Discussion:
Need an advice about DHCP IPv6 server software
Denis
2017-12-06 06:14:34 UTC
Permalink
Hi All,

I have working OpenBSD based IPv4 router, but now need to add IPv6
functionality to the same router box with keeping all IPv4 services.

I've set aliases with IPv6 addresses for all the adapters in
/etc/hostname.if and added filtering rules for IPv6 to PF.

Stuck with IPv6 DHCP server piece of software. Which one do I need to
have IPv6 DHCP server functionality? The best solution is to use
implemented into OpenBSD, no packaged one.

Please recommend some. Any examples will be useful too.

Thank you.
Claus Lensbøl
2017-12-06 12:28:40 UTC
Permalink
Hi Denis,
Do you specifically need a DHCP server for v6 or do you "just" need to
hand out addresses to your network(s)? For the second option you can
use the rtadvd service having the clients configure their own addresses
with SLAAC.

If you need a DHCP server, you need rtadvd to hand off the requests to
the DHCP server in any case. Last time, which is some time ago, the
DHCP server distributed with OpenBSD wasn't capable of working with
IPv6, so you'll need the ISC version or perhaps the WIDE server that I
have not worked with.

http://wide-dhcpv6.sourceforge.net/

I don't have a working DHCP config for you, but if you "just" need
SLAAC, I can provide you some, perhaps a bit, old examples.
Let me know.

/ Claus
Post by Denis
Hi All,
I have working OpenBSD based IPv4 router, but now need to add IPv6
functionality to the same router box with keeping all IPv4 services.
I've set aliases with IPv6 addresses for all the adapters in
/etc/hostname.if and added filtering rules for IPv6 to PF.
Stuck with IPv6 DHCP server piece of software. Which one do I need to
have IPv6 DHCP server functionality? The best solution is to use
implemented into OpenBSD, no packaged one.
Please recommend some. Any examples will be useful too.
Thank you.
--
Med venlig hilsen/Best regards
Claus Lensbøl

Fab:IT ApS
Vesterbrogade 37, 2. th
DK-1620 København
Tlf: +45 70 202 407
Main Site: www.fab-it.dk
VPS Product: vpsforce.eu
Jiri B
2017-12-06 13:54:36 UTC
Permalink
Post by Claus Lensbøl
If you need a DHCP server, you need rtadvd to hand off the requests to
the DHCP server in any case. Last time, which is some time ago, the
DHCP server distributed with OpenBSD wasn't capable of working with
IPv6, so you'll need the ISC version or perhaps the WIDE server that I
have not worked with.
http://wide-dhcpv6.sourceforge.net/
Or kea from ports.

j.
Denis
2017-12-07 14:18:50 UTC
Permalink
I've set up rtadvd, but Win7 still have no IPv6 address. Only Link local
IPv6 address: fe80.... is present.

ipconfig /all shows:

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : local
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Desktop Adapter
Physical Address. . . . . . . . . : mac...
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::c6:... (Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.125 (Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, December 07, 2017
3:46:37 PM
Lease Expires . . . . . . . . . . : Thursday, December 07, 2017
4:46:19 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 235405873
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-2F-22-3...
DNS Servers . . . . . . . . . . . : 8.8.8.8
NetBIOS over Tcpip. . . . . . . . : Enabled

I'm actively using PF for IPv4 filtering, what I have to set up to make
IPv6 SLAAC working? Which port rtadvd is using to advertize the router
on network?

# cat /etc/hostname.em0
inet 192.168.1.1 255.255.255.0 media autoselect
inet6 alias 2001:bd2:101::1 64

# cat /etc/rtadvd.conf
em0:\
:addr="2001:bd2:101::":prefixlen#64:\
:rtprefix="2001:bd2:101::":\
:rdnss":"2001:bd2:101::1":\
:dnssl="local":

# /etc/rc.d/rtadvd start
tradvd (ok)

# ndp -a
2001:bd2:101::1 mac... em0 permanent R l
fe80::.... mac... em0 permanent R l

Thanks for answer in advance.

Denis
Post by Claus Lensbøl
Hi Denis,
Do you specifically need a DHCP server for v6 or do you "just" need to
hand out addresses to your network(s)? For the second option you can
use the rtadvd service having the clients configure their own addresses
with SLAAC.
If you need a DHCP server, you need rtadvd to hand off the requests to
the DHCP server in any case. Last time, which is some time ago, the
DHCP server distributed with OpenBSD wasn't capable of working with
IPv6, so you'll need the ISC version or perhaps the WIDE server that I
have not worked with.
http://wide-dhcpv6.sourceforge.net/
I don't have a working DHCP config for you, but if you "just" need
SLAAC, I can provide you some, perhaps a bit, old examples.
Let me know.
/ Claus
Post by Denis
Hi All,
I have working OpenBSD based IPv4 router, but now need to add IPv6
functionality to the same router box with keeping all IPv4 services.
I've set aliases with IPv6 addresses for all the adapters in
/etc/hostname.if and added filtering rules for IPv6 to PF.
Stuck with IPv6 DHCP server piece of software. Which one do I need to
have IPv6 DHCP server functionality? The best solution is to use
implemented into OpenBSD, no packaged one.
Please recommend some. Any examples will be useful too.
Thank you.
Claus Lensbøl
2017-12-08 06:14:06 UTC
Permalink
Do you know if the Windows box gets the RA from rtadvd?
If you have pf running you may need to allow it there.

