Unitymedia and your IPv6 Home-Server

Introduction

If you’re like me, you’ll have a home server running some services you want to reach over the Internet when you’re at work (or something like that). Furthermore if you’re like me you’ve changed your ISP to get more bandwidth for your home server. I’ve recently switched to Unitymedia and that was the end of my home-server availability.

Why you may ask? Because Unitymedia only provides IPv6 addresses to their new customers, so effectively, if you’re in the same situation as me, you won’t be able to reach anything on your home network (not even your router) via the routers assigned IPv4 address. But don’t worry, in this post I’ll explain how to solve your problems with accessing your home-server.

Before we begin. You’ll notice I did describe steps for Windows and Linux, but not Mac OS X. That’s because

  1. Mac OS X and Linux are very similar as Mac OS X is based on Unix and Linux is very similar to Unix by design (I actually worked with Max OS X for years -it was a job thing-)
  2. Apple doesn’t exist in my world. period. (so don’t ask any Apple related questions)

How to find out if you’re on an IPv6 network

Well, the first clue is, that no matter how many ports you open for NAT (Network Address Translation, or Port Forwarding as most router menus will call it) you won’t be able to reach anything through your routers external IPv4. To confirm the presence of an IPv6 network you can look at your servers IP configuration (or the network configuration on any machine on your network).

If you’re on an IPv6 network, EVERY machine on your network will be assigned an IPv6 address that is valid throughout the Internet (assuming you’re running on DHCP and your router is the DHCP server -otherwise in a static configuration your server/computer won’t ask for an IPv6 or IPv4 network address, more on that at the end-). So to look at your network configuration open a console. I assume Linux users know how to open a console/terminal, so I’m gonna explain this step for Windows users only.

To open a console in Windows 7 go to your Start-Menu and in the input field type “cmd”. It should display the “cmd.exe”, execute that. No matter the Windows Version there should always be a “cmd.exe”, just the way of finding it might differ with the Windows Version you’re on.

To find your network configuration on Windows type the following command and press Enter:
C:\> ipconfig

To find your network configuration on Linux type the command and press enter:
root@server:~# ifconfig

In both cases you’ll get a list of interfaces and assigned IP addresses, look for the lines that start with IPv6 (Windows mostly) or inet6 (Linux mostly) and look at the addresses. You’ll have two IPv6 addresses assigned, one is the local IPv6 (it always starts with fe80: ) and the other one is your global IPv6 address that can be reached through the Internet. Write that address down, or copy & paste it somewhere, because we’ll need it in the next steps.

However, before you can reach your home-server from an external client you’ll need to configure your router for it. Although IPv6 does not use NAT, your router will still have a firewall in place to prevent unwanted access to the IPv6 LAN. Now since there’s basically no unified router configuration interface you’ll be on your own with this task. Consult your routers manual and call tech-support if needed. What you need to do is to open the needed port(s) on your routers IPv6 firewall, so traffic that should go to your home-server on that port will be let through.

Now it’s time to decide how you want to access your home-server. This mainly depends on the service you want to reach and if the service and/or your remote location are IPv6 capable.

Accessing an IPv6 enabled service directly through an IPv6 client

This is the easiest step. To access an IPv6 enabled service directly through an IPv6 capable client you’ll just have to use your servers IPv6 address. For example you could try to ping your server (provided pings are let through by the routers firewall and your server isn’t configured to ignore ping packets). For this you can use the command “ping” on a Windows console, or “ping6” on a Linux console. To access a Web Server through its IPv6 address on a Web Browser you’ll need to put the IPv6 address in brackets “[IPv6-Address]”, otherwise it won’t work.

Accessing an IPv6 enabled service through an IPv4 only client

Now this is where it becomes complicated, as you’ll need a Linux server that can be reached on the Internet through IPv4 and IPv6. What you’ll need to do is to setup some kind of IPv4 to IPv6 forwarding/proxy. The program to do this with on Linux is socat. To enable traffic from IPv4 to IPv6 on your Internet server from and to specific ports use the following command:
root@inet-server:~# socat TCP4-LISTEN:<PORT>,fork,su=nobody TCP6:[<IPv6-ADDRESS>]:<PORT>

Replace <PORT> with the port your service runs on (the two <PORT> placeholders don’t need to be replaced with the same port, you can accept IPv4 connections on a different Port than the one you want to redirect the traffic to).

Replace <IPv6-ADDRESS> with the IPv6 address of your home-server.

To access your home-server you now type the address of your Internet IPv4 server and use the port you used with socat as the TCP4-LISTEN port.

Accessing an IPv4 only service through an IPv6 enabled client

Now this is the reverse case of the above case and it can be solved in the same way, except you won’t need an Internet server that is accessible through IPv4 and IPv6, you’ll only need your home-server (or any other local machine running Linux -a Raspberry Pi would be fine and doesn’t need much power-, in case your home-server is Windows). To start the IPv6 to IPv4 forwarding on a Linux machine use the following command:
socat TCP6-LISTEN:<PORT>,fork,su=nobody TCP4:<IPv4-ADDRESS>:<PORT>

Replace <PORT> with the port you want to connect to (as usual, the port you want to connect to externally and the port the service runs on that you want to access don’t need to be the same).

