Help with IPv6 router gateway config, Comcast, DHCP, dnsmasq

Rui Paulo rpaulo at me.com
Sat Nov 1 05:54:02 UTC 2014 

On Oct 31, 2014, at 20:23, Chris Inacio <nacho319 at gmail.com> wrote:
> 
> Hello all,
> 
> I've tried to find this information in so many ways, but I just can't piece
> it together, maybe my Google fu is failing me.
> 
> I have my router/gateway device running FreeBSD 10p11 - so its up to date.
> On my internal network interface, re1, I'm using dnsmasq to serve both IPv4
> DHCP and current private network IPv6 (fc00::).

This prefix has been depreciated.  Why aren't you giving global IPv6 addresses internally anyway?

> I can successfully configure my public interface (re0) to get IPv6
> information from Comcast.  I'm getting both a /128 NA for the interface as
> well as a prefix /64 to allocate IPv6 addresses.
> 
> The problem is that I get the /64 via dhcp6c operating on my re0 interface,
> and then I can't figure out how to pass that information to dnsmasq to use
> it for my internal network.  I could only see the /64 by running dhcp6c in
> foreground+debug mode.

The way this works is by prefix delegation.  dhcp6c gets a delegated prefix from the DHCPv6 server and then it's supposed to configure it on your internal network (re1).

You could theoretically write a script that runs when you get a prefix which configures dnsmasq, but to be honest letting dhcp6c configure the prefix on your internal network and then running rtadvd is much easier.  Not to mention that not every system out there supports DHCPv6 by default.

> Is there a simple solution to this?  I'm okay with variations such as "stop
> using dhcp6c to get the /64 prefix and add `XXXXX` to dnsmasq to do it"  or
> "use dhcp6s to serve the /64 prefix".
> 
> I am currently having a few issues with dnsmasq, but generally, I still
> like it.  (It keeps crashing with signal 11, but I'm using the version from
> pkg which doesn't call out to an init script.)  But the way dnsmasq handles
> DHCP, local DNS, and support DNSSEC I like a lot.
> 
> I find the man pages for dhcp6 pretty awful.  The man pages describe the
> options - but not being able to find what /64 is assigned to dhcp6c other
> than running in debug mode seems crazy.

There's an alternative: dhclient from ports which includes DHCPv6 support with prefix delegation.

> 
> My configs are really basic.  dhcp6c.conf:
> 
> interface re0 {
> 
>        send ia-pd 0;
> 
>        send ia-na 1;
> 
> };
> 
> 
> id-assoc na 1 {
> 
> };
> 
> 
> id-assoc pd {
> 
>        prefix ::/56 infinity;
> 
>        prefix-interface re0 {
> 
>                sla-len 4;
> 
>                sla-id 1;
> 
>        };
> 
> };
> 
> 
> dnsmasq.conf:
> 
> 
> interface=re1
> 
> dhcp-range=re1,192.168.1.1,192.168.1.150,255.255.255.0,12h
> 
> domain-needed
> 
> bogus-priv
> 
> resolv-file=/usr/local/etc/dnsmasq-resolv.conf
> 
> 
> #
> 
> # serve up our own name
> 
> #
> 
> interface-name=aticusjr,re1
> 
> 
> 
> #
> 
> # enable DNSSEC
> 
> #
> 
> conf-file=/usr/local/share/dnsmasq/trust-anchors.conf
> 
> dnssec
> 
> dnssec-check-unsigned
> 
> 
> #
> 
> # do IPv6 router advertisements for internal network
> 
> #
> 
> dhcp-range=::,constructor:re1,ra-only
> 
> enable-ra
> 
> 
> Any help would be greatly appreciated.
> 
> 
> thanks
> 
> Chris
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"

--
Rui Paulo

More information about the freebsd-net mailing list