https://content.pivotal.io/blog/a-barebones-pf-ipv6-firewall-ruleset

/ Claus
Post by Denis
I've set up rtadvd, but Win7 still have no IPv6 address. Only Link local
IPv6 address: fe80.... is present.
Connection-specific DNS Suffix . : local
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Desktop Adapter
Physical Address. . . . . . . . . : mac...
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::c6:... (Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.125 (Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, December 07, 2017
3:46:37 PM
Lease Expires . . . . . . . . . . : Thursday, December 07, 2017
4:46:19 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 235405873
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-2F-22-3...
DNS Servers . . . . . . . . . . . : 8.8.8.8
NetBIOS over Tcpip. . . . . . . . : Enabled
I'm actively using PF for IPv4 filtering, what I have to set up to make
IPv6 SLAAC working? Which port rtadvd is using to advertize the router
on network?
# cat /etc/hostname.em0
inet 192.168.1.1 255.255.255.0 media autoselect
inet6 alias 2001:bd2:101::1 64
# cat /etc/rtadvd.conf
em0:\
:addr="2001:bd2:101::":prefixlen#64:\
:rtprefix="2001:bd2:101::":\
:rdnss":"2001:bd2:101::1":\
# /etc/rc.d/rtadvd start
tradvd (ok)
# ndp -a
2001:bd2:101::1 mac... em0 permanent R l
fe80::.... mac... em0 permanent R l
Thanks for answer in advance.
Denis
Post by Claus Lensbøl
Hi Denis,
Do you specifically need a DHCP server for v6 or do you "just" need to
hand out addresses to your network(s)? For the second option you can
use the rtadvd service having the clients configure their own addresses
with SLAAC.
If you need a DHCP server, you need rtadvd to hand off the requests to
the DHCP server in any case. Last time, which is some time ago, the
DHCP server distributed with OpenBSD wasn't capable of working with
IPv6, so you'll need the ISC version or perhaps the WIDE server that I
have not worked with.
http://wide-dhcpv6.sourceforge.net/
I don't have a working DHCP config for you, but if you "just" need
SLAAC, I can provide you some, perhaps a bit, old examples.
Let me know.
/ Claus
Post by Denis
Hi All,
I have working OpenBSD based IPv4 router, but now need to add IPv6
functionality to the same router box with keeping all IPv4 services.
I've set aliases with IPv6 addresses for all the adapters in
/etc/hostname.if and added filtering rules for IPv6 to PF.
Stuck with IPv6 DHCP server piece of software. Which one do I need to
have IPv6 DHCP server functionality? The best solution is to use
implemented into OpenBSD, no packaged one.
Please recommend some. Any examples will be useful too.
Thank you.
--
Med venlig hilsen/Best regards
Claus Lensbøl

Fab:IT ApS
Vesterbrogade 37, 2. th
DK-1620 København
Tlf: +45 70 202 407
Main Site: www.fab-it.dk
VPS Product: vpsforce.eu
Jan Kalkus
2017-12-08 14:07:59 UTC
Permalink
For what it’s worth, I’ve noticed Windows frequently will not grab IPv6 addresses via SLAAC.

If I disable IPv6 on the network interface and then re-enable it, then I will be assigned an IPv6 address.

Jan Kalkus
Post by Claus Lensbøl
Do you know if the Windows box gets the RA from rtadvd?
If you have pf running you may need to allow it there.
https://content.pivotal.io/blog/a-barebones-pf-ipv6-firewall-ruleset
/ Claus
Post by Denis
I've set up rtadvd, but Win7 still have no IPv6 address. Only Link local
IPv6 address: fe80.... is present.
Connection-specific DNS Suffix . : local
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Desktop Adapter
Physical Address. . . . . . . . . : mac...
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::c6:... (Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.125 (Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, December 07, 2017
3:46:37 PM
Lease Expires . . . . . . . . . . : Thursday, December 07, 2017
4:46:19 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 235405873
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-2F-22-3...
DNS Servers . . . . . . . . . . . : 8.8.8.8
NetBIOS over Tcpip. . . . . . . . : Enabled
I'm actively using PF for IPv4 filtering, what I have to set up to make
IPv6 SLAAC working? Which port rtadvd is using to advertize the router
on network?
# cat /etc/hostname.em0
inet 192.168.1.1 255.255.255.0 media autoselect
inet6 alias 2001:bd2:101::1 64
# cat /etc/rtadvd.conf
em0:\
:addr="2001:bd2:101::":prefixlen#64:\
:rtprefix="2001:bd2:101::":\
:rdnss":"2001:bd2:101::1":\
# /etc/rc.d/rtadvd start
tradvd (ok)
# ndp -a
2001:bd2:101::1 mac... em0 permanent R l
fe80::.... mac... em0 permanent R l
Thanks for answer in advance.
Denis
Post by Claus Lensbøl
Hi Denis,
Do you specifically need a DHCP server for v6 or do you "just" need to
hand out addresses to your network(s)? For the second option you can
use the rtadvd service having the clients configure their own addresses
with SLAAC.
If you need a DHCP server, you need rtadvd to hand off the requests to
the DHCP server in any case. Last time, which is some time ago, the
DHCP server distributed with OpenBSD wasn't capable of working with
IPv6, so you'll need the ISC version or perhaps the WIDE server that I
have not worked with.
http://wide-dhcpv6.sourceforge.net/
I don't have a working DHCP config for you, but if you "just" need
SLAAC, I can provide you some, perhaps a bit, old examples.
Let me know.
/ Claus
Post by Denis
Hi All,
I have working OpenBSD based IPv4 router, but now need to add IPv6
functionality to the same router box with keeping all IPv4 services.
I've set aliases with IPv6 addresses for all the adapters in
/etc/hostname.if and added filtering rules for IPv6 to PF.
Stuck with IPv6 DHCP server piece of software. Which one do I need to
have IPv6 DHCP server functionality? The best solution is to use
implemented into OpenBSD, no packaged one.
Please recommend some. Any examples will be useful too.
Thank you.
--
Med venlig hilsen/Best regards
Claus Lensbøl
Fab:IT ApS
Vesterbrogade 37, 2. th
DK-1620 København
Tlf: +45 70 202 407
Main Site: www.fab-it.dk
VPS Product: vpsforce.eu
obsd
2017-12-08 16:06:56 UTC
Permalink
Post by Jan Kalkus
For what it’s worth, I’ve noticed Windows frequently will not grab IPv6 addresses via SLAAC.
If I disable IPv6 on the network interface and then re-enable it, then I will be assigned an IPv6 address.
Jan Kalkus
[snip]

I would recheck my configuration if I were you then... Here it is
working 100% of the time on approx 10 windows (mixed W7/W10) machines.
The rest of the network (linux and OpenBSD works very well as well with
IPv6). Of course the firewall handing out the SLAAC is OpenBSD. Only be
careful with virtual machines, since you would need settings on the
hypervisor to permit multicast on vlans. The SLAAC broadcast is multicast...

Erik
Denis
2017-12-09 10:50:37 UTC
Permalink
Erik,

Thank you for your support.

Can you share IPv6 part of PF.conf you're using for local network SLAAC?

Still encounter problem with getting IPv6 by Win7 machine.

Thanks.

Denis
Post by obsd
Post by Jan Kalkus
For what it’s worth, I’ve noticed Windows frequently will not grab
IPv6 addresses via SLAAC.
If I disable IPv6 on the network interface and then re-enable it,
then I will be assigned an IPv6 address.
Jan Kalkus
[snip]
I would recheck my configuration if I were you then... Here it is
working 100% of the time on approx 10 windows (mixed W7/W10) machines.
The rest of the network (linux and OpenBSD works very well as well
with IPv6). Of course the firewall handing out the SLAAC is OpenBSD.
Only be careful with virtual machines, since you would need settings
on the hypervisor to permit multicast on vlans. The SLAAC broadcast is
multicast...
Erik
Niels Kobschaetzki
2017-12-09 13:30:38 UTC
Permalink
Do you block icmp by any chance? For SLAAC and NDP you need not to block ICMP6.

Niels
Post by Denis
Erik,
Thank you for your support.
Can you share IPv6 part of PF.conf you're using for local network SLAAC?
Still encounter problem with getting IPv6 by Win7 machine.
Thanks.
Denis
Post by obsd
Post by Jan Kalkus
For what it’s worth, I’ve noticed Windows frequently will not grab
IPv6 addresses via SLAAC.
If I disable IPv6 on the network interface and then re-enable it,
then I will be assigned an IPv6 address.
Jan Kalkus
[snip]
I would recheck my configuration if I were you then... Here it is
working 100% of the time on approx 10 windows (mixed W7/W10) machines.
The rest of the network (linux and OpenBSD works very well as well
with IPv6). Of course the firewall handing out the SLAAC is OpenBSD.
Only be careful with virtual machines, since you would need settings
on the hypervisor to permit multicast on vlans. The SLAAC broadcast is
multicast...
Erik
Marc Peters
2017-12-09 15:03:40 UTC
Permalink
Post by Denis
Can you share IPv6 part of PF.conf you're using for local network SLAAC?
Did you even bother to open the link Claus send? There is everything neatly documented you need IPv6 wise to get it up and running with pf.

hth,
Marc
obsd
2017-12-09 17:24:18 UTC
Permalink
Post by Marc Peters
Post by Denis
Can you share IPv6 part of PF.conf you're using for local network SLAAC?
Did you even bother to open the link Claus send? There is everything neatly documented you need IPv6 wise to get it up and running with pf.
hth,
Marc
My pf.conf  does not deviate too much from that one indeed. The only
thing I did not see (but I did not look that well) was the pass out
inet6 all statement...

Loading...