Replace <IPv4-ADDRESS> with the IPv4 address of your home-server.

In this case you will connect to the IPv4 service, running on your home-server, through the IPv6 address of the device where socat is running on. If it’s your home-server that’s running socat, then just use your home-servers IPv6 that you wrote down earlier. If it’s another machine then repeat the steps for finding the IPv6 of a Linux machine on the machine running socat.

Accessing an IPv4 only service through an IPv4 only client while the service is actually on an IPv6 only network

Not much to write here, just combine the previsou two methods. Setup your Internet server for IPv4 to IPv6 forwarding with socat. Forward to the IPv6 address of your local device, which is running the socat instance that’s forwarding the IPv6 connection to your IPv4 service.

In case you’re wondering, this is actually what I had to do 🙂

DHCP vs. Static Network Configuration

Perhaps you don’t use DHCP for your server, perhaps you don’t even use DHCP for anything on your network. Well in this case it’s hard to quickly verify that your ISP has put you on an IPv6 only connection. Your router will be the only place you can check if you get a valid IPv6 subnet assigned. But how that’s done is entirely up to your routers configuration interface, so you’ve got to check the manual or ask tech-support (actually you might just ask tech-support about IPv6 in the first place).

If you are in fact on an IPv6 only connection you’ll need to set up your IPv6 addresses manually (if you’re still not going to use DHCP anyway).

IPv4 and IPv6 addresses are assigned separately. You could enable DHCP for IPv6 only (actually DHCP is the service for IPv4, DHCP6 is the one for IPv6).

Setting up IPv6 on Linux

Sorry, I only know how to do this on Linux versions that use the Debian style networking configuration (e.g. Ubuntu, Debian, OpenWrt). For the purpose of simplicity I’ll assume you only have the network device eth0, although the configuration for any other network device will be equivalent. For a static IPv6 configuration you’ll need to know what IPv6 subnet you’re on. So you can either temporarily enable DHCP6 (explained later as another way to setup IPv6) and see what IPv6 your machine will get assigned or check your routers configuration again.

On a Debian based Linux (e.g. Ubuntu) open the network configuration file “/etc/network/interfaces” in an editor (you can do this via the terminal or with a GUI program, depending on what you prefer, I’ll use a terminal with pico or nano -instead of vi-).

1. static IPv4 and static IPv6

auto eth0
iface eth0 inet static
address 192.168.0.10
netmask 255.255.255.0
gateway 192.168.0.1


iface eth0 inet6 static
address <YOUR DESIRED IPv6>
netmask 64
gateway <YOUR ROUTERS IPv6>

As you can see, the IPv6 setup is not much different than the IPv4 setup.

The IPv6 address you want to assign to your Linux box needs to be within the IPv6 subnet that has been assigned to your router via your ISP.

One problem with static IPv6 setups is, that home internet connections tend to change IP-addresses after a while. A static IPv6 setup under these conditions is not recommended.

2. static IPv4 and IPv6 through DHCP

auto eth0
iface eth0 inet static
address 192.168.0.10
netmask 255.255.255.0
gateway 192.168.0.1


iface eth0 inet6 dhcp

Of course the IPv4 addresses are examples for local IPv4 addresses, you can set them to whatever you like.

Setting up IPv6 on Windows

In Windows go to your network configuration, either through the system settings or the notification area in your task bar. Open up the properties window of your network connection. (In Windows 7/Vista you’ll left-click on your network connection, then chose properties from the pop-up window, on XP you’ll right-click your connection and chose properties from the menu).

Once in the connections property window you’ll see a list of enabled features for that connection. One of them will be TCP/IPv4 and another one should be TCP/IPv6 (if it’s not there you’ll need to install it first). Click on either of them and then chose properties/options from the buttons below the list (it’s the right most button). You’ll get a pop-up window where you can configure your network settings for the specified protocol version. At this point it is pretty straight forward (and somewhat equivalent to Linux), you just chose between automatic (DHCP) or static/manual IP assignment.

Conclusion

So I hope this will help you, dear reader, to cope with your IPv6 problems at home. I had to search the Internet for a whole day until I got all the information I needed on IPv6 to get this done. So hopefully you have found this blog post first to save you the time. 🙂

This post is in no way a complete guide on this matter. It just sums up the knowledge I needed to set this up for my home network. There might be follow up posts on matters concerning IPv6 though.

Flattr this!

3 thoughts on “Unitymedia and your IPv6 Home-Server

  1. Simon

    Hey, thanks for the infos. I’m living behind a IPv6 unitymedia router (TC7200.u) as well.
    I’m using my strato virtual server running debian to do the ipv4 to ipv6 conversion. This way I can access the raspberry pi (ipv6 enabled in /etc/modules) running at home with open hab installed on it.
    Wouldn’t have managed without your instructions! Thanks!

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *



Time limit is exhausted. Please reload CAPTCHA.