Need an advice about DHCP IPv6 server software

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

Need an advice about DHCP IPv6 server software

Denis Lapshin-2
Hi All,

I have working OpenBSD based IPv4 router, but now need to add IPv6
functionality to the same router box with keeping all IPv4 services.

I've set aliases with IPv6 addresses for all the adapters in
/etc/hostname.if  and added filtering rules for IPv6 to PF.

Stuck with IPv6 DHCP server piece of software. Which one do I need to
have IPv6 DHCP server functionality? The best solution is to use
implemented into OpenBSD, no packaged one.

Please recommend some. Any examples will be useful too.

Thank you.

 

 

Reply | Threaded
Open this post in threaded view
|

Re: Need an advice about DHCP IPv6 server software

Claus Lensbøl-2
Hi Denis,
Do you specifically need a DHCP server for v6 or do you "just" need to
hand out addresses to your network(s)? For the second option you can
use the rtadvd service having the clients configure their own addresses
with SLAAC.

If you need a DHCP server, you need rtadvd to hand off the requests to
the DHCP server in any case. Last time, which is some time ago, the
DHCP server distributed with OpenBSD wasn't capable of working with
IPv6, so you'll need the ISC version or perhaps the WIDE server that I
have not worked with.

http://wide-dhcpv6.sourceforge.net/

I don't have a working DHCP config for you, but if you "just" need
SLAAC, I can provide you some, perhaps a bit, old examples.
Let me know.

/ Claus


On 06-12-2017 15:14, Denis wrote:

> Hi All,
>
> I have working OpenBSD based IPv4 router, but now need to add IPv6
> functionality to the same router box with keeping all IPv4 services.
>
> I've set aliases with IPv6 addresses for all the adapters in
> /etc/hostname.if  and added filtering rules for IPv6 to PF.
>
> Stuck with IPv6 DHCP server piece of software. Which one do I need to
> have IPv6 DHCP server functionality? The best solution is to use
> implemented into OpenBSD, no packaged one.
>
> Please recommend some. Any examples will be useful too.
>
> Thank you.
>
>  
>
>  
>

--
Med venlig hilsen/Best regards
Claus Lensbøl

Fab:IT ApS
Vesterbrogade 37, 2. th
DK-1620 København
Tlf: +45 70 202 407
Main Site: www.fab-it.dk
VPS Product: vpsforce.eu


Reply | Threaded
Open this post in threaded view
|

Re: Need an advice about DHCP IPv6 server software

Jiri B-2
On Wed, Dec 06, 2017 at 09:28:40PM +0900, Claus Lensbl wrote:
> If you need a DHCP server, you need rtadvd to hand off the requests to
> the DHCP server in any case. Last time, which is some time ago, the
> DHCP server distributed with OpenBSD wasn't capable of working with
> IPv6, so you'll need the ISC version or perhaps the WIDE server that I
> have not worked with.
>
> http://wide-dhcpv6.sourceforge.net/

Or kea from ports.

j.

Reply | Threaded
Open this post in threaded view
|

Re: Need an advice about DHCP IPv6 server software

Denis Lapshin-2
In reply to this post by Claus Lensbøl-2
I've set up rtadvd, but Win7 still have no IPv6 address. Only Link local
IPv6 address: fe80.... is present.

ipconfig /all shows:

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : local
   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Desktop Adapter
   Physical Address. . . . . . . . . :  mac...
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::c6:... (Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.125 (Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, December 07, 2017
3:46:37 PM
   Lease Expires . . . . . . . . . . : Thursday, December 07, 2017
4:46:19 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 235405873
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-2F-22-3...
   DNS Servers . . . . . . . . . . . : 8.8.8.8
   NetBIOS over Tcpip. . . . . . . . : Enabled

I'm actively using PF for IPv4 filtering, what I have to set up to make
IPv6 SLAAC working? Which port rtadvd is using to advertize the router
on network?

# cat /etc/hostname.em0
inet 192.168.1.1 255.255.255.0 media autoselect
inet6 alias 2001:bd2:101::1 64

# cat /etc/rtadvd.conf
em0:\
    :addr="2001:bd2:101::":prefixlen#64:\
    :rtprefix="2001:bd2:101::":\
    :rdnss":"2001:bd2:101::1":\
    :dnssl="local":

# /etc/rc.d/rtadvd start
tradvd (ok)

# ndp -a
2001:bd2:101::1    mac... em0 permanent R l
fe80::....    mac... em0 permanent R l

Thanks for answer in advance.

Denis


On 12/6/2017 3:28 PM, Claus Lensbøl wrote:

> Hi Denis,
> Do you specifically need a DHCP server for v6 or do you "just" need to
> hand out addresses to your network(s)? For the second option you can
> use the rtadvd service having the clients configure their own addresses
> with SLAAC.
>
> If you need a DHCP server, you need rtadvd to hand off the requests to
> the DHCP server in any case. Last time, which is some time ago, the
> DHCP server distributed with OpenBSD wasn't capable of working with
> IPv6, so you'll need the ISC version or perhaps the WIDE server that I
> have not worked with.
>
> http://wide-dhcpv6.sourceforge.net/
>
> I don't have a working DHCP config for you, but if you "just" need
> SLAAC, I can provide you some, perhaps a bit, old examples.
> Let me know.
>
> / Claus
>
>
> On 06-12-2017 15:14, Denis wrote:
>> Hi All,
>>
>> I have working OpenBSD based IPv4 router, but now need to add IPv6
>> functionality to the same router box with keeping all IPv4 services.
>>
>> I've set aliases with IPv6 addresses for all the adapters in
>> /etc/hostname.if  and added filtering rules for IPv6 to PF.
>>
>> Stuck with IPv6 DHCP server piece of software. Which one do I need to
>> have IPv6 DHCP server functionality? The best solution is to use
>> implemented into OpenBSD, no packaged one.
>>
>> Please recommend some. Any examples will be useful too.
>>
>> Thank you.
>>
>>  
>>
>>  
>>

Reply | Threaded
Open this post in threaded view
|

Re: Need an advice about DHCP IPv6 server software

Claus Lensbøl-2
Do you know if the Windows box gets the RA from rtadvd?
If you have pf running you may need to allow it there.

https://content.pivotal.io/blog/a-barebones-pf-ipv6-firewall-ruleset

/ Claus


On 07-12-2017 23:18, Denis wrote:

