Date: Mon, 19 Apr 2021 14:26:32 -0400 From: Karl Denninger <karl@denninger.net> To: freebsd-net@freebsd.org Subject: Re: Dual Stack Issues Message-ID: <876c130a-6abb-7de9-7b3a-c8051b3188b2@denninger.net> In-Reply-To: <C9C65592-AF3F-4C3E-BFF5-07AF37F741BE@sermon-archive.info> References: <C9C65592-AF3F-4C3E-BFF5-07AF37F741BE@sermon-archive.info>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a cryptographically signed message in MIME format.
--------------ms060701060108000803080109
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable
On 4/19/2021 13:45, Doug Hardie wrote:
> I am trying to setup a FreeBSD 13.0 router for IPv6 and IPv4. The IPv4=20
addresses are all statically assigned. IPv6 should come from a prefix de=
legation from "ISP" and then sub-deligated to local LANs and hosts. I ha=
ve tried numerous approaches from various postings but still have two iss=
ues:
>
> 1. DHCP for IPv6 doesn't seem to really work. There are several packa=
ges available, but comments indicate issues with them. In any case, none=20
of them seem to be viable in the router setup, but only in the lower host=
s.
>
> 2. The entries in /etc/resolv.conf never seem to work for both IPv4 an=
d IPv6. The name servers for both are different. There is one for each =
protocol and which ever one is listed first in resolv.conf will return a =
not-found response for any request using the other protocol.
>
> Any ideas on how to make this work?
>
> -- Doug
I've not had issues with resolv.conf, but the other side does work for=20
me under 12.2 without problems.
I get both IPv4 and IPv6 from the upstream ISP on this device. The=20
upstream in this case is Spectrum, but Cox also works as I've had an=20
identical clone of it on Cox with only minor changes.
/usr/local/etc/dhcp6c.conf
#
# This configuration will attempt to get either a /56 or a /60 from your
# ISP (choose one below, comment the other out) and assign a /64 internal=
ly.
# Note that if you have a /60 you can have four /64s defined; if you have=20
a
# /56 then obviously you can have 16 internal networks.=C2=A0 For most "h=
ouse"
# size networks four separate delineations is enough, for most "moderate"=
# sized corporate environments 16 is enough.=C2=A0 BE AWARE THAT THE SLA-=
LEN MUST
# MATCH THE DIFFERENCE BETWEEN THE LOCAL PREFIX AND THE REMOTE ONE!=C2=A0=20
If
# you ask for a /56 then sla-len is 8, if you ask for a /60 then the sla-=
len
# is 4 (difference between the requested prefix length and 64,=20
respectively.)
#
interface igb0 {
=C2=A0=C2=A0=C2=A0=C2=A0 send ia-pd 0;
=C2=A0=C2=A0=C2=A0=C2=A0 send ia-na 1;
};
id-assoc na 1 {
};
id-assoc pd 0 {
=C2=A0 prefix ::/56 infinity;
#=C2=A0 prefix ::/60 infinity;
=C2=A0 prefix-interface igb1 {
=C2=A0=C2=A0=C2=A0 sla-id 1;
=C2=A0=C2=A0=C2=A0 sla-len 8;
#=C2=A0=C2=A0=C2=A0 sla-len 4;
=C2=A0 };
};
This gets a /56 (on Cox a /60 works and is sufficient, on Spectrum it=20
will not, but a /56 does)
Here is what is in /etc/rc.conf relevant to this:
