Preferring IPv4 over IPv6


Niels - January 8, 2022

As explained in my previous post, I get my IPv6 subnet through a tunnelbroker. This is a great way to use IPv6 when your Internet provider does not yet support it.

There's a downside though: the tunnel adds overhead in terms of both latency and a lower MTU. It also introduces an additional point where congestion or failure can occur.

Getaddrinfo

Most Linux apps use the getaddrinfo function to obtain the IP address for a hostname. It is this function that causes your apps to prefer IPv6 over IPv4.

Fortunately it comes with a configuration file, which we can modify to have it prefer IPv4 over IPv6.

Open the configuration file by entering:

sudo vi /etc/gai.conf
(replace vi with your preferred editor)

Then scroll down to the following section:

#precedence  ::1/128       50
#precedence  ::/0          40
#precedence  2002::/16     30
#precedence ::/96          20
#precedence ::ffff:0:0/96  10
#
#    For sites which prefer IPv4 connections change the last line to
#
#precedence ::ffff:0:0/96  100

Uncomment that last line, so it looks like this:

#precedence  ::1/128       50
#precedence  ::/0          40
#precedence  2002::/16     30
#precedence ::/96          20
#precedence ::ffff:0:0/96  10
#
#    For sites which prefer IPv4 connections change the last line to
#
precedence ::ffff:0:0/96  100

Save the file.

That's it! Most apps will now prefer IPv4 over IPv6.

 

ExtraIP.com and UDM Pro


Niels - January 7, 2022

I'm using IPv4 and IPv6 ranges supplied by extraip.com. (Available in The Netherlands only.)

Unfortunately the UDM Pro has no UI for setting up the required tunnels. I had to write a script, which I'm sharing below.

My Use Case

The script configures dnsmasq to distribute the IPv6 subnet using SLAAC. If you prefer, you could comment this section out and use the DHCPv6 server in the UI instead.

It also omits the traditional use of an IPv4 network-, gateway- and broadcast- address, allowing us to use all 8 IP addresses for clients or servers.

Prerequisites

The instructions assume you have udm-utilities installed.

Disable IPv6 in UI

To prevent unexpected behavior created by the UI, we disable IPv6 on both WAN and LAN interfaces.

WAN

Open the Network application and navigate to Internet. Now edit your WAN interface to disable its IPv6 Connection.

LAN

Open the Network application and navigate to Settings > Networks. Edit the relevant network, scroll down to IPv6, and switch it to Disable.

The Script

Place the script below in /mnt/data/on_boot.d and call it extraip.sh.

Replace the necessary values with those provided to you by extraip.com.

#!/bin/sh

#####################
### CONFIGURATION ###
#####################

LAN_INTERFACE=br0

# IPv6 "Interconnect" subnet (/64)
IPV6_WAN_ENDPOINT=185.40.xx.xx
IPV6_WAN_IP=2a03:10c3:xx:xx::2/64

# IPv6 routed subnet (/48)
IPV6_LAN_SUBNET=2a03:10c3:xx::
IPV6_LAN_IP_ADDRESS=2a03:10c3:xx::1/48

# Actual IPv4 subnet
IPV4_WAN_ENDPOINT=185.40.xx.xx
IPV4_LAN_SUBNET=37.148.xx.xx/29

###################
### IPv6 TUNNEL ###
###################

ip l set dev sit0 down

ip t a sit1 mode sit ttl 64 remote ${IPV6_WAN_ENDPOINT} 
ip a a ${IPV6_WAN_IP} dev sit1
ip l set dev sit1 up
ip -6 r r ::/0 dev sit1 

################
### IPv6 LAN ###
################

ip a a ${IPV6_LAN_IP_ADDRESS} dev ${LAN_INTERFACE}

cat > /run/dnsmasq.conf.d/slaac.conf <<EOF
interface=${LAN_INTERFACE}
dhcp-range=${IPV6_LAN_SUBNET},ra-stateless,ra-names
enable-ra
EOF

start-stop-daemon -K -q -x /usr/sbin/dnsmasq
sleep 1
start-stop-daemon -S -q -x /usr/sbin/dnsmasq

###################
### IPv4 TUNNEL ###
###################

ip t del tun_extra_ip > /dev/null 2>&1
ip t add tun_extra_ip mode gre remote ${IPV4_WAN_ENDPOINT} ttl 225  
ip l set dev tun_extra_ip up

