mesh ipv6 configuration and mesh

• On OVH the route is automatically configured
  • Assuming the manager says IPv6 2001:41d0:2:9076::/64
  • the following can be added (note the ::1/64 instead of ::/64)

    iface eth0 inet6 static
       address 2001:41d0:2:9076::1/64
       netmask 64
    

• On tetaneutral network

  iface eth0 inet6 static
     address 2a01:6600:8081:8400::1/56
     netmask 56
     gateway fe80::31
  

• In a DNS

  z2-41           IN      AAAA    2a01:6600:8081:8400::1 ;; tetaneutral
  

• Establish a IPv4 openvpn tunel connecting two IPv6 endpoint. Use a IPv4 openvpn configuration.
  • Client (the only difference is proto udp6

    remote z2-41.pokersource.info
    proto udp6
    dev tun4
    port 4005
    management 127.0.0.1 5504
    ifconfig 10.1.5.4 10.1.4.5
    secret /etc/openvpn/keys/shared.key
    comp-lzo
    keepalive 10 60
    ping-timer-rem
    persist-tun
    persist-key
    

  • Server the only difference is proto udp6

    dev tun5
    port 4005
    proto udp6
    management 127.0.0.1 4505
    ifconfig 10.1.4.5 10.1.5.4
    secret /etc/openvpn/keys/shared.key
    comp-lzo
    keepalive 10 60
    ping-timer-rem
    persist-tun
    persist-key
    

• The latest iftop supports ipv6 apt-get install iftop=0.17-17
• /etc/shorewall/shorewall.conf

  DISABLE_IPV6=No
  

• restart shorewall shorewall restart; sleep 30 && shorewall clear
• ip6tables ip6tables -L -v -n -x should look like:

  Chain INPUT (policy ACCEPT 4517654 packets, 681740684 bytes)
      pkts      bytes target     prot opt in     out     source               destination         
         0        0 ACCEPT     all      lo     *       ::/0                 ::/0                
  
  Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
      pkts      bytes target     prot opt in     out     source               destination         
  
  Chain OUTPUT (policy ACCEPT 8427730 packets, 4384454956 bytes)
      pkts      bytes target     prot opt in     out     source               destination         
         0        0 ACCEPT     all      *      lo      ::/0                 ::/0                
  

• If it does not try

   ip6tables -A OUTPUT -j ACCEPT
   ip6tables -A FORWARD -j ACCEPT
   ip6tables -A INPUT -j ACCEPT
  

• reverse zone /etc/bind/named.conf.local

  zone "1.8.0.8.0.0.6.6.1.0.a.2.ip6.arpa" {
      type master;
      file "/etc/bind/db.ip6-81";
  };
  

• reverse zone /etc/bind/db.ip6-81

  ; -*- mode: zone; -*-
  ;
  ; BIND reverse data file for broadcast zone
  ;
  $TTL    3600
  @       IN      SOA     ns1.tetaneutral.net. hostmaster.tetaneutral.net. (
                          2011070301      ; serial
                           7200         ; Refresh
                            3600         ; Retry
                          1800000         ; Expire
                           3600 )       ; Negative Cache TTL
  @       IN      NS      ns1.tetaneutral.net.
  @       IN      NS      ns2.tetaneutral.net.
  
  ; reverse
  $ORIGIN 0.0.e.c.1.8.0.8.0.0.6.6.1.0.a.2.ip6.arpa.
  1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0         IN      PTR     www6.tetaneutral.net.
  
  ; delegations /56
  1.9.1.8.0.8.0.0.6.6.1.0.a.2.ip6.arpa. 86400 IN NS   hoersch.kneissel.org.
  1.9.1.8.0.8.0.0.6.6.1.0.a.2.ip6.arpa. 86400 IN NS   serveur.kneissel.org.
  e.8.1.8.0.8.0.0.6.6.1.0.a.2.ip6.arpa. 86400 IN NS   dns.kafe-in.net.