# If you are turning on IPv6 then you MUST set both these lines AND look =
in
# /usr/local/etc/dhcp6c.conf and make SURE you have the correct prefix an=
d
# assignments for local prefix length.=C2=A0 Note that we only accept rou=
ting=20
info
# on the WAN interface, NEVER on the internal one.
#
ipv6_cpe_wanif=3D"igb0"
ifconfig_igb0_ipv6=3D"inet6 -ifdisabled accept_rtadv"
ifconfig_igb1_ipv6=3D"inet6 -ifdisabled -accept_rtadv"
#ipv6_activate_all_interfaces=3D"yes"
#
# Ipv6 routing; we MUST be an IPv6 router for the INTERNAL interface to
# distribute IPv6
#
rtadvd_enable=3D"Yes"
rtadvd_interfaces=3D"igb1"
#
# Dhcp6c client (get IPv6 addresses; note that=20
/usr/local/etc/dhcp6c.conf must
# also be edited or this will NOT work!)
#
dhcp6c_enable=3D"Yes"
dhcp6c_interfaces=3D"igb0"
#
# Enable gateway functionality for both IPv4 and IPv6
#
gateway_enable=3D"YES"
ipv6_gateway_enable=3D"YES"
I also modify /etc/rtadvd.conf as the default for lifetime is wildly too =
large and if you don't change it and then the gateway reboots you can be =
waiting a LONG time before a client behind the gateway will re-validate=20
its IPv6 address and routing information.
root@IpGw:/data/karl # more /etc/rtadvd.conf
# Set the preferred lifetime to 10 minutes on advertised prefixes.
# All other parameters are default.
#
igb1:\
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 :pltime#600:
That's pretty-much it.
I'm on 12.2 at present on this box and have not yet checked 13.0.
--=20
Karl Denninger
karl@denninger.net <mailto:karl@denninger.net>
/The Market Ticker/
/[S/MIME encrypted email preferred]/
--------------ms060701060108000803080109
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgMFADCABgkqhkiG9w0BBwEAAKCC
DdgwggagMIIEiKADAgECAhMA5EiKghDOXrvfxYxjITXYDdhIMA0GCSqGSIb3DQEBCwUAMIGL
MQswCQYDVQQGEwJVUzEQMA4GA1UECAwHRmxvcmlkYTESMBAGA1UEBwwJTmljZXZpbGxlMRkw
FwYDVQQKDBBDdWRhIFN5c3RlbXMgTExDMRgwFgYDVQQLDA9DdWRhIFN5c3RlbXMgQ0ExITAf
BgNVBAMMGEN1ZGEgU3lzdGVtcyBMTEMgMjAxNyBDQTAeFw0xNzA4MTcxNjQyMTdaFw0yNzA4
MTUxNjQyMTdaMHsxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdGbG9yaWRhMRkwFwYDVQQKDBBD
dWRhIFN5c3RlbXMgTExDMRgwFgYDVQQLDA9DdWRhIFN5c3RlbXMgQ0ExJTAjBgNVBAMMHEN1
ZGEgU3lzdGVtcyBMTEMgMjAxNyBJbnQgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
AoICAQC1aJotNUI+W4jP7xQDO8L/b4XiF4Rss9O0B+3vMH7Njk85fZ052QhZpMVlpaaO+sCI
KqG3oNEbuOHzJB/NDJFnqh7ijBwhdWutdsq23Ux6TvxgakyMPpT6TRNEJzcBVQA0kpby1DVD
0EKSK/FrWWBiFmSxg7qUfmIq/mMzgE6epHktyRM3OGq3dbRdOUgfumWrqHXOrdJz06xE9NzY
vc9toqZnd79FUtE/nSZVm1VS3Grq7RKV65onvX3QOW4W1ldEHwggaZxgWGNiR/D4eosAGFxn
uYeWlKEC70c99Mp1giWux+7ur6hc2E+AaTGh+fGeijO5q40OGd+dNMgK8Es0nDRw81lRcl24
SWUEky9y8DArgIFlRd6d3ZYwgc1DMTWkTavx3ZpASp5TWih6yI8ACwboTvlUYeooMsPtNa9E
6UQ1nt7VEi5syjxnDltbEFoLYcXBcqhRhFETJe9CdenItAHAtOya3w5+fmC2j/xJz29og1KH
YqWHlo3Kswi9G77an+zh6nWkMuHs+03DU8DaOEWzZEav3lVD4u76bKRDTbhh0bMAk4eXriGL
h4MUoX3Imfcr6JoyheVrAdHDL/BixbMH1UUspeRuqQMQ5b2T6pabXP0oOB4FqldWiDgJBGRd
zWLgCYG8wPGJGYgHibl5rFiI5Ix3FQncipc6SdUzOQIDAQABo4IBCjCCAQYwHQYDVR0OBBYE
FF3AXsKnjdPND5+bxVECGKtc047PMIHABgNVHSMEgbgwgbWAFBu1oRhUMNEzjODolDka5k4Q
EDBioYGRpIGOMIGLMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHRmxvcmlkYTESMBAGA1UEBwwJ
TmljZXZpbGxlMRkwFwYDVQQKDBBDdWRhIFN5c3RlbXMgTExDMRgwFgYDVQQLDA9DdWRhIFN5
c3RlbXMgQ0ExITAfBgNVBAMMGEN1ZGEgU3lzdGVtcyBMTEMgMjAxNyBDQYIJAKxAy1WBo2kY
MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IC
AQCB5686UCBVIT52jO3sz9pKuhxuC2npi8ZvoBwt/IH9piPA15/CGF1XeXUdu2qmhOjHkVLN
gO7XB1G8CuluxofOIUce0aZGyB+vZ1ylHXlMeB0R82f5dz3/T7RQso55Y2Vog2Zb7PYTC5B9
oNy3ylsnNLzanYlcW3AAfzZcbxYuAdnuq0Im3EpGm8DoItUcf1pDezugKm/yKtNtY6sDyENj
tExZ377cYA3IdIwqn1Mh4OAT/Rmh8au2rZAo0+bMYBy9C11Ex0hQ8zWcvPZBDn4v4RtO8g+K
uQZQcJnO09LJNtw94W3d2mj4a7XrsKMnZKvm6W9BJIQ4Nmht4wXAtPQ1xA+QpxPTmsGAU0Cv
HmqVC7XC3qxFhaOrD2dsvOAK6Sn3MEpH/YrfYCX7a7cz5zW3DsJQ6o3pYfnnQz+hnwLlz4MK
17NIA0WOdAF9IbtQqarf44+PEyUbKtz1r0KGeGLs+VGdd2FLA0e7yuzxJDYcaBTVwqaHhU2/
Fna/jGU7BhrKHtJbb/XlLeFJ24yvuiYKpYWQSSyZu1R/gvZjHeGb344jGBsZdCDrdxtQQcVA
6OxsMAPSUPMrlg9LWELEEYnVulQJerWxpUecGH92O06wwmPgykkz//UmmgjVSh7ErNvL0lUY
UMfunYVO/O5hwhW+P4gviCXzBFeTtDZH259O7TCCBzAwggUYoAMCAQICEwCg0WvVwekjGFiO
62SckFwepz0wDQYJKoZIhvcNAQELBQAwezELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB0Zsb3Jp
ZGExGTAXBgNVBAoMEEN1ZGEgU3lzdGVtcyBMTEMxGDAWBgNVBAsMD0N1ZGEgU3lzdGVtcyBD
