As promised in my last post about the tinc IPv6 VPN router on Raspberry Pi I’ll provide cut-and-paste setup instructions to get the setup off the ground. I have used Ubuntu 14.04.l LTS to create this howto, but most other Debian-based distributions will work for this, and most other distributions also carry the tinc package.
Prepared requirements to complete this howto is:
a) One installed virtual or physical server with dualstack IPv4 and IPv6 connectivity to the Internet without port filtering. (Must be added after installation is done).
b) Static IPv6 addressing with atleast one static address (eth0) and two /64 networks routed to this address.
c) An Raspberry Pi with an Raspbian installed.
d) The Nordic Semiconductor (Bluetooth Smart) Raspbian 6LoWPAN-enabled 3.17.4+-release Linux kernel image package downloadable from their devzone site (direct download link: here)
Note: Please replace the IPv4 and IPv6 example networking with your own networks as needed in the following configuration examples. To get this working you need to know that the eth0 interface of the router has the IPv6 address 2001:0db8:85a3:a1a1::1/64 facing the Internet and the IPv6 network 2001:0db8:85a3:ef00::/56 routed to it. The virtual interface running the v6router has the /56 prefix routed to it locally and does the routing for it’s clients on the “inside” of this interface virtually.
On your server carry out the following steps to get tinc installed and ready for action:
aptitude install tinc
echo "v6router" >> /etc/tinc/nets.boot
mkdir -p /etc/tinc/v6router/hosts
cd /etc/tinc/v6router
cat <<EOT >> /etc/tinc/v6router/tinc.conf
Name = v6router
Mode = switch
EOT
cat <<EOT >> /etc/tinc/v6router/tinc-up
#!/bin/sh
# Enable tinc - add things
ip link set $INTERFACE up
ip -6 addr add 2001:0db8:85a3:ef00::1/64 dev \$INTERFACE
ip -6 route add 2001:0db8:85a3:ef00::/56 dev \$INTERFACE
# Static routing table - five client networks
ip -6 route add 2001:0db8:85a3:ef11::/64 via 2001:0db8:85a3::11
ip -6 route add 2001:0db8:85a3:ef12::/64 via 2001:0db8:85a3::12
ip -6 route add 2001:0db8:85a3:ef13::/64 via 2001:0db8:85a3::13
ip -6 route add 2001:0db8:85a3:ef14::/64 via 2001:0db8:85a3::14
ip -6 route add 2001:0db8:85a3:ef15::/64 via 2001:0db8:85a3::15
EOT
chmod +x /etc/tinc/v6router/tinc-up
cat <<EOT >> /etc/tinc/v6router/tinc-down
#!/bin/sh
# Disable tinc - remove things
# Static routing table - remove routes for clients
ip -6 route del 2001:0db8:85a3:ef11::/64 via 2001:0db8:85a3::11
ip -6 route del 2001:0db8:85a3:ef12::/64 via 2001:0db8:85a3::12
ip -6 route del 2001:0db8:85a3:ef13::/64 via 2001:0db8:85a3::13
ip -6 route del 2001:0db8:85a3:ef14::/64 via 2001:0db8:85a3::14
ip -6 route del 2001:0db8:85a3:ef15::/64 via 2001:0db8:85a3::15
# Disable tinc - remove routes and interface
ip -6 route del 2001:0db8:85a3:ef00::/56 dev \$INTERFACE
ip -6 addr del 2001:0db8:85a3:ef00::1/64 dev \$INTERFACE
ip -6 link set \$INTERFACE down
EOT
chmod +x /etc/tinc/v6router/tinc-down
cat <<EOT >> /etc/tinc/v6router/hosts/v6router
Address = 10.0.0.1
Subnet = 2001:0db8:85a3:ef00::1/128
EOT
tincd -n v6router -K4096
echo "net.ipv6.conf.all.forwarding = 1" >> /etc/sysctl.conf
Now, we should repeat this process on the Raspberry Pi, slightly modified, as we should not set up as much networking here as on the central router. Here are the commands to copy-and-paste for your Pi after logging in as root (yes, we require Internet access for this):
apt-get install tinc
mkdir -p /etc/tinc/v6router/hosts
cd /etc/tinc/v6router
cat <<EOT >> /etc/tinc/v6router/tinc.conf
Name = node-one
Mode = switch
ConnectTo = v6router
EOT
cat <<EOT >> /etc/tinc/v6router/tinc-up
#!/bin/sh
ip link set \$INTERFACE up
ip -6 addr add 2001:0db8:85a3::11/64 dev \$INTERFACE
ip -6 route add default via 2001:0db8:85a3::1 dev v6router
EOT
chmod +x /etc/tinc/v6router/tinc-up
cat <<EOT >> /etc/tinc/v6router/tinc-down
#!/bin/sh
ip -6 route del default via 2001:0db8:85a3::1
ip -6 addr del 2001:0db8:85a3::11/64 dev \$INTERFACE
ip -6 link set \$INTERFACE down
EOT
chmod +x /etc/tinc/v6router/tinc-down
cat <<EOT >> /etc/tinc/v6router/hosts/node-one
Subnet = 2001:0db8:85a3::11/128
EOT
tincd -n node-one -K2048
You now need to copy the file /etc/tinc/v6router/hosts/v6router from your central server to the node-one Raspberry Pi and place the contents of it in the exactly same file on the Pi. Then copy the contents of the file /etc/tinc/v6router/hosts/node-one from your Raspberry Pi to the same file on the central server.
If you would like your Raspberry Pi to automatically connect to the v6router on power-on you should add one more set of commands to it:
cat <<EOT >> /etc/tinc/nets.boot
v6router
EOT
You should now reboot your v6router server and make sure that it displays a virtual interface named v6router when done, it should look something like this:
v6router Link encap:Ethernet HWaddr c0:ff:ee:c0:ff:ee
inet6 addr: fe80::50c0:35ff:eec0:ffee/64 Scope:Link
inet6 addr: 2001:0db8:85a3::1/64 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:0 (0 MB) TX bytes:0 (0 MB)
Now reboot your Raspberry Pi and see if it’ll respond back to you with a ping on it’s IPv6 address. If you get a ping reply you are set for the last part that we’ll do in part four: – Getting the Raspberry Pi to connect devices on it’s local network with the routed IPv6 subnet.