Enable IPv4 Access in EUserv IPv6-only VS2-free

Junxiao Shi

2020-12-10

EUserv is a virtual private server (VPS) provider in Germany. Notably, they offer a container-based Linux server, VS2-free, free of charge. VS2-free comes with one 1GHz CPU core, 1GB memory, and 10GB storage. Although I already have more than enough servers to play with, who doesn't like some more computing resources for free?

There's one catch: the VS2-free is IPv6-only. It neither has a public IPv4 address, nor offers NAT-based IPv4 access. All you can have is a single /128 IPv6 address.

$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
546: eth0@if547: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether b2:77:4b:c0:eb:0b brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet6 2001:db8:6:1::6dae/128 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::5ed4:d66f:bd01:6936/64 scope link
       valid_lft forever preferred_lft forever

If I attempt to access an IPv4-only destination, a "Network is unreachable" error appears:

$ host lgger.nexusbytes.com
lgger.nexusbytes.com has address 46.4.199.225
$ ping -n -c 4 lgger.nexusbytes.com
connect: Network is unreachable

(read more)

How to Select Default IPv6 Source Address for Outbound Traffic in OpenVZ 7

Junxiao Shi

2020-12-07

I bought a few Virtual Private Servers (VPS) on Black Friday, and have been busy setting them up. Nowadays, most VPS comes with an IPv6 subnet that contains millions of possible addresses. Initially, only one IPv6 address is assigned to the server, but the user can assign additional addresses as desired. Given that I plan to run multiple services within a server, I added a few more IPv6 addresses so that each service can have a unique IPv6 address.

One of my servers is using OpenVZ 7 virtualization technology, in which I installed Debian 10 operating system. Commonly, OpenVZ 7 uses virtual network device (venet) that does not have a MAC address. venet devices are not fully IPv6 compliant, but still works if you statically assign IPv6 addresses. Moreover, every IP address used in a container must be configured from the host node, because venet would drop ip-packets from the container with a source address, and in the container with the destination address, which is not corresponding to an ip-address of the container. Therefore, I must use the VPS control panel, in this case SolusVM, to assign IPv6 addresses to my server:

IPv6 Subnet management in SolusVM

In the Add IP section, the IPv6 subnet prefix 2001:db8:f1c1:8454:0964: is already shown. Notice that I am putting a colon (:) in front of the suffix 1337, so that they concatenate to the full address 2001:db8:f1c1:8454:0964::1337. Forgetting this colon would cause "Invalid Entry" error.

After making this change in the SolusVM control panel, the /etc/network/interface file on my server is updated automatically:

(read more)

How to Select Default IPv6 Source Address for Outbound Traffic with Netplan

Junxiao Shi

2020-12-06

One of my servers is using KVM virtualization technology, in which I installed Ubuntu 20.04 operating system manually from an ISO image. Unlike a template-based installation, an ISO-installed Ubuntu 20.04 system manages its networks using Netplan, a backend-agnostic network configuration utility that generates network configuration from YAML files. Most VPS control panels, including SolusVM and Virtualizer, are unable to generate the YAML files needed by Netplan. IPv4 works out of box via DHCP, but IPv6 has to be configured manually. To assign two IPv6 addresses to my server, I need to write the following in /etc/netplan/01-netcfg.yaml:

network:
  version: 2
  ethernets:
    ens3:
      dhcp4: true
      addresses:
        - 2001:db8:30fa:5877::1/64
        - 2001:db8:30fa:5877::beef/64
      routes:
        - to: ::/0
          via: 2001:db8:30fa::1
          on-link: true
      nameservers:
        addresses:
        - 2001:4860:4860::8888
        - 2606:4700:4700::1111

I intend to host my secret beef recipes on its unique IPv6 address 2001:db8:30fa:5877::beef, and use the other address 2001:db8:30fa:5877::1 for outbound traffic such as pings and traceroutes. However, I noticed that the wrong address is being selected for outgoing packets:

$ ping 2001:db8:57eb:8479::2

$ sudo tcpdump -n icmp6
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on venet0, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
00:44:48.704099 IP6 2001:db8:30fa:5877::beef > 2001:db8:57eb:8479::2: ICMP6, echo request, seq 1, length 64
00:44:48.704188 IP6 2001:db8:57eb:8479::2 > 2001:db8:30fa:5877::beef: ICMP6, echo reply, seq 1, length 64
00:44:49.704011 IP6 2001:db8:30fa:5877::beef > 2001:db8:57eb:8479::2: ICMP6, echo request, seq 2, length 64
00:44:49.704099 IP6 2001:db8:57eb:8479::2 > 2001:db8:30fa:5877::beef: ICMP6, echo reply, seq 2, length 64

(read more)

Deploy NDN Forwarding Daemon in Low End Box

Junxiao Shi

2014-09-22

Named Data Networking (NDN) is a future Internet architecture designed as a distribution network. To access NDN network from a Linux or OSX machine, one can install NDN Platform, a collection of software packages including the protocol stack and critical applications. NDN Forwarding Daemon (NFD), a core component of the architecture, serves as a software router and runs both on network routers as well as on end hosts to communicate with routers.

