FreeBSD 9.0 as IPv6-only

At work we have native IPv6 connectivity along with IPv4. We’ve had IPv6 for nearly 5 years and IPv4 for the past 17 years.

On 2011-08-16, I grabbed an IPv6-only snapshot of FreeBSD/i386 9.0-BETA1 dated 20110727 and started experimenting with internet life using only IPv6. This particular machine is a virtual machine running inside VirtualBox 4.1.2 on my Windows 7 desktop at work.

The network interface for the VM is set to bridged mode to allow for IPv6 packets straight from the wired network.

Kernel configuration

The kernel configuration file is quite simple:

include GENERIC
ident IPV6ONLY
makeoptions MKMODULESENV+="WITHOUT_INET_SUPPORT="
nooptions INET
nodevice gre

Just remember to set the KERNCONF variable in /etc/make.conf prior to recompiling the kernel.

KERNCONF=IPV6ONLY

Transferring the ports infrastructure

The original cvsup client talks only IPv4. I used the csup client clone written in C, found in base, to connect to an IPv6 enabled CVSup server and transfer the entire ports infrastructure to /usr/ports.

Making the cvsupd service on a dual-stack server available for IPv6-only clients

If you run a dual-stack CVSup server, you can install net/socat from ports and let socat listen on TCP6 port 5999 on the CVSup server and forward any connections and the associated traffic to and from TCP4 port 5999 on localhost, i.e. the CVSup server. The cvsupd daemon is IPv4-only, and the following is a cute hack making its services available to csup clients running on IPv6(-only) systems.

Run socat from /etc/rc.local on the CVSup server using a command like this one:

/usr/bin/nohup /usr/local/bin/socat -ly tcp6-listen:5999,fork,reuseaddr tcp4:localhost:5999 >/dev/null 2>&1 &

(Ref.: http://freebsd.1045724.n5.nabble.com/IPv6-and-cvsup-servers-td4073408.html.)

Compiling and installing ports

During my initial trial I hit one snag. shared-mime-info-0.90.tar.bz2 is only available for download by IPv4. I had to cheat by downloading this file on our dual-stack FTP server and later copy the file from the FTP server to /usr/ports/distfiles on the IPv6-only machine. Anyone else running into the same snag may download shared-mime-info-0.90.tar.bz2 by IPv6 FTP or HTTP, courtesy of Gjøvik Technical College.

Prior to compiling sysutils/lsof, make sure /usr/src is populated with the kernel sources corresponding to the running kernel. You might as well extract the entire source tree from the snapshot’s distribution files either during installation or afterwards.

Prior to compiling sysutils/htop, make sure /compat/linux/proc is mounted.

Execute these commands:

ln -s usr/compat /compat
mkdir -p /usr/compat/linux/proc

Add this line to /etc/fstab:

linproc /compat/linux/proc linprocfs rw 0 0

And finally, this time only, manually mount the linprocfs:

mount /compat/linux/proc

The following ports and their dependencies were compiled and installed, although not necessarily in this order:

  • mail/alpine
  • www/apache22
  • shells/bash
  • x11-wm/bbkeys
  • mail/bbmail
  • x11-wm/bbpager
  • x11/bbrun
  • x11-wm/blackbox
  • net/cvsup-without-gui
  • editors/emacs-nox11
  • www/firefox
  • security/gnupg
  • sysutils/htop
  • sysutils/lsof
  • misc/mc
  • www/opera
  • lang/perl5.14
  • security/pinentry-curses
  • ports-mgmt/portaudit
  • ports-mgmt/portupgrade
  • sysutils/psmisc
  • lang/python27
  • lang/python32
  • sysutils/screen
  • emulators/virtualbox-ose-additions
  • net/wireshark
  • x11/xconsole
  • x11/xdm
  • x11/xorg

Resuming internet life

After compiling and installing Xorg, blackbox, Firefox, and Opera, I could again surf the Internet to some extent.

