IPv6 is a topic that has received a lot of discussion over the last couple of years. Although originally from 1996, IPv6 became more important and more implemented over the last few years because of IPv4 depletion. Not all providers offer IPv6 though.: sometimes the data center hasn’t completed a dual stack implementation yet, sometimes the provider hasn’t got the proper equipment yet or sometimes providers just don’t care. Whatever the reasons: you are sometimes with a VPS without IPv6, while you may want to have it or really need it.
But why would you want IPv6? Well, this is one of the hardest questions to answer and there are a lot of opinions on this subject. Let me put it like this: you mostly don’t need IPv6, but you do need it to be prepared for the future. Some providers started offering IPv6-only servers, which basically means that if you don’t have IPv6, you cannot be reached by those servers. Congratulations, you just broke the internet. Not adapting it delays global adoption. So I say: adapt!
In this guide, I’m going to show you how to set up IPv6 on a KVM VPS by using a Hurricane Electric tunnel, which tunnels IPv6 traffic over IPv4. You need a free tunnelbroker.net account for this. If you don’t have one, head over to tunnelbroker.net, register for an account and log in.
Once logged in, click ‘Create Regular Tunnel’ on the left side. You are now asked for the IPv4 endpoint. Enter the primary IPv4 of your VPS there. Then select a tunnel server near the location of your VPS. Meanwhile, the page starts checking whether your server is reachable. It does this by pinging your server. If it can’t reach you server, it will give an error message. Once completed (and once you’ve resolved any errors), you’ll get your tunnel overview. The overview contains a block looking like this:
Server IPv4 Address: 203.0.113.30
Server IPv6 Address: 2001:db8:1f0a:3ec::1/64
Client IPv4 Address: 198.51.100.100
Client IPv6 Address: 2001:db8:1f0a:3ec::2/64
These are the addresses important in setting up your tunnel. The server addresses are the addresses on HE’s side, the client addresses are for your VPS. Your VPS’ public IPv4 address should be listed as the ‘Client IPv4 Address’. The ‘Client IPv6 Address’ will be the primary IPv6 address we’ll assign to the VPS.
This guide is written for two linux distributions: CentOS and Ubuntu.
CentOS
This guide assumes you have CentOS 6 or newer. On CentOS, the tunnel is created using the ‘sit’ device. ‘sit’ means ‘simple internet transition’. We’re going to use ‘sit1’ to create our tunnel.
Open up the ‘sit1’ configuration file:
vim /etc/sysconfig/network-scripts/ifcfg-sit1
And paste this into it:
DEVICE=sit1
BOOTPROTO=none
ONBOOT=yes
IPV6INIT=yes
IPV6TUNNELIPV4=<Server IPv4 Address>
IPV6TUNNELIPV4LOCAL=<Client IPv4 Address*>
IPV6ADDR=<Client IPv4 Address (with the ‘/64’)>
IPV6_DEFAULTGW=<Server IPv6 Address (without the ‘/64’)>
You see four “tokens” here which we need to replace with the addresses from HE. We’ll discuss them piece by piece.
IPV6TUNNELIPV4=203.0.113.30
This is the IPv6 address of the tunnel server, in this case the HE server you choose when you set up the tunnel. This is the endpoint of your tunnel.
IPV6TUNNELIPV4LOCAL=198.51.100.100
This is your VPS’ primary IPv4 address, the one you’ve entered when you created the tunnel.
IPV6ADDR=2001:db8:1f0a:3ec::2/64
This is the Client IPv6 address, the eventual IPv6 address of your server. Make sure to include the /64 here, as it indicates the subnet this address is in.
IPV6_DEFAULTGW=2001:db8:1f0a:3ec::1
This is the default IPv6 gateway (at HE). You must not include the /64 at the end here. The subnet is already known and no longer needed here.
Now we’ve got the config file all set up, let’s bring up the interface:
ifup sit1
Run ‘ifconfig’ to check everything is OK. If everything is in working order, the sit1 device should be listed with the address we’ve just been provided with:
sit1 Link encap:IPv6-in-IPv4
inet6 addr: 2001:db8:1f0a:3ec::2/64 Scope:Global
inet6 addr: fe80::5f2f:7566/128 Scope:Link
UP POINTOPOINT RUNNING NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Let’s check if everything works by running a ping6 against google.com:
[root@localhost ~]# ping6 google.com
PING google.com(wg-in-x8a.1e100.net) 56 data bytes
64 bytes from wg-in-x8a.1e100.net: icmp_seq=1 ttl=56 time=16.7 ms
64 bytes from wg-in-x8a.1e100.net: icmp_seq=2 ttl=56 time=16.5 ms
64 bytes from wg-in-x8a.1e100.net: icmp_seq=3 ttl=56 time=16.7 ms
64 bytes from wg-in-x8a.1e100.net: icmp_seq=4 ttl=56 time=16.5 ms
^C
— google.com ping statistics —
4 packets transmitted, 4 received, 0% packet loss, time 3365ms
rtt min/avg/max/mdev = 16.562/16.638/16.726/0.175 ms
You can do an additional test by pinging your server from the outside.
