IPv6: Difference between revisions

From Bondix Wiki
No edit summary
No edit summary
 
(One intermediate revision by the same user not shown)
Line 2: Line 2:
=IPv6 Setup=
=IPv6 Setup=


By default, Bondix uses a randomized link-local IPv6 address range (''fe80::/3'') as a transport network between the server and client router. This allows basic IPv6 communication, but additional setup is required to achieve full IPv6 internet connectivity for the router and its clients.
By default, '''Bondix''' utilizes a randomized link-local IPv6 address range (<code>fe80::/3</code>) as a transport network between the server and client router. This provides basic IPv6 communication, but further configuration is required to enable full IPv6 internet connectivity for both the router and its clients.


==Option 1: Double Masquerading==
==Option 1: Double Masquerading==
We can enable masquerading on the server by specifying a masquerading IP in the environment settings. Ensure that the tunnel has a default client route for IPv6 (::/0),found in tunnel routing settings. Your must change the environment IPv6 transport network to a private (e.g. fdXX::..), link-local IPv6 networks will not be masqueraded.   
To enable IPv6 masquerading on the server, you need to specify a masquerading IP in the environment settings. Ensure that the tunnel configuration includes a default client route for IPv6 (<code>::/0</code>), which can be found in the tunnel routing settings. Additionally, change the IPv6 transport network from link-local to a private address range (e.g., <code>fdXX::/48</code>), as link-local networks (<code>fe80::/10</code>) are not supported for masquerading.   


Client-side, the following requirements must be met:  
Client-side, the following requirements must be met:


* the router LAN must have a private IPv6 network configured
* The router's LAN must be configured with a private IPv6 network.
* the router must masquerade IPv6 traffic using its transport IP.
* The router must masquerade outbound IPv6 traffic using its transport IP.


==Option 2: Use a Public IPv6 Transport Network==
==Option 2: Use a Public IPv6 Transport Network==
[[File:Public Transport Net.png|thumb|Using a public IPv6 network as a transport network]]
[[File:Public Transport Net.png|thumb|Using a public IPv6 network as a transport network]]
Using a public IPv6 transport network allows omitting server-side masquerading. A small subnet is sufficient (e.g. /112 or /120). Each tunnel in the environment will be assigned a single IP from that subnet. Again, a default IPv6 client route (::/0) must be configured.
Using a public IPv6 transport network simplifies configuration by removing the need for server-side masquerading. A small subnet, such as <code>/112</code> or <code>/120</code>, is sufficient for each tunnel in the environment, and each tunnel will be assigned a single IP from that subnet. A default client route for IPv6 (<code>::/0</code>) must be configured.


Client-side, the same requirements as Option 1 must be met:
Client-side, the same requirements as in Option 1 apply:


* the router LAN must have a private IPv6 network configured
* The router's LAN must be configured with a private IPv6 network.
* the router must masquerade IPv6 traffic using its transport IP.
* The router must masquerade IPv6 traffic using its transport IP.


==Option 3: Route a Public IPv6 Network Through the Tunnel==
==Option 3: Route a Public IPv6 Network Through the Tunnel==
[[File:IPv6 example routing2.png|thumb|Public IPv6 routing]]
[[File:IPv6 example routing2.png|thumb|Public IPv6 routing]]
Server-side, add a public IPv6 network as a server route, and add a default IPv6 client route (::/0).
For full IPv6 routing, the server must be configured with a public IPv6 network as a server route, and a default client route (<code>::/0</code>) must be added for client traffic.


Client-side, the following requirements must be met:
Client-side, the following requirements apply:


* the router LAN must have the routed IPv6 network assigned
* The router's LAN must be assigned the routed public IPv6 network.
* Firewall settings must allow IP forwarding from/to the bondix interface
* Firewall settings must allow IP forwarding to and from the Bondix interface.