################
### IPv4 LAN ###
################

ip r a ${IPV4_LAN_SUBNET} dev ${LAN_INTERFACE} table 911
ip r a default dev tun_extra_ip table 911
ip ru d from ${IPV4_LAN_SUBNET} lookup 911 > /dev/null 2>&1
ip ru a from ${IPV4_LAN_SUBNET} lookup 911
ip ru d to ${IPV4_LAN_SUBNET} lookup 911 > /dev/null 2>&1
ip ru a to ${IPV4_LAN_SUBNET} lookup 911

Don't forget to make the script executable:

chmod +x /mnt/data/on_boot.d/extraip.sh

You may now manually run the script, to see if it works:

/mnt/data/on_boot.d/extraip.sh

If you run the script multiple times in a row, you will see some errors. This is expected as you are creating thing that already exist:

add tunnel "sit0" failed: No buffer space available
RTNETLINK answers: File exists
RTNETLINK answers: File exists
RTNETLINK answers: File exists

HE.net Tunnelbroker

If you don't need an IPv4 subnet and just want to add IPv6 to your network, I recommend checking out tunnelbroker.net.

In my experience the HE.net tunnelbroker is occasionally congested but works well >99% of the time.

 

Tweaking Elementary OS


Niels - November 17, 2021

Elementary OS has been my favorite desktop distribution for the past 2 years or so. Its out-of-the-box experience is very close to my preferred setup. Nothing is perfect though. Below are the tweaks I apply when installing Elementary OS 6.

BTRFS

The default Elementary OS install uses an encrypted ext4 partition. If you want to use encrypted btrfs, you're out of luck. The Custom Install will let you use btrfs, but not encrypted btrfs. My work-around is very simple, if a bit tedious.

Default install

First run the default install like you would normally do. This erases your disk and sets you up with an encrypted ext4 partition.

Open Encryption

Boot the installer once more. This time, choose a Custom Install. Choose to manage your disks, which fires up gparted. Use gparted to Open Encryption on the encrypted partition. (You could do this on the command-line, but this is quick and easy.)

Convert to btrfs

Exit gparted and go backwards in the installer. Now choose to enter the Demo mode and open a Terminal.

Enter the following command to convert the ext4 root to btrfs:

sudo btrfs-convert /dev/mapper/data-root

This takes only a minute or so on a clean install.

Update /etc/fstab

Before rebooting, we'll need to update /etc/fstab. To access the file, we first mount our newly converted btrfs filesystem:

sudo mount /dev/mapper/data-root /mnt

We then determine the new blkid of the btrfs filesystem:

sudo blkid /dev/mapper/data-root

It will show you two ID's, you need the first one:

sudo blkid /dev/mapper/data-root 
[sudo] password for niels:         
/dev/mapper/data-root: UUID="dba6ca21-79e0-49c9-b889-c37d2ccb446a" UUID_SUB="27c5452a-7878-4357-8f95-596a08cab55b" TYPE="btrfs"

Now use your favorite text editor to update /etc/fstab:

PARTUUID=48e067c9-0a5e-4ad7-acb6-2313973188d6  /boot/efi  vfat  umask=0077  0  0
UUID=da66e7aa-9162-4550-b527-514a045759b0  /boot  ext4  noatime,errors=remount-ro  0  0
UUID=dba6ca21-79e0-49c9-b889-c37d2ccb446a  /  btrfs  defaults,noatime,autodefrag,compress  0  0
/dev/mapper/data-swap  none  swap  defaults  0  0

Two things have been updated:

  1. The UUID, as obtained with blkid.
  2. The options changed from noatime,errors=remount-ro to defaults,noatime,autodefrag,compress

Reboot

You should now be able to reboot into your Elementary OS install.

Minimize

I'm not sure where this trend to remove the minimize button comes from, but it's easily brought back.

Add the Pantheon Tweaks PPA and install it:

sudo add-apt-repository -y ppa:philip.scott/pantheon-tweaks
sudo apt install -y pantheon-tweaks

This adds a Tweaks icon in the System Settings.

All you need to do there is change the Window Controls Layout from elementary to the one you prefer. In my case the macOS one.

Task Switcher

The default Elementary OS task switcher is a bit overwhelming. Using Catts we get a more traditional and calmer task switcher.

Please see the Catts page for instructions. (4 simple commands, unless you want to compile from source.)