SOLVED: IPv6 -> DNS & DHCP

Post new topic   Reply to topic    DD-WRT Forum Index -> Atheros WiSOC based Hardware
Goto page Previous  1, 2, 3  Next
Author Message
Acumen
DD-WRT User


Joined: 15 Nov 2014
Posts: 221

PostPosted: Thu Mar 10, 2016 9:22    Post subject: Reply with quote
No reaction so far, just bumping this topic back to the first page in the hope an IPv6 expert sees it.
_________________
Netgear WNDR4300v1 DD-WRT v3.0 BS r29837 | Netgear R6400 DD-WRT v3.0 KB r33525M | Tickets: 5429
IPv4 & IPv6-PD | ProFTP & Samba to USB thumb | DNSMasq DHCPv6 | Pi-Hole on RasPi

Found a bug, report it so the it can be fixed: http://svn.dd-wrt.com/
Sponsor
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6858
Location: Romerike, Norway

PostPosted: Sun Mar 20, 2016 23:08    Post subject: Reply with quote
Here is what I use for DHCP6C Custom:

Code:
interface vlan2 {
send rapid-commit;
send ia-pd 1;
request domain-name-servers, domain-name;
};

id-assoc pd 1 {
     prefix ::/48 infinity;
     prefix-interface br0 {
          sla-id 0;
         sla-len 16;
     };
     prefix-interface br1 {
          sla-id 1;
         sla-len 16;
     };
     prefix-interface vlan3 {
          sla-id 2;
         sla-len 16;
     }; 
};


My isp is giving me a /48 prefix. I divide it up in 3 sub-segments (br0, br1 and vlan3)
Acumen
DD-WRT User


Joined: 15 Nov 2014
Posts: 221

PostPosted: Mon Mar 21, 2016 7:57    Post subject: Reply with quote
Okay, interesting. I will have a look if it combines with my DNSMasq settings, or if I have to skip DHCP trough DNSMasq.

Do you have an idea where the pd 1 refers to in: 'id-assoc pd 1 {' ?

_________________
Netgear WNDR4300v1 DD-WRT v3.0 BS r29837 | Netgear R6400 DD-WRT v3.0 KB r33525M | Tickets: 5429
IPv4 & IPv6-PD | ProFTP & Samba to USB thumb | DNSMasq DHCPv6 | Pi-Hole on RasPi

Found a bug, report it so the it can be fixed: http://svn.dd-wrt.com/
JAMESMTL
DD-WRT Guru


Joined: 13 Mar 2014
Posts: 856
Location: Montreal, QC

PostPosted: Mon Apr 04, 2016 5:23    Post subject: Reply with quote
sorry didn't see your message in the thread until today. did you get it working?

PS to get my attention send PM with link to thread as I don't have time to read every thread posted
Acumen
DD-WRT User


Joined: 15 Nov 2014
Posts: 221

PostPosted: Mon Apr 04, 2016 11:36    Post subject: Reply with quote
Hello James,

No problem, and thanks for responding. I will keep your contact suggestion in mind.
To answer your question, I unfortunately did not got it to work and stopped trying because:
- I think there might be a bug in DD-WRT IPv6*;
- I was running in circles

While trying to create some ip6tables rules to contact my FTP server, I bumped into this:
Code:
2001:aaaa:bbbb:cccc::/64 dev vlan2  proto kernel  metric 256  expires 57598sec
2001:aaaa:bbbb:cccc::/59 dev br0  proto kernel  metric 256

More about that, at here: https://www.dd-wrt.com/phpBB2/viewtopic.php?t=300126

* I created a ticket for it 5277-Wrong IPv6 Prefix Length on br0 interface (vlan2/64, br0/59)

However, if you have a suggestion how to get IPv6 up and running on my br1, I am very interested!

_________________
Netgear WNDR4300v1 DD-WRT v3.0 BS r29837 | Netgear R6400 DD-WRT v3.0 KB r33525M | Tickets: 5429
IPv4 & IPv6-PD | ProFTP & Samba to USB thumb | DNSMasq DHCPv6 | Pi-Hole on RasPi

Found a bug, report it so the it can be fixed: http://svn.dd-wrt.com/
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6858
Location: Romerike, Norway

PostPosted: Mon Apr 04, 2016 16:03    Post subject: Reply with quote
dhcp6c Custom config for prefix length 56:
Code:
interface vlan2 {
send rapid-commit;
send ia-pd 1;
request domain-name-servers, domain-name;
};

id-assoc pd 1 {
     prefix ::/56 infinity;
     prefix-interface br0 {
          sla-id 0;
         sla-len 8;
     };
     prefix-interface br1 {
          sla-id 1;
         sla-len 8;
     };
       
};


That makes sla-len=8 (64-56=8)


This will give you
br0: 2001:aaaa:bbbb:cccc:0::/64
br1: 2001:aaaa:bbbb:cccc:1::/64
JAMESMTL
DD-WRT Guru


Joined: 13 Mar 2014
Posts: 856
Location: Montreal, QC

PostPosted: Mon Apr 04, 2016 19:27    Post subject: Reply with quote
FWIW I have no reason to believe you are experiencing a bug in ddwrt and a ticket seems premature as everything points a config error. Browsing through your comments I see no reason why you shouldn't be able to get it working as desired. I suggest you break down your problem into 3 configuration steps where you resolve each one completely before moving on to the next one.

1. Address assignment from ISP to router interfaces (dhcpv6-pd)

As Per Yngve Berg has pointed out, dhcp6c needs to be properly configured where you request a prefix greater than /64 and then split it up between the interfaces.

You've referred to a /59 having been assigned to your router, while unusual that prefix size is not impossible. You should be aware that an ISP is not required to honor prefix size requests. Ex. dhcp6c is configured to request a /56 but your ISP turns around and assigns /59. In these cases your likely to see unexpected results.

Out of curiosity what dhcp6c config were you using when the /59 was assigned?

In any event to properly configure dhcp6c you need to determine what prefix sizes are supported by your ISP. Generally that information is easily available by asking your ISP or reading their user forums.

If you're unable to get that information the next step would be to configure dhcp6c to request a larger prefix such as a /48, reboot, then restart dhcp6c in debug mode which will log everything from dhcpv6 solicit through confirmation to the syslog (syslog must be enabled).

To run dhcp6c in debug mode run the following

killall dhcp6c && dhcp6c -c /tmp/dhcp6c.conf -D -T LL vlan2


2. Address assignment from router to clients (dnsmasq)
3. Firewall rules permitting remote access to local hosts
Acumen
DD-WRT User


Joined: 15 Nov 2014
Posts: 221

PostPosted: Tue Apr 05, 2016 12:36    Post subject: Reply with quote
First of all, thank you both for helping.
JAMESMTL wrote:
FWIW I have no reason to believe you are experiencing a bug in ddwrt and a ticket seems premature as everything points a config error. Browsing through your comments I see no reason why you shouldn't be able to get it working as desired. I suggest you break down your problem into 3 configuration steps where you resolve each one completely before moving on to the next one.

That's best practise indeed. Since BR0 seemed to work fine, I wanted to open a port to me NAS and bumped on an issue. Digging in to it, I noticed the prefix part and since I did not configure anything, I tought to bump into a bug.

Quote:
1. Address assignment from ISP to router interfaces (dhcpv6-pd)
As Per Yngve Berg has pointed out, dhcp6c needs to be properly configured where you request a prefix greater than /64 and then split it up between the interfaces.

