Difference between revisions of "IPv6"

From ArchWiki
Jump to: navigation, search
(Static Address: netcfg -> netctl)
m (systemd 207 ready. Style fixes.)
Line 13: Line 13:
 
In Arch Linux, IPv6 is enabled by default. If you are looking for information regarding IPv6 tunnels, you may want to look at [[IPv6 - Tunnel Broker Setup]].
 
In Arch Linux, IPv6 is enabled by default. If you are looking for information regarding IPv6 tunnels, you may want to look at [[IPv6 - Tunnel Broker Setup]].
  
== Privacy Extensions ==
+
== Privacy extensions ==
  
To enable Privacy Extensions for Stateless Address Autoconfiguration in IPv6 according to RFC 4941, reproduce the following steps:
+
To enable [http://tools.ietf.org/html/rfc4941 Privacy Extensions for Stateless Address Autoconfiguration in IPv6 according to RFC 4941], reproduce the following steps:
  
Add these lines to {{ic|/etc/sysctl.conf}}:
+
Add these lines to {{ic|/etc/sysctl.d/99-sysctl.conf}}:
 
{{bc|1=
 
{{bc|1=
 
# Enable IPv6 Privacy Extensions
 
# Enable IPv6 Privacy Extensions
 
net.ipv6.conf.all.use_tempaddr = 2
 
net.ipv6.conf.all.use_tempaddr = 2
 
net.ipv6.conf.default.use_tempaddr = 2
 
net.ipv6.conf.default.use_tempaddr = 2
net.ipv6.conf.<nic0>.use_tempaddr = 2
+
net.ipv6.conf.''nic0''.use_tempaddr = 2
 
...
 
...
net.ipv6.conf.<nicN>.use_tempaddr = 2}}
+
net.ipv6.conf.''nicN''.use_tempaddr = 2}}
  
Where <nic0> to <nicN> are your nic's (the "all" or "default" parameters do not apply to nic's that already exist when the sysctl settings are applied).
+
Where ''nic0'' to ''nicN'' are your nic's (the "all" or "default" parameters do not apply to nic's that already exist when the sysctl settings are applied).
  
 
After a reboot, at the latest, Privacy Extensions should be enabled.
 
After a reboot, at the latest, Privacy Extensions should be enabled.
  
== Neighbor Discovery ==
+
== Neighbor discovery ==
  
 
Pinging the multicast address {{ic|ff02::1}} results in all hosts in link-local scope responding. An interface has to be specified. With a ping to the multicast address {{ic|ff02::2}} only routers will respond.
 
Pinging the multicast address {{ic|ff02::1}} results in all hosts in link-local scope responding. An interface has to be specified. With a ping to the multicast address {{ic|ff02::2}} only routers will respond.
Line 37: Line 37:
 
}}
 
}}
  
If you add an option {{ic|-I <your-global-ipv6>}}, link-local hosts will respond with their link-global scope addresses. The interface can be omitted in this case.
+
If you add an option {{ic|-I ''your-global-ipv6''}}, link-local hosts will respond with their link-global scope addresses. The interface can be omitted in this case.
 
{{bc|
 
{{bc|
 
$ ping6 -I 2001:4f8:fff6::21 ff02::1
 
$ ping6 -I 2001:4f8:fff6::21 ff02::1
 
}}
 
}}
  
== Static Address ==
+
== Static address ==
  
Sometime using static address can improve security. For example, if your local router uses Neighbor Discovery or radvd ([http://www.apps.ietf.org/rfc/rfc2461.html RFC 2461]), your interface will automatically be assigned an address based its MAC address (using IPv6's Stateless Autoconfiguration). This may be less than ideal for security since it allows a system to be tracked even if the network portion of the IP address changes.
+
Sometime using static address can improve security. For example, if your local router uses Neighbor Discovery or radvd ([http://www.apps.ietf.org/rfc/rfc2461.html RFC 2461]), your interface will automatically be assigned an address based its MAC address (using IPv6's Stateless Autoconfiguration). This may be less than ideal for security since it allows a system to be tracked even if the network portion of the IP address changes.
  
 
To assign a static IP address using [[netctl]], look at the example profile in {{ic|/etc/netctl/examples/ethernet-static}}. The following lines are important:
 
To assign a static IP address using [[netctl]], look at the example profile in {{ic|/etc/netctl/examples/ethernet-static}}. The following lines are important:
Line 58: Line 58:
  
 
== Disable IPv6 ==
 
== Disable IPv6 ==
 +
 
{{Note|1=The Arch kernel has IPv6 support built in directly [https://projects.archlinux.org/svntogit/packages.git/commit/trunk?h=packages/linux&id=3aa460e18eac7002bc013949dd401b16f16120b5], therefore a module cannot be blacklisted.}}
 
{{Note|1=The Arch kernel has IPv6 support built in directly [https://projects.archlinux.org/svntogit/packages.git/commit/trunk?h=packages/linux&id=3aa460e18eac7002bc013949dd401b16f16120b5], therefore a module cannot be blacklisted.}}
  
 
=== Disable functionality ===
 
=== Disable functionality ===
Adding {{ic|1=ipv6.disable=1}} to the [[kernel line]] disables the whole IPv6 stack, which is likely what you want if you are experiencing issues. See [[Kernel parameters]] for more information.
+
 
 +
Adding {{ic|1=ipv6.disable=1}} to the [[kernel line]] disables the whole IPv6 stack, which is likely what you want if you are experiencing issues. See [[Kernel parameters]] for more information.
  
 
Alternatively, adding {{ic|1=ipv6.disable_ipv6=1}} instead will keep the IPv6 stack functional but will not assign IPv6 addresses to any of your network devices.
 
Alternatively, adding {{ic|1=ipv6.disable_ipv6=1}} instead will keep the IPv6 stack functional but will not assign IPv6 addresses to any of your network devices.
  
 
One can also avoid assigning IPv6 addresses to specific network interfaces by adding the following sysctl config to {{ic|/etc/sysctl.d/ipv6.conf}}:
 
One can also avoid assigning IPv6 addresses to specific network interfaces by adding the following sysctl config to {{ic|/etc/sysctl.d/ipv6.conf}}:
{{bc|<nowiki>
+
{{bc|
 
# Disable IPv6
 
# Disable IPv6
net.ipv6.conf.all.disable_ipv6 = 1
+
net.ipv6.conf.all.disable_ipv6 &#61; 1
net.ipv6.conf.<interface0>.disable_ipv6 = 1
+
net.ipv6.conf.''interface0''.disable_ipv6 &#61; 1
 
...
 
...
net.ipv6.conf.<interfaceN>.disable_ipv6 = 1
+
net.ipv6.conf.''interfaceN''.disable_ipv6 &#61; 1
</nowiki>}}
+
}}
 
Note that you must list all of the targeted interfaces explicitly, as disabling "all" does not apply to interfaces that are already "up" when sysctl settings are applied.
 
Note that you must list all of the targeted interfaces explicitly, as disabling "all" does not apply to interfaces that are already "up" when sysctl settings are applied.
  
Line 84: Line 86:
  
 
=== Other programs ===
 
=== Other programs ===
Disabling IPv6 functionality in the kernel does not prevent other programs from trying to use IPv6. In most cases, this is completely harmless, but if you find yourself having issues with that program, you should consult the program's man page(s) for a way to disable that functionality.
+
 
 +
Disabling IPv6 functionality in the kernel does not prevent other programs from trying to use IPv6. In most cases, this is completely harmless, but if you find yourself having issues with that program, you should consult the program's manual pages for a way to disable that functionality.
  