QTElMCMGA1UEAwwcQ3VkYSBTeXN0ZW1zIExMQyAyMDE3IEludCBDQTAeFw0xNzA4MTcyMTIx
MjBaFw0yMjA4MTYyMTIxMjBaMFcxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdGbG9yaWRhMRkw
FwYDVQQKDBBDdWRhIFN5c3RlbXMgTExDMRswGQYDVQQDDBJrYXJsQGRlbm5pbmdlci5uZXQw
ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC+HVSyxVtJhy3Ohs+PAGRuO//Dha9A
16l5FPATr6wude9zjX5f2lrkRyU8vhCXTZW7WbvWZKpcZ8r0dtZmiK9uF58Ec6hhvfkxJzbg
96WHBw5Fumd5ahZzuCJDtCAWW8R7/KN+zwzQf1+B3MVLmbaXAFBuKzySKhKMcHbK3/wjUYTg
y+3UK6v2SBrowvkUBC+jxNg3Wy12GsTXcUS/8FYIXgVVPgfZZrbJJb5HWOQpvvhILpPCD3xs
YJFNKEPltXKWHT7Qtc2HNqikgNwj8oqOb+PeZGMiWapsatKm8mxuOOGOEBhAoTVTwUHlMNTg
6QUCJtuWFCK38qOCyk9Haj+86lUU8RG6FkRXWgMbNQm1mWREQhw3axgGLSntjjnznJr5vsvX
SYR6c+XKLd5KQZcS6LL8FHYNjqVKHBYM+hDnrTZMqa20JLAF1YagutDiMRURU23iWS7bA9tM
cXcqkclTSDtFtxahRifXRI7Epq2GSKuEXe/1Tfb5CE8QsbCpGsfSwv2tZ/SpqVG08MdRiXxN
5tmZiQWo15IyWoeKOXl/hKxA9KPuDHngXX022b1ly+5ZOZbxBAZZMod4y4b4FiRUhRI97r9l
CxsP/EPHuuTIZ82BYhrhbtab8HuRo2ofne2TfAWY2BlA7ExM8XShMd9bRPZrNTokPQPUCWCg
CdIATQIDAQABo4IBzzCCAcswPAYIKwYBBQUHAQEEMDAuMCwGCCsGAQUFBzABhiBodHRwOi8v
b2NzcC5jdWRhc3lzdGVtcy5uZXQ6ODg4ODAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIF
oDAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMDMGCWCG
SAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBDbGllbnQgQ2VydGlmaWNhdGUwHQYDVR0O
BBYEFLElmNWeVgsBPe7O8NiBzjvjYnpRMIHKBgNVHSMEgcIwgb+AFF3AXsKnjdPND5+bxVEC
GKtc047PoYGRpIGOMIGLMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHRmxvcmlkYTESMBAGA1UE
BwwJTmljZXZpbGxlMRkwFwYDVQQKDBBDdWRhIFN5c3RlbXMgTExDMRgwFgYDVQQLDA9DdWRh
IFN5c3RlbXMgQ0ExITAfBgNVBAMMGEN1ZGEgU3lzdGVtcyBMTEMgMjAxNyBDQYITAORIioIQ
zl6738WMYyE12A3YSDAdBgNVHREEFjAUgRJrYXJsQGRlbm5pbmdlci5uZXQwDQYJKoZIhvcN
AQELBQADggIBAJXboPFBMLMtaiUt4KEtJCXlHO/3ZzIUIw/eobWFMdhe7M4+0u3te0sr77QR
dcPKR0UeHffvpth2Mb3h28WfN0FmJmLwJk+pOx4u6uO3O0E1jNXoKh8fVcL4KU79oEQyYkbu
2HwbXBU9HbldPOOZDnPLi0whi/sbFHdyd4/w/NmnPgzAsQNZ2BYT9uBNr+jZw4SsluQzXG1X
lFL/qCBoi1N2mqKPIepfGYF6drbr1RnXEJJsuD+NILLooTNf7PMgHPZ4VSWQXLNeFfygoOOK
FiO0qfxPKpDMA+FHa8yNjAJZAgdJX5Mm1kbqipvb+r/H1UAmrzGMbhmf1gConsT5f8KU4n3Q
IM2sOpTQe7BoVKlQM/fpQi6aBzu67M1iF1WtODpa5QUPvj1etaK+R3eYBzi4DIbCIWst8MdA
1+fEeKJFvMEZQONpkCwrJ+tJEuGQmjoQZgK1HeloepF0WDcviiho5FlgtAij+iBPtwMuuLiL
shAXA5afMX1hYM4l11JXntle12EQFP1r6wOUkpOdxceCcMVDEJBBCHW2ZmdEaXgAm1VU+fnQ
qS/wNw/S0X3RJT1qjr5uVlp2Y0auG/eG0jy6TT0KzTJeR9tLSDXprYkN2l/Qf7/nT6Q03qyE
QnnKiBXWAZXveafyU/zYa7t3PTWFQGgWoC4w6XqgPo4KV44OMYIFBzCCBQMCAQEwgZIwezEL
MAkGA1UEBhMCVVMxEDAOBgNVBAgMB0Zsb3JpZGExGTAXBgNVBAoMEEN1ZGEgU3lzdGVtcyBM
TEMxGDAWBgNVBAsMD0N1ZGEgU3lzdGVtcyBDQTElMCMGA1UEAwwcQ3VkYSBTeXN0ZW1zIExM
QyAyMDE3IEludCBDQQITAKDRa9XB6SMYWI7rZJyQXB6nPTANBglghkgBZQMEAgMFAKCCAkUw
GAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMjEwNDE5MTgyNjMy
WjBPBgkqhkiG9w0BCQQxQgRATcVijXVAHFzs3nQto0D3GGbiifSo8bk0K/jzL2kL93C+eVvw
MaYnFO9Q2u/WD6bgGJSP8PNgs1z11w1i91dIqTBsBgkqhkiG9w0BCQ8xXzBdMAsGCWCGSAFl
AwQBKjALBglghkgBZQMEAQIwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3
DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMIGjBgkrBgEEAYI3EAQxgZUwgZIwezEL
MAkGA1UEBhMCVVMxEDAOBgNVBAgMB0Zsb3JpZGExGTAXBgNVBAoMEEN1ZGEgU3lzdGVtcyBM
TEMxGDAWBgNVBAsMD0N1ZGEgU3lzdGVtcyBDQTElMCMGA1UEAwwcQ3VkYSBTeXN0ZW1zIExM
QyAyMDE3IEludCBDQQITAKDRa9XB6SMYWI7rZJyQXB6nPTCBpQYLKoZIhvcNAQkQAgsxgZWg
gZIwezELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB0Zsb3JpZGExGTAXBgNVBAoMEEN1ZGEgU3lz
dGVtcyBMTEMxGDAWBgNVBAsMD0N1ZGEgU3lzdGVtcyBDQTElMCMGA1UEAwwcQ3VkYSBTeXN0
ZW1zIExMQyAyMDE3IEludCBDQQITAKDRa9XB6SMYWI7rZJyQXB6nPTANBgkqhkiG9w0BAQEF
AASCAgCtLEW1+zu/kFXPZ52M63JzxXDHilyiVL1x7KOm+U22x0KPRWtj++BO8X+19IFhKf6i
2shi0H2sTR6GX82ez8PW17fUbaaQcBjD+jkXeeWY+wJOuWpo615aWtl4/S17OCFcSYfUZg+z
EPUf/Tb4RUIwOce8bn62etTGhnJB5Ur5s8DaH6GKcCD8WWs6/Cc6ZoWK4UgxP7qjmH0wXGSM
xMGb9jJ7PtxkTwSoETlJwnrhu48lVKBU5Kce4rxzISiRHoJd7VWIVx0w1OwCUPOCICW0ZlIw
C7Gy8Xuz7qfcb4swo+BFmgOleZQQH399Jwf8zuDtnOFHZQO8SR5Z2hgJV8J2xo5Zx0x164v7
JeBtpN8ypM074NysOIbRqctHQ6ViTXNZbE8h0UJBzNt+lllrpw2g8DzHqIyZm0nxJTx5xxq6
JE7z+hpwtSoVk2QtFRJDKYXH/0O/pa/vk19AN7ROgsIayvhtJuXOCfCy0qsxJ5T+fA77uW0N
G6N9D16bGYbsHgkDN3xyM0V0WTAMSjxcrjO4dWZHfhnmfaTbFq/MXIPJa9l1eCMsVJl+uWFL
0iVcDz95cnsMnHcyBQHde27XmkJcKHopnBykM5u20GNu7zUc6xJ4xIdRZEeZpd+fRIBAHc/Z
iSOd6LiIQuWMsmaSZq0WubhE+/ce6Zo5hWMkDZq4qgAAAAAAAA==
--------------ms060701060108000803080109--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?876c130a-6abb-7de9-7b3a-c8051b3188b2>