Last week or so, I migrated this site to a new server (OVH has this strange habit of pushing clients to migrate from older offers to new ones by not only releasing upgraded offers but also raising the prices of the old ones for current subscribers :x). In the process, I noticed that the IPv6 was kind of put forward (it used to be just in the control panel, now it’s also in the server activation e-mail right below the IPv4 address). So I figured, let’s use it this time.
I first though it was as simple as adding an AAAA record in the DNS zone in Bind. So I did. Tough, it didn’t work. The server doesn’t actually replies to queries sent to its IPv6 address. After a quick search, I found that it was because IPv6 wasn’t enabled/configured on the server.
At first I tested that with this online tool, but then I got a more convenient way using the console:
ping6 -c 1 ipv6.google.com
The reply I got was:
connect: Network is unreachable
OVH provides a guide to configure IPv6. Sadly, as of today, it’s outdated and doesn’t work with Ubuntu 18.04.
So I kept looking and eventually found that I had to use netplan, as follow:
1) Go to folder /etc/netplan
2) Create a file named (for instance) 90-ipv6.yml with the following content:
network:
version: 2
ethernets:
ens3:
dhcp4: true
match:
macaddress: ab:cd:ef:12:34:56
set-name: ens3
addresses:
- 1234:5678:9:3100:0:0:0:abc/64
gateway6: 1234:5678:9:3100:0000:0000:0000:0001
NB: obviously, replace the interface name (ens3), the MAC address, the address and the gateway with your values. You should be able to find the interface name and MAC address in file /etc/netplan/50-cloud-init.yaml, and the address and gateway should be provided to you by your host. Note that even if your host only provides a /128, you need to enter it as a /64 in order for this to work for some reason.
3) This is not over yet, you need to run these commands in order to apply your changes:
netplan generate netplan apply
And that’s it. It should work without a reboot (but if it doesn’t, I guess you can try to reboot), so ping6 should now work:
root@vps123456:/etc/netplan# ping6 -c 1 ipv6.google.com PING ipv6.google.com(iad23s63-in-x0e.1e100.net (2607:f8b0:4004:810::200e)) 56 data bytes 64 bytes from iad23s63-in-x0e.1e100.net (2607:f8b0:4004:810::200e): icmp_seq=1 ttl=50 time=91.2 ms --- ipv6.google.com ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 91.214/91.214/91.214/0.000 ms
And your AAAA record should work too.
Note that you might need to adjust your Apache HTTPd virtual hosts configuration. I didn’t need to, because my virtual hosts don’t use the IP:
<VirtualHost *:80>
ServerName www.patheticcockroach.com
DocumentRoot "/path/to/docs/"
RewriteEngine On
RewriteCond %{HTTPS} off
# RewriteRule (.*) https://%{SERVER_NAME}/$1 [R,L]
RewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
<Directory "/path/to/docs/">
Require all granted
Options -Indexes
AllowOverride All
</Directory>
</VirtualHost>
<VirtualHost *:443>
ServerName www.patheticcockroach.com
DocumentRoot "/path/to/docs/"
<Directory "/path/to/docs/">
Require all granted
Options -Indexes
AllowOverride All
</Directory>
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:HIGH:!CAMELLIA:!RC4:!MD5:!aNULL:!EDH
SSLCertificateFile /etc/letsencrypt/live/www.patheticcockroach.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.patheticcockroach.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/www.patheticcockroach.com/fullchain.pem
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
</VirtualHost>
But if yours do, you might find this guide useful.
Sources:
– How to add an IPv6 address and default route with netplan in Ubuntu 17.10 artful? – Ask Ubuntu
– (FR) Impossible de configurer IPv6 (Netplan <3 et Ubuntu 18.04) – Cloud / VPS – OVH Community
0 Responses
Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.