IPv6 and OpenBSD (Part 1)

So I finally took the plunge and got IPv6 going. My setup is pretty simple: OpenBSD firewall attached to the Internet, switch and a bunch of machines attached to the OpenBSD firewall. My ISP doesn’t support IPv6 yet (I’d be truly shocked if they do anytime in the next 5 years) so I choose Hurricane Electric as my IPv6 tunnel broker. The server setup isn’t to bad, but there are a lot of small steps:

Step1: Sign up at Hurricane Electric for a free IPv6 tunnel: http://tunnelbroker.net/

Step 2: Create a tunnel and note down the info they give you. You will get a /64 assignment which is a lot of addresses (more than you’ll probably ever need). This makes IP assigned convenient, just take your IPv6 prefix, and tack on the MAC address and you’re almost guaranteed to get a unique IP address (notwithstanding really bad network card makers).

Step 3: Setup tunnel on OpenBSD, notice the “Example OS Configurations (Windows, Linux, etc.):” at the bottom and select OpenBSD wghich spits out something like:

ifconfig gif0 tunnel your.ip.add.ress 72.52.104.74
ifconfig gif0 inet6 alias 2001:500:6666:333::2 2001:500:6666:333::1 prefixlen 128
route -n add -inet6 default 2001:500:6666:333::1

Go edit your /etc/hostname.gif0 file so it looks like this:

tunnel 68.151.57.38 72.52.104.74
!ifconfig gif0 inet6 alias 2001:500:6666:333::22001:500:6666:333::1 prefixlen 128
!route -n add -inet6 default 2001:500:6666:333::1

The !command runs the command, I got tired of trying to figure out the correct syntax and just put the command in instead.

Step 4: Setup your internal interface to have an IPv6 address (hostname.fxp0):

inet 192.168.0.1 255.255.255.0
inet6 2001:500:6666:333:123:45ff:fe1d:3456 64
inet6 alias 2001:500:6666:333:: 64 anycast

I basically choose the network card’s MAC address for the middle part of the IPv6 address, this way it is unlikely to ever conflict with anything else.

Step 5: Setup and configure the route advertisement daemon, in rc.conf:

rtadvd_flags=” fxp0″

And your /etc/rtadvd.conf should look like:

fxp0:\
:addrs#1:addr=”2001:500:6666:333::”:prefixlen#64:raflags#64:

This will allow you to configure other clients to use the route advertisement daemon which basically makes IPv6 0 hassle to setup.

Step 6: IPv6 routing and routed. Edit rc.conf to enable route6d:

route6d_flags=””

You’ll also want to enable forwarding of IPv6 traffic:

net.inet6.ip6.forwarding=1      # 1=Permit forwarding (routing) of IPv6 packets
net.inet6.ip6.mforwarding=1     # 1=Permit forwarding (routing) of IPv6 multicast packets
net.inet6.ip6.multipath=1       # 1=Enable IPv6 multipath routing

Step 7: Reboot, you should be good to go. To test it try something like:

ping6 ipv6.google.com

The client setup is pretty easy on OpenBSD at least, during network configuration choose “rtsol” when prompted for IPv6 setup, if your machine is already setup simple edit the hostname.if file and add “rtsol” to it, this will result in automatic IPv6 configuration. You’ll also want to enable the rtsold daemon in rc.conf:

rtsold_flags=”fxp0″

Adding an IPv6 name server to resolv.conf is also easy:

nameserver 2001:470:20::2

Reboot and your client should be ready to get an IP from your OpenBSD firewall and connect onwards to the Internet.

Tags: ,

One Response to “IPv6 and OpenBSD (Part 1)”

  1. Farisy Maulana Says:

    Woah, Thank to you.. Now, I can continue on my Homework..

    But, do you know how to configure NAT64 on openBSD..
    I’m stuck here.. :D

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: