From owner-freebsd-net@FreeBSD.ORG  Sat Nov  1 03:52:22 2014
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 28120304
 for <freebsd-net@freebsd.org>; Sat,  1 Nov 2014 03:52:22 +0000 (UTC)
Received: from oj.bangj.com (amt0.gin.ntt.net [129.250.11.170])
 (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id D85271A4
 for <freebsd-net@freebsd.org>; Sat,  1 Nov 2014 03:52:21 +0000 (UTC)
Received: from [172.16.21.114] (cpe-098-122-037-156.sc.res.rr.com
 [98.122.37.156])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by oj.bangj.com (Postfix) with ESMTPSA id EAE921C47;
 Fri, 31 Oct 2014 23:41:56 -0400 (EDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 8.0 \(1990.1\))
Subject: Re: Help with IPv6 router gateway config, Comcast, DHCP, dnsmasq
From: Tom Pusateri <pusateri@bangj.com>
In-Reply-To: <CAG_PEez92O0+a-_OsQ+mUx_s58ttkPcvW05e8x3-CHWHv2kp1g@mail.gmail.com>
Date: Fri, 31 Oct 2014 23:43:37 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <EB559913-A4C6-4135-A526-25C336249F98@bangj.com>
References: <CAG_PEez92O0+a-_OsQ+mUx_s58ttkPcvW05e8x3-CHWHv2kp1g@mail.gmail.com>
To: Chris Inacio <nacho319@gmail.com>
X-Mailer: Apple Mail (2.1990.1)
Cc: freebsd-net@freebsd.org
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 01 Nov 2014 03:52:22 -0000


> On Oct 31, 2014, at 11:23 PM, Chris Inacio <nacho319@gmail.com> wrote:
>=20
> Hello all,
>=20
> I've tried to find this information in so many ways, but I just can't =
piece
> it together, maybe my Google fu is failing me.
>=20
> I have my router/gateway device running FreeBSD 10p11 - so its up to =
date.
> On my internal network interface, re1, I'm using dnsmasq to serve both =
IPv4
> DHCP and current private network IPv6 (fc00::).
>=20
> I can successfully configure my public interface (re0) to get IPv6
> information from Comcast.  I'm getting both a /128 NA for the =
interface as
> well as a prefix /64 to allocate IPv6 addresses.
>=20
> The problem is that I get the /64 via dhcp6c operating on my re0 =
interface,
> and then I can't figure out how to pass that information to dnsmasq to =
use
> it for my internal network.  I could only see the /64 by running =
dhcp6c in
> foreground+debug mode.
>=20
> Is there a simple solution to this?  I'm okay with variations such as =
"stop
> using dhcp6c to get the /64 prefix and add `XXXXX` to dnsmasq to do =
it"  or
> "use dhcp6s to serve the /64 prefix".
>=20
> I am currently having a few issues with dnsmasq, but generally, I =
still
> like it.  (It keeps crashing with signal 11, but I'm using the version =
from
> pkg which doesn't call out to an init script.)  But the way dnsmasq =
handles
> DHCP, local DNS, and support DNSSEC I like a lot.
>=20
> I find the man pages for dhcp6 pretty awful.  The man pages describe =
the
> options - but not being able to find what /64 is assigned to dhcp6c =
other
> than running in debug mode seems crazy.
>=20
> My configs are really basic.  dhcp6c.conf:
>=20
> interface re0 {
>=20
>        send ia-pd 0;
>=20
>        send ia-na 1;
>=20
> };
>=20
>=20
> id-assoc na 1 {
>=20
> };
>=20
>=20
> id-assoc pd {
>=20
>        prefix ::/56 infinity;
>=20
>        prefix-interface re0 {
>=20
>                sla-len 4;
>=20
>                sla-id 1;
>=20
>        };
>=20
> };
>=20
>=20
> dnsmasq.conf:
>=20
>=20
> interface=3Dre1
>=20
> dhcp-range=3Dre1,192.168.1.1,192.168.1.150,255.255.255.0,12h
>=20
> domain-needed
>=20
> bogus-priv
>=20
> resolv-file=3D/usr/local/etc/dnsmasq-resolv.conf
>=20
>=20
> #
>=20
> # serve up our own name
>=20
> #
>=20
> interface-name=3Daticusjr,re1
>=20
>=20
>=20
> #
>=20
> # enable DNSSEC
>=20
> #
>=20
> conf-file=3D/usr/local/share/dnsmasq/trust-anchors.conf
>=20
> dnssec
>=20
> dnssec-check-unsigned
>=20
>=20
> #
>=20
> # do IPv6 router advertisements for internal network
>=20
> #
>=20
> dhcp-range=3D::,constructor:re1,ra-only
>=20
> enable-ra
>=20
>=20
> Any help would be greatly appreciated.
>=20
>=20
> thanks
>=20
> Chris

I have a similar setup on Time Warner that is working. However, I am =
using rtadvd for advertising to my internal networks. Also, I was under =
the impression that Comcast only would delegate a /64 or a /60, not a =
/56. Timer Warner does delegate a /56. Maybe Comcast has changed.

In your case, you are asking for a /56 but then only want to assign 4 =
bits off the /64 so your config is inconsistent.
You should change to sla-len 8 for a /56 or change the prefix to /60 for =
an sla-len of 4.

dhcp6c should configure the delegated prefix on your downstream =
interface(s) if configured correctly and rtadvd will advertise them =
automatically.

I have described my configuration here and what should work on Comcast. =
Ignore the initial rant about NAT. :)

=
http://stateful.blogspot.com/2014/09/global-ip-addresses-for-end-to-end.ht=
ml

If this doesn't help, let me know and I can help you figure it out.

Thanks,
Tom