> I've set up rtadvd, but Win7 still have no IPv6 address. Only Link local
> IPv6 address: fe80.... is present.
>
> ipconfig /all shows:
>
> Ethernet adapter Local Area Connection:
>
>    Connection-specific DNS Suffix  . : local
>    Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Desktop Adapter
>    Physical Address. . . . . . . . . :  mac...
>    DHCP Enabled. . . . . . . . . . . : Yes
>    Autoconfiguration Enabled . . . . : Yes
>    Link-local IPv6 Address . . . . . : fe80::c6:... (Preferred)
>    IPv4 Address. . . . . . . . . . . : 192.168.1.125 (Preferred)
>    Subnet Mask . . . . . . . . . . . : 255.255.255.0
>    Lease Obtained. . . . . . . . . . : Thursday, December 07, 2017
> 3:46:37 PM
>    Lease Expires . . . . . . . . . . : Thursday, December 07, 2017
> 4:46:19 PM
>    Default Gateway . . . . . . . . . : 192.168.1.1
>    DHCP Server . . . . . . . . . . . : 192.168.1.1
>    DHCPv6 IAID . . . . . . . . . . . : 235405873
>    DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-2F-22-3...
>    DNS Servers . . . . . . . . . . . : 8.8.8.8
>    NetBIOS over Tcpip. . . . . . . . : Enabled
>
> I'm actively using PF for IPv4 filtering, what I have to set up to make
> IPv6 SLAAC working? Which port rtadvd is using to advertize the router
> on network?
>
> # cat /etc/hostname.em0
> inet 192.168.1.1 255.255.255.0 media autoselect
> inet6 alias 2001:bd2:101::1 64
>
> # cat /etc/rtadvd.conf
> em0:\
>     :addr="2001:bd2:101::":prefixlen#64:\
>     :rtprefix="2001:bd2:101::":\
>     :rdnss":"2001:bd2:101::1":\
>     :dnssl="local":
>
> # /etc/rc.d/rtadvd start
> tradvd (ok)
>
> # ndp -a
> 2001:bd2:101::1    mac... em0 permanent R l
> fe80::....    mac... em0 permanent R l
>
> Thanks for answer in advance.
>
> Denis
>
>
> On 12/6/2017 3:28 PM, Claus Lensbøl wrote:
>> Hi Denis,
>> Do you specifically need a DHCP server for v6 or do you "just" need to
>> hand out addresses to your network(s)? For the second option you can
>> use the rtadvd service having the clients configure their own addresses
>> with SLAAC.
>>
>> If you need a DHCP server, you need rtadvd to hand off the requests to
>> the DHCP server in any case. Last time, which is some time ago, the
>> DHCP server distributed with OpenBSD wasn't capable of working with
>> IPv6, so you'll need the ISC version or perhaps the WIDE server that I
>> have not worked with.
>>
>> http://wide-dhcpv6.sourceforge.net/
>>
>> I don't have a working DHCP config for you, but if you "just" need
>> SLAAC, I can provide you some, perhaps a bit, old examples.
>> Let me know.
>>
>> / Claus
>>
>>
>> On 06-12-2017 15:14, Denis wrote:
>>> Hi All,
>>>
>>> I have working OpenBSD based IPv4 router, but now need to add IPv6
>>> functionality to the same router box with keeping all IPv4 services.
>>>
>>> I've set aliases with IPv6 addresses for all the adapters in
>>> /etc/hostname.if  and added filtering rules for IPv6 to PF.
>>>
>>> Stuck with IPv6 DHCP server piece of software. Which one do I need to
>>> have IPv6 DHCP server functionality? The best solution is to use
>>> implemented into OpenBSD, no packaged one.
>>>
>>> Please recommend some. Any examples will be useful too.
>>>
>>> Thank you.
>>>
>>>  
>>>
>>>  
>>>

--
Med venlig hilsen/Best regards
Claus Lensbøl

Fab:IT ApS
Vesterbrogade 37, 2. th
DK-1620 København
Tlf: +45 70 202 407
Main Site: www.fab-it.dk
VPS Product: vpsforce.eu

Reply | Threaded
Open this post in threaded view
|

Re: Need an advice about DHCP IPv6 server software

Jan Kalkus
For what it’s worth, I’ve noticed Windows frequently will not grab IPv6 addresses via SLAAC.

If I disable IPv6 on the network interface and then re-enable it, then I will be assigned an IPv6 address.

