d0:ffff:ff00::2
Routed Prefix: 2a01:0d0:ffff:ff00::/64
auto ipv6-NetAssist
iface ipv6-NetAssist inet6 v4tunnel
address 2a01:0d0:ffff:ff00::2
netmask 64
endpoint 62.xxx.xx.xx
ttl 200
up ip -6 rule add from 2a01:0d0:ffff:ff00::2 table ipv6-NetAssist
up ip -6 route add default via 2a01:0d0:ffff:ff00::1 table ipv6-NetAssist
up ip -6 a a 2a01:0d0:ffff:ff00::3/128 dev ipv6-NetAssist
down ip -6 a d 2a01:0d0:ffff:ff00::3/128 dev ipv6-NetAssist
down ip -6 rule del table ipv6-NetAssist
down ip -6 route flush table ipv6-NetAssist
TESTING
Ok, now when all the config is ready lets bring up a tunnel:
root::/ # ifup ipv6-6project ; ifconfig ipv6-6project ;
ipv6-6project: flags=209<UP,POINTOPOINT,RUNNING,NOARP> mtu 1280
inet6 2a05:abc:1234:babb:abaa::2 prefixlen 80 scopeid 0x0<global>
inet6 2a05:abc:1234:babb:abaa::3 prefixlen 128 scopeid 0x0<global>
inet6 fe80::2300:b182 prefixlen 64 scopeid 0x20<link>
sit txqueuelen 1 (IPv6-in-IPv4)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
To make it work just ping the gateway!
root /etc/network/interfaces.d ping6 -c 4 2a05:abc:1234:babb:abaa::1
PING 2a05:abc:1234:babb:abaa::1(2a05:abc:1234:babb:abaa::1) 56 data bytes
64 bytes from 2a05:abc:1234:babb:abaa::1: icmp_seq=1 ttl=64 time=28.0 ms
64 bytes from 2a05:abc:1234:babb:abaa::1: icmp_seq=2 ttl=64 time=32.6 ms
64 bytes from 2a05:abc:1234:babb:abaa::1: icmp_seq=3 ttl=64 time=26.1 ms
64 bytes from 2a05:abc:1234:babb:abaa::1: icmp_seq=4 ttl=64 time=36.8 ms
--- 2a05:abc:1234:babb:abaa::1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 26.126/30.916/36.857/4.167 ms
All IPv6 addrsses used here are made up!