Dual Stack Issues

Mon Apr 19 18:26:40 UTC 2021

On 4/19/2021 13:45, Doug Hardie wrote:
> I am trying to setup a FreeBSD 13.0 router for IPv6 and IPv4.  The IPv4 
addresses are all statically assigned.  IPv6 should come from a prefix delegation from "ISP" and then sub-deligated to local LANs and hosts.  I have tried numerous approaches from various postings but still have two issues:
>
> 1.  DHCP for IPv6 doesn't seem to really work.  There are several packages available, but comments indicate issues with them.  In any case, none 
of them seem to be viable in the router setup, but only in the lower hosts.
>
> 2.  The entries in /etc/resolv.conf never seem to work for both IPv4 and IPv6.  The name servers for both are different.  There is one for each protocol and which ever one is listed first in resolv.conf will return a not-found response for any request using the other protocol.
>
> Any ideas on how to make this work?
>
> -- Doug

I've not had issues with resolv.conf, but the other side does work for 
me under 12.2 without problems.

I get both IPv4 and IPv6 from the upstream ISP on this device. The 
upstream in this case is Spectrum, but Cox also works as I've had an 
identical clone of it on Cox with only minor changes.

/usr/local/etc/dhcp6c.conf

#
# This configuration will attempt to get either a /56 or a /60 from your
# ISP (choose one below, comment the other out) and assign a /64 internally.
# Note that if you have a /60 you can have four /64s defined; if you have 
a
# /56 then obviously you can have 16 internal networks.  For most "house"
# size networks four separate delineations is enough, for most "moderate"
# sized corporate environments 16 is enough.  BE AWARE THAT THE SLA-LEN MUST
# MATCH THE DIFFERENCE BETWEEN THE LOCAL PREFIX AND THE REMOTE ONE!  
If
# you ask for a /56 then sla-len is 8, if you ask for a /60 then the sla-len
# is 4 (difference between the requested prefix length and 64, 
respectively.)
#

interface igb0 {
      send ia-pd 0;
      send ia-na 1;
};

id-assoc na 1 {

};

id-assoc pd 0 {
   prefix ::/56 infinity;
#  prefix ::/60 infinity;
   prefix-interface igb1 {
     sla-id 1;
     sla-len 8;
#    sla-len 4;
   };
};

This gets a /56 (on Cox a /60 works and is sufficient, on Spectrum it 
will not, but a /56 does)

Here is what is in /etc/rc.conf relevant to this:

# If you are turning on IPv6 then you MUST set both these lines AND look in
# /usr/local/etc/dhcp6c.conf and make SURE you have the correct prefix and
# assignments for local prefix length.  Note that we only accept routing 
info
# on the WAN interface, NEVER on the internal one.
#
ipv6_cpe_wanif="igb0"
ifconfig_igb0_ipv6="inet6 -ifdisabled accept_rtadv"
ifconfig_igb1_ipv6="inet6 -ifdisabled -accept_rtadv"

#ipv6_activate_all_interfaces="yes"
#
# Ipv6 routing; we MUST be an IPv6 router for the INTERNAL interface to
# distribute IPv6
#
rtadvd_enable="Yes"
rtadvd_interfaces="igb1"

#
# Dhcp6c client (get IPv6 addresses; note that 
/usr/local/etc/dhcp6c.conf must
# also be edited or this will NOT work!)
#
dhcp6c_enable="Yes"
dhcp6c_interfaces="igb0"

#
# Enable gateway functionality for both IPv4 and IPv6
#
gateway_enable="YES"
ipv6_gateway_enable="YES"

I also modify /etc/rtadvd.conf as the default for lifetime is wildly too 
large and if you don't change it and then the gateway reboots you can be 
waiting a LONG time before a client behind the gateway will re-validate 
its IPv6 address and routing information.

root at IpGw:/data/karl # more /etc/rtadvd.conf
# Set the preferred lifetime to 10 minutes on advertised prefixes.
# All other parameters are default.
#
igb1:\
         :pltime#600:

That's pretty-much it.

I'm on 12.2 at present on this box and have not yet checked 13.0.

-- 
Karl Denninger
karl at denninger.net <mailto:karl at denninger.net>
/The Market Ticker/
/[S/MIME encrypted email preferred]/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4897 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freebsd.org/pipermail/freebsd-net/attachments/20210419/c72fc14f/attachment.bin>