wiki:TipAndDoc/service/sakura/ipv6

Version 11 (modified by mitty, 13 years ago) (diff)

--

using Sakura 6rd

  • さくらの6rd(トライアル) « さくらインターネット研究所
    • 6rd設定方法(Ubuntu10.10編) « さくらインターネット研究所
      1. IPv6アドレスの算出
        # printf "2001:e41:%02x%02x:%02x%02x::1\n" 59 106 69 124
        2001:e41:3b6a:457c::1
        
      2. /etc/network/interfaces ファイルの編集
        # vi /etc/network/interfaces   (以下を追加)
        auto tun6rd
        iface tun6rd inet6 v4tunnel
                address 2001:e41:3b6a:457c::1
                netmask 32
                local 59.106.69.124
                endpoint any
                gateway ::61.211.224.125
                ttl 64
                up ip tunnel 6rd dev tun6rd 6rd-prefix 2001:e41::/32
                up ip link set mtu 1280 dev tun6rd
        
      3. 設定反映を確認
        # ifconfig tun6rd
        tun6rd    Link encap:IPv6-in-IPv4
                  inet6アドレス: ::59.106.69.124/128 範囲:Compat
                  inet6アドレス: 2001:e41:3b6a:457c::1/32 範囲:グローバル
                  UP RUNNING NOARP  MTU:1280  メトリック:1
                  RXパケット:0 エラー:0 損失:0 オーバラン:0 フレーム:0
                  TXパケット:0 エラー:0 損失:0 オーバラン:0 キャリア:0
                  衝突(Collisions):0 TXキュー長:0
                  RXバイト:0 (0.0 B)  TXバイト:0 (0.0 B)
        
        # ip tunnel show
        sit0: ipv6/ip  remote any  local any  ttl 64  nopmtudisc 6rd-prefix 2002::/16
        tun6rd: ipv6/ip  remote any  local 59.106.69.124  ttl 64  6rd-prefix 2001:e41::/32
        
        # ip -6 route show | grep default
        default via ::61.211.224.125 dev tun6rd  metric 1024  mtu 1280 advmss 1220 hoplimit 0
        

6rd on Ubuntu 10.04 lucid

re-enable IPv6

  • $ sudo vim /etc/sysctl.conf
    • etc/ufw/sysctl.conf

       
      3030 
      3131#net/ipv4/tcp_fin_timeout=30 
      3232#net/ipv4/tcp_keepalive_intvl=1800 
      33  
      34 #disable ipv6 
      35 net.ipv6.conf.all.disable_ipv6 = 1 
      36 net.ipv6.conf.default.disable_ipv6 = 1 
      37 net.ipv6.conf.lo.disable_ipv6 = 1 
  • $ sudo vim /etc/ufw/sysctl.conf
    • etc/sysctl.conf

       
      3232#net.ipv6.conf.all.forwarding=1 
      3333 
      3434 
      35 #disable ipv6 
      36 net.ipv6.conf.all.disable_ipv6 = 1 
      37 net.ipv6.conf.default.disable_ipv6 = 1 
      38 net.ipv6.conf.lo.disable_ipv6 = 1 
      39  
      4035################################################################### 
      4136# Additional settings - these settings can improve the network 
      4237# security of the host and prevent against some network attacks 

backport maverick kernel

  • $ sudo aptitude install linux-headers-generic-lts-backport-maverick linux-image-generic-lts-backport-maverick
      linux-headers-2.6.35-23{a} linux-headers-2.6.35-23-generic{a}
      linux-headers-generic-lts-backport-maverick linux-image-2.6.35-23-generic
      linux-image-generic-lts-backport-maverick
    

backport maverick iproute

  • $ sudo aptitude install -R python-software-properties
      python-software-properties unattended-upgrades{a}
    
  • $ sudo add-apt-repository ppa:nathan-launchpad/iproute-lucid-ppa
    Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring /etc/apt/secring.gpg --trustdb-name /etc/apt/trustdb.gpg --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyserver keyserver.ubuntu.com --recv 0ABF9419A50E06EF0E31A901F798C386A6A6010B
    gpg: requesting key A6A6010B from hkp server keyserver.ubuntu.com
    gpg: key A6A6010B: public key "Launchpad iproute-ppa" imported
    gpg: Total number processed: 1
    gpg:               imported: 1  (RSA: 1)
    
  • $ sudo aptitude update
  • $ sudo aptitude install iproute
      iproute
    
    (snip)
    
    Get:1 http://ppa.launchpad.net/nathan-launchpad/iproute-lucid-ppa/ubuntu/ lucid/main iproute 20100519-2~lucid~ppa1 [425kB]
    

another way

  • from さくらVPSのUbuntu 10.04でさくらの6rd(トライアル)を使う | Facebook
    • $ sudo cp /etc/apt/sources.list /etc/apt/sources.list.d/maverick.list
    • $ sudo sed -i s#lucid#maverick#g /etc/apt/sources.list.d/maverick.list
    • $ sudo vim /etc/apt/preferences.d/iproute-pin-600
      Explanation: Do not install from maverick
      Package: *
      Pin: release n=maverick
      Pin-Priority: -1
      
      Explanation: Install iproute from maverick
      Package: iproute
      Pin: release n=maverick
      Pin-Priority: 600
      
    • これらに追加して、以下の設定が必要
  • /etc/apt/apt.conf.d/01ubuntu
  • これがないと、全てのパッケージがmaverickにupgradeされてしまう
    • $ aptitude -s safe-upgrade
      (snip)
      
        ureadahead usbutils util-linux uuid-runtime vim vim-common vim-runtime vim-tiny w3m wget whiptail x11-common xfsprogs xkb-data zlib1g
      The following packages are RECOMMENDED but will NOT be installed:
        byobu dbus libglib2.0-data libjson-xs-perl libpaper-utils shared-mime-info ttf-liberation x-ttcidfont-conf
      293 packages upgraded, 26 newly installed, 9 to remove and 5 not upgraded.
      Need to get 231MB of archives. After unpacking 120MB will be used.
      
  • 逆に、/etc/apt/apt.conf.d/01ubuntu によってmaverickのiprouteが候補に出なくなることがある。その場合は以下のコマンドで導入される(
    sudo aptitude install -t maverick iproute
    
    • APT Pinning 周りはman等の説明通りに動かないので調査中…

apply settings

  • printf "2001:e41:%02x%02x:%02x%02x::1\n" 59 106 180 123
    2001:e41:3b6a:b47b::1
    
  • $ sudo vim /etc/default/ufw
    • etc/default/ufw

       
      44# Set to yes to apply rules to support IPv6 (no means only IPv6 on loopback 
      55# accepted). You will need to 'disable' and then 'enable' the firewall for 
      66# the changes to take affect. 
      7 IPV6=no 
       7IPV6=yes 
      88 
      99# Set the default input policy to ACCEPT, ACCEPT_NO_TRACK, DROP, or REJECT. 
      1010# ACCEPT enables connection tracking for NEW inbound packets on the INPUT 
  • $ sudo vim /etc/network/interfaces
    Index: /etc/network/interfaces
    ===================================================================
    --- /etc/network/interfaces     (revision 532)
    +++ /etc/network/interfaces     (revision 533)
    @@ -16,3 +16,14 @@
         # dns-* options are implemented by the resolvconf package, if installed
         dns-nameservers 210.188.224.10
         dns-search sakura.ne.jp
    +
    +auto tun6rd
    +iface tun6rd inet6 v4tunnel
    +   address 2001:e41:3b6a:b47b::1
    +   netmask 32
    +   local 59.106.180.123
    +   endpoint any
    +   gateway ::61.211.224.125
    +   ttl 64
    +   up ip tunnel 6rd dev tun6rd 6rd-prefix 2001:e41::/32
    +   up ip link set mtu 1280 dev tun6rd
    

check IPv6 access