Toggen is IPv6 Live

by | Jul 10, 2019 | IT Tips | 0 comments

So I haven't done much with IPv6 to date but have just discovered that my new NBN connection has IPv6 enabled...

So I have configured my Amazon VPC with a IPv6 address range and added or associated a IPv6 address to this websites EC2 eth0 interface

Also needed was adding a AAAA record in DNS

E.g. toggen.com.au AAAA 2406:da1c:f72:aa73:f84e:74fa:4f91:e542

And as I'm using nginx I had to make the nginx server listen on IPv6 by adding listen [::]:<port> directives:

?
1
2
3
4
5
6
7
8
9
10
11
12
13
server {
    listen 80;
    listen [::]:80;
    server_name toggen.com.au;
    return https://toggen.com.au$request_uri;
}
 
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name toggen.com.au;
    .... rest of ssl config
}

Find the IPv6 hosts on your subnet

?
1
ping6 -I en0 ff02::1

The above will reply with the link-local addresses which always start with fe80::. The reply is limited to hosts on the current layer 2 network segment.

MacOS IPv6 Equivalent to arp -a — Showing MAC Address Table in MacOS

?
1
2
3
4
5
# firstly install the Linux utility using brew
brew install iproute2mac
 
# show
ip -6 neigh show

Use nmap to find the services running on an IPv6 host via the link-local address

?
1
nmap -6 -sV fe80::3a8b:59ff:fe82:fb44%en0

The above takes a few minutes but you get a list of anything that open and listening on the target host and nmap educated guess as to what service it is

Use netcat6 to Connect to a Web Server on an IPv6 link-local Address

You can't use a link-local URL such as http://[fe80::3664:a9ff:fe5b:d4e7%en0] in Chrome or Safari. It is full of fail.

But you can use netcat6 to build a tunnel from a local port [8073] to the device and then use a browser to connect to http://[::1]:8073.

To achieve this I'm using netcat6 installed via homebrew on my Macbook

?
1
2
3
4
5
6
7
# netcat6 usage see below for explanation
nc6 --continuous --exec \
"nc6 fe80::3664:a9ff:fe5b:d4e5%en0 80" \
-l -p 8073 -vv
# wrapped for readability
# remove the backslashes and put this on one
# line

The above nc6 command took me a while to figure out. In english the command is listen (-l) continuously (--continuous) on local port 8073 when something connects to port 8073 execute (--exec) a connection to the remote host ( fe80::3664:a9ff:fe5b:d4e5%en0 ) on the port ( 80 ) specified and pass any data back and forth between port 8073 and port 80 on the remote host. Be verbose about it (-vv).

Important note: fe80::3664:a9ff:fe5b:d4e5%en0 you need to append the %en0 or whatever your interface name is to the end of the link-local address as this tells it which interface to send it out. You can find your interface by running ifconfig, ip addr or ipconfig /all (for windows).

Example using ping6 of how you need to append the interface name to allow IPv6 utilities to send packets out the right interface.
Connecting via Google Chrome on my macbook to a local port 8073 which is tunneled via netcat6 (nc6) to the link-local address on the printer
My home HP Printer link-local address

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The reCAPTCHA verification period has expired. Please reload the page.