IPv6 in Ubuntu 12.04

I have been exploring IPv6 for a couple months now. It’s a very interesting subject and will quickly become inevitable. IPv6 is coming and it’s here to stay. I have learned a lot about IPv6 in Ubuntu and Windows. Consider this the first article in a series I’ll be publishing as I learn more. I will not give an introduction to IPv6 here. There are lot of good places to learn about it

IPv6 is enabled by default in Ubuntu 12.04 Precise Pangolin. A Local Link Unicast (link-local) address is configured automatically. If you have Router Advertisement (RA) enabled on a switch or router on your network then Ubuntu will autoconfigure its own Global Unicast Address as well. But how does your /etc/network/interfaces file look? Something similar to below.

auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp

See how you didn’t have to do anything on Ubuntu to get IPv6 working? But let’s dig deeper.

If you still want to be explicit for Ubuntu to use autoconfiguration for IPv6 then edit /etc/network/interfaces.

sudo vim /etc/network/interfaces

And add a line for IPv6 to make the file look similar to below:

auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
iface eth0 inet6 auto

Bring down eth0 and bring it back up.

sudo ifdown eth0

sudo ifup eth0

Static IPv6 Address

What if you wanted to use a static IPv6 address? Just edit your /etc/network/interfaces file and make it look similar to below.

auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
iface eth0 inet6 static
    address 2999:abcd:1234:5678::a157
    netmask 64
    gateway 2999:abcd:1234:5678::1
    dns-nameservers 2999:abcd:1234:5678::20
    dns-search codeghar.com

Privacy Extension

Let’s say you want to enable privacy extension. That’s also quite easy to do.

sudo vim /etc/sysctl.d/10-ipv6-privacy.conf

In this file, make sure you have the following two lines. This will enable privacy extension on all interfaces. By default Ubuntu already has privacy enabled (I think).

net.ipv6.conf.all.use_tempaddr = 2
net.ipv6.conf.default.use_tempaddr = 2

Save the file and exit vim. Now run the following command to enable these settings.

sudo service procps restart

If that doesn’t work then you can restart your computer.

Look at your IPs and you’ll notice something interesting.

ip addr show

1: lo:  mtu 16436 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0:  mtu 1500 qdisc pfifo_fast state UP ql en 1000
    link/ether 00:05:06:07:08:09 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.100/24 brd 198.168.1.255 scope global eth0
    inet6 2789:1234:cdef:9876:395e:c9fd:78b4:d863/64 scope global temporary dynamic
       valid_lft 604349sec preferred_lft 85349sec
    inet6 2789:1234:cdef:9876:205:06ff:fe07:0809/64 scope global dynamic
       valid_lft 2591921sec preferred_lft 604721sec
    inet6 fe80::205:06ff:fe07:0809/64 scope link
       valid_lft forever preferred_lft forever

For eth0 you’ll notice two IPv6 addresses with scope global: “scope global temporary dynamic” and “scope global dynamic”. The term “temporary” means that this is a disposable address generated because of privacy extension. It will expire when “preferred_lft” seconds expire and new temporary address will be generated.

Since we chose value 2 in file /etc/sysctl.d/10-ipv6-privacy.conf, these temporary addresses will be used when connecting to other computers.

Security

Do not forget that you now need to maintain two firewalls, one for IPv4 and one for IPv6. I’ll write another post about ip6tables, the firewall for IPv6.

Disable IPv6

I highly recommend to NOT disable IPv6 in Ubuntu. But if you still want to you can.

sudo vim /etc/sysctl.conf

Add three lines to the file.

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

Save the file and exit vim. Now run the following command to enable these settings.

sudo service procps restart

If that doesn’t work then you can restart your computer.

Hat Tips

IPv6 privacy extensions on Linux; Make curl download using non-Privacy extension IPv6 address?; How to be anonymous on IPV6 protocol by not using MAC address in EUI-64?; Disable IPv6 If your Internet is Working Slow in Ubuntu 12.04 Precise Pangolin/Linux Mint 13; IPV6 auto configuration not working

7 Responses to IPv6 in Ubuntu 12.04

  1. Peter Grace says:

    rather than service procps, you could run “sudo sysctl -p” to reload the sysctl file.

  2. Tim Connolly says:

    Is there any way to remove the “tcp6″ entries in netstat? None of the methods mentioned above seems to do that, so my “boss” always sees “tcp6 0 0 :::22 :::* LISTEN ” and assumes ipv6 is configured. Rather than spending countless hours trying to convince him that it really IS disabled and that it’s not harmful regardless, is worthless.

  3. hs says:

    You can try ‘ss’ instead of ‘netstat’. Try ‘ss -4” to list IPv4 connections.

  4. sean says:

    try this, it seem you need manually disable tcp6 server for ssh.

    http://www.cathaycenturies.com/blog/?p=454

  5. To put it to work, I’m using it this way:


    auto eth0
    iface eth0 inet6 dhcp
    iface eth0 inet6 auto

    Otherwise, RA gets disabled by Ubuntu…

  6. Kevin Dox says:

    Doesn’t work for me. Initially works – fixes a lengthy (30s) IPv6 DNS lookup timeout I had a problem with, but stops working upon reboot again. After a reboot, the lenghty IPv6 DNS lookup timeout is back, although the changes in /etc/sysctl.conf are still there and I checked them for typo.

  7. Karel says:

    Thanks for this blog post, I was looking for what was causing all the random ipv6 addresses being used for my server and I got the answer here.
    Short question though, maybe you know the answer: google rejects mail from ipv6 addresses if they have no valid PTR record. How do you deal with that when your ipv6 addresses are always random generated? Just make PTR recors for the entire range?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 31 other followers

%d bloggers like this: