FreeBSD Mail Archives

Date:      Mon, 19 Apr 2021 14:26:32 -0400
From:      Karl Denninger <karl@denninger.net>
To:        freebsd-net@freebsd.org
Subject:   Re: Dual Stack Issues
Message-ID:  <876c130a-6abb-7de9-7b3a-c8051b3188b2@denninger.net>
In-Reply-To: <C9C65592-AF3F-4C3E-BFF5-07AF37F741BE@sermon-archive.info>
References:  <C9C65592-AF3F-4C3E-BFF5-07AF37F741BE@sermon-archive.info>


[-- Attachment #1 --]

On 4/19/2021 13:45, Doug Hardie wrote:
> I am trying to setup a FreeBSD 13.0 router for IPv6 and IPv4.  The IPv4 
addresses are all statically assigned.  IPv6 should come from a prefix delegation from "ISP" and then sub-deligated to local LANs and hosts.  I have tried numerous approaches from various postings but still have two issues:
>
> 1.  DHCP for IPv6 doesn't seem to really work.  There are several packages available, but comments indicate issues with them.  In any case, none 
of them seem to be viable in the router setup, but only in the lower hosts.
>
> 2.  The entries in /etc/resolv.conf never seem to work for both IPv4 and IPv6.  The name servers for both are different.  There is one for each protocol and which ever one is listed first in resolv.conf will return a not-found response for any request using the other protocol.
>
> Any ideas on how to make this work?
>
> -- Doug

I've not had issues with resolv.conf, but the other side does work for 
me under 12.2 without problems.

I get both IPv4 and IPv6 from the upstream ISP on this device. The 
upstream in this case is Spectrum, but Cox also works as I've had an 
identical clone of it on Cox with only minor changes.

/usr/local/etc/dhcp6c.conf

#
# This configuration will attempt to get either a /56 or a /60 from your
# ISP (choose one below, comment the other out) and assign a /64 internally.
# Note that if you have a /60 you can have four /64s defined; if you have 
a
# /56 then obviously you can have 16 internal networks.  For most "house"
# size networks four separate delineations is enough, for most "moderate"
# sized corporate environments 16 is enough.  BE AWARE THAT THE SLA-LEN MUST
# MATCH THE DIFFERENCE BETWEEN THE LOCAL PREFIX AND THE REMOTE ONE!  
If
# you ask for a /56 then sla-len is 8, if you ask for a /60 then the sla-len
# is 4 (difference between the requested prefix length and 64, 
respectively.)
#

interface igb0 {
      send ia-pd 0;
      send ia-na 1;
};

id-assoc na 1 {

};

id-assoc pd 0 {
   prefix ::/56 infinity;
#  prefix ::/60 infinity;
   prefix-interface igb1 {
     sla-id 1;
     sla-len 8;
#    sla-len 4;
   };
};

This gets a /56 (on Cox a /60 works and is sufficient, on Spectrum it 
will not, but a /56 does)

Here is what is in /etc/rc.conf relevant to this:

# If you are turning on IPv6 then you MUST set both these lines AND look in
# /usr/local/etc/dhcp6c.conf and make SURE you have the correct prefix and
# assignments for local prefix length.  Note that we only accept routing 
info
# on the WAN interface, NEVER on the internal one.
#
ipv6_cpe_wanif="igb0"
ifconfig_igb0_ipv6="inet6 -ifdisabled accept_rtadv"
ifconfig_igb1_ipv6="inet6 -ifdisabled -accept_rtadv"

#ipv6_activate_all_interfaces="yes"
#
# Ipv6 routing; we MUST be an IPv6 router for the INTERNAL interface to
# distribute IPv6
#
rtadvd_enable="Yes"
rtadvd_interfaces="igb1"

#
# Dhcp6c client (get IPv6 addresses; note that 
/usr/local/etc/dhcp6c.conf must
# also be edited or this will NOT work!)
#
dhcp6c_enable="Yes"
dhcp6c_interfaces="igb0"

#
# Enable gateway functionality for both IPv4 and IPv6
#
gateway_enable="YES"
ipv6_gateway_enable="YES"

I also modify /etc/rtadvd.conf as the default for lifetime is wildly too 
large and if you don't change it and then the gateway reboots you can be 
waiting a LONG time before a client behind the gateway will re-validate 
its IPv6 address and routing information.

root@IpGw:/data/karl # more /etc/rtadvd.conf
# Set the preferred lifetime to 10 minutes on advertised prefixes.
# All other parameters are default.
#
igb1:\
         :pltime#600:


That's pretty-much it.

I'm on 12.2 at present on this box and have not yet checked 13.0.

-- 
Karl Denninger
karl@denninger.net <mailto:karl@denninger.net>
/The Market Ticker/
/[S/MIME encrypted email preferred]/

[-- Attachment #2 --]
0�	*�H��
��0�10
	`�He0�	*�H��
��
�0��0����H���^��Ōc!5�
�H0
	*�H��
0��10	UUS10UFlorida10U	Niceville10U
Cuda Systems LLC10UCuda Systems CA1!0UCuda Systems LLC 2017 CA0
170817164217Z
270815164217Z0{10	UUS10UFlorida10U
Cuda Systems LLC10UCuda Systems CA1%0#UCuda Systems LLC 2017 Int CA0�"0
	*�H��
�0�
��h�-5B>[���;��o���l�Ӵ��0~͎O9}�9�Y��e������*�������$��g��!uk�vʶ�LzN�`jL�>��MD'7U4����5C�B�+�kY`bd����~b*�c3�N��y-�78j�u�]9H�e��uέ�sӬD��ؽ�m��gw�ER�?�&U�UR�j����'�}�9n�WD i�`XcbG��z�\g������G=��u�%���\�O�i1���3���ߝ4�
�K4�4p�YQr]�Ie�/r�0+��eEޝݖ0��C15�M��ݚ@J�SZ(zȏ�N�Ta�(2��5�D�D5���.l�<g[[Za��r�Q�Q%�Bu�ȴ����~~`���I�oh�R�b����ʳ��ڟ���u�2���M�S��8E�dF��UC���l�CM�aѳ����!����}ș�+�2��k��/�bų�E,��n�当ꖛ\�(8�WV�8	d]�b�	�������y�X��w	܊�:I�39��
0�0U]�^§������Q�\ӎ�0��U#��0�����T0�3���9�N0b������0��10	UUS10UFlorida10U	Niceville10U
Cuda Systems LLC10UCuda Systems CA1!0UCuda Systems LLC 2017 CA�	�@�U��i0U�0�0U��0
	*�H��
���:P U!>v�����J�ni��o�-����#�ן�]Wyu�j���ǑR̀��Q�
�nƇ�!GѦF��g\�yLx�g�w=�O�P��yceh�f[���}�ܷ�['4�ڝ�\[p6\o.��B&�JF���"�ZC{;�*o�*�mc��Cc�LY߾�`
�t�*�S!����񫶭�(���`�]D�HP�5���A~/�N���Pp�����6�=�m��h�k�밣'd���oA$�86hm����5���Ӛ��S@�j���ެE���gl��
�)�0JG���`%�k�3�5��P��a��C?���σ
׳HE�t}!�P���㏏%*���B�xb��Q�waKG����$6h�¦��M�v��e;��[o��-�Iی��&
���I,��T��c�ߎ#t �wPA�@��l0�P�+�KXB��պT	z���G�v;N��c��I3��&��JĬ���UP�N��a��?�/�%�W��6G۟N�0�00����k���#X��d��\�=0
	*�H��
0{10	UUS10UFlorida10U
Cuda Systems LLC10UCuda Systems CA1%0#UCuda Systems LLC 2017 Int CA0
170817212120Z
220816212120Z0W10	UUS10UFlorida10U
Cuda Systems LLC10Ukarl@denninger.net0�"0
	*�H��
�0�
��T��[I�-ΆϏdn;�Å�@שy���.u�s�~_�Z�G%<��M��Y��d�\g��v�f��n�s�a��1'6����E�gyjs�"C� [�{��~��_���K���Pn+<�*�pv���#Q�����+��H���/���7[-v��qD��V^U>�f��%�GX�)��H.��|l`�M(C�r�>е͇6����#�o��dc"Y�ljҦ�ln8�@�5S�A�0���&ۖ"���OGj?��U��DWZ5	��dDB7k-)�9�����I�zs��-�JA���v
��J��6L���$�Ն����1Sm�Y.��Lqw*��SH;E��F'�D�Ħ��H��]��M��O��������g���Q���Q�|M�ٙ��ג2Z��9y��@���y�]}6ٽe��Y9��Y2�xˆ�$T�=�e�CǺ��ǵb�n֛�{��j��|��@�LL�t�1�[D�k5:$=�	`�	�M���0��0<+00.0,+0� http://ocsp.cudasystems.net:88880	U00	`�H��B�0U��0U%0++03	`�H��B
&$OpenSSL Generated Client Certificate0U�%�՞V=���؁�;�bzQ0��U#��0���]�^§������Q�\ӎϡ�����0��10	UUS10UFlorida10U	Niceville10U
Cuda Systems LLC10UCuda Systems CA1!0UCuda Systems LLC 2017 CA��H���^��Ōc!5�
�H0U0�karl@denninger.net0
	*�H��
��۠�A0�-j%-�-$%���g2#ޡ��1�^��>���{K+�u��GE���v1���ş7Af&b�&O�;.��;A5���*U��)N��D2bF��|\=�]<�sˋL!��wrw���٧>��Y���M���Ä���3\mW�R�� h�Sv���!�_�zv�����l�?� ��3_�� �xU%�\�^����#���O*���Gk̍�YI_�&�Fꊛ�����@&�1�n�������}� ͬ:��{�hT�P3��B.�;���bU�8:Z��=^���Gw�8���!k-��@���x�E��@�i�,+'�Iᐚ:f��hz�tX7/�(h�Y`��� O�.������1}a`�%�RW��^�a�k������ǂp�C�Au�fgDix�UT��Щ/�7��}�%=j��nVZvcF����<�M=
�2^G�KH5魉
�_���O�4ެ�Byʈ���y��S��k�w=5�@h�.0�z�>�
W�1�0�0��0{10	UUS10UFlorida10U
Cuda Systems LLC10UCuda Systems CA1%0#UCuda Systems LLC 2017 Int CA��k���#X��d��\�=0
	`�He��E0	*�H��
	1	*�H��
0	*�H��
	1
210419182632Z0O	*�H��
	1B@M�b�u@\��t-�@�f����4+��/i�p�y[�1�'�P���������`�\��
b�WH�0l	*�H��
	1_0]0	`�He*0	`�He0
*�H��
0*�H��
�0
*�H��
@0+0
*�H��
(0��	+�71��0��0{10	UUS10UFlorida10U
Cuda Systems LLC10UCuda Systems CA1%0#UCuda Systems LLC 2017 Int CA��k���#X��d��\�=0��*�H��
	1�����0{10	UUS10UFlorida10U
Cuda Systems LLC10UCuda Systems CA1%0#UCuda Systems LLC 2017 Int CA��k���#X��d��\�=0
	*�H��
��,E��;��U�g���rs�pǊ\�T�q죦�M��B�Ekc��N���a)����b�}�M�_͞���׷�m��p��9y��N�jh�^ZZ�x�-{8!\I��f���6�EB09Ǽn~�z�ƆrA�J������p �Yk:�':f���H1?���}0\d�����2{>�dO�9I�zỏ%T�T��s!(��]�U�W0��P� %�fR0���{���o�0��E��y�}'�����Ge�IY�	W�vƎY�Lu��%�m��2��;�ܬ8�ѩ�GC�bMsYlO!�BA��~�Yk�
��<Ǩ���I�%<y��$N��p�*�d-C)���C����_@7�N����m&��	�ҫ1'��|��m
�}^���	7|r3EtY0J<\�3�ufG~�}����\��k�ux#,T�~�aK�%\?yr{�w2�{nךB\(z)��3���cn�5�xćQdG��ߟD�@�ى#�踈B匲f�f���D���9�c$
���

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?876c130a-6abb-7de9-7b3a-c8051b3188b2>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation