1 [[!meta title="setting up an IPv6 network managed by tinc"]]
3 ## Example: IPv6 Networking
5 Michael Adams, 8-27-2007
6 http://www.wolfsheep.com/
10 This document is to highlight an example setup for using tinc to create an IPv6 network.
14 [[!img examples/fig-ipv6-network.png link=examples/fig-ipv6-network.dia]]
15 *Click on the image for the original [DIA](https://en.wikipedia.org/wiki/Dia_(software)) file.*
17 ### Scenario Parameters
19 1. IPv6 is provided via a native or tunnel-brokered service at a main site. If you need a tunnel, refer to Wikipedia's list of IPv6 tunnel brokers.
20 2. The IPv6 allocation given is 2001:db8:beef::/48, using a tunnel from 2001:db8:dead:beef::1 to 2001:db8:dead:beef::2.
21 3. All the tinc connections share a subnet of 2001:db8:beef:0::/64, and their addresses are tied to 2001:db8:beef:(subnet #)::/64 allocations. For example, "routerc" will listen on tinc at 2001:db8:beef::3, will have a LAN address of 2001:db8:beef:3::1, and a subnet of 2001:db8:beef:3::/64.
22 4. All the routers and servers using tinc connect over the IPv4 Internet, using WAN addresses based on 192.0.2.0/24. "routerc" uses 192.0.2.3.
23 5. "routera" is a Linux server that manages the #1 subnet, and makes the connection to the IPv6 Internet.
24 6. All other routers are assumed to be Linux based for their TUN/TAP support of bridged-Ethernet.
26 ### Configuration Files
28 1. On Debian/Ubuntu systems, an entry in `/etc/network/interfaces` can be used to statically assign the ::1 address for the local LAN. Example:
30 iface eth1 inet6 static
31 address 2001:db8:beef::1::1
35 On non Debian/Ubuntu systems, a line can be put in a boot script, such as `ip -6 addr add 2001:db8:beef:1::1/64 dev eth1`.
37 2. IPv6 forwarding needs to be enabled: put `echo "1" >/proc/sys/net/ipv6/conf/all/forwarding` in a boot script, or `net.ipv6.conf.all.forwarding = 1` in `/etc/sysctl.conf`.
39 3. This setup uses tinc's "switch" mode: subnets are not assigned in the host files; only Address (for ConnectTo targets only) and the key are required in host files.
41 4. It is assumed that the config files go into something like `/etc/tinc/link` and `/etc/tinc/nets.boot` has an entry for "link". The following table can be used to guide configuration of routers.
43 The "routera" configuration for tinc (the master router):
53 ip -6 link set $INTERFACE up mtu 1280 txqueuelen 1000
54 ip -6 addr add 2001:db8:beef::1/64 dev $INTERFACE
55 ip -6 route add 2001:db8:beef::/48 dev $INTERFACE
57 ip -6 route add 2001:db8:beef:2::/64 via 2001:db8:beef::2
58 ip -6 route add 2001:db8:beef:3::/64 via 2001:db8:beef::3
59 ip -6 route add 2001:db8:beef:4::/64 via 2001:db8:beef::4
64 ip -6 route del 2001:db8:beef:2::/64 via 2001:db8:beef:::2
65 ip -6 route del 2001:db8:beef:3::/64 via 2001:db8:beef:::3
66 ip -6 route del 2001:db8:beef:4::/64 via 2001:db8:beef:::4
68 ip -6 route del 2001:db8:beef::/48 dev $INTERFACE
69 ip -6 addr del 2001:db8:beef::1/64 dev $INTERFACE
70 ip -6 link set $INTERFACE down
72 The "routerb" configuration for tinc (the other non-master routers will be like this one):
82 ip -6 link set $INTERFACE up mtu 1280
83 ip -6 addr add 2001:db8:beef::2/64 dev $INTERFACE
84 ip -6 route add default via 2001:db8:beef::1
88 ip -6 route del default via 2001:db8:beef::1
89 ip -6 addr del 2001:db8:beef::2/64 dev $INTERFACE
90 ip -6 link set $INTERFACE down
93 5. You can use [radvd](http://www.litech.org/radvd/) or [Quagga](http://www.quagga.net/) to perform [stateless address autoconfiguration](https://www.ietf.org/rfc/rfc2462.txt) on your LAN. This is an example zebra.conf for LAN autoconfiguration (don't forget to enable the zebra daemon):
98 no ipv6 nd suppress-ra
99 ipv6 address 2001:db8:beef:1::1/64
100 ipv6 nd prefix 2001:db8:beef:1::/64
101 ipv6 nd ra-interval 10
projects / wiki / blob