Preferring IPv4 over IPv6
As explained in my previous post, I get my IPv6 subnet through a tunnelbroker. This is a great way to use IPv6 when your Internet provider does not yet support it.
There's a downside though: the tunnel adds overhead in terms of both latency and a lower MTU. It also introduces an additional point where congestion or failure can occur.
Getaddrinfo
Most Linux apps use the getaddrinfo
function to
obtain the IP address for a hostname. It is this function
that causes your apps to prefer IPv6 over IPv4.
Fortunately it comes with a configuration file, which we can modify to have it prefer IPv4 over IPv6.
Open the configuration file by entering:
sudo vi /etc/gai.conf
(replace vi with your preferred editor)
Then scroll down to the following section:
#precedence ::1/128 50
#precedence ::/0 40
#precedence 2002::/16 30
#precedence ::/96 20
#precedence ::ffff:0:0/96 10
#
# For sites which prefer IPv4 connections change the last line to
#
#precedence ::ffff:0:0/96 100
Uncomment that last line, so it looks like this:
#precedence ::1/128 50
#precedence ::/0 40
#precedence 2002::/16 30
#precedence ::/96 20
#precedence ::ffff:0:0/96 10
#
# For sites which prefer IPv4 connections change the last line to
#
precedence ::ffff:0:0/96 100
Save the file.
That's it! Most apps will now prefer IPv4 over IPv6.
ExtraIP.com and UDM Pro
I'm using IPv4 and IPv6 ranges supplied by extraip.com. (Available in The Netherlands only.)
Unfortunately the UDM Pro has no UI for setting up the required tunnels. I had to write a script, which I'm sharing below.
My Use Case
The script configures dnsmasq to distribute the IPv6 subnet using SLAAC. If you prefer, you could comment this section out and use the DHCPv6 server in the UI instead.
It also omits the traditional use of an IPv4 network-, gateway- and broadcast- address, allowing us to use all 8 IP addresses for clients or servers.
Prerequisites
The instructions assume you have udm-utilities installed.
Disable IPv6 in UI
To prevent unexpected behavior created by the UI, we disable IPv6 on both WAN and LAN interfaces.
WAN
Open the Network application and navigate to Internet. Now edit your WAN interface to disable its IPv6 Connection.
LAN
Open the Network application and navigate to Settings > Networks. Edit the relevant network, scroll down to IPv6, and switch it to Disable.
The Script
Place the script below in /mnt/data/on_boot.d
and call it extraip.sh
.
Replace the necessary values with those provided to you by extraip.com.
#!/bin/sh
#####################
### CONFIGURATION ###
#####################
LAN_INTERFACE=br0
# IPv6 "Interconnect" subnet (/64)
IPV6_WAN_ENDPOINT=185.40.xx.xx
IPV6_WAN_IP=2a03:10c3:xx:xx::2/64
# IPv6 routed subnet (/48)
IPV6_LAN_SUBNET=2a03:10c3:xx::
IPV6_LAN_IP_ADDRESS=2a03:10c3:xx::1/48
# Actual IPv4 subnet
IPV4_WAN_ENDPOINT=185.40.xx.xx
IPV4_LAN_SUBNET=37.148.xx.xx/29
###################
### IPv6 TUNNEL ###
###################
ip l set dev sit0 down
ip t a sit1 mode sit ttl 64 remote ${IPV6_WAN_ENDPOINT}
ip a a ${IPV6_WAN_IP} dev sit1
ip l set dev sit1 up
ip -6 r r ::/0 dev sit1
################
### IPv6 LAN ###
################
ip a a ${IPV6_LAN_IP_ADDRESS} dev ${LAN_INTERFACE}
cat > /run/dnsmasq.conf.d/slaac.conf <<EOF
interface=${LAN_INTERFACE}
dhcp-range=${IPV6_LAN_SUBNET},ra-stateless,ra-names
enable-ra
EOF
start-stop-daemon -K -q -x /usr/sbin/dnsmasq
sleep 1
start-stop-daemon -S -q -x /usr/sbin/dnsmasq
###################
### IPv4 TUNNEL ###
###################
ip t del tun_extra_ip > /dev/null 2>&1
ip t add tun_extra_ip mode gre remote ${IPV4_WAN_ENDPOINT} ttl 225
ip l set dev tun_extra_ip up
################
### IPv4 LAN ###
################
ip r a ${IPV4_LAN_SUBNET} dev ${LAN_INTERFACE} table 911
ip r a default dev tun_extra_ip table 911
ip ru d from ${IPV4_LAN_SUBNET} lookup 911 > /dev/null 2>&1
ip ru a from ${IPV4_LAN_SUBNET} lookup 911
ip ru d to ${IPV4_LAN_SUBNET} lookup 911 > /dev/null 2>&1
ip ru a to ${IPV4_LAN_SUBNET} lookup 911
Don't forget to make the script executable:
chmod +x /mnt/data/on_boot.d/extraip.sh
You may now manually run the script, to see if it works:
/mnt/data/on_boot.d/extraip.sh
If you run the script multiple times in a row, you will see some errors. This is expected as you are creating thing that already exist:
add tunnel "sit0" failed: No buffer space available
RTNETLINK answers: File exists
RTNETLINK answers: File exists
RTNETLINK answers: File exists
HE.net Tunnelbroker
If you don't need an IPv4 subnet and just want to add IPv6 to your network, I recommend checking out tunnelbroker.net.
In my experience the HE.net tunnelbroker is occasionally congested but works well >99% of the time.
Tweaking Elementary OS
Elementary OS has been my favorite desktop distribution for the past 2 years or so. Its out-of-the-box experience is very close to my preferred setup. Nothing is perfect though. Below are the tweaks I apply when installing Elementary OS 6.
BTRFS
The default Elementary OS install uses an encrypted ext4 partition. If you want to use encrypted btrfs, you're out of luck. The Custom Install will let you use btrfs, but not encrypted btrfs. My work-around is very simple, if a bit tedious.
Default install
First run the default install like you would normally do. This erases your disk and sets you up with an encrypted ext4 partition.
Open Encryption
Boot the installer once more. This time, choose a Custom Install. Choose to manage your disks, which fires up gparted. Use gparted to Open Encryption on the encrypted partition. (You could do this on the command-line, but this is quick and easy.)
Convert to btrfs
Exit gparted and go backwards in the installer. Now choose to enter the Demo mode and open a Terminal.
Enter the following command to convert the ext4 root to btrfs:
sudo btrfs-convert /dev/mapper/data-root
This takes only a minute or so on a clean install.
Update /etc/fstab
Before rebooting, we'll need to update /etc/fstab. To access the file, we first mount our newly converted btrfs filesystem:
sudo mount /dev/mapper/data-root /mnt
We then determine the new blkid of the btrfs filesystem:
sudo blkid /dev/mapper/data-root
It will show you two ID's, you need the first one:
sudo blkid /dev/mapper/data-root
[sudo] password for niels:
/dev/mapper/data-root: UUID="dba6ca21-79e0-49c9-b889-c37d2ccb446a" UUID_SUB="27c5452a-7878-4357-8f95-596a08cab55b" TYPE="btrfs"
Now use your favorite text editor to update /etc/fstab:
PARTUUID=48e067c9-0a5e-4ad7-acb6-2313973188d6 /boot/efi vfat umask=0077 0 0
UUID=da66e7aa-9162-4550-b527-514a045759b0 /boot ext4 noatime,errors=remount-ro 0 0
UUID=dba6ca21-79e0-49c9-b889-c37d2ccb446a / btrfs defaults,noatime,autodefrag,compress 0 0
/dev/mapper/data-swap none swap defaults 0 0
Two things have been updated:
- The UUID, as obtained with blkid.
- The options changed from noatime,errors=remount-ro to defaults,noatime,autodefrag,compress
Reboot
You should now be able to reboot into your Elementary OS install.
Minimize
I'm not sure where this trend to remove the minimize button comes from, but it's easily brought back.
Add the Pantheon Tweaks PPA and install it:
sudo add-apt-repository -y ppa:philip.scott/pantheon-tweaks
sudo apt install -y pantheon-tweaks
This adds a Tweaks icon in the System Settings.
All you need to do there is change the Window Controls Layout from elementary to the one you prefer. In my case the macOS one.
Task Switcher
The default Elementary OS task switcher is a bit overwhelming. Using Catts we get a more traditional and calmer task switcher.
Please see the Catts page for instructions. (4 simple commands, unless you want to compile from source.)