=== Client Settings ===
=== Client Settings ===
Line 34: Line 34:


==== Teltonika ====
==== Teltonika ====
 
Teltonika routers do not support static IPv6 address assignment for the LAN interface via the web interface. Use the following commands instead:
* Teltonika does not allow setting a static IPv6 address for the LAN interface in the web interface
*Use these commands instead:
  uci add_list network.lan.ip6addr='2a01:XXXXXXXXXX::1/96'
  uci add_list network.lan.ip6addr='2a01:XXXXXXXXXX::1/96'
  uci commit
  uci commit
  /etc/init.d/network restart
  /etc/init.d/network restart
 
To remove the configured IP address, use:
*to remove the configured IP address, do
 
  uci del_list network.lan.ip6addr='2a01:XXXXXXXX::1/96'
  uci del_list network.lan.ip6addr='2a01:XXXXXXXX::1/96'
  uci commit
  uci commit
Line 49: Line 45:
[[File:Openwrt-ipv6-lan.png|thumb|Manual IPv6 configuration in OpenWr]]
[[File:Openwrt-ipv6-lan.png|thumb|Manual IPv6 configuration in OpenWr]]
====OpenWrt====
====OpenWrt====
 
For OpenWRT, manually assign an IPv6 address to the LAN interface, do not configure a gateway.
*Manually assign an IPv6 address to the LAN interface, no gateway


==== Connected Devices ====
==== Connected Devices ====
For connected devices, you can manually assign IPv6 addresses using the router’s IPv6 address as the gateway. Additionally, ensure that devices use an IPv6 DNS server.


* You can manually assign IPv6 addresses to any connected device using the IPv6 address configured on the router as the gateway.
== QoS ==
* You'll also need a IPv6 DNS server.
QoS can be extended with IPv6 matching rules. If a rule has no IPv6 rules, suitable IPv4 matching rules will be automatically converted to IPv6, omitting any matching rule with specific IPv4 source or destination IPs.
 
==== Todo: ====
 
* how to set up dhcpv6

Latest revision as of 20:40, 30 September 2024

IPv6 Setup

By default, Bondix utilizes a randomized link-local IPv6 address range (fe80::/3) as a transport network between the server and client router. This provides basic IPv6 communication, but further configuration is required to enable full IPv6 internet connectivity for both the router and its clients.

Option 1: Double Masquerading

To enable IPv6 masquerading on the server, you need to specify a masquerading IP in the environment settings. Ensure that the tunnel configuration includes a default client route for IPv6 (::/0), which can be found in the tunnel routing settings. Additionally, change the IPv6 transport network from link-local to a private address range (e.g., fdXX::/48), as link-local networks (fe80::/10) are not supported for masquerading.

Client-side, the following requirements must be met:

  • The router's LAN must be configured with a private IPv6 network.
  • The router must masquerade outbound IPv6 traffic using its transport IP.

Option 2: Use a Public IPv6 Transport Network

Using a public IPv6 network as a transport network

Using a public IPv6 transport network simplifies configuration by removing the need for server-side masquerading. A small subnet, such as /112 or /120, is sufficient for each tunnel in the environment, and each tunnel will be assigned a single IP from that subnet. A default client route for IPv6 (::/0) must be configured.

Client-side, the same requirements as in Option 1 apply:

  • The router's LAN must be configured with a private IPv6 network.
  • The router must masquerade IPv6 traffic using its transport IP.

Option 3: Route a Public IPv6 Network Through the Tunnel

Public IPv6 routing

For full IPv6 routing, the server must be configured with a public IPv6 network as a server route, and a default client route (::/0) must be added for client traffic.

Client-side, the following requirements apply:

  • The router's LAN must be assigned the routed public IPv6 network.
  • Firewall settings must allow IP forwarding to and from the Bondix interface.

Client Settings

this is work in progress

Teltonika

Teltonika routers do not support static IPv6 address assignment for the LAN interface via the web interface. Use the following commands instead:

uci add_list network.lan.ip6addr='2a01:XXXXXXXXXX::1/96'
uci commit
/etc/init.d/network restart

To remove the configured IP address, use:

uci del_list network.lan.ip6addr='2a01:XXXXXXXX::1/96'
uci commit
/etc/init.d/network restart
Manual IPv6 configuration in OpenWr

OpenWrt

For OpenWRT, manually assign an IPv6 address to the LAN interface, do not configure a gateway.

Connected Devices

For connected devices, you can manually assign IPv6 addresses using the router’s IPv6 address as the gateway. Additionally, ensure that devices use an IPv6 DNS server.

QoS

QoS can be extended with IPv6 matching rules. If a rule has no IPv6 rules, suitable IPv4 matching rules will be automatically converted to IPv6, omitting any matching rule with specific IPv4 source or destination IPs.