DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 12th June 2012
SlyM SlyM is offline
Port Guard
 
Join Date: Nov 2010
Posts: 21
Default How to configure OpenBSD (5.1) to make use of Comcast's native dual stack IPv6

Hi everyone!

I've been using FreeBSD and now OpenBSD to make a custom basic router/gateway firewall for my Comcast cable Internet connection. It works beautifully (only gets rebooted when it's time to upgrade from one release to another ie, the recent 5.0 to 5.1 release).

I have also since I previously used FreeBSD, been using a Hurricane Electric tunnel to get IPv6 connectivity to my internal LAN (as well as the router itself). That was fairly easily understood and implemented.

However, now that Comcast is slowly rolling out IPv6 in native dual stack to it's customers, I'd like to be able to take advantage of it via my OpenBSD box so I can have IPv6 connectivity without the need for the Hurricane Electric tunnel.

Does anyone on this forum know about how they plan to implement it? As I understand it, they are going to be using DHCPv6 to assign the info to the home gateway...can stock OpenBSD dhcp client handle this or must I use something else?

Any info would be greatly appreciated.
Reply With Quote
  #2   (View Single Post)  
Old 12th June 2012
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 8,052
Default

http://comments.gmane.org/gmane.os.openbsd.misc/183330
Reply With Quote
  #3   (View Single Post)  
Old 12th August 2012
SlyM SlyM is offline
Port Guard
 
Join Date: Nov 2010
Posts: 21
Default Ok, so I got it mostly working...

I just managed to get a delegated prefix working on my OpenBSD router using the isc-dhclient software package I installed (the default included dhclient does NOT support IPv6 at all it appears).

There are a couple of things:

1) The isc-dhclient package does NOT include a dhclient-script of it's own so I was forced to work off the already included one in OpenBSD 5.1. Ironically this version has subroutines in it specifically for IPv6. However they clearly do not work, especially when attempting to work in Prefix Delegation mode. I tweaked the script to figure out how it worked and eventually found it was getting it's information via temporary environment variables and depending on what's set when it's called, it attempts to configure the system accordingly. So I watched the behavior of #sudo /usr/local/sbin/dhclient -d -6 -P -D LL -N vr0 -sf /root/dhclient-script until I found the information that was necessary to provision an IPv6 address on the WAN interface and then modified the script some to provision the delegated prefix obtained via dhclient -6 -P mode.

Here's where the deficiencies remain to be solved.

2) There was never any mention of DNS server IPs...ok fine I can continue to work off the IPv4 ones for now, no biggie.

3) But worse than that was the IPv6 default route was never configured, and I quickly realized it was because such information is simply NOT supplied via DHCPv6 because if you read the RFCs it's meant to be obtained via a standard IPv6 Router Advertisement, which....

4) ...can't be done!!! because my router is configured for forwarding which if you also read the RFCs means net.inet6.ip6.accept_rtadv=0 has to be disabled!!! So wait, how is this supposed to work? If you take the link local IPv6 address of the DHCPv6 server and manually configure it as your default route, then magically your delegated subnet suddenly works.

So my question is...does anyone know how to force net.inet6.ip6.accept_rtadv=1 to enabled and still be able to enable forwarding of IPv6 in the kernel? Or is there a way to leave forwarding enabled and still somehow extract the information that would otherwise be obtained automatically via the kernel and manually configure it via a script of some kind?

I am willing to post my modifications to the dhclient-script from OpenBSD 5.1 in case anyone is interested in seeing how I got it to sort of work, and maybe refine what I started.

Midnight
Reply With Quote
  #4   (View Single Post)  
Old 12th August 2012
SlyM SlyM is offline
Port Guard
 
Join Date: Nov 2010
Posts: 21
Default

After reading that link, I may decide to give that wide-dhcpv6 package a shot instead of the isc-dhclient package and see if I have better luck with it.

Midnight
Reply With Quote
  #5   (View Single Post)  
Old 19th February 2013
miller_joe miller_joe is offline
New User
 
Join Date: Feb 2013
Posts: 1
Default

Have you guys had any more success with comcast ipv6 on openbsd 5.x? If so can you post additional details, such as your wide-dhcp6c conf files, any relevant pf rules you needed?, changes to the stock dhclient-script that were necessary.

thanks!
Reply With Quote
  #6   (View Single Post)  
Old 11th March 2013
sysfu sysfu is offline
Port Guard
 
Join Date: Jun 2008
Posts: 36
Default

I just installed the wide-dhcpv6 package on an OpenBSD 5.3-beta system. Already have dhcpv6 server running via PFSense on the LAN. /etc/dhcp6c.conf config file seems pretty straight forward. Only question I have is what's the best way to launch dhcp6c client daemon? Don't see any pkg_scripts included with wide-dhcpv6, nothing new showed up in /etc/rc.d. Perhaps I'll just go old school with a line in /etc/rc.local for now.
Reply With Quote
  #7   (View Single Post)  
Old 11th March 2013
sysfu sysfu is offline
Port Guard
 
Join Date: Jun 2008
Posts: 36
Default

Hm, having an issue running dhcp6c,

$ sudo dhcp6c -dfc /etc/dhcp6c.conf wpi0
Mar/11/2013 15:08:53: dhcp6_ctl_authinit: failed to open /etc/dhcp6cctlkey: No such file or directory
Mar/11/2013 15:08:53: client6_init: failed initialize control message authentication
Mar/11/2013 15:08:53: client6_init: skip opening control port
Mar/11/2013 15:08:53: add_options: invalid operation (0) for option type (16)
Mar/11/2013 15:08:53: client6_recvadvert: unexpected advertise
Mar/11/2013 15:08:54: update_ia: T1(2250) and/or T2(3600) is locally determined

Running ifconfig wpi0|grep inet shows that the wpi0 adapter is pulling a legit IPv6 address from the DHCPv6 server, however attempts to ping IPv6 addresses fail.

$ ping6 ipv6.google.com
ping6: UDP connect: No route to host

Other IPv6 hosts on the lan can ping IPv6 hosts w/out issues.

It appears that the wpi0 adapter has two IPv6 addresses assigned, one beginning with fe80:: that is autoconfigured, and the other which is assigned via the DHCPv6 server.

Maybe that is the problem? I need to kill the fe80:: inet6 address so it's not confused about the routing?
Reply With Quote
  #8   (View Single Post)  
Old 11th March 2013
sysfu sysfu is offline
Port Guard
 
Join Date: Jun 2008
Posts: 36
Default

Nevermind, I resolved the no route to host issue by manually running "sudo rtsol -F wpi0".

Discovered that you need to run the rtsol daemon so the interface can pick up the IPv6 routes being advertised by router.

For autorun of rtsold on boot you'll probably want to set the net.inet6.ip6.accept_rtadv and net.inet6.icmp6.rediraccept values in /etc/sysctl.conf appropriately (see rtsol man page).
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenBSD Configure OpenBSD Sendmail with SASL J65nko News 3 18th March 2013 01:53 AM
With World IPv6 Launch, IPv6 on by default will be the new normal J65nko News 0 29th March 2012 07:59 PM
NAT64: OpenBSD 5.1 will translate between IPv4 and IPv6 J65nko News 0 27th February 2012 10:37 PM
dual booting OpenBSD and NetBSD daemonfowl NetBSD Installation and Upgrading 1 21st February 2012 01:06 PM
Dual-head OpenBSD workstation? DraconianTimes OpenBSD General 6 7th October 2008 04:22 PM


All times are GMT. The time now is 04:43 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick