Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
how to get IPV6 home lan subnet via your Linux router working after the FritzBox (native IPV6)
988 views
Skip to first unread message
teus
Apr 7, 2013, 10:36:03 AM4/7/13
to
The next is describing how I made my home LAN subnet using IPV6 to the outside world.
This is a solution from a "newbee" for a LAN IPV6 subnet behind a FitzBox and a subnet LAN router based on Linux.
The problem:
FritzBox (in my case FB 7390) did not route IPV6 traffic back to a machine on my home server LAN.
Eg a LAN station could not get responses from any internet IPV6 host.
Or e.g. a wifi F!B laptop could not connect via IPV6 to a Home LAN station behind the DMZ/LAN router.
Situation: outside world IPV6-> F!B <-DMZ IPV6 subnet 1
->eth1 (Ubuntu) LAN router eth2 <-LAN IPV6 subnet fc
->LAN machines/stations.
FritzBox is running firmware 05.22 international (latest April 2013).
I have tried F!B firmware 05.50 (Int beta) which I received from AVM to do some tests on this problem. This version gave me no solution either nor the AVM responses were any helpfull.
The following is based on an article of Ruud@ xs4all.ipv6.narkive.com, subject: Linux ipv6 router *achter* de Fritz of 29 April 2012 (google for it!).
If you have a dynamic IPV6 address from your ISP these instructions should be followed.
Intro
I received a fixed IPV6 prefix from my ISP (48 bis). Which allowed me to configure own IPV6 addresses and make my domain names IPV6 ready. (Even: My ISP talks about prefix number preservation, which would be cool.).
I prefer to use static IPV6 addresses (e.g. internal DNS, ssh and other applications need that for security reasons).
So I had to look for a not dynamic and less automatic F!B IPV6 subnet routing solution.
First a quick and dirty solution:
With a telnet connection to the F!B you can add manualy the IPV6 route ("ip -6 route add PREFIXsubnet/64 via FE80::MACid dev XYZ"; MACid of your home server, dev of your F!B). And avoid an F!B power cycle! Warning: AVM will when they discover configuration changes done not from the web interface to support you!
The following does not use this trick and avoids the AMV telnet disclaimer.
My solution:
Use http://service.avm.de/support/en/SKB/FRITZ-Box-7390-int/1252:Setting-up-an-IPv6-subnet-in-the-FRITZ-Box-home-network to make the F!B aware that you have a Home LAN subnet as well to force the F!B to answer requests on subnet information, your home lan subnet ID.
Do not invent an own subnet ID!
Be aware that the F!B will use subnets 0 (outside world), 1 (DMZ subnet) and (!) subnet 2 (guest!). So /62-/64 bits are used by your F!B. E.g. a subnet 2 for your LAN will never succeed.
http://fritz.box/html/support.html will provide you with information about your F!B configuration and in much more detail (eg the IPV4 FritzBox guest network is 192.168.179.0/24).
Conclusion:
you need to get a routed subnet ID from your F!B somehow!
Something like this prefix YourISPprefix:SubnetID::/62. E.g. 2001:1234:5678:fc:59a2:14e8:cab:a559, where 2001:1234:5678::/48 is your IPOV6 prefix, where 59a2:14e8:cab:a559 is identifying your home router network interface card and where eg :fc: (16 subnet bits /48 - /64) is the subnet ID. The one where we are looking for.
With the subnet ID provided by the F!B we can configure now the IPV6 addresses on the LAN machines:
eg "ip -6 address add PREFIX:fc:MACid", where PREFIX is the prefix given by your ISP (first 48 bits or more max 56 bits!), :fc: is the subnet ID and MACid is eg obtained via the link address fe80::MACid as shown by an ifconfig command.
How to obtain your LAN subnet ID?
Use the following 4 steps on your home LAN Linux router:
Note: change "eth1" (DMZ Linux subnet router) and "eth2" (LAN Linux subnet router) to your situation.
1. Use the wide-dhcpv6-client package (eg "apt-get install wide-dhcpv6-client").
/etc/defaults/wide-dhcpv6-client has now: INTERFACES="eth1 eth2"
stop the deamon: /etc/init.d/wide-dhcpv6-client stop
The /etc/wide-dhcpv6/dhcp6c.conf should look like this:
--------------------- /etc/wide-dhcpv6/dhcp6c.conf
# eth1 is DMZ part, FritzBox connection
interface eth1 {
# Identity Association for Prefix Delegation
send ia-pd 0;
# Identity Association for Non-temp Addresses
# send ia-na 0;
# and wait for immediate reply
send rapid-commit;
# script will update resolv.conf
#script "/etc/wide-dhcpv6/dhcp6c-script";
request domain-name-servers;
};
# Identity Assopciation for Prefix Delegation
id-assoc pd 0 {
# how the prefix is built eth2 interface to LAN
prefix-interface eth2 {
sla-id 1;
# more as 2 bits did not fly with F!B
sla-len 2;
# ifid default EUI-64 as address
};
};
--------------------
Note: the shell "dhcp6c-script" will update /etc/resolv.conf for DNS lookups.
2. The Linux subnet router needs to forward packages from LAN machines,
so make sure /etc/sysctl.conf has the following:
-------------------- /etc/sysctl.conf
...
# Enabling this option disables Stateless Address Autoconfiguration
# based on Router Advertisements for this host
net.ipv6.conf.all.forwarding=1
# router advertisement accept
net.ipv6.conf.eth1.accept_ra=2
net.ipv6.conf.eth2.accept_ra=0
# do not use MAC in ipv6 address
#net.ipv6.conf.all.use_tempaddr=2
#net.ipv6.conf.default.use_tempaddr=2
...
--------------------
and activate the new settings: sysctl -p
Note: eg echo 2 >/proc/net/ipv6/conf/eth1/accept_ra does the same, but this setting will not survive a reboot.
3. The Linux subnet router needs to be advertised.
The /etc/radvd.conf (install via apt-get install radvd) should look like this:
-------------------- /etc/radvd.conf
# using conf hints from
# April 2012, Ruud subject: Linux ipv6 router *achter* de Fritz
# article on xs4all.ipv6.narkive.com
#
# DMZ interface to eg F!B and outside world: eth1
# Home LAN interface eth2
interface eth2
{
AdvSendAdvert on; # send advertisements on this interface
MinRtrAdvInterval 3; # how often advertisements are sent
MaxRtrAdvInterval 30; # at least every seconds
AdvDefaultPreference low; # other advertisements are better
AdvHomeAgentFlag off; #
AdvOtherConfigFlag on; # force non RFC 6106 clients a dns address
prefix ::/64
{
AdvOnLink on; # each sharing this prefix is on same local link
AdvAutonomous on; # use this prefix to autoconfig your address
AdvRouterAddr off; # advertise router address
};
};
----------------------
and restart the radvd deamon: /etc/init.d/radvd restart
4. And NOW: get the subnet ID from the F!B box:
start dhcp6c from the command line, in the foreground and debugging on:
"dhcp6c -D -f -c /etc/wide-dhcpv6/dhcp6c.conf eth1 eth2"
and look at the output for update_prefix message, eg:
update_prefix: create a prefix 2001:1234:5678:fc::/62 pltime=3600, vltime=7200
Here is your subnet ID ":fc:" and your ISP prefix is: "2001:1234:5678::/48".
Denote the /62 prefix size! (the reason why sla-len is 2 in radvd.conf.)
With the ISP prefix and subnet info (probably "fc") we have enough information to assign IPV6 addresses to the interfaces on the LAN machines, eg:
"ip -6 address add 2001:1234:5678:fc:MACid/64 dev eth2" (where MACid is obtained from the fe80::MACid address via the "ifconfig eth2" command for the eth2 interface of the LAN subnet router.
If no default route appears on a LAN machine or you are impatient to wait for the automatic route addition, you can try:
"ip -6 route add default via fe80::MACid dev eth0 proto kernel"
where MACid is the link address of eth2 of the LAN subnet router and eth0 is the interface of the LAN machine.
Cross your fingers that the F!B will not change ISPprefix and subnet ID (eg "fc") somewhere in the future.
Add manual (static) interface and routing changes eg to or /etc/network/interfaces, /etc/NetworkManager/system-connections/* or /etc/rc.local in order to survive a reboot.
