CentOS: Setup IPv6 using HE Tunnel Broker with Apache

Even though IPv4 has been fully occupied, many people still not realized that they need to start implementing IPv6 for their services. In this post, I am going to show how to implement IPv6 connectivity to HTTP service which run on Apache.

We will use dual-stack configuration which allowed IPv4 and IPv6 run simultaneously in a single server. In this tutorial, I am assuming that we will use standard Apache installation which come from yum.

IPv6 Kernel Module

I am using CentOS 5.6 32bit and IPv6 module is disabled by default if not configured during first installation. You will see following error when you want to load IPv6 kernel module:

$ modprobe ipv6
FATAL: Module off not found.

This is not an issue if you are using CentOS 5.7 and later. So we need to enable the IPv6 module and make sure it is loaded into kernel.

Open /etc/modprobe.conf using text editor:

$ vim /etc/modprobe.conf

and delete following line:

alias ipv6 off
options ipv6 disable=1

Save the file and reload probe for ipv6 module.

$ modprobe ipv6

To check whether ipv6 is correctly loaded, use lsmod command as below:

$ lsmod | grep ipv6
ipv6       270049   1 cnic

To complete the process, reboot the server.

Once done, lets see network interface in this server. We have 2 active interfaces: localhost (lo) and ethernet (eth0) which is the default route to Internet:

$ ip a
1: lo:  mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
2: eth0:  mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:16:17:27:7f:9d brd ff:ff:ff:ff:ff:ff
inet 85.127.181.30/26 brd 85.17.81.63 scope global eth0
inet6 fe80::216:17ff:fe27:7f9d/64 scope link

Get the IPv6

1. Lets check the IPv4 main IP of our server. Run following command to check:

$ curl cpanel.net/myip
85.127.181.30

2. Since we will configuring dual-stack protocol, we need to have our IPv6 connection to be tunnel into IPv4 connectivity. Hurrican Electric (HE) is providing this service for free. We need to create an account, create the IPv6 tunnel and configure it to our server.

Once registered, login into the portal and click ‘Create Regular Tunnel’ and add the main IPv4 of your server and select a tunnel location. Since this server is located in Europe, I will just select Berlin as refer in screenshot below:

3. Click ‘Create Tunnel’. You will then being redirected to a summary page. Go to ‘Example Configurations’ tab and select ‘Linux-route2’ as screenshot below:

That is the command that we need to execute in order to activate the IPv6 in the server.

 

Activate the IPv6

1. There can be 2 ways to activate the IPv6 interface whether using command line or using network interface configuration file. We will activate using command line and also create an network configuration file so we can use ifup and ifdown command to control the interface (just like normal interface script ifcfg-eth0).

2. Execute all commands as stated in the example configuration above:

$ modprobe ipv6
$ ip tunnel add he-ipv6 mode sit remote 216.66.80.30 local 85.127.181.30 ttl 255
$ ip link set he-ipv6 up
$ ip addr add 2001:470:1f0a:6ef::2/64 dev he-ipv6
$ ip route add ::/0 dev he-ipv6
$ ip -f inet6 addr

3. Check whether the interface is up. You should get the IPv6 address provided by TunnelBroker:

$ ifconfig he-ipv6

4. Create the network config file. Go to /etc/sysconfig/network-scripts/ and create a new file using text editor called ifcfg-he:

$ vim /etc/sysconfig/network-scripts/ifcfg-he

And add following line:

DEVICE=he-ipv6
TYPE=sit
BOOTPROTO=none
ONBOOT=yes                         # set to "no" if you prefer to start the tunnel manually
IPV6INIT=yes
IPV6TUNNELIPV4=216.66.80.30        # Server IPv4 address
IPV6ADDR=2001:470:1f0a:6ef::2      # Client IPv6 address

4. Add following line into /etc/sysconfig/network to make sure all IPv6 traffic will be routed through this interface:

NETWORKING_IPV6=yes
IPV6_DEFAULTDEV=he-ipv6

5. Since this server already have APF firewall loaded, we need to disable it because APF is not supporting IPv6 yet. If you want to configure IPv6 firewall, configure your rules under /etc/sysconfig/ip6tables instead:

$ apf -f
$ rm /etc/init.d/apf

6. You can bring the IPv6 up and down using ifup and ifdown command as below:

$ ifdown he-ipv6
$ ifup he-ipv6

 

Point Domain Name to IPv6

The next step should be DNS. We need our hostname resolvable to IPv6 when lookup. Login to the name server and add following AAAA record (IPv6 A record type):

www.mydomain.org      A           85.127.181.30
www.mydomain.org      AAAA        2001:470:1f0a:6ef::2

Done! Wait for DNS propagation to complete before you can test your website.

Configure Apache

1. Since we want our website to be accessed via IPv4 and IPv6, the listen value in httpd.conf will remain as default. Open Apache configuration file located at /etc/httpd/conf/httpd.conf and find following line:

Listen 80

2. My new virtual host for the website will be as below:

NameVirtualHost 85.127.181.30:80
NameVirtualHost [2001:470:1f0a:6ef::2]:80
 
# VirtualHost for IPv4
<VirtualHost 85.127.181.30:80>
    ServerName www.mydomain.org
    ServerAdmin admin@localhost
    DocumentRoot /home/mydomain/public_html
    ErrorLog /home/mydomain/logs/error_log
    CustomLog /home/mydomain/logs/access_log combined
</VirtualHost>
# Virtual host for IPv6
<VirtualHost [2001:470:1f0a:6ef::2]:80>
    ServerName www.mydomain.org
    ServerAdmin admin@localhost
    DocumentRoot /home/mydomain/public_html
    ErrorLog /home/mydomain/logs/error_log
    CustomLog /home/mydomain/logs/access_log combined
</VirtualHost>

3. Check Apache configuration file and start if configuration syntax is correct:

$ service httpd configtest
$ service httpd restart

IPv6 Browsing Test

To test our website’s IPv6 browsing, I will use http://www.ipv6proxy.net/. I used this web proxy to access one of my page http://www.mydomain.org/ipv6.html and following result appear as below:

Done! Your website now can be accessed via IPv4 and IPv6!