Re: IPv6 with wide-dhcpv6
On 7/17/2017 11:09 PM, David Higgs wrote: >[snip] > After a good amount of trial and error, it appears that Comcast will only > dole out a single /128 via DHCPv6. Annoying but easy enough to work around > with pf(4) nat-to and some static RFC 4193 prefixes. I have Comcast as my ISP. Comcast's IPv6 DHCP, by default, doles out a /128. If you also want a prefix delegation, you have to ask for it. Comcast will give out up to a /60 prefix delegation. I ask for and receive a /62. If you don't specify a prefix delegation length, you'll get a /64 prefix. I use the ISC-DHCP dhclient with this patch: https://archive.mgm51.com/sources/pd-pref.html It's been running reliably ever since Comcast fired up IPv6 in my area, i.e., more than three years. IPv6 is deployed nationwide on Comcast's network for at least a couple of years now.
Re: IPv6 with wide-dhcpv6
On Sat, Jul 15, 2017 at 2:17 AM, Stuart Hendersonwrote: > On 2017-07-14, David Higgs wrote: > > Comcast provides me with IPv6 via DHCPv6, which I've finally tried to > > configure on my OpenBSD 6.1 router. I am having difficulty maintaining > my > > IPv6 public IP address when using the wide-dhcpv6 package when in client > > mode. > > Switch to dhcpcd, which has a workaround for the vltime/pltime bug, or > use a snapshot, where it has been fixed. Or both. > > > - Is there a security/quality preference between wide-dhcpv6 and > dhcpcd? I > > notice that dhcp6c doesn't appear to support a dedicated chroot/user... > > dhcpcd is more modern and actively maintained. I'm not aware of any > client that does DHCPv6-PD that has privsep though. > > > - Does the project have any near-term plans to write a DHCPv6 daemon to > > live in base? > > I'm not aware of any. > > After a good amount of trial and error, it appears that Comcast will only dole out a single /128 via DHCPv6. Annoying but easy enough to work around with pf(4) nat-to and some static RFC 4193 prefixes. No apparent problems when running dhcpcd. FWIW, I did notice that sometimes my upstream link does not have the accept_rtadv flag set (as per ndp -i $INTF), but I haven't investigated this in depth. Thanks! --david
Re: IPv6 with wide-dhcpv6
On 2017-07-14, David Higgswrote: > Comcast provides me with IPv6 via DHCPv6, which I've finally tried to > configure on my OpenBSD 6.1 router. I am having difficulty maintaining my > IPv6 public IP address when using the wide-dhcpv6 package when in client > mode. Switch to dhcpcd, which has a workaround for the vltime/pltime bug, or use a snapshot, where it has been fixed. Or both. > - Is there a security/quality preference between wide-dhcpv6 and dhcpcd? I > notice that dhcp6c doesn't appear to support a dedicated chroot/user... dhcpcd is more modern and actively maintained. I'm not aware of any client that does DHCPv6-PD that has privsep though. > - Does the project have any near-term plans to write a DHCPv6 daemon to > live in base? I'm not aware of any.
IPv6 with wide-dhcpv6
Comcast provides me with IPv6 via DHCPv6, which I've finally tried to configure on my OpenBSD 6.1 router. I am having difficulty maintaining my IPv6 public IP address when using the wide-dhcpv6 package when in client mode. Specifically, when the pltime/vltime goes to zero, the address is removed from the interface but dhcp6c doesn't seem interested in renewing either before or after this happens until I manually send it a HUP. When running tcpdump, I see the following RA packet(s) but do not see the prefixes in my routing table. 13:27:09.986879 fe80::201:5cff:fe86:7046 > ff02::1: icmp6: router advertisement(chlim=0, MO, pref=medium, router_ltime=1800, reachable_time=360, retrans_time=1000)(prefix info: valid_ltime=604800, preferred_ltime=302400, prefix=2001:558:4083:17::/64)(prefix info: valid_ltime=604800, preferred_ltime=302400, prefix=2001:558:5018:69::/64)(prefix info: valid_ltime=604800, preferred_ltime=302400, prefix=2001:558:6020:117::/64)(prefix info: valid_ltime=604800, preferred_ltime=302400, prefix=2001:558:8026:22::/64) [icmp6 cksum ok] (len 144, hlim 255) Several questions: - Have I configured something wrong? - Should the RA prefixes appear in my routing table? Is this related at all to my issues? - I plan to get prefix delegation going eventually, are there any other surprises to worry about? - Is there a security/quality preference between wide-dhcpv6 and dhcpcd? I notice that dhcp6c doesn't appear to support a dedicated chroot/user... - Does the project have any near-term plans to write a DHCPv6 daemon to live in base? Happy to provide further info; thanks in advance for any feedback. --david