While looking for something else I stumbled upon something that sparked a query into IPv6 addressing (we all get on those Internet tangents, right?) which led me to a blog post that gave a hint to a way to add IPv6 addresses to my tunnel-provided server.

I've been poking with different ways to get the server to have multiple IPv6 addresses that work. It's pretty easy to give the server's interfaces addresses, but when I gave one of the Ethernet adapters IPv6 addresses in the range provided by its IPv6 tunnel, I couldn't get them to route. I knew the machine was handling IPv6 OK, because I can hit ip6.me and see that I've got an IPv6 address, but it's always the tunnel address.

I wanted to take advantage of the addresses in the range for the domains I have. It's a lingering and nagging issue that I've mitigated some with the StartSSL "class 2" certificates, which when combined with the Apache SNI allows multiple domains to use the same IP.

The way my tunnel addressing is done is a little different than I'd expect some other networking to be done.

On my Ethernet, where IPv4 is supported, the server's got a couple of public IP addresses on the small, 5-node network I've been allocated. The routing to that network is done by my ISP router, and it falls on the LAN side of the router to have those addresses; which is where they are.

I figured something similar for my IPv6, where the tunnel adapter would be as the router interface, and perhaps the physical NIC would be the other(s). This would require my server to route from the tunnel to one (or more) of its NICs, but that strikes me as normal. Still, I couldn't get it to work.

Putting all of the IPs on the tunnel interface does work. And for now I've got two of my domains configured with IPv6 addresses, including this one. If you're using IPv6, in the corner of this and the home page and you should see a "welcome, IPv6-er" message (if I've done my blog PHP hacking correctly...).

Later I'll compare this to how the other router does it. It, too, has a tunnel from the same provider, but instead of hosting the rest of the addresses, it passes them along to the network. On the router, the LAN Ethernet has one of the IPv6 addresses from its range, and it is correctly routing between the tunnel and the LAN Ethernet port (and to the LAN beyond). That's doing more work, because functionally what I wanted to do with the server was similar, but assigning all of the IPs to NICs on the device, and not on the network.

I've also got to shore up my IPv6 firewall.