-
-
Notifications
You must be signed in to change notification settings - Fork 677
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Added Oracle Cloud ipv6 docs configuration
- Loading branch information
1 parent
475830f
commit 5bc3719
Showing
1 changed file
with
185 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,185 @@ | ||
| --- | ||
| description: How to configure IPv6 on your Oracle Cloud VPS. | ||
| --- | ||
|
|
||
| ## Setting up IPv6 on Oracle Cloud using TunnelBroker Tunnel (48 oraz 64 block) | ||
|
|
||
| This guide will assist you in setting up an IPv6 tunnel using Tunnelbroker.net. The steps provided are tested on Ubuntu (20.04 but works with other versions also). | ||
|
|
||
| ## 1st step | ||
| `For this step, it is recommended to have knowledge of configuring and connecting to the instance using SSH or another protocol.` | ||
|
|
||
| **If you do not have the knowledge yet, reffer to this [article](https://docs.oracle.com/en-us/iaas/Content/Compute/Tasks/launchinginstance.htm) or this [video](https://www.youtube.com/watch?v=89CVSTPjfCc).** | ||
| - Go to [cloud.oracle.com](https://cloud.oracle.com/) | ||
| - Create **new Instance (VM)**. Shape doesn't matter. *(I use Ampere A1.Flex)* | ||
|
|
||
| **Note:** If you get an error `Out of the capacity`, there's nothing you can do but wait and try again in few days. It's frustrating, but it's Oracle. | ||
| - For a tested and correct configuration, it is recommended to set the Image to `Ubuntu`. As it was previously stated: *version doesn't matter*. Just be sure it's `>=20.04`. | ||
|
|
||
|
|
||
| ## 2nd step | ||
| `Follow this step if your instance is already running.` | ||
| #### This step provides us with a possible server response from TunnelBroker, to which we will add our ip. This is discussed in the #4th step. | ||
| - Go to the main page of your Instance and click on the `Subnet`. | ||
|
|
||
|  | ||
|
|
||
| - Click on the `Default Security List for your Virtual Cloud Network`. | ||
|
|
||
|  | ||
|
|
||
| - Click on `Add Ingress Rules`. | ||
|
|
||
|  | ||
| **Note**: As you can see, I already have the `ICMP IP Protocol` configured. But I will walk you through. | ||
| - The pop-up will show: | ||
|
|
||
|  | ||
|
|
||
| Configure it accordingly: | ||
| - For `Source CIDR` type: **0.0.0.0/0** | ||
| - For `IP Protocol` change to: **ICMP** | ||
| So your fully configured `Ingress Rule` should look like this: | ||
|
|
||
|  | ||
|
|
||
| - Click `Save changes`. | ||
|
|
||
|
|
||
| ## Step 3 | ||
|
|
||
| #### Enabling IPv6 Non-Local Bind | ||
|
|
||
| Before proceeding with the tunnel setup, it's recommended to enable IPv6 non-local bind. This allows applications to bind to non-local addresses. | ||
| On your configured and connected instance execute the following commands: | ||
| ```bash | ||
| # Enable now | ||
| sysctl -w net.ipv6.ip_nonlocal_bind=1 | ||
| # Persist for next boot | ||
| echo 'net.ipv6.ip_nonlocal_bind = 1' >> /etc/sysctl.conf | ||
| # (Optionally) Load in sysctl settings from the file specified or /etc/sysctl.conf if none given. | ||
| sysctl -p | ||
| ``` | ||
|
|
||
| ## Step 4 | ||
|
|
||
| ### Register on Tunnelbroker.net: | ||
|
|
||
| 1. Go to [Tunnelbroker.net](https://www.tunnelbroker.net). | ||
| 2. Sign up for an account if you haven't already. | ||
| 3. Log in to your account. | ||
|
|
||
| ### Create a Tunnel: | ||
|
|
||
| 1. After logging in, [Create Tunnel](https://tunnelbroker.net/new_tunnel.php). | ||
| 2. Enter your IPv4 endpoint (your public IPv4 address). | ||
| - Can be obtained from the main instance page: | ||
|  | ||
| **Note**: It should already be *pingable* and Tunnelbroker should give us the info: `Possible Tunnel` or something like that. Green info message. | ||
| 4. Select the nearest server to your location (physical, not the location of the instance). | ||