If you notice errors or have better suggestions or easier way do not hesitate say so.
This is a solution from a "newbee" for a LAN IPV6 subnet behind a FitzBox and a subnet LAN router based on Linux.
The problem:
FritzBox (in my case FB 7390) did not route IPV6 traffic back to a machine on my home server LAN.
Eg a LAN station could not get responses from any internet IPV6 host.
Or e.g. a wifi F!B laptop could not connect via IPV6 to a Home LAN station behind the DMZ/LAN router.
Situation: outside world IPV6-> F!B <-DMZ IPV6 subnet 1
->eth1 (Ubuntu) LAN router eth2 <-LAN IPV6 subnet fc
->LAN machines/stations.
FritzBox is running firmware 05.22 international (latest April 2013).
I have tried F!B firmware 05.50 (Int beta) which I received from AVM to do some tests on this problem. This version gave me no solution either nor the AVM responses were any helpfull.
The following is based on an article of Ruud@ xs4all.ipv6.narkive.com, subject: Linux ipv6 router *achter* de Fritz of 29 April 2012 (google for it!).
If you have a dynamic IPV6 address from your ISP these instructions should be followed.
Intro
I received a fixed IPV6 prefix from my ISP (48 bis). Which allowed me to configure own IPV6 addresses and make my domain names IPV6 ready. (Even: My ISP talks about prefix number preservation, which would be cool.).
I prefer to use static IPV6 addresses (e.g. internal DNS, ssh and other applications need that for security reasons).
So I had to look for a not dynamic and less automatic F!B IPV6 subnet routing solution.
First a quick and dirty solution:
With a telnet connection to the F!B you can add manualy the IPV6 route ("ip -6 route add PREFIXsubnet/64 via FE80::MACid dev XYZ"; MACid of your home server, dev of your F!B). And avoid an F!B power cycle! Warning: AVM will when they discover configuration changes done not from the web interface to support you!
The following does not use this trick and avoids the AMV telnet disclaimer.
My solution:
Use http://service.avm.de/support/en/SKB/FRITZ-Box-7390-int/1252:Setting-up-an-IPv6-subnet-in-the-FRITZ-Box-home-network to make the F!B aware that you have a Home LAN subnet as well to force the F!B to answer requests on subnet information, your home lan subnet ID.
Do not invent an own subnet ID!
Be aware that the F!B will use subnets 0 (outside world), 1 (DMZ subnet) and (!) subnet 2 (guest!). So /62-/64 bits are used by your F!B. E.g. a subnet 2 for your LAN will never succeed.
http://fritz.box/html/support.html will provide you with information about your F!B configuration and in much more detail (eg the IPV4 FritzBox guest network is 192.168.179.0/24).
Conclusion:
you need to get a routed subnet ID from your F!B somehow!
Something like this prefix YourISPprefix:SubnetID::/62. E.g. 2001:1234:5678:fc:59a2:14e8:cab:a559, where 2001:1234:5678::/48 is your IPOV6 prefix, where 59a2:14e8:cab:a559 is identifying your home router network interface card and where eg :fc: (16 subnet bits /48 - /64) is the subnet ID. The one where we are looking for.
With the subnet ID provided by the F!B we can configure now the IPV6 addresses on the LAN machines:
eg "ip -6 address add PREFIX:fc:MACid", where PREFIX is the prefix given by your ISP (first 48 bits or more max 56 bits!), :fc: is the subnet ID and MACid is eg obtained via the link address fe80::MACid as shown by an ifconfig command.
How to obtain your LAN subnet ID?
Use the following 4 steps on your home LAN Linux router:
Note: change "eth1" (DMZ Linux subnet router) and "eth2" (LAN Linux subnet router) to your situation.