Jan Kalkus

> On Dec 7, 2017, at 23:14, Claus Lensbøl <[hidden email]> wrote:
>
> Do you know if the Windows box gets the RA from rtadvd?
> If you have pf running you may need to allow it there.
>
> https://content.pivotal.io/blog/a-barebones-pf-ipv6-firewall-ruleset
>
> / Claus
>
>
>> On 07-12-2017 23:18, Denis wrote:
>> I've set up rtadvd, but Win7 still have no IPv6 address. Only Link local
>> IPv6 address: fe80.... is present.
>>
>> ipconfig /all shows:
>>
>> Ethernet adapter Local Area Connection:
>>
>>   Connection-specific DNS Suffix  . : local
>>   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Desktop Adapter
>>   Physical Address. . . . . . . . . :  mac...
>>   DHCP Enabled. . . . . . . . . . . : Yes
>>   Autoconfiguration Enabled . . . . : Yes
>>   Link-local IPv6 Address . . . . . : fe80::c6:... (Preferred)
>>   IPv4 Address. . . . . . . . . . . : 192.168.1.125 (Preferred)
>>   Subnet Mask . . . . . . . . . . . : 255.255.255.0
>>   Lease Obtained. . . . . . . . . . : Thursday, December 07, 2017
>> 3:46:37 PM
>>   Lease Expires . . . . . . . . . . : Thursday, December 07, 2017
>> 4:46:19 PM
>>   Default Gateway . . . . . . . . . : 192.168.1.1
>>   DHCP Server . . . . . . . . . . . : 192.168.1.1
>>   DHCPv6 IAID . . . . . . . . . . . : 235405873
>>   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-2F-22-3...
>>   DNS Servers . . . . . . . . . . . : 8.8.8.8
>>   NetBIOS over Tcpip. . . . . . . . : Enabled
>>
>> I'm actively using PF for IPv4 filtering, what I have to set up to make
>> IPv6 SLAAC working? Which port rtadvd is using to advertize the router
>> on network?
>>
>> # cat /etc/hostname.em0
>> inet 192.168.1.1 255.255.255.0 media autoselect
>> inet6 alias 2001:bd2:101::1 64
>>
>> # cat /etc/rtadvd.conf
>> em0:\
>>    :addr="2001:bd2:101::":prefixlen#64:\
>>    :rtprefix="2001:bd2:101::":\
>>    :rdnss":"2001:bd2:101::1":\
>>    :dnssl="local":
>>
>> # /etc/rc.d/rtadvd start
>> tradvd (ok)
>>
>> # ndp -a
>> 2001:bd2:101::1    mac... em0 permanent R l
>> fe80::....    mac... em0 permanent R l
>>
>> Thanks for answer in advance.
>>
>> Denis
>>
>>
>>> On 12/6/2017 3:28 PM, Claus Lensbøl wrote:
>>> Hi Denis,
>>> Do you specifically need a DHCP server for v6 or do you "just" need to
>>> hand out addresses to your network(s)? For the second option you can
>>> use the rtadvd service having the clients configure their own addresses
>>> with SLAAC.
>>>
>>> If you need a DHCP server, you need rtadvd to hand off the requests to
>>> the DHCP server in any case. Last time, which is some time ago, the
>>> DHCP server distributed with OpenBSD wasn't capable of working with
>>> IPv6, so you'll need the ISC version or perhaps the WIDE server that I
>>> have not worked with.
>>>
>>> http://wide-dhcpv6.sourceforge.net/
>>>
>>> I don't have a working DHCP config for you, but if you "just" need
>>> SLAAC, I can provide you some, perhaps a bit, old examples.
>>> Let me know.
>>>
>>> / Claus
>>>
>>>
>>>> On 06-12-2017 15:14, Denis wrote:
>>>> Hi All,
>>>>
>>>> I have working OpenBSD based IPv4 router, but now need to add IPv6
>>>> functionality to the same router box with keeping all IPv4 services.
>>>>
>>>> I've set aliases with IPv6 addresses for all the adapters in
>>>> /etc/hostname.if  and added filtering rules for IPv6 to PF.
>>>>
>>>> Stuck with IPv6 DHCP server piece of software. Which one do I need to
>>>> have IPv6 DHCP server functionality? The best solution is to use
>>>> implemented into OpenBSD, no packaged one.
>>>>
>>>> Please recommend some. Any examples will be useful too.
>>>>
>>>> Thank you.
>>>>
>>>>
>>>>
>>>>
>>>>
>
> --
> Med venlig hilsen/Best regards
> Claus Lensbøl
>
> Fab:IT ApS
> Vesterbrogade 37, 2. th
> DK-1620 København
> Tlf: +45 70 202 407
> Main Site: www.fab-it.dk
> VPS Product: vpsforce.eu
>

Reply | Threaded
Open this post in threaded view
|

Re: Need an advice about DHCP IPv6 server software

Erik van Westen
Op 8-12-2017 om 15:07 schreef Jan Kalkus:
> For what it’s worth, I’ve noticed Windows frequently will not grab IPv6 addresses via SLAAC.
>
> If I disable IPv6 on the network interface and then re-enable it, then I will be assigned an IPv6 address.
>
> Jan Kalkus
>
[snip]

I would recheck my configuration if I were you then... Here it is
working 100% of the time on approx 10 windows (mixed W7/W10) machines.
The rest of the network (linux and OpenBSD works very well as well with
IPv6). Of course the firewall handing out the SLAAC is OpenBSD. Only be
careful with virtual machines, since you would need settings on the
hypervisor to permit multicast on vlans. The SLAAC broadcast is multicast...

Erik

Reply | Threaded
Open this post in threaded view
|

Re: Need an advice about DHCP IPv6 server software

Denis Lapshin-2
Erik,

Thank you for your support.

Can you share IPv6 part of PF.conf you're using for local network SLAAC?

Still encounter problem with getting IPv6 by Win7 machine.

Thanks.

Denis

On 12/8/2017 7:06 PM, obsd wrote:

> Op 8-12-2017 om 15:07 schreef Jan Kalkus:
>> For what it’s worth, I’ve noticed Windows frequently will not grab
>> IPv6 addresses via SLAAC.
>>
>> If I disable IPv6 on the network interface and then re-enable it,
>> then I will be assigned an IPv6 address.
>>
>> Jan Kalkus
>>
> [snip]
>
> I would recheck my configuration if I were you then... Here it is
> working 100% of the time on approx 10 windows (mixed W7/W10) machines.
> The rest of the network (linux and OpenBSD works very well as well
> with IPv6). Of course the firewall handing out the SLAAC is OpenBSD.
> Only be careful with virtual machines, since you would need settings
> on the hypervisor to permit multicast on vlans. The SLAAC broadcast is
> multicast...
>
> Erik
>

Reply | Threaded
Open this post in threaded view
|

Re: Need an advice about DHCP IPv6 server software

Niels Kobschaetzki
Do you block icmp by any chance? For SLAAC and NDP you need not to block ICMP6.

Niels

> On 9. Dec 2017, at 11:50, Denis <[hidden email]> wrote:
>
> Erik,
>
> Thank you for your support.
>
> Can you share IPv6 part of PF.conf you're using for local network SLAAC?
>
> Still encounter problem with getting IPv6 by Win7 machine.
>
> Thanks.
>
> Denis
>
>> On 12/8/2017 7:06 PM, obsd wrote:
>> Op 8-12-2017 om 15:07 schreef Jan Kalkus:
>>> For what it’s worth, I’ve noticed Windows frequently will not grab
>>> IPv6 addresses via SLAAC.
>>>
>>> If I disable IPv6 on the network interface and then re-enable it,
>>> then I will be assigned an IPv6 address.
>>>
>>> Jan Kalkus
>>>
>> [snip]
>>
>> I would recheck my configuration if I were you then... Here it is
>> working 100% of the time on approx 10 windows (mixed W7/W10) machines.
>> The rest of the network (linux and OpenBSD works very well as well
>> with IPv6). Of course the firewall handing out the SLAAC is OpenBSD.
>> Only be careful with virtual machines, since you would need settings
>> on the hypervisor to permit multicast on vlans. The SLAAC broadcast is
>> multicast...
>>
>> Erik
>>

Reply | Threaded
Open this post in threaded view
|

Re: Need an advice about DHCP IPv6 server software

Marc Peters-3
In reply to this post by Denis Lapshin-2
On Sat, Dec 09, 2017 at 01:50:37PM +0300, Denis wrote:
> Can you share IPv6 part of PF.conf you're using for local network SLAAC?

Did you even bother to open the link Claus send? There is everything neatly documented you need IPv6 wise to get it up and running with pf.

hth,
Marc

Reply | Threaded
Open this post in threaded view
|

Re: Need an advice about DHCP IPv6 server software

Erik van Westen
Op 9-12-2017 om 16:03 schreef Marc Peters:
> On Sat, Dec 09, 2017 at 01:50:37PM +0300, Denis wrote:
>> Can you share IPv6 part of PF.conf you're using for local network SLAAC?
> Did you even bother to open the link Claus send? There is everything neatly documented you need IPv6 wise to get it up and running with pf.
>
> hth,
> Marc

My pf.conf  does not deviate too much from that one indeed. The only
thing I did not see (but I did not look that well) was the pass out
inet6 all statement...