Setting up IPv6 in my home network

TTTAs soon as Microsoft released Windows Server 2012 R2 images on MSDN, I decided it is time for me to upgrade my home environment. I will probably dedicate a separate post on my home infrastructure, while leaving this post for one of the decisions I made for my environment – using IPv6.

Setting static IPv6 addresses

Currently, I have 6 Windows Server machines in my environment, so the first thing I needed to do was setting static IPv6 addresses on them, starting with my domain controller/DNS server.

To make things easier for me, I used this online tool to generate a unique local address range prefix, which I am going to use in my environment. For the sake of example, let’s say the prefix that was generated for me was fdd1:b9ea:da43:964e::/64. Having it, I set IP addresses on my servers as following:

  • fdd1:b9ea:da43:964e::2
  • fdd1:b9ea:da43:964e::3
  • fdd1:b9ea:da43:964e::4
  • etc.

Setting IPv6 using GUI is fairly easy and the process is pretty much the same as setting IPv4 addresses. Anyhow, if you are using Server Core installations (Windows Server installations without GUI), it might be more challenging. You probably use SCONFIG to set IPv4 configuration on you Server Core installation; unfortunately, it does not work for IPv6 addresses. So, to set IPv6 address on your server via command line, use the following command:

NETSH int ipv6 add address Production fdd1:b9ea:da43:964e::2

In this case, “Production” is the name of your network adapter and fdd1:b9ea:da43:964e::2 is the IP to be set.

To set the DNS for the server, use the following command (where fdd1:b9ea:da43:964e::3 is the IP of my DNS server):

NETSH int ipv6 add dns Production fdd1:b9ea:da43:964e::3

That is it. My servers now have static IPv6 addresses set and we can proceed further.

Configuring DNS server to support IPv6

There is really not that much additional configuration required for your Windows DNS server to support IPv6. Anyhow, there are few things you should keep in mind:

  • Make sure the DNS server is bound to IPv6 interface (Server Properties -> Interfaces)
  • Create Reverse Lookup Zone for your IPv6 range. In my case it was e.4.6.9.3.4.a.d.a.e.9.b.1.d.d.f.ip6.arpa.
  • If you are planning to access external IPv6 sites (refer the the “Configuring Linksys E4200 for IPv6 access” section), make sure to set external IPv6 DNS servers (Server Properties -> Forwarders). I used the following Google public DNS IPv6 servers:
    • 2001:4860:4860::8888
    • 2001:4860:4860::8844

Configuring DHCPv6

For the DHCP to issue IPv6 addresses for my workstations I did the following:

  • Created a new IPv6 scope – fdd1:b9ea:da43:964e::/64
  • Set an exclusion range to exclude the fdd1:b9ea:da43:964e::1 – fdd1:b9ea:da43:964e::ffff addresses, that I am assigning statically
  • Set 00023 DNS Recursive Name Server IPv6 Address List to point to my DNS server – fdd1:b9ea:da43:964e::3.
  • Set 00024 Domain Search List option to my domain FQDN.

As soon as the scope was ready and few of my workstations received IPv6 addresses from the DHCP server, I noticed a strange thing – these workstations could not communicate with the servers having static IPv6 addresses, while the servers had no issues accessing the workstations. Since the issue was one-way only and I had firewall disabled on the devices, I decided to checked the routes.

While running ROUTE PRINT command I noticed a strange thing: the workstations getting IPv6 addresses from DHCP were missing a route to fdd1:b9ea:da43:964e::/64. I tried manually adding this route and it resolved the issue. I am not sure whether that is a bug or a feature, but I required communications between all my devices, whether they have static or DHCP provided address, so what I did was creating a GPO to run the following startup script:

NETSH int ipv6 add route fdd1:b9ea:da43:964e::/64 Production

The script worked perfectly for me, but in case you planning to use it as well, be aware that for it to work it needs network adapters on all the devices to have the same name. If that is not the case for you, you will probably need to make the script more advanced, to dynamically find a name of the adapter.

After doing all the configurations above, I have IPv6 fully working in my internal network. Anyhow, I wanted to be able to access external IPv6 resources as well, so I needed to tweak configuration of my router.

Configuring Linksys E4200 for IPv6 access

I will probably be getting TL-ER6120 router for my home environment in the future, but for now I have to live with my home-class Linksys E4200. It is a pretty decent router, but it is missing some enterprise-level features. Either way, it does support IPv6, while my ISP does not. So what I needed to access IPv6 sites was an IPv6 translation. Since I have a public IPv4 address, 6to4 tunnel was the translation mechanism I decided to use.

I used online 6to4 Prefix Generator tool to get the 6to4 prefix to use. Once done, I had all the information I needed to enter to my router:

  • Prefix: (the prefix I just generated)
  • Prefix Length:16
  • Border Relay: 192.88.99.1
  • IPv4 Address Mask: 0

Anyhow, I was surprised when my router told me “The 6rd tunnel configuration you entered is incorrect, please check your settings and try again.” while trying to save the configuration.

I was pretty sure my configuration was correct and it should be working, so I decided to cheat a bit. Linksys firmware does the validation on JavaScript side, so I knew I could overcome it by sending the request directly. So, what I did was directed my browser to the following URL (replacing MY_PREFIX with the prefix I had generated):

apply.cgi?_wan_ipv6_dhcp=off&action=Apply&change_action=&ipv4_mask_len=0&lan_ipv6_dhcp=off&need_reboot=0&select_tunnel_mode=2&submit_button=index_ipv6&submit_type=&tunnel_br=192.88.99.1&tunnel_mode=2&tunnel_prefix=MY_PREFIX&tunnel_prefix_len=16&tunnel_status=connecting&wait_time=0&wan_ipv6_dhcp=off&wan_ipv6_proto=tunnel

My router gladly confirmed the configuration was successfully applied. He took few more minutes to establish the connection. After that, I now can successfully ping external IPv6 addresses (ping -6 google.com) and access external IPv6 sites, such ipv6.google.com.

Social

Leave a Reply

Your email address will not be published. Required fields are marked *