IPv6 in Ubuntu 12.04
August 3, 2012 7 Comments
I have been exploring IPv6 for a couple months now. It’s a very interesting subject and will quickly become inevitable. IPv6 is coming and it’s here to stay. I have learned a lot about IPv6 in Ubuntu and Windows. Consider this the first article in a series I’ll be publishing as I learn more. I will not give an introduction to IPv6 here. There are lot of good places to learn about it
IPv6 is enabled by default in Ubuntu 12.04 Precise Pangolin. A Local Link Unicast (link-local) address is configured automatically. If you have Router Advertisement (RA) enabled on a switch or router on your network then Ubuntu will autoconfigure its own Global Unicast Address as well. But how does your /etc/network/interfaces file look? Something similar to below.
auto lo iface lo inet loopback auto eth0 iface eth0 inet dhcp
See how you didn’t have to do anything on Ubuntu to get IPv6 working? But let’s dig deeper.
If you still want to be explicit for Ubuntu to use autoconfiguration for IPv6 then edit /etc/network/interfaces.
sudo vim /etc/network/interfaces
And add a line for IPv6 to make the file look similar to below:
auto lo iface lo inet loopback auto eth0 iface eth0 inet dhcp iface eth0 inet6 auto
Bring down eth0 and bring it back up.
sudo ifdown eth0
sudo ifup eth0
Static IPv6 Address
What if you wanted to use a static IPv6 address? Just edit your /etc/network/interfaces file and make it look similar to below.
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
iface eth0 inet6 static
address 2999:abcd:1234:5678::a157
netmask 64
gateway 2999:abcd:1234:5678::1
dns-nameservers 2999:abcd:1234:5678::20
dns-search codeghar.com
Privacy Extension
Let’s say you want to enable privacy extension. That’s also quite easy to do.
sudo vim /etc/sysctl.d/10-ipv6-privacy.conf
In this file, make sure you have the following two lines. This will enable privacy extension on all interfaces. By default Ubuntu already has privacy enabled (I think).
net.ipv6.conf.all.use_tempaddr = 2 net.ipv6.conf.default.use_tempaddr = 2
Save the file and exit vim. Now run the following command to enable these settings.
sudo service procps restart
If that doesn’t work then you can restart your computer.
Look at your IPs and you’ll notice something interesting.
ip addr show
1: lo: mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: mtu 1500 qdisc pfifo_fast state UP ql en 1000
link/ether 00:05:06:07:08:09 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.100/24 brd 198.168.1.255 scope global eth0
inet6 2789:1234:cdef:9876:395e:c9fd:78b4:d863/64 scope global temporary dynamic
valid_lft 604349sec preferred_lft 85349sec
inet6 2789:1234:cdef:9876:205:06ff:fe07:0809/64 scope global dynamic
valid_lft 2591921sec preferred_lft 604721sec
inet6 fe80::205:06ff:fe07:0809/64 scope link
valid_lft forever preferred_lft forever
For eth0 you’ll notice two IPv6 addresses with scope global: “scope global temporary dynamic” and “scope global dynamic”. The term “temporary” means that this is a disposable address generated because of privacy extension. It will expire when “preferred_lft” seconds expire and new temporary address will be generated.
Since we chose value 2 in file /etc/sysctl.d/10-ipv6-privacy.conf, these temporary addresses will be used when connecting to other computers.
Security
Do not forget that you now need to maintain two firewalls, one for IPv4 and one for IPv6. I’ll write another post about ip6tables, the firewall for IPv6.
Disable IPv6
I highly recommend to NOT disable IPv6 in Ubuntu. But if you still want to you can.
sudo vim /etc/sysctl.conf
Add three lines to the file.
net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 net.ipv6.conf.lo.disable_ipv6 = 1
Save the file and exit vim. Now run the following command to enable these settings.
sudo service procps restart
If that doesn’t work then you can restart your computer.
Hat Tips
IPv6 privacy extensions on Linux; Make curl download using non-Privacy extension IPv6 address?; How to be anonymous on IPV6 protocol by not using MAC address in EUI-64?; Disable IPv6 If your Internet is Working Slow in Ubuntu 12.04 Precise Pangolin/Linux Mint 13; IPV6 auto configuration not working
Code Ghar 
rather than service procps, you could run “sudo sysctl -p” to reload the sysctl file.
Is there any way to remove the “tcp6” entries in netstat? None of the methods mentioned above seems to do that, so my “boss” always sees “tcp6 0 0 :::22 :::* LISTEN ” and assumes ipv6 is configured. Rather than spending countless hours trying to convince him that it really IS disabled and that it’s not harmful regardless, is worthless.
You can try ‘ss’ instead of ‘netstat’. Try ‘ss -4” to list IPv4 connections.
try this, it seem you need manually disable tcp6 server for ssh.
http://www.cathaycenturies.com/blog/?p=454
To put it to work, I’m using it this way:
—
auto eth0
iface eth0 inet6 dhcp
iface eth0 inet6 auto
—
Otherwise, RA gets disabled by Ubuntu…
Doesn’t work for me. Initially works – fixes a lengthy (30s) IPv6 DNS lookup timeout I had a problem with, but stops working upon reboot again. After a reboot, the lenghty IPv6 DNS lookup timeout is back, although the changes in /etc/sysctl.conf are still there and I checked them for typo.
Thanks for this blog post, I was looking for what was causing all the random ipv6 addresses being used for my server and I got the answer here.
Short question though, maybe you know the answer: google rejects mail from ipv6 addresses if they have no valid PTR record. How do you deal with that when your ipv6 addresses are always random generated? Just make PTR recors for the entire range?