Since I disabled 'Dhcp6c custom', 'Dhcp6s' and 'Radvd' and serve local IP addresses via DNSMasq DHCPv6, I never took a look at dhcp6c.
Because there is an ISP router that also takes a small part of the IPv6 addresses, I guess it is best to not delegate the whole /56 block, but perhaps a /60 (where I now configured a delegatetion of /64 by the way).
I guess after I change the delegated prefix to 60 in the GUI, I should past the code below in my DHCP6c custom config:
Code:
interface vlan2 {
send rapid-commit;
send ia-pd 1;
request domain-name-servers, domain-name;
};

id-assoc pd 1 {
     prefix ::/60 infinity;
     prefix-interface br0 {
          sla-id 0;
         sla-len 16;
     };
     prefix-interface br1 {
          sla-id 1;
         sla-len 16;
     };
};

Correct?

Quote:
You've referred to a /59 having been assigned to your router, while unusual that prefix size is not impossible. You should be aware that an ISP is not required to honor prefix size requests. Ex. dhcp6c is configured to request a /56 but your ISP turns around and assigns /59. In these cases your likely to see unexpected results.
Out of curiosity what dhcp6c config were you using when the /59 was assigned?

That whould be a mistake. I have a /56 from my ISP and set dhcpv6-pd at the DDWRT with /64 (and like said above, will set it to /60)
When I entered 'ip -6 route' at the SSH Console, I however noticed the strange "split" with a /59 as shown below:
Code:
2001:aaaa:bbbb:cccc::/64 dev vlan2  proto kernel  metric 256  expires 57598sec
2001:aaaa:bbbb:cccc::/59 dev br0  proto kernel  metric 256

I did not configured /59 anywhere myself, so I concluded it had to be a bug.

Quote:
In any event to properly configure dhcp6c you need to determine what prefix sizes are supported by your ISP. Generally that information is easily available by asking your ISP or reading their user forums.

If you're unable to get that information the next step would be to configure dhcp6c to request a larger prefix such as a /48, reboot, then restart dhcp6c in debug mode which will log everything from dhcpv6 solicit through confirmation to the syslog (syslog must be enabled).

To run dhcp6c in debug mode run the following

killall dhcp6c && dhcp6c -c /tmp/dhcp6c.conf -D -T LL vlan2

It is displayed on my ISP router, so I am certain that it is a /56, but it is always good to know the steps above.

Quote:
2. Address assignment from router to clients (dnsmasq)
3. Firewall rules permitting remote access to local hosts


I will give it a go this evening (GMT+2) and report back at here.

_________________
Netgear WNDR4300v1 DD-WRT v3.0 BS r29837 | Netgear R6400 DD-WRT v3.0 KB r33525M | Tickets: 5429
IPv4 & IPv6-PD | ProFTP & Samba to USB thumb | DNSMasq DHCPv6 | Pi-Hole on RasPi

Found a bug, report it so the it can be fixed: http://svn.dd-wrt.com/
Acumen
DD-WRT User


Joined: 15 Nov 2014
Posts: 221

PostPosted: Tue Apr 05, 2016 13:38    Post subject: Reply with quote
Since I found a minute, I configured it as planned (/60), but somehow did not receive an IPv6 address at the WAN-Interface.
So I've put it back to: DHCP-PD -> Prefix Length /64
Set DHCP6c Custom to:
Code:
interface vlan2 {
send rapid-commit;
send ia-pd 1;
request domain-name-servers, domain-name;
};

id-assoc pd 1 {
     prefix ::/64 infinity;
     prefix-interface br0 {
          sla-id 0;
         sla-len 8;
     };
     prefix-interface br1 {
          sla-id 1;
         sla-len 8;
     };
};


The result was that no IPv6 address was set on the WAN-Interface.
After disabling DHCP6c Custom, the IPv6 address was again.

_________________
Netgear WNDR4300v1 DD-WRT v3.0 BS r29837 | Netgear R6400 DD-WRT v3.0 KB r33525M | Tickets: 5429
IPv4 & IPv6-PD | ProFTP & Samba to USB thumb | DNSMasq DHCPv6 | Pi-Hole on RasPi

Found a bug, report it so the it can be fixed: http://svn.dd-wrt.com/
Acumen
DD-WRT User


Joined: 15 Nov 2014
Posts: 221

PostPosted: Tue Apr 05, 2016 17:58    Post subject: Reply with quote
I gave it another shot and think that I am making some progress with the prefix length on /60 and the following dhcp6c custom config:
Code:
interface vlan2 {
send rapid-commit;
send ia-pd 1;
request domain-name-servers, domain-name;
};

id-assoc pd 1 {
     prefix ::/60 infinity;
     prefix-interface br0 {
          sla-id 0;
         sla-len 4;
     };
     prefix-interface br1 {
          sla-id 1;
         sla-len 4;
     };
};


the result of 'ip -6 route'
Code:
2001:xxxx:yyyy:zzzz::/64 dev vlan2  proto kernel  metric 256  expires 57581sec
2001:xxxx:yyyy:zzzz::/63 dev br0  proto kernel  metric 256
2001:xxxx:yyyy:zzzz::/63 dev br1  proto kernel  metric 256


DNSMasq is set to:
Code:
enable-ra
dhcp-option=option6:dns-server,[::]
dhcp-option=vendor:MSFT,2,1i
# dhcp-range=br0,::1, constructor:br0, ra-stateless, ra-names, 4h
dhcp-range=br0,::1000, ::3000, constructor:br0, ra-stateless, ra-names, 4h
dhcp-range=br1,::1000, ::3000, constructor:br1, ra-stateless, ra-names, 4h


The ip address result on:
wan: 2001:xxxx:yyyy:zzz0:200:ff:fe00:0
br0: 2001:xxxx:yyyy:zzz0:8ddd:481d:e5af:b80b
br1: 2001:xxxx:yyyy:zzz1:8ddd:481d:e5af:b80b

Is this all as expected?

_________________
Netgear WNDR4300v1 DD-WRT v3.0 BS r29837 | Netgear R6400 DD-WRT v3.0 KB r33525M | Tickets: 5429
IPv4 & IPv6-PD | ProFTP & Samba to USB thumb | DNSMasq DHCPv6 | Pi-Hole on RasPi

Found a bug, report it so the it can be fixed: http://svn.dd-wrt.com/


Last edited by Acumen on Tue Apr 05, 2016 18:42; edited 2 times in total
JAMESMTL
DD-WRT Guru


Joined: 13 Mar 2014
Posts: 856
Location: Montreal, QC

PostPosted: Tue Apr 05, 2016 18:28    Post subject: Reply with quote
All 3 of your above examples are off. If you only request a /64 then you shouldn't be trying to subnet that allocation to 2 interfaces as each subnet should be a separate /64


Here is an example for /60

Code:
interface vlan2 {
  send rapid-commit;
  send ia-pd 1;
  send ia-na 0;
  request domain-name-servers, domain-name;
  script "/sbin/dhcp6c-state";
};

id-assoc pd 1 {
  prefix ::/60 infinity;
  prefix-interface br0 {
    sla-id 0;
    sla-len 4;
  };
  prefix-interface br1 {
    sla-id 1;
    sla-len 4;
  };
};

id-assoc na 0 {};



**** Note if your wan interface is not vlan2 then you need to change it to whatever it actually is

The ia-pd parts refer to the dhcpv6-pd prefix request for the lan interfaces and the ia-na requests a dhcpv6 address for the WAN

As Per Yngve Berg's mentioned the sla-len should be 64 - requested prefix size. So 64 - 60 = 4

Now if you requested a /56 then sla-len would be 8 for each interface.

When requesting a single /64 sla-len = 0

You can try the above but at this point we are guessing that your isp supports /60

if /60 does not work try /56 (sla-len 8 ). If /56 does not work then its time to stop guessing and either confirm what prefix sizes are supported by your isp or run dhcp6c in debug mode
Acumen
DD-WRT User


Joined: 15 Nov 2014
Posts: 221

PostPosted: Tue Apr 05, 2016 18:41    Post subject: Reply with quote
I know, I pasted the wrong config, but the submit of my edit timed out multiple times. I will give it another try to edit the post with my current result.