NDN Platform has new version releases periodically, and binary packages are provided with each platform release. However, the development of NDN software, including NFD, happens much faster than platform releases. If one wants to run bleeding edge software, those packages must be built from source code available on GitHub.

As a geeky low end box user, I'm thinking: can I run NDN platform on a Linux box with a small amount of memory? The box I'm talking about is an OpenVZ container from LowEndSpirit UK location, with only 128MB memory and no swap space. To make the challenge more interesting, I want to avoid apt-get, and run bleeding edge version built from source code.

Building on the Box

I quickly installed compilers and dependencies (such as libboost-all-dev which takes several minutes to download) with apt-get, and cloned the git repositories for NFD and other essential NDN Platform packages. Given that the box has small memory and slow CPU, I can expect the compilation process to take a few hours, just like 8 years ago when I was compiling Apache on a library computer.

(read more)

我的顶级域名开通了！

Junxiao Shi

2006-03-02

我早就有注册顶级域名的想法。本来我的网站一直是用免费二级域名的，比如最早用的fred.9126.com，后来用的sunnyland.1a.cn和sunnyPower.588.net等。但是，有不少人觉得这些网址不容易记住；更严重的是，在使用免费二级域名时，会显示或弹出服务商的广告，有些广告内容实在不好看，吓跑了一些访客，同时广告页面的特殊脚本有时会导致部分浏览器不能正常转入我的网站。

在Google上搜索了半天，一直没有查到可用的免费顶级域名。我决定，花钱买一个。我想，这笔投资是很值得的，因为一个朗朗上口的顶级域名对于网站的形象很重要。经过一段时间的网上学习，我了解到，注册顶级域名需要通过注册商进行，不同的注册商报价各不相同。我在搜索免费PHP空间时找到了008.net这家属于重庆电信公司的网站，它同时提供域名注册服务，报价是65元/年；再搜索其他注册商，没有找到更便宜的，我就选定了这家“我家在线”网站为注册商。

接下来就是要选择一个域名。我原有的网站名叫sunnyPower阳光力量，但是很可惜sunnyPower.com已被别人注册了，sunnyPower.net、sunnyPower.org、sunnyPower.cn都还在，但是我担心访客可能会只记得sunnyPower而忘了后面是什么，那时就往往会先尝试.com，而进入了别人的网站。我想，我应该注册一个.com的域名。sunny.com当然不可能还在了，早就被造SUNNY牌汽车的一家日本公司注册了（在WHOIS里能看到），isunny.com、sunnylove.com、mysunny.com……都已经没有了，我突然想到了yoursunny.com，一试，还可以注册！于是，我就下了单。

然后要付款。 “我家在线”的付款方式有招商银行、工商银行、农业银行、建设银行、PayPal、支付宝六种。学校里有一家工商银行，我看到工商银行后面有一长串数字和一个人的名字，于是我把它抄下，跑到工商银行问是怎么回事，银行保安告诉我，这是个账号，可以汇款给这个账号。于是我拿了钱去，却被告知要身份证。只好等了一星期，回家拿了身份证，再去银行办妥汇款手续。那么，网站怎么知道是谁给它汇的款呢？银行保安说，收款人可以获得汇款人的姓名和身份证号等。我登录“我家在线”，看到上面有个表单，可以填入姓名、身份证号、汇款金额、汇款具体时间，就填了提交；过了一天（漫长的一天，随时可能被别人抢注域名），果然看到用户余额里出现了65.00元。到国际域名注册页面，填入了yoursunny.com，在提交前检查了又检查，生怕域名拼写错误（不能改的），再点击提交。马上，系统提示注册成功。不过，要再等一天，才会向国际域名组织正式注册，以后就可以使用了。

又过了一天，昨天晚上，域名终于可以用了。我花了不少时间去设置它的DNS解析等功能，还没有完全弄明白。不过，我看到的事实是，在浏览器里打上yoursunny.com，已经可以看到我的网站了！我终于拥有了属于我自己的域名！

(read more)