Product SiteDocumentation Site

10.6. IPv6

IPv6, successor to IPv4, is a newer version of the IP protocol designed to fix its flaws, most notably the scarcity of available IP addresses. This protocol handles the network layer; its purpose is to provide a way to address machines, to convey data to their intended destination, and to handle data fragmentation if needed (in other words, to split packets into chunks with a size that depends on the network links to be used on the path and to reassemble the chunks in their proper order on arrival).
کرنل‌های دبیان از IPv6 در هسته خود بهره می‌برند (به استثنا معماری‌هایی که آن را به صورت یک ماژول با نام ipv6 قرار داده‌اند). ابزار پایه‌ای مانند ping و traceroute معادل IPv6 خود را با نام‌های ping6 و traceroute6 دارا هستند که این ابزارها در بسته‌های iputils-ping و iputils-tracepath قرار گرفته‌اند.
شبکه IPv6 نیز مشابه با IPv4 در فایل /etc/network/interfaces پیکربندی می‌شود. اما اگر می‌خواهید این شبکه از خارج نیز قابل دسترس باشد به مسیریابی نیاز دارید که توانایی مدیریت بسته‌های IPv6 را دارا باشد.

مثال 10.10. نمونه‌ای از پیکربندی IPv6

iface enp7s0 inet6 static
    address 2001:db8:1234:5::1:1/64
    # Disabling auto-configuration
    # autoconf 0
    # The router is auto-configured and has no fixed address
    # (accept_ra 1). If it had:
    # gateway 2001:db8:1234:5::1
زیرشبکه‌های IPv6 معمولا netmask برابر با ۶۴ بیت دارند. این به معنی وجود 264 نشانی منحصربفرد در زیرشبکه است. Stateless Address Autoconfiguration یا SLAAC امکان انتخاب یک نشانی بر اساس نشانی MAC رابط شبکه داخلی را پیدا می‌کند. به صورت پیشفرض، اگر SLAAC روی شبکه شما و IPv6 روی رایانه شما فعال باشند، کرنل به صورت خودکار مسیریاب‌های IPv6 را پیدا کرده و رابط‌های شبکه را مطابق با آن پیکربندی می‌کند.
This behavior may have privacy implications. If you switch networks frequently, e.g. with a laptop, you might not want your MAC address being a part of your public IPv6 address. This makes it easy to identify the same device across networks. A solution to this are IPv6 privacy extensions (which Debian enables by default if IPv6 connectivity is detected during initial installation), which will assign an additional randomly generated address to the interface, periodically change them and prefer them for outgoing connections. Incoming connections can still use the address generated by SLAAC. The following example, for use in /etc/network/interfaces, activates these privacy extensions for the interface enp7s0.

مثال 10.11. افزونه‌های حریم‌خصوصی IPv6

iface enp7s0 inet6 auto
    # Prefer the randomly assigned addresses for outgoing connections.
    privext 2
IPv6 connections can be restricted, in the same fashion as for IPv4. nft can be used to create firewall rules for IPv4 and IPv6 (see قسمت 14.2.3, “Syntax of nft).

10.6.1. تونل‌زنی

If a native IPv6 connection is not available, the fallback method is to use a tunnel over IPv4. Hurricane Electric is one (free) provider of such tunnels:
To use a Hurricane Electric tunnel, you need to register an account, login, select a free tunnel and edit the file /etc/network/interfaces with the generated code.
You can install and configure the radvd daemon (from the similarly-named package) if you want to use the configured computer as a router for a local network. This IPv6 configuration daemon has a role similar to dhcpd in the IPv4 world.
The /etc/radvd.conf configuration file must then be created (see /usr/share/doc/radvd/examples/simple-radvd.conf as a starting point). In our case, the only required change is the prefix, which needs to be replaced with the one provided by Hurricane Electric; it can be found in the output of the ip a command, in the block concerning the he-ipv6 interface.
Then run systemctl start radvd. The IPv6 network should now work.