Ubuntu, Raspberry Pi, IPv6 only

There are very simple instructions for installing Ubuntu on a Raspberry Pi, simply downloading the Imager and then pick the OS (which it will download for you, I used Ubuntu Server 20.04 LTS), and write it to the micro SD card for your Pi. https://ubuntu.com/tutorials/how-to-install-ubuntu-on-your-raspberry-pi

The image is pre-configured for DHCPv4 using the wired Ethernet connection, with alternative instructions for getting it setup with Wi-Fi, but without mention of IPv6, which is now used by 30-35% of the Internet.

Here are instructions for setting up Ubuntu on your Raspberry Pi up with IPv6 only.

Pre-requisites

To be useful you need to currently have IPv6, which there is a fair chance as Google statistics are that about 30-35% of the Internet is now happily running IPv6. https://www.google.com/intl/en/ipv6/statistics.html

In Australia, the biggest consumer internet service provider of IPv6 would be Telstra, who includes IPv6 on their fixed NBN connections. The longest running ISP who has IPv6 is Internode, with some availability from iiNet (who purchases Internode), and TPGi (who purchased iiNet). I have used Internode since they started IPv6, although I work for Telstra.

If you are using a Telstra mobile, then they moved over to IPv6 only in February 2020, with DNS64+NAT64 and 464XLAT for accessing IPv4 sites. Telstra phones are no longer given public IPv4 addresses; at best you get dual stack with a carrier grade network address translation (CGNAT) with something like a 10.x.x.x private address on the telstra.internet access point, with IPv6 only on the telstra.wap access point.

See https://www.computerworld.com/article/3521032/telstra-kicks-off-next-stage-of-ipv6-shift-for-mobile-network.html or for the email list announcement http://lists.ausnog.net/pipermail/ausnog/2020-February/043869.html

Configuring for IPv6 only

First, review the instructions for the Wi-Fi setup, as the needed changes are similar. The instructions reference the netplan configuration, documented at https://netplan.io/ with the examples including some IPv6 at the bottom.

On the SD Card (in system-boot), open the network-config file and change the eth0 section to remove dhcp4 and instead enable dhcp6 and accept-ra, for automatic IPv6 configuration including gateway and DNS.

You should also add some static addresses, which make it easy to connect to the machine later.

The configuration should look similar to:

ethernets:
  eth0:
    dhcp6: true
    accept-ra: true
    addresses:
      - "2001:db8:1234:5600::1:82/64"
      - "fd12:3456:789a::1:82/64"
    optional: true

I have both a public prefix delegation from my ISP and a unique local address range I use, so have configured two static addresses. If you only have a prefix delegation from your ISP then you may only have one.

There are also settings for gateway6 and nameservers, if you need to configure them manually (not through dhcp6/router advertisement). For more details on the configuration options see https://netplan.io/reference/

Picking a static IPv6 address

My router is running OpenWRT and I have it configured for both Stateless Address Auto-Configuration (SLAAC) and DHCPv6, and I have both a public prefix (my ISP delegates a /56) and a unique local address (ULA) range (the equivalent of IPv4 private address ranges, except they are statistically unique so can be routed site-to-site if needed).

This means every machine on my network automatically gets four IPv6 addressess — two in the public range, from DHCPv6 and SLAAC, and two in the ULA range.

For dynamic DHCPv6 addresses OpenWRT is hard coded to use a random value for the last 12 bits, i.e. between 0x0000 and 0x0fff, which is enough for ~4,000 machines. (See assign_na in dhcpv6-ia.c, https://git.openwrt.org/?p=project/odhcpd.git;a=blob;f=src/dhcpv6-ia.c).

I also use address suffixes 0x1000 and higher for static DHCPv6 leases assigned to specific machine DUIDs. OpenWRT only allows configuration of the last address segment for static leases, but this is enough for ~12,000 more static DHCPv6 leases.

Of course I have quintillions (~ 2^64) more addresses to choose from in both ranges (in just one of the 256 subnets my ISP provides), so I just use ::1:xxxx for static addresses, e.g. <prefix>::1:82/64 used above.

Have a look at the current IPv6 addresses assigned to your machines, particularly if you are using DHCPv6 dynamic addresses, to determine the range being used, then pick some addresses outside that range if possible, but short enough to be easily typed in.

Boot Ubuntu and connect to your machine

Using a static address makes it easy to connect to your Pi after booting, however they are not strictly necessary if automatic IPv6 address configuration is working in your network.

If you are not using static addresses, but are using DHCPv6, then to find the IPv6 address you will need to look at your DHCP server for a registration with a type 0x0002 DUID with the vendor prefix 0x0000ab11, e.g. with a DUID like “00020000ab11xxxxxxxxxxxxxxxx”, and with the default host name “ubuntu”.

If you are only using SLAAC then the address may be based on the EUI-64 MAC address or randomly generated, so you would have to listen for announcements when the machine joins the network to learn it’s address.

Once you have determined the IPv6 address (a static address being the easiest), you can connect via SSH:

ssh ubuntu@fd12:3456:789a::1:82

The initial password is “ubuntu”, and you will need to change it on first login. See the Ubuntu setup steps (link above) for more details.

Once you have logged in you will be able to see your IPv6 addresses listed. In my cases there are six addresses, with the dynamic DHCPv6 address, SLAAC, and the static address, for each of the public prefix delegated and unique local address ranges.

What to do next

Your Pi is now directly connected to one third of the Internet!

The benefits are that it has a global address and can be connected to directly, although you still need to configure the firewall on your router appropriately to let connections through. For example it means you can configure it to serve HTTPS directly without having to worry about port forwarding conflicts on your IPv4 router (automatically configure HTTPS via Let’s Encrypt or similar).

To interact with the other two thirds that is still stuck with IPv4 you need some sort of gateway. For incoming web traffic (e.g. HTTPS) you can use a reverse proxy like Nginx or Caddy and port forward your router’s port 443 to that, then use Server Name Identification (SNI) to work out which actual IPv6 machine to send to.

For connecting to IPv4 resources from your IPv6 only machine you need to use a combination such at DNS64 + NAT64; while Google has a public DNS64 offering, you would need to provide your own NAT64 service or see if your ISP provides it as a service. (Telstra provides NAT64 on their mobile network, which is now IPv6 only; not sure about their NBN offering.)

Leave a Reply

Your email address will not be published. Required fields are marked *