1. Use the wide-dhcpv6-client package (eg "apt-get install wide-dhcpv6-client").
/etc/defaults/wide-dhcpv6-client has now: INTERFACES="eth1 eth2"
stop the deamon: /etc/init.d/wide-dhcpv6-client stop
The /etc/wide-dhcpv6/dhcp6c.conf should look like this:
--------------------- /etc/wide-dhcpv6/dhcp6c.conf
# eth1 is DMZ part, FritzBox connection
interface eth1 {
# Identity Association for Prefix Delegation
send ia-pd 0;
# Identity Association for Non-temp Addresses
# send ia-na 0;
# and wait for immediate reply
send rapid-commit;
# script will update resolv.conf
#script "/etc/wide-dhcpv6/dhcp6c-script";
request domain-name-servers;
};
# Identity Assopciation for Prefix Delegation
id-assoc pd 0 {
# how the prefix is built eth2 interface to LAN
prefix-interface eth2 {
sla-id 1;
# more as 2 bits did not fly with F!B
sla-len 2;
# ifid default EUI-64 as address
};
};
--------------------
Note: the shell "dhcp6c-script" will update /etc/resolv.conf for DNS lookups.
2. The Linux subnet router needs to forward packages from LAN machines,
so make sure /etc/sysctl.conf has the following:
-------------------- /etc/sysctl.conf
...
# Enabling this option disables Stateless Address Autoconfiguration
# based on Router Advertisements for this host
net.ipv6.conf.all.forwarding=1
# router advertisement accept
net.ipv6.conf.eth1.accept_ra=2
net.ipv6.conf.eth2.accept_ra=0
# do not use MAC in ipv6 address
#net.ipv6.conf.all.use_tempaddr=2
#net.ipv6.conf.default.use_tempaddr=2
...
--------------------
and activate the new settings: sysctl -p
Note: eg echo 2 >/proc/net/ipv6/conf/eth1/accept_ra does the same, but this setting will not survive a reboot.
3. The Linux subnet router needs to be advertised.
The /etc/radvd.conf (install via apt-get install radvd) should look like this:
-------------------- /etc/radvd.conf
# using conf hints from
# April 2012, Ruud subject: Linux ipv6 router *achter* de Fritz
# article on xs4all.ipv6.narkive.com
#
# DMZ interface to eg F!B and outside world: eth1
# Home LAN interface eth2
interface eth2
{
AdvSendAdvert on; # send advertisements on this interface
MinRtrAdvInterval 3; # how often advertisements are sent
MaxRtrAdvInterval 30; # at least every seconds
AdvDefaultPreference low; # other advertisements are better
AdvHomeAgentFlag off; #
AdvOtherConfigFlag on; # force non RFC 6106 clients a dns address
prefix ::/64
{
AdvOnLink on; # each sharing this prefix is on same local link
AdvAutonomous on; # use this prefix to autoconfig your address
AdvRouterAddr off; # advertise router address
};
};
----------------------
and restart the radvd deamon: /etc/init.d/radvd restart
4. And NOW: get the subnet ID from the F!B box:
start dhcp6c from the command line, in the foreground and debugging on:
"dhcp6c -D -f -c /etc/wide-dhcpv6/dhcp6c.conf eth1 eth2"
and look at the output for update_prefix message, eg:
update_prefix: create a prefix 2001:1234:5678:fc::/62 pltime=3600, vltime=7200
Here is your subnet ID ":fc:" and your ISP prefix is: "2001:1234:5678::/48".
Denote the /62 prefix size! (the reason why sla-len is 2 in radvd.conf.)
With the ISP prefix and subnet info (probably "fc") we have enough information to assign IPV6 addresses to the interfaces on the LAN machines, eg:
"ip -6 address add 2001:1234:5678:fc:MACid/64 dev eth2" (where MACid is obtained from the fe80::MACid address via the "ifconfig eth2" command for the eth2 interface of the LAN subnet router.
If no default route appears on a LAN machine or you are impatient to wait for the automatic route addition, you can try:
"ip -6 route add default via fe80::MACid dev eth0 proto kernel"
where MACid is the link address of eth2 of the LAN subnet router and eth0 is the interface of the LAN machine.
Cross your fingers that the F!B will not change ISPprefix and subnet ID (eg "fc") somewhere in the future.
Add manual (static) interface and routing changes eg to or /etc/network/interfaces, /etc/NetworkManager/system-connections/* or /etc/rc.local in order to survive a reboot.
If you notice errors or have better suggestions or easier way do not hesitate say so.
0 new messages