First thing was to acquire an IPv6 tunnel. I looked around at various free services and settled on HurricaneElectric as they are free and have a tunnel server hung off of the Toronto Internet Exchange where my ISP peers. I registered at http://tunnelbroker.net/ and got a tunnel, the server has both an IPv4 and an IPv6 address and I need to configure my end with my part of the IPv4 and IPv6 address. There's one additional wrinkle in that I have a dynamic IPv4 address from my ISP and the server needs to know my IPv4 address for where to send the tunneled traffic, fortunately there is an auto-update webpage for that.
I considered how to set this up on my server and first was going to use /etc/network/interfaces, but my ISP uses PPPoE so my IPv6 tunnel rides within my IPv4 PPP connection. I therefore decided to add this as a script that is executed as my PPP connection goes up and down. Scripts in /etc/ppp/ip-up.d are executed on the PPP interface going up and scripts in /etc/ppp/ip-down.d are executed on it going down.
Here is /etc/ppp/ip-up.d/he-ipv6 with some obscuration of details:
# Update the tunnel with our IP
curl -k -s "https://ipv4.tunnelbroker.net/ipv4_end.php?ipv4b=AUTO&pass=6xxxxxxxxxxxxxxxxxxxxxxxxxxxxx0&user_id=axxxxxxxxxxxxxxxxxxxxxxxxxxxxxx9&tunnel_id=9xxx1"
# Bring up the tunnel
ip tunnel add he-ipv6 mode sit remote 18.104.22.168 local $PPP_LOCAL ttl 255
ip link set he-ipv6 up
ip addr add 2001:4xx:1x:4xx::2/64 dev he-ipv6
ip route add 2000::/3 dev he-ipv6
The pass parameter is the md5sum of your password, formed by
echo -n password | md5sum
The user_id parameter is actually shown on the main page of the website when you are logged in, it is not your plain login name or md5sum of it, it's something else so just copy paste it.
The tunnel_id parameter is given when you click on the tunnel that you have created.
The IPv6 address that gets added to the device is the client IPv6 address given on the tunnel page.
To make sure everything gets cleaned up when the PPP link goes down so that there is no problem starting it up again, here is /etc/ppp/ip-down.d/he-ipv6
# Bring down the tunnel
ip route del 2000::/3 dev he-ipv6
ip link set he-ipv6 down
ip tunnel del he-ipv6
A quick "ifdown ppp0" followed by and "ifup ppp0" and my server has IPv6 connectivity, verified by "ping6 ipv6.google.com" showing packets.
Next stage is to get the rest of my LAN up on IPv6. First I went to the tunnel information webpage and requested the routable /48 option. This actually gives me 65536 /64s, I'm only going to use the first one for my LAN, but it's good to know I've got room for expansion
On my server I first needed to tell it to act as an IPv6 router, so I editted /etc/sysctl.conf and uncommented out the line "net.ipv6.conf.all.forwarding=1". To avoid the need to reboot to pick this up "echo -n 1 > /proc/sys/net/ipv6/conf/all/forwarding". Now it's just time to get the server advertising the first /64 prefix for my LAN. "apt-get install radvd" and then create /etc/radvd.conf
eth2 is my LAN interface. The prefix is the one shown for the routable /48 on the website but /64s are always used for LAN segments so advertise it as a /64 and that's just using the first of the 65536 of them.
The tricky bit is the MTU setting, I initially didn't have anything there and I found all kinds of stuff not working, then I went to http://test-ipv6.com/ and it told me that large packets were not getting through and I realised I had MTU issues. Ethernet normally has an MTU of 1500, but as mentioned earlier my ISP uses PPPoE which consumes 8 bytes bringing my Internet MTU down to 1492. The IPv6 tunnel then consumes another 20 bytes resulting in an IPv6 Internet MTU of 1472. I can't be bothered to try and get 1500 byte MTU on my LAN with IPv6 and 1472 for Internet, the difference is so small.
Remember to "/etc/init.d/radvd start" to bring it up without rebooting the server. With this, all my other boxes on the LAN that are IPv6 capable picked up the IPv6 and autoconfigured correctly. All of them can go to http://test-ipv6.com/ and see the dancing turtle at http://www.kame.net/ I score 10/10 for IPv4 and 9/10 for IPv6 (ISP not running an IPv6 DNS) at http://test-ipv6.com/
Hmm, maybe I should add Hurricane Electric's IPv6 anycast DNS server at 2001:470:20::2 ....
Edit - fixed the /48 being 64k /64s