Re: comcast Business IPv6 setup I BEG of you...

Mon, 02 Oct 2017 07:57:12 -0700 

On 2017-10-02 10:28, Ed  D. wrote:

Josh,
Thanks for the reply.
For some reason it didn't make it here.
Could you send it again?



Sure.  One key - pass the ICMPv6 protocol in your packet filters.  
You'll have lots of head-desk
moments if you are blocking ICMPv6.  This is protocol number 58, 
"ipv6-icmp" in /etc/protocols and

therefore also in your pf.conf(5) file.


I chose wide-dhcpv6 at the time I deployed IPv6, based on a 
recommendation in misc@, and

never changed this.

On the router:

1. Only the external interface has SLAAC configured
   with "inet6 autoconf." The internal interface hostname.if(5)
   file only provisions IPv4 addressing.

2. The wide-dhcpv6 package includes both client and server.  The
   client obtains the prefix allocation from Comcast, and is
   started from rc.local(8).  My configuration file (/etc/dhcpdis: with:

   /usr/local/sbin/dhcp6c $EXTERNAL_NIC

   My configuration file is:

      interface $EXTERNAL_NIC {
        send ia-pd 0;
        send ia-na 0;
        send rapid-commit;
        request domain-name-servers;
        request domain-name;
      };

      id-assoc na 0 {
      };

      id-assoc pd 0 {
        prefix-interface $INTERNAL_NIC {
                sla-len 0;
        };
      };

3. I start rtadvd(8) from its rc.d(8) script, using the $INTERNAL_NIC
   as the flag.  You can enable and set the flag with rcctl(8), or
   edit rc.conf.local(8) manually.  I do not have a configuration file.

The $INTERNAL NIC (in my case, vlan2) will have IPv6 provisioning, as
shown below:


vlan2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 
1500

        lladdr 00:0d:b9:2f:9a:7c
        description: << Backplane >>
        index 7 priority 0 llprio 3
        vlan: 2 parent interface: trunk0
        vnetid: 2
        parent: trunk0
        groups: vlan
        status: active
        inet 10.0.1.254 netmask 0xffffff00 broadcast 10.0.1.255
        inet6 fe80::20d:b9ff:fe2f:9a7c%vlan2 prefixlen 64 scopeid 0x7
        inet6 2601:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx prefixlen 64

And any SLAAC using device on the internal LAN will receive

and router advertisements, such as this OpenBSD laptop using inet6 
autoconf:



vlan2: flags=208843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,AUTOCONF6> 
mtu 1500

        lladdr f0:de:f1:78:7c:39
        index 43 priority 0 llprio 3
        encap: vnetid 2 parent em0
        groups: vlan egress
        media: Ethernet autoselect (1000baseT full-duplex)
        status: active
        inet 10.0.1.130 netmask 0xffffff00 broadcast 10.0.1.255
        inet6 fe80::f2de:f1ff:fe78:7c39%vlan2 prefixlen 64 scopeid 0x2b

        inet6 2601:yyyy:yyyy:yyyy:yyyy:yyyy:yyyy:yyyy prefixlen 64 
autoconf pltime 604784 vltime 2591984
        inet6 2601:zzzz:zzzz:zzzz:zzzz:zzzz:zzzz:zzzz prefixlen 64 
autoconf autoconfprivacy pltime 85390 vltime 603971

_______________________________________________
Openbsd-newbies mailing list
Openbsd-newbies@sfobug.theapt.org
http://mailman.theapt.org/listinfo/openbsd-newbies






















					Reply via email to