--- /dev/null
+[[!meta title="setting up an IPv6 network managed by tinc"]]
+
+## Example: IPv6 Networking
+
+Michael Adams, 8-27-2007
+http://www.wolfsheep.com/
+
+### Purpose
+
+This document is to highlight an example setup for using tinc to create an IPv6 network.
+
+### Example Layout
+
+[[!img examples/fig-ipv6-network.png link=examples/fig-ipv6-network.dia]]
+*Click on the image for the original [DIA](http://en.wikipedia.org/wiki/Dia_(software)) file.*
+
+### Scenario Parameters
+
+1. IPv6 is provided via a native or tunnel-brokered service at a main site. If you need a tunnel, refer to Wikipedia's list of IPv6 tunnel brokers.
+2. The IPv6 allocation given is 2001:db8:beef::/48, using a tunnel from 2001:db8:dead:beef::1 to 2001:db8:dead:beef::2.
+3. All the tinc connections share a subnet of 2001:db8:beef:0::/64, and their addresses are tied to 2001:db8:beef:(subnet #)::/64 allocations. For example, "routerc" will listen on tinc at 2001:db8:beef::3, will have a LAN address of 2001:db8:beef:3::1, and a subnet of 2001:db8:beef:3::/64.
+4. All the routers and servers using tinc connect over the IPv4 Internet, using WAN addresses based on 192.0.2.0/24. "routerc" uses 192.0.2.3.
+5. "routera" is a Linux server that manages the #1 subnet, and makes the connection to the IPv6 Internet.
+6. All other routers are assumed to be Linux based for their TUN/TAP support of bridged-Ethernet.
+
+### Configuration Files
+
+1. On Debian/Ubuntu systems, an entry in "/etc/network/interfaces" can be used to statically assign the ::1 address for the local LAN. Example:
+> iface eth1 inet6 static
+> address 2001:db8:beef::1::1
+> netmask 64
+> mtu 1280
+ On non Debian/Ubuntu systems, a line can be put in a boot script, such as "ip -6 addr add 2001:db8:beef:1::1/64 dev eth1".
+
+2. IPv6 forwarding needs to be enabled: put "echo "1" >/proc/sys/net/ipv6/conf/all/forwarding" in a boot script, or "net.ipv6.conf.all.forwarding = 1" in "/etc/sysctl.conf".
+
+3. This setup uses tinc's "switch" mode: subnets are not assigned in the host files; only Address (for ConnectTo targets only) and the key are required in host files.
+
+4. It is assumed that the config files go into something like "/etc/tinc/link" and "/etc/tinc/nets.boot" has an entry for "link". The following table can be used to guide configuration of routers:
+ * "routera" configuration for tinc (the master router):
+> >cat tinc.conf
+> Name = routera
+> Device=/dev/net/tun
+> TCPOnly = on
+> PMTU = 1280
+> PMTUDiscovery = yes
+> Mode = switch
+> Interface = vpn6
+>
+> >cat tinc-up
+> #!/bin/sh
+> #Enable tinc
+> ip -6 link set vpn6 up mtu 1280 txqueuelen 1000
+> ip -6 addr add 2001:db8:beef::1/64 dev vpn6
+> ip -6 route add 2001:db8:beef::/48 dev vpn6
+> #Static routing table
+> ip -6 route add 2001:db8:beef:2::/64 via 2001:db8:beef::2
+> ip -6 route add 2001:db8:beef:3::/64 via 2001:db8:beef::3
+> ip -6 route add 2001:db8:beef:4::/64 via 2001:db8:beef::4
+>
+> >cat tinc-down
+> #!/bin/sh
+> #Static routing table
+> ip -6 route del 2001:db8:beef:2::/64 via 2001:db8:beef:::2
+> ip -6 route del 2001:db8:beef:3::/64 via 2001:db8:beef:::3
+> ip -6 route del 2001:db8:beef:4::/64 via 2001:db8:beef:::4
+> #Disable tinc
+> ip -6 route del 2001:db8:beef::/48 dev vpn6
+> ip -6 addr del 2001:db8:beef::1/64 dev vpn6
+> ip -6 link set vpn6 down
+>
+ * "routerb" configuration for tinc (the other non-master routers will be like this one):
+> >cat tinc.conf
+> Name=routerb
+> Device=/dev/net/tun
+> TCPOnly = yes
+> PMTU = 1280
+> PMTUDiscovery = yes
+> Mode = switch
+> Interface = vpn6
+> ConnectTo = routera
+>
+> >cat tinc-up
+> #!/bin/sh
+> ip -6 link set vpn6 up mtu 1280
+> ip -6 addr add 2001:db8:beef::2/64 dev vpn6
+> ip -6 route add default via 2001:db8:beef::1
+>
+> >cat tinc-down
+> #!/bin/sh
+> ip -6 route del default via 2001:db8:beef::1
+> ip -6 addr del 2001:db8:beef::2/64 dev vpn6
+> ip -6 link set vpn6 down
+
+5. You can use [radvd](http://www.litech.org/radvd/) or [Quagga](http://www.quagga.net/) to perform [stateless address autoconfiguration](http://www.ietf.org/rfc/rfc2462.txt) on your LAN. This is an example zebra.conf for LAN autoconfiguration (don't forget to enable the zebra daemon):
+> ipv6 forwarding
+> !
+> interface eth1
+> no ipv6 nd suppress-ra
+> ipv6 address 2001:db8:beef:1::1/64
+> ipv6 nd prefix 2001:db8:beef:1::/64
+> ipv6 nd ra-interval 10
+> !
+> interface vpn6
+> !
+> interface lo
+
projects / wiki / blobdiff