Some of the Norwegian national and local newspapers are already up and running with IPv6. These are the ones I tried and found to be working as of 2011-08-17:

  • http://vg.no/ (vg.no has IPv6 address 2001:67c:21e0::16)
  • http://www.oa.no/ (www.oa.no is an alias for web.avis.api.no, web.avis.api.no has IPv6 address 2a02:c0:1011::234)
  • http://www.rb.no/ (www.rb.no is an alias for web.avis.api.no, web.avis.api.no has IPv6 address 2a02:c0:1011::234)
  • http://www.nordlys.no/ (www.nordlys.no is an alias for web.avis.api.no, web.avis.api.no has IPv6 address 2a02:c0:1011::234)
  • http://www.fremover.no/ (www.fremover.no is an alias for web.avis.api.no, web.avis.api.no has IPv6 address 2a02:c0:1011::234)

Naturally, all IPv4 contents will not be shown, such as images and flash animations. The lack of the latter is probably more of a blessing than an inconvenience. ;-)

There’s some DNS work to be done, because the shorter URLs, like http://oa.no/, don’t work as expected. For some unknown reason they contain only IPv4 addresses and MX information.

trond@enterprise:~>host oa.no
oa.no has address 87.238.55.56
oa.no mail is handled by 10 scan.telenor.net.

Contrast the above with:

trond@enterprise:~>host www.oa.no
www.oa.no is an alias for web.avis.api.no.
web.avis.api.no has address 87.238.54.234
web.avis.api.no has IPv6 address 2a02:c0:1011::234

Their operators have informed me this is due to the use of CNAMEs in the DNS zones and the use of a central hub for dispatching the user to the right newspaper. Only when this arrangement is changed would it be possible to add IPv6 addresses to the shorter URLs. My sources tells me this is not gonna happen at first.

The Norwegian NREN, Uninett, is up and running with IPv6.

Google is available as http://ipv6.google.com/, although its webcache (webcache.googleusercontent.com) and most of the search results are IPv4-only. :-(

The rest of the world needs to step up. By January 2012 most web sites ought to be available using IPv6.

Staying current with -CURRENT

On 2011-08-18, I decided to update the source tree, and recompile and reinstall the kernel and userland.

First, I deleted everything in /usr/src, except /usr/src/sys/i386/conf/IPV6ONLY. Next, I csup‘ed HEAD, aka 9.0-BETA1, into /usr/src.

Then the usual sequence followed:

cd /usr/obj
rm -Rf usr
cd ../src
script -t 2 make-buildworld-buildkernel-20110818.txt make buildworld buildkernel
script -t 2 make-installkernel-20110818.txt make installkernel
shutdown -r now Upgrading to 9.0-BETA1 as of 2011-08-18.; logout
<reboot into single user mode>
<hit enter when asked about which shell to run>
swapon -a
fsck -p
mount -u /
mount -al
/etc/netstart
/etc/rc.d/syscons start
bash        # only as a matter of preference
cd /usr/src
mergemaster -p
script -t 2 make-installworld-20110818.txt make installworld
mergemaster -Fi
script -t 2 make-delete-old-20110818.txt make delete-old
script -t 2 make-delete-old-libs-20110818.txt make delete-old-libs
cd /etc/mail
<synchronize and edit your local mail configuration files as you see fit>
make all install
exit        # only if running a secondary shell like bash
reboot

sendmail

The default configuration files for sendmail are still closely tied to IPv4. You need to apply these two patches to make sendmail avoid anything related to IPv4:

--- /etc/mail/freebsd.mc  2011-08-18 09:07:13.000000000 +0200
+++ /etc/mail/<hostname>.mc 2011-08-19 16:00:25.000000000 +0200
@@ -79,9 +79,9 @@
 dnl define(`confCW_FILE', `-o /etc/mail/sendmail.cw')
 define(`confCW_FILE', `-o /etc/mail/local-host-names')
 
-dnl Enable for both IPv4 and IPv6 (optional)
-DAEMON_OPTIONS(`Name=IPv4, Family=inet')
-DAEMON_OPTIONS(`Name=IPv6, Family=inet6, Modifiers=O')
+dnl Enable for IPv6
+FEATURE(`no_default_msa')
+DAEMON_OPTIONS(`Name=IPv6, Family=inet6')
 
 define(`confBIND_OPTS', `WorkAroundBrokenAAAA')
 define(`confNO_RCPT_ACTION', `add-to-undisclosed')
--- /etc/mail/freebsd.submit.mc   2011-08-18 09:07:16.000000000 +0200
+++ /etc/mail/<hostname>.submit.mc  2011-08-19 16:14:08.000000000 +0200
@@ -24,4 +24,4 @@
 define(`confBIND_OPTS', `WorkAroundBrokenAAAA')dnl
 dnl
 dnl If you use IPv6 only, change [127.0.0.1] to [IPv6:::1]
-FEATURE(`msp', `[127.0.0.1]')dnl
+FEATURE(`msp', `[IPv6:::1]')dnl

Future updates

I’ll try and keep updating this post as my experience with IPv6-only enriches.