Eric Radman : a Journal

Introducing IPv6

Trial Configuration - Server

If your provider doesn't have native IPv6 support you can use a tunnel broker such as Add the tunnel configuration to /etc/hostname.gif0.

mtu 1280
inet6 2001:4978:f:18::2 128
dest 2001:4978:f:18::1
!/sbin/route add -inet6 default ::1
!/sbin/route change -inet6 default -ifp gif0

If you want to respond to reverse delegations, then you have to use an address from the /64 subnet supplied by the tunnel broker. I added the IPv6 address to hostname.vic0, but any interface would work.

inet6 2001:4978:f:8018::1/64

Services - HTTP

http {
    server {
        listen [::]:80;
        listen *:80;

Services - DNS

Secondary Nameservers

options {
    allow-transfer {

Reverse Zones

zone "" {
        type master;
        file "master/";

$TTL 6h

@       IN      SOA     localhost. root.localhost. (
                        2       ; serial
                        1h      ; refresh
                        30m     ; retry
                        7d      ; expiration
                        1h )    ; minimum

                NS PTR

First, there isn't 128 bits of routable address space. Without NAT every end user needs a /48.

# /etc/hostname.dc0
inet6 2001:470:a020::1/48

Why? A subnet cannot be smaller than a /64 without breaking neighbor discovery, stateless autoconfiguration, and so on. Therefore every end site needs a /56 or /48.

# /etc/hostname.hme0
# My LAN
inet6 2001:470:a020:1::1/64
# /etc/hostname.hme1
# Guest wireless
inet6 2001:470:a020:2::1/64

IPv6 is 45 bits

It turns out that you can't use the first 3 bits either, the format prefix is functionally used as a protocol ID, only 2001:: is world-routable.

$ ping6 -S fe80::216:cfff:fe43:4d09
ping6: bind: Can't assign requested address

It's interesting to note that with private IP addresses there's no confusion about what consitutes a valid source address

$ ping -S
PING ( 56 data bytes
64 bytes from icmp_seq=0 ttl=242 time=101.431 ms
64 bytes from icmp_seq=1 ttl=242 time=97.135 ms

Stale Routes

If you move from one network to another you may discover that you

dhclient has renewed your IP address, but left stale IPv6 addresses in place. To solve this manually flush out the IPv6 routes
$ doas route -n flush -inet6

And then zero out each interface

$ doas ifconfig wpi0 -inet6
$ doas ifconfig em0 -inet6


Why IPv6 Address Space is Too Small

Last updated on October 20, 2016