| - Fully configured tunnel should look like that: | ||
|  | ||
|
|
||
| 5. **Optionally**: Click on **Assign /48** to use `/48 block`. It is less likely to be blocked. | ||
|  | ||
|
|
||
|
|
||
| ### Configuration: | ||
| This step is done already at the server. | ||
|
|
||
| #### Command 1: Add IPv6 Tunnel Interface | ||
|
|
||
| ```bash | ||
| sudo ip tunnel add he-ipv6 mode sit remote [TUNNEL_SERVER_IPV4] local [YOUR_CLIENT_IPV4] ttl 255 | ||
| ``` | ||
|
|
||
| - Replace `[TUNNEL_SERVER_IPV4]` with the server's IPv4 address provided by Tunnelbroker.net. | ||
|
|
||
|  | ||
|
|
||
| - Replace `[YOUR_CLIENT_IPV4]` with your server's IPv4 address. We are using Oracle, so we need to replace it by using `Private IPv4 Address` obtained from the main page of the instance. | ||
|
|
||
|  | ||
|
|
||
|
|
||
| **Note**: If you encounter the "no buffer space available" error during this step due to misconfiguration, run: | ||
|
|
||
| ```bash | ||
| sudo ip tun del he-ipv6 | ||
| ``` | ||
| - Replace `he-ipv6` with the name of the interface you initially set up. You can check your current interfaces using `ifconfig`. | ||
|
|
||
| #### Command 2: Set up IPv6 Tunnel Interface | ||
|
|
||
| ```bash | ||
| sudo ip link set he-ipv6 up | ||
| ``` | ||
|
|
||
| - This command brings the IPv6 tunnel interface up. | ||
|
|
||
| #### Command 3: Add IPv6 Address to the Tunnel Interface | ||
|
|
||
| For **/48** block: | ||
| ```bash | ||
| sudo ip addr add [YOUR_IPV6_BLOCK]::2/48 dev he-ipv6 | ||
| ``` | ||
|
|
||
| For **/64** block: | ||
| ```bash | ||
| sudo ip addr add [YOUR_IPV6_BLOCK]::2/64 dev he-ipv6 | ||
| ``` | ||
|
|
||
| - This assigns an IPv6 address to the tunnel interface. | ||
| - Replace `[YOUR_IPV6_BLOCK]` with your allocated **IPv6 block**. This one can be obtained from the Tunnelbroker tunnel which we previously created: | ||
|
|
||
|  | ||
|
|
||
| **Important note**: `Ipv6 block` isn't the whole address. It's the *block*. So for example: | ||
| - We have the `Routed /64` assigned as `2001:470:72:5e::/64`. | ||
| - The `block` we want to copy is: `2001:470:72:5e`. | ||
| - The same thing for `/48` one. | ||
|
|
||
|
|
||
| #### Command 4: Add IPv6 Default Route | ||
|
|
||
| ```bash | ||
| sudo ip route add ::/0 via [YOUR_IPV6_BLOCK]::1 dev he-ipv6 | ||
| ``` | ||
|
|
||
| - This command adds a default route for IPv6 traffic via the tunnel interface. | ||
| - If you encounter a **"File exists"** error, change `add` to `replace` | ||
| - Replace `[YOUR_IPV6_BLOCK]` with the previously mentioned block. | ||
|
|
||
| #### Command 5: Handle Limited Pingability | ||
|
|
||
| For **/48 block**: | ||
| ```bash | ||
| sudo ip -6 route replace local [YOUR_IPV6_BLOCK]::/48 dev lo | ||
| ``` | ||
|
|
||
| For **/64 block**: | ||
| ```bash | ||
| sudo ip -6 route replace local [YOUR_IPV6_BLOCK]::/64 dev lo | ||
| ``` | ||
|
|
||
| - This command ensures that traffic destined for addresses within your `/48` or `/64` block is routed correctly. | ||
|
|
||
| ### Testing | ||
|
|
||
| ```bash | ||
| ping6 -I [YOUR_IPV6_BLOCK]::4 google.com | ||
| ``` | ||
| - This command pings `google.com` using the IPv6 address `[YOUR_IPV6_BLOCK]::4` as the source address. | ||
|
|
||
| ```bash | ||
| ping6 -I [YOUR_IPV6_BLOCK]::3 google.com | ||
| ``` | ||
| - This command pings `google.com` using the IPv6 address `[YOUR_IPV6_BLOCK]::3` as the source address. | ||
|
|
||
| ```bash | ||
| ping6 -I [YOUR_IPV6_BLOCK]::2 google.com | ||
| ``` | ||
| - This command pings `google.com` using the IPv6 address `[YOUR_IPV6_BLOCK]::2` as the source address. | ||
| - If the `ping6` using `::2` is the only one that works, refer to commands 4 and 5 for solution. | ||
|
|
||
| These commands allow you to test connectivity to `google.com` using different IPv6 source addresses. Adjust the source addresses as needed for your testing purposes. |