DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 4 Weeks Ago
tsombi digitale tsombi digitale is offline
New User
 
Join Date: Sep 2019
Posts: 4
Default IPv6 networking on OpenBSD 6.6-current (via snapshots)

Hello.

I've looked through the OpenBSD networking FAQ and see only mention of IPv4. I'd like to troubleshoot IPv6 networking and get that working once again. It worked until a year or two ago, I forget when. Lately, I've tried some more with fresh installations on several architectures including i386 and amd64 but cannot figure out how to get IPv6 connectivity.

I think that I do still have IPv6 support from the ISP because they do claim to have it active for my account and they are probably correct because when I plug in a proprietary Technicolor(R) router, anything I then connect to it gets a working IPv6 address and IPv6 routes.

Code:
$ ping6 -c 1 2a00:1450:400f:808::2004
PING 2a00:1450:400f:808::2004(2a00:1450:400f:808::2004) 56 data bytes
64 bytes from 2a00:1450:400f:808::2004: icmp_seq=1 ttl=54 time=26.4 ms

--- 2a00:1450:400f:808::2004 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 26.354/26.354/26.354/0.000 ms
I am otherwise completely unfamiliar with IPv6.

The defaults are apparently ok for Technicolor but not OpenBSD. What should I be looking at changing on the various OpenBSD devices?
Reply With Quote
  #2   (View Single Post)  
Old 4 Weeks Ago
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 6,865
Default

Hello and welcome! Here are two key considerations for IPv6 on OpenBSD:
  1. Determine what your ISP requires for provisioning. ISPs all have varying requirements, which you must align to. Some provide SLAAC with SOII support, some provide SLAAC without SOII, some provide prefix delegation instead of SLAAC, and those are just the ISPs I have connected to myself, there are other variations.
  2. Check your PF configuration, too. OpenBSD users commonly deploy default block configurations. This blocks ICMPv6, which is required for routing.
Here's a presentation I wrote in 2017 on IPv6. It may help with general concepts, if not specifics for your environment.
Reply With Quote
  #3   (View Single Post)  
Old 4 Weeks Ago
tsombi digitale tsombi digitale is offline
New User
 
Join Date: Sep 2019
Posts: 4
Default

Thanks. I'll check those options out in detail over time but I think option #1 may lead to the solution.

For option two, I set pf.conf to just a single line, "pass", and restarted networking and then eventually even did a cold boot. None of that seemed to have any effect. I also combined that with various combinations of "inet6 autoconf", "inet6 autoconf soii", and "inet6 autoconf -soii" etc in the egress configuration. So I think that might rule out any question of PF being in the way.

However, for option one, that may take a bit of time. I'll post back much later with status on that.

But first, what are Semantically Opaque Interface Identifiers (SOII)? I cannot find a brief definition anywhere online or in the manual pages except for a mention in passing for ifconfig(8), the presence of a /etc/soii.key file, and online RFC7217.
Reply With Quote
  #4   (View Single Post)  
Old 4 Weeks Ago
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 6,865
Default

In SLAAC, either the interface MAC address is used as the basis for addressing, or a host value is used. You can see the creation of this one-time random value in /etc/rc:
Code:
        if [[ ! -f /etc/soii.key ]]; then
                openssl rand -hex 16 > /etc/soii.key &&
                    chmod 600 /etc/soii.key && sysctl -q \
                    "net.inet6.ip6.soiikey=$(</etc/soii.key)"
        fi
Your ISP may use a mechanism other than SLAAC for address assignment.
Reply With Quote
  #5   (View Single Post)  
Old 1 Week Ago
tsombi digitale tsombi digitale is offline
New User
 
Join Date: Sep 2019
Posts: 4
Default

Sorry for the delay. I went and arranged to speak in person with the ISP's support staff, the mid-level support, and the manager for the latter. None new what IPv6 was. Ouch.

I also tried putting OpenBSD 6.0 on a machine and gave rtsol a try. However, that would not connect either. So slaac and rstol are not in use as far as I can tell.

After digging around in some very, very old discussions on some obscure forums there was the suggestion at least back then, many years ago, that 6rd was being used.

What would the next step in debugging this be?
Reply With Quote
  #6   (View Single Post)  
Old 1 Week Ago
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 6,865
Default

6rd, 6to4, DHCPv6, ICMPv6 ... and other possible provisioning mechanisms.
Quote:
Originally Posted by tsombi digitale View Post
...they do claim to have it active for my account...
Quote:
Originally Posted by tsombi digitale View Post
...None new what IPv6 was.
With that non sequitur in your way, I can only think of three options:
  1. The upstream ISP from yours might have a clue what they provide downstream, if anything.
  2. IPv6 packet inspection may lead you towards the appropriate provisioning tools. But you'd need to have the skills to capture and interpret those packets
  3. Stick with IPv4, purchase a third party IPv6 tunnel service, or change ISPs.
Reply With Quote
  #7   (View Single Post)  
Old 1 Week Ago
tsombi digitale tsombi digitale is offline
New User
 
Join Date: Sep 2019
Posts: 4
Default

I'll try option 2 while working on option 1 in the background.

I've set up a bridge which allows traffic through it, more or less invisibly, and have put it between a router which handles IPv6 and the net. GNU/Linux computers connecting through both can use IPv6. I can run tcpdump on the bridge. However, perhaps the query below is not right because I see only two packet with it despite lots of traffic over the bridge:

Code:
# tcpdump -qnli cnmac0 'ip6'
tcpdump: listening on cnmac0, link-type EN10MB

10:44:22.284468 :: > xxxx::1:xxxx:xxxx: icmp6: neighbor sol: who has xxxx::xxxx:xxxx:xxxx:xxxx
10:44:22.284625 :: > xxxx::1:xxxx:xxxx: icmp6: neighbor sol: who has xxxx::xxxx:xxxx:xxxx:xxxx
Reply With Quote
  #8   (View Single Post)  
Old 1 Week Ago
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 6,865
Default

You've posted what looks to me to be 2 NDP queries with no responses.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
pledge(2) & snapshots of -current ocicat OpenBSD Packages and Ports 1 12th July 2016 06:37 AM
OpenBSD OpenBSD 5.3 snapshots J65nko News 0 4th February 2013 11:55 PM
the extra stuff in -current snapshots ocicat OpenBSD General 4 20th June 2012 04:57 PM
OpenBSD OpenBSD 4.7 beta snapshots J65nko News 0 29th January 2010 08:02 PM
SHA256 replaces MD5 in OpenBSD snapshots J65nko OpenBSD General 3 6th May 2009 04:36 PM


All times are GMT. The time now is 10:48 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick