diff --git a/documentation/content/en/books/handbook/config/_index.adoc b/documentation/content/en/books/handbook/config/_index.adoc --- a/documentation/content/en/books/handbook/config/_index.adoc +++ b/documentation/content/en/books/handbook/config/_index.adoc @@ -415,7 +415,7 @@ W32DRIVER_SYS_load="YES" .... -=== Configuring the Network Card +=== Configuring the Network Card for IPv4 Once the right driver is loaded for the NIC, the card needs to be configured. It may have been configured at installation time by man:bsdinstall[8]. @@ -515,6 +515,174 @@ ==== +=== Configuring the Network Card for IPv6 +IPv6 configuration is separated from IPv4 configuration in [.filename]#/etc/rc.conf# so whatever you have there to configure IPv4 is unaffected by all this. + +These examples assume that your ISP connection ends with an Ethernet cable plugged into interface "ed0" on your FreeBSD machine. + +==== Simple Client Configuration +First we will set up the machine as a simple IPv6 client, by enabling IPv6 and starting rtsold(8) to takes care of getting an IPv6 number and the routes your ISP wants you to use. + +To do this, add the following to [.filename]#/etc/rc.conf# + +[.programlisting] +.... +ipv6_cpe_wanif=ed0 +rtsold_enable=yes +rtsold_flags="ed0" +ipv6_activate_all_interfaces=yes +.... + +If the lofty promises of IPv6 auto-configuration holds, a reboot should connect you to the Internet Of The Future (est. 1995): + +[source,bash] +.... +% ping6 -c 3 freebsd.org +PING6(56=40+8+8 bytes) 2001:db8::18ff:fe0a:74a6 --> 2610:1c1:1:606c::50:15 +16 bytes from 2610:1c1:1:606c::50:15, icmp_seq=0 hlim=51 time=88.404 ms +16 bytes from 2610:1c1:1:606c::50:15, icmp_seq=1 hlim=51 time=88.037 ms +16 bytes from 2610:1c1:1:606c::50:15, icmp_seq=2 hlim=51 time=87.954 ms +.... + +If you look at your ethernet interface, you will see two IPv6 addresses: + +[source,bash] +.... +% ifconfig ed0 +ed0: flags=8863 metric 0 mtu 1500 + options=[…] + ether […]:0a:7a:a6 + inet […] + inet6 fe80::230:18ff:fe0a:74a6%ed0 prefixlen 64 scopeid 0x1 + inet6 2001:db8::18ff:fe0a:74a6 prefixlen 64 autoconf + media: […] + status: active + nd6 options=23 +.... + +The last three bytes of the interface MAC address are reused in the IPv6 addresses, here `0a:7a:a6`, this is part of the magic autoconfiguration-sauce rtsold(8) does. + +You will not see `2001:db8::` but whatever your ISP's IPv6 prefix is for your end of their network, the `prefixlen` may also be different. + +The `fe80::…` address is an automatic "link-local" address which is used by the autoconfiguration protocols. + +You will also have a pile of IPv6 routes now: + +[source,bash] +.... +% netstat -rn -f inet6 +Routing tables +Internet6: +Destination Gateway Flags Netif Expire +::/96 ::1 UGRS lo0 +default fe80::92e2:baff:fe37:d760%ed0 UG ed0 +::1 link#7 UH lo0 +::ffff:0.0.0.0/96 ::1 UGRS lo0 +2001:db8::/64 link#1 U ed0 +2001:db8::18ff:fe0a:74a6 link#1 UHS lo0 +fe80::/10 ::1 UGRS lo0 +fe80::%igb0/64 link#1 U ed0 +fe80::230:18ff:fe0a:74a6%ed0 link#1 UHS lo0 +fe80::%lo0/64 link#7 U lo0 +fe80::1%lo0 link#7 UHS lo0 +ff02::/16 ::1 UGRS lo0 +.... + +The important one is obviously the default route. + +==== Spreading IPv6 to your entire network +The IPv6 world has autoconfiguration methods which allow a gateway to distribute an ISP provided IPv6 subnet to the rest of the network, but not all ISPs support that. + +Even if your ISP support it, it has the downside that your devices will change IPv6 addresses if your ISP feels like it, which can mean as often as your gateway restarts. + +For normal consumers that is probably fine, but if, like me, you have your own servers etc, that gets old soon. + +Like RFC1918 addresses for IPv4, RFC4193 defines private IPv6 networks, and if you follow the instructions and use random numbers, you are unlikely to ever see another network using the same addresses as you did. + +In this example we will use RFC4193 addresses internally and use NAT to hide everything behind the single IPv6 address we got from the ISP. + +First we create our very own RFC4193 address: + +[source,bash] +.... +% dd if=/dev/random bs=5 count=1 | hexdump -C +00000000 PP QQ RR SS TT |.....| +00000005 +.... + +Your RFC4193 compliant IPv6 network then becomes: + +[.programlisting] +.... +fdPP:QQRR:SSTT:: +.... + +Next assign a static address to the internal interface of the gateway, and there is a neat trick available here: + +If the internal `ie0` is configured for IPv4 like this in [.filename]#/etc/rc.conf#: + +[.programlisting] +.... +ifconfig_ie0="192.168.10.102/24" +.... + +We can configure it for IPv6 like that in [.filename]#/etc/rc.conf#: + +[.programlisting] +.... +ifconfig_ie0_ipv6="inet6 fdPP:QQRR:SSTT::192.168.10.102/120" +.... + +Unfortunately the does not work everywhere, but here it does. + +The math behind `/120` is `/(128 - (32 - 24))`, in case you used a different netmask for you internal network. + +We want the machine to act as a gateway through [.filename]#/etc/rc.conf# + +[.programlisting] +.... +ipv6_gateway_enable=yes +.... + +We need to start rtadvd(8) to answer the rtsold(8) requests from the machines on the inside via [.filename]#/etc/rc.conf# + +[.programlisting] +.... +rtadvd_enable=yes +rtadvd_interfaces="ie0" +.... + +And finally we need to tell pf(4) to NAT everything onto the IPv6 address we got from our ISP via [.filename]#/etc/pf.conf# + +[.programlisting] +.... +if_ext="ed0" +[…] +nat on $if_ext inet6 from !($if_ext) -> ($if_ext:0) +.... + +(A bug in FreeBSD-12 prevents this from working, you will have to enter the actual address on your `ed0` interface, and change it if/when your ISP changes their address-layout.) + +Reboot the gateway, and then configure a test machine on the internal network via [.filename]#/etc/rc.conf#: + +[.programlisting] +.... +ifconfig_ie0_ipv6="inet6 fdPP:QQRR:SSTT::192.168.10.81/120" +ipv6_cpe_wanif=ie0 +rtsold_enable=yes +rtsold_flags=ie0 +ipv6_activate_all_interfaces=yes +.... + +Reboot the test machine and try if "ping6 freebsd.org" works. + +You do not need to configure a `defaultrouter` for IPv6, rtadvd(8) and rtsold(8) takes care of that. + +[NOTE] +===== +The choice of 'ed0' and 'ie0' interface names commemorates the two of the most important ethernet drivers in FreeBSD, when IPv6 was rushed into existence 25 years ago. +===== + [[config-network-testing]] === Testing and Troubleshooting