 
For example, {{Pkg|dhcpcd}} will continue to harmlessly attempt to perform IPv6 router solicitation. To disable this, as stated in the dhcpcd.conf man page, add the following to {{ic|/etc/dhcpcd.conf}}:
 
For example, {{Pkg|dhcpcd}} will continue to harmlessly attempt to perform IPv6 router solicitation. To disable this, as stated in the dhcpcd.conf man page, add the following to {{ic|/etc/dhcpcd.conf}}:
 
  noipv6rs
 
  noipv6rs
  
==See also==
+
== See also ==
 +
 
 
* [http://www.kernel.org/doc/Documentation/networking/ipv6.txt IPv6] - kernel.org Documentation
 
* [http://www.kernel.org/doc/Documentation/networking/ipv6.txt IPv6] - kernel.org Documentation

Revision as of 21:25, 13 September 2013

Summary help replacing me
This article covers IPv6, and basics of configuring different IPv6 related things like static IP adresses.
Related
IPv6 - Tunnel Broker Setup

In Arch Linux, IPv6 is enabled by default. If you are looking for information regarding IPv6 tunnels, you may want to look at IPv6 - Tunnel Broker Setup.

Privacy extensions

To enable Privacy Extensions for Stateless Address Autoconfiguration in IPv6 according to RFC 4941, reproduce the following steps:

Add these lines to /etc/sysctl.d/99-sysctl.conf:

# Enable IPv6 Privacy Extensions
net.ipv6.conf.all.use_tempaddr = 2
net.ipv6.conf.default.use_tempaddr = 2
net.ipv6.conf.nic0.use_tempaddr = 2
...
net.ipv6.conf.nicN.use_tempaddr = 2

Where nic0 to nicN are your nic's (the "all" or "default" parameters do not apply to nic's that already exist when the sysctl settings are applied).

After a reboot, at the latest, Privacy Extensions should be enabled.

Neighbor discovery

Pinging the multicast address ff02::1 results in all hosts in link-local scope responding. An interface has to be specified. With a ping to the multicast address ff02::2 only routers will respond.

$ ping6 ff02::1%eth0

If you add an option -I your-global-ipv6, link-local hosts will respond with their link-global scope addresses. The interface can be omitted in this case.

$ ping6 -I 2001:4f8:fff6::21 ff02::1

Static address

Sometime using static address can improve security. For example, if your local router uses Neighbor Discovery or radvd (RFC 2461), your interface will automatically be assigned an address based its MAC address (using IPv6's Stateless Autoconfiguration). This may be less than ideal for security since it allows a system to be tracked even if the network portion of the IP address changes.

To assign a static IP address using netctl, look at the example profile in /etc/netctl/examples/ethernet-static. The following lines are important:

/etc/netctl/examples/ethernet-static
...
# For IPv6 static address configuration
IP6=static
Address6=('1234:5678:9abc:def::1/64' '1234:3456::123/96')
Routes6=('abcd::1234')
Gateway6='1234:0:123::abcd'

Disable IPv6

Note: The Arch kernel has IPv6 support built in directly [1], therefore a module cannot be blacklisted.

Disable functionality

Adding ipv6.disable=1 to the kernel line disables the whole IPv6 stack, which is likely what you want if you are experiencing issues. See Kernel parameters for more information.

Alternatively, adding ipv6.disable_ipv6=1 instead will keep the IPv6 stack functional but will not assign IPv6 addresses to any of your network devices.

One can also avoid assigning IPv6 addresses to specific network interfaces by adding the following sysctl config to /etc/sysctl.d/ipv6.conf:

# Disable IPv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.interface0.disable_ipv6 = 1
...
net.ipv6.conf.interfaceN.disable_ipv6 = 1

Note that you must list all of the targeted interfaces explicitly, as disabling "all" does not apply to interfaces that are already "up" when sysctl settings are applied.

Note 2, if disabling IPv6 by sysctl, you should comment out the IPv6 hosts in your /etc/hosts-file.

#<ip-address>	<hostname.domain.org>	<hostname>
127.0.0.1	localhost.localdomain	localhost
#::1		localhost.localdomain	localhost

otherwise there could be some connection errors because hosts are resolved to there IPv6 address which is not reachable.

Other programs

Disabling IPv6 functionality in the kernel does not prevent other programs from trying to use IPv6. In most cases, this is completely harmless, but if you find yourself having issues with that program, you should consult the program's manual pages for a way to disable that functionality.

For example, dhcpcd will continue to harmlessly attempt to perform IPv6 router solicitation. To disable this, as stated in the dhcpcd.conf man page, add the following to /etc/dhcpcd.conf:

noipv6rs

See also

  • IPv6 - kernel.org Documentation