kaeru


"Stuff I'm working on ..."

IPv6 at Home

by kaeru published 2021/11/25 00:30:00 GMT+8, last modified 2021-11-30T00:05:33+08:00
Network connections on server
Network connections on server

Unique Local Unicast Addresses (ULAs)

Conversion of services running on my home server to IPv6, was easier once I figured out how to configure private addresses properly. On IPv6 these are Unique Local Unicast Addresses (ULAs). On IPv6 you generate your own "unique" ULA /48 prefix following RFC4193.

Which gives you fdxx:xxxx:xxxx:0:/64 through fdxx:xxxx:xxxx:ffff:/64 subnets.

That's 216 or 65536 subnets, each with 264  unique addresses available or 18446744073709551616, which might be enough for the nanobot swarms around the house in the near future.

You can generate a unique ULA calculating manually as per RFC, or use online tool such as https://cd34.com/rfc4193/

For mine it was fdd5:674c:9795:0 as my first subnet and I used fdd5:674c:9795:0:1 (or fdd5:674c:9795::1) as fixed IP for home server, and let rtadvd using SLAAC assign all devices on home network with unique address automatically.

This way  I have a local only static IPv6 address for home server, which I can reliably use to do stuff like remote CIFS mounts on my workstation or home PCs.

If you assign this additional address on the same network interface as your home network which already has SLAAC router advertisements, then it'll just pick up the additional prefix and all devices in your network will pick up the additional addresses. This is neat. IPv6 was designed for all devices to possibly have multiple addresses. So when connected to the ISP all devices on network now will automatically get ULA (private local) and GUA (global) IP addresses.

Can read more on history of ULA and best practices on APNIC's blog.

samba

Setup on for Samba is straightforward, just need to add the fixed IPv6 ULA address.

interfaces = 192.168.0.1, fdd5:674c:9795::1
bind interfaces only = yes

You can check quickly with command smbstatus:

Samba version 4.13.8
PID Username Group Machine Protocol Version Encryption Signing
----------------------------------------------------------------------------------------------------------------------------------------
28214 kaeru kaeru fdd5:674c:9795:0:bb24:5fac:13c1:1694 (ipv6:fdd5:674c:9795:0:bb24:5fac:13c1:1694:48630) SMB3_11 - partial(AES-128-CMAC)

Service pid Machine Connected at Encryption Signing
---------------------------------------------------------------------------------------------
media 28214 fdd5:674c:9795:0:bb24:5fac:13c1:1694 Wed Nov 24 21:00:28 2021 +08 - -
IPC$ 28214 fdd5:674c:9795:0:bb24:5fac:13c1:1694 Wed Nov 24 21:00:28 2021 +08 - -
data 28214 fdd5:674c:9795:0:bb24:5fac:13c1:1694 Wed Nov 24 21:00:28 2021 +08 - -

Locked files:
Pid User(ID) DenyMode Access R/W Oplock SharePath Name Time
--------------------------------------------------------------------------------------------------
28214 1001 DENY_NONE 0x120089 RDONLY LEASE(RWH) /media music/R&B and Soul/Usher/Usher - My Way/03 Usher - Nice & Slow.flac Wed Nov 24 23:20:51 2021

/etc/fstab works with IPv6 just fine

//fdd5:674c:9795::1/media /mnt/media cifs <options> 0 0

mdns

Numerical IPv6 addresses aren't exactly easy to remember, so mdns (along with DNS-SD for service discovery) is kinda necessary. On Ubuntu IPv6 lookup for mdns is disabled, you'll need to tweak /etc/nsswitch.conf a bit, change mdns4 _minimal to just mdns_minimal

hosts: files mdns_minimal resolve dns

And should now be able to access devices with foo.local hostnames instead of numeric IPv6.

To browse mdns devices on your network on Linux/FreeBSD with avahi:

avahi-browse -ar

eno1 IPv6 HP DeskJet 4720 series [DB910A] Internet Printer local
hostname = [HP84A93EDB910A.local]
address = [192.168.0.106]
port = [631]

eno1 IPv6 D-Link DAP-1665 Configuration Utility Web Site local
hostname = [dlinkap.local]
address = [192.168.0.103]
port = [80]
txt = []

Accessing the printer is a lot easier with .local then figuring out and typing out the full IPv6 address, and with local ULA network, wireless printer will still work without global address without connection to ISP. It still has a GUA when home server is connected to internet, but ULA address is preferred for local connections. The address listed by avahi-brower -r is IPv4, but could be current limitation of the browser output, rest assured the mdns entries are IPv6.

kaeru@spidey:~$ ping HP84A93EDB910A.local
PING HP84A93EDB910A.local(fdd5:674c:9795:0:86a9:3eff:fedb:910a%2 (fdd5:674c:9795:0:86a9:3eff:fedb:910a%2)) 56 data bytes
64 bytes from fdd5:674c:9795:0:86a9:3eff:fedb:910a (fdd5:674c:9795:0:86a9:3eff:fedb:910a): icmp_seq=1 ttl=64 time=42.7 ms
64 bytes from fdd5:674c:9795:0:86a9:3eff:fedb:910a (fdd5:674c:9795:0:86a9:3eff:fedb:910a): icmp_seq=2 ttl=64 time=38.9 ms

VMs on FreeBSD

I bridge the bhyve VMs to the main home network interface on the server. FreeBSD, Linux VMs pick up ULA and GUA addresses automatically via SLAAC as they should.

Troubleshooting

On client side, at least on Linux, the utility radvdump, is useful for monitoring for router advertisements from your home server/router. In my case, a TP-Link WiFi router has silly setup to send RT advertisements even in bridge mode with no option to turn it off. So It sends additional Google DNS nameservers to the network. I'm going to need to replace it.

The TPLink router advertisement thanks to radvdump.

# radvd configuration generated by radvdump 2.18
# based on Router Advertisement from fe80::52d4:f7ff:fe6b:11ff
# received by interface eno1
#

interface eno1
{
	AdvSendAdvert on;
	# Note: {Min,Max}RtrAdvInterval cannot be obtained with radvdump
	AdvManagedFlag off;
	AdvOtherConfigFlag on;
	AdvReachableTime 0;
	AdvRetransTimer 0;
	AdvCurHopLimit 64;
	AdvDefaultLifetime 0;
	AdvHomeAgentFlag off;
	AdvDefaultPreference medium;
	AdvSourceLLAddress on;

	RDNSS 2001:f40:0:3::2:67 2001:4860:4860::8888
	{
		AdvRDNSSLifetime 10;
	}; # End of RDNSS definition

}; # End of interface definition
 #
# radvd configuration generated by radvdump 2.18
# based on Router Advertisement from fe80::52d4:f7ff:fe6b:11ff
# received by interface eno1

None IPv6 devices and services

Only "old" 2013 Panasonic TV (ironically running some version of FreeBSD) and Plex Mediaserver didn't support IPv6. Netflix still works on the TV, but it also has MiBox Android TV device connected to it that does support IPv6.

The best outcome from this, is getting comfortable and familiar with IPv6 setup and troubleshooting, especially when everything already just works at home.