Congratulations! You’re now IPv6 connected!
Ubuntu
For Ubuntu, I assume you’re running Ubuntu 12.04 LTS or higher. On Ubuntu, the tunnel is created as a separate interface using ‘v4tunnel’ configuration. By using ‘v4tunnel’ configuration, rather than ‘static’ or ‘dhcp’, Ubuntu knows this is an IPv6-over-IPv4 tunnel.
Let’s open up the /etc/network/interfaces file:
sudo vim /etc/network/interfaces
And add this block to it:
auto he-ipv6
iface he-ipv6 inet6 v4tunnel
endpoint <Server IPv4 Address>
address <Client IPv6 Address (without the ‘/64’)>
netmask 64
up ip -6 route add default dev he-ipv6
down ip -6 route del default dev he-ipv6
There’s only two things you should replace in here:
endpoint 216.66.80.30
This is the IPv4 tunnel endpoint at HE, so where your traffic is routed to. This is important, as this is the address where all tunnelled packets are sent.
address 2001:db8:1f0a:3ec::2
This is the IPv6 address of your server. It does not need the /64, as we’re explicitly entering the netmask at this line:
netmask 64
Where ’64’ is derived from the /64 at the end of your IPv6 address. This is the subnet your IPv6 address is in.
Ubuntu doesn’t need the Client IPv4 and the Server IPv6 address: it can figure that out based on the current configuration.
The following lines are also worth noting:
up ip -6 route add default dev he-ipv6
down ip -6 route del default dev he-ipv6
These lines add the default route for IPv6 traffic every time you interface goes up and remove it every time it goes down. This way you ensure IPv6 traffic always takes the proper route, namely the ‘he-ipv6’ one.
Let’s bring up the interface we’ve just added:
sudo ifup he-ipv6
And run ‘ifconfig’ to confirm it’s configured properly:
he-ipv6 Link encap:IPv6-in-IPv4
inet6 addr: fe80::5f2f:7567/64 Scope:Link
inet6 addr: 2001:db8:1f0a:3ec::2/64 Scope:Global
UP POINTOPOINT RUNNING NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Finally, let’s run a ping6 to google.com:
mpkossen@ubuntu:~$ ping6 google.com
PING google.com(wg-in-x71.1e100.net) 56 data bytes
64 bytes from wg-in-x71.1e100.net: icmp_seq=1 ttl=56 time=18.9 ms
64 bytes from wg-in-x71.1e100.net: icmp_seq=2 ttl=56 time=19.0 ms
64 bytes from wg-in-x71.1e100.net: icmp_seq=3 ttl=56 time=18.5 ms
64 bytes from wg-in-x71.1e100.net: icmp_seq=4 ttl=56 time=18.3 ms
^C
— google.com ping statistics —
4 packets transmitted, 4 received, 0% packet loss, time 3002ms
rtt min/avg/max/mdev = 18.301/18.701/19.017/0.325 ms
And you’re all done! You can do an additional test by pinging your server from the outside and see if you get a response.
Congratulations, you’re now part of the IPv6 family!
Final note
It’s quite easy to get IPv6 up and running, but there’s a few things to consider. IPv6 uses a different iptables: ip6tables. Running a dual stack configuration would mean maintaining two firewalls. Additionally, not all software supports IPv6 (like older MySQL versions). IPv6 also has quite a few new concepts and doesn’t have some of the things that IPv4 has. It’s advisable to read a bit more about IPv6 on, for example, Wikipedia before you get started.
By default, HE blocks IRC and SMTP ports. If you become a IPv6 Certified Sage (by taking free tests on the HE website) you can unblock these ports.
For now, happy IPv6ing!
Related Posts:
- How to Rapidly Install Java, OpenJDK & Oracle JDK on your VPS - December 14, 2015
- It’s been a great ride - December 14, 2015
- Cheap Windows VPS – $21/quarter 1GB KVM-based Windows VPS in 11 worldwide locations - November 30, 2015
:) happy IPv6ing!
Yeah, it’s the way forward.
Great read with a cuppa, thanks a bunch for the info.
a very interesting tutorial, i will try it myself, as I do not have native ipv6 at home
thanks, I never realized how easy HE & the OS makes this!
hello, i have problem
[root@vps network-scripts]# ifup sit1
ioctl: No such device
What virtualization do you use? This set up from tutorial above will work with KVM and Xen but not with OpenVZ. With OpenVZ is a bit more complex. You need tun/tap enabled and use something like tb-tun http://code.google.com/p/tb-tun/
it’s OpenVZ :)
This is in spanish… But can help somebody :)
http://blogger.marcianisto.cl/2012/07/tunel-ipv6-en-un-vps.html
This guide was specifically written for KVM, as it’s easier to set it up there than on OpenVZ.
I’ve generally found HE to be really unstable so I use a 6to4 tunnel instead
Good guide. Anyone know how to use their “Routed IPv6 Prefixes”? They won’t do reverse DNS for Client IPv6 Addresses, only for Routed IPv6 Addresses, and they do assign a block of Routed, but I cannot get the Routed addresses to work on a CentOS server.
I should add… running a mail server won’t play well with others unless you can do reverse DNS, and HE won’t do reverse DNS with the regular Client IPv6 Address assigned to you, but they also assign a Routed IPv6 block which is reverse DNS capable.
How to install it on Windows?
Very easy. First, install CentOS or Ubuntu or another sane OS of your choice; then, follow the lowendtutorial above.
I’m sorry I didn’t include a Windows tutorial. No pun intended: but I’m not going to either. Windows is completely different from Linux. It already takes quite some time to write these tutorials and test them on both Ubuntu and CentOS. Adding Windows to the mix would probably double the time I spend on writing these articles.
Thanks for reading it though :-)
This is a test from an Amsterdam KVM:
6to4
[root@arch ~]# wget -O /dev/null http://ipv6.download.thinkbroadband.com/100MB.zip
2013-06-02 08:18:45 (652 KB/s) – ‘/dev/null’ saved [104857600/104857600]
[root@arch ~]# wget http://speedtest6.tele2.net/100MB.zip -O /dev/null
2013-06-02 08:22:21 (21.3 MB/s) – ‘/dev/null’ saved [104857600/104857600]
[root@arch ~]# wget http://ipv6.nodepop.com/100mb.test -O /dev/null
2013-06-02 08:23:29 (3.49 MB/s) – ‘/dev/null’ saved [104857600/104857600]
he.net -> 216.66.84.46 (Amsterdam endpoint)
[root@arch ~]# wget -O /dev/null http://ipv6.download.thinkbroadband.com/100MB.zip
2013-06-02 08:25:19 (47.9 MB/s) – ‘/dev/null’ saved [104857600/104857600]
[root@arch ~]# wget http://speedtest6.tele2.net/100MB.zip -O /dev/null
2013-06-02 08:26:19 (3.86 MB/s) – ‘/dev/null’ saved [104857600/104857600]
[root@arch ~]# wget http://ipv6.nodepop.com/100mb.test -O /dev/null
2013-06-02 08:27:17 (3.51 MB/s) – ‘/dev/null’ saved [104857600/104857600]
Basically how fast or slow they work depends on the location you are trying to access, at least for me it did.
Yeah, it really does. In my experience, EU locations seem faster/less congested than US locations. It also depends on the DCs connectivity to HE. If it has HE in the mix, it’s faster than when it needs to take a bunch of different hops before it gets to HE.
Thanks for trying out my tutorial!
would you like to add tutorial for OpenVZ :)
thank you
Thanks for the great tutorial. This is awesome.
I do not know whether it’s just me or if everyone else experiencing problems with your site. It appears as though some of the written text within your posts are running off the screen. Can someone else please provide feedback and let me know if this is happening to them as well? This might be a issue with my browser because I’ve had this happen before.
Many thanks
dear Maarten Kossen
i did as you have mentioned
its working, i mean the ipv6
thanks
just 1 more query
can i use this to make ipv6 vps’s (openvz/kvm/xen) from this node via solusvm/etc
can you please help me in this…
Sorry, I didn’t test this with SolusVM.
It doesn’t work O.O WHY
# ifup sit1
Device sit1
does not seem to be present, delaying initialization.
Exit code: 1
*** End of transmission ***
I have the same problem, did you fix it?
I am sage certified how do I unblock IRC?
IPv6 is the sixth revision to the Internet Protocol and the successor to IPv4. It functions similarly to IPv4 in that it provides the unique, numerical IP addresses necessary for Internet-enabled devices to communicate. However, it does sport one major difference: it utilizes 128-bit addresses. I’ll explain why this is important in a moment – http://livemnc.com/