-- Edit
With the removal of some ip6table rules I now scored 10/10 on http://test-ipv6.com/ on br1 too

Thanks!
Since I like to document things for myself, I will post some documentation later. The main thing to me was that I did not know you needed dhcp6c.

_________________
Netgear WNDR4300v1 DD-WRT v3.0 BS r29837 | Netgear R6400 DD-WRT v3.0 KB r33525M | Tickets: 5429
IPv4 & IPv6-PD | ProFTP & Samba to USB thumb | DNSMasq DHCPv6 | Pi-Hole on RasPi

Found a bug, report it so the it can be fixed: http://svn.dd-wrt.com/
JAMESMTL
DD-WRT Guru


Joined: 13 Mar 2014
Posts: 856
Location: Montreal, QC

PostPosted: Tue Apr 05, 2016 19:15    Post subject: Reply with quote
Good to hear you got it working.

Before I stop following the atheros sub-forum would you mind sending me a PM with the results of the following commands, this way I can walk away knowing there's no glaring issues

ifconfig
ip -6 route
ip6tables -vnL
rkitover
DD-WRT Novice


Joined: 20 Mar 2014
Posts: 4
Location: San Francisco, CA, USA

PostPosted: Fri Jan 06, 2017 13:50    Post subject: working 6rd config for charter Reply with quote
So I got everything working with the Charter 6rd tunnel finally, before I used radvd as suggested in the wiki, but that doesn't work for windows hosts, so I'm now using the dnsmasq config suggested here and everything is working great, here is my config:

dnsmasq options:

server=2001:4860:4860::8888
server=2001:4860:4860::8844
server=8.8.8.8
server=8.8.4.4

enable-ra
dhcp-range=::1, ::400, constructor:br0, ra-stateless, ra-names, 12h
dhcp-option=option6:dns-server,[::]
dhcp-option=vendor:MSFT,2,1i


startup script (for tunnel, under Administration -> Commands, save as startup):

HOST6RD=6rd.charter.com
PREFIX=2602:100
ROUTER_LAN_IP=192.168.1.1

insmod /lib/modules/`uname -r`/ipv6.ko 2>/dev/null
insmod /lib/modules/`uname -r`/kernel/net/ipv6/sit.ko 2>/dev/null

WANIP="$(ifconfig vlan2 | sed -n '/inet /{s/.*addr://;s/ .*//;p}')"
IP6RD=$(nslookup $HOST6RD 2>/dev/null | grep "Address" | awk '{ print $3 }'|\
grep -v $ROUTER_LAN_IP)

if [ -n "$WANIP" ]; then
V6PREFIX=$(printf $PREFIX':%02x%02x:%02x%02x' $(echo $WANIP | tr . ' '))
ip tunnel add tun6rd mode sit local $WANIP ttl 255
ip tunnel 6rd dev tun6rd 6rd-prefix $PREFIX::/32
ip addr add $V6PREFIX::1/32 dev tun6rd
ip addr add $V6PREFIX::1/64 dev br0
ip link set tun6rd mtu 1280
ip link set tun6rd up
ip route add ::/0 via ::$IP6RD dev tun6rd

kill -HUP $(cat /var/run/radvd.pid) 2>/dev/null
fi

firewall script to allow IPV6 traffic (Administration -> Commands, save as firewall):

ip6tables -F FORWARD
ip6tables -F OUTPUT
damatel
DD-WRT Novice


Joined: 04 Feb 2017
Posts: 11

PostPosted: Thu Feb 09, 2017 19:23    Post subject: Reply with quote
Had to take down my reply because today James told me in another thread that the configuration above is completely absurd and wrong period and whatever else he said to completely belittle my help.
Goto page Previous  1, 2, 3  Next Display posts from previous:    Page 2 of 3
Post new topic   Reply to topic    DD-WRT Forum Index -> Atheros WiSOC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum