Solved Static IPv6 for local network

[arveex]

Hi,

I have a box acting as a gateway for my lan at home. It connects through PPPoE (tun0) to the provider and gets the configuration for the outside world (I'm using net/dhcpcd). The clients (on the lan) are served by rtadvd() and net/dhcpd.

I have a 192.168.1.0/24 network for LAN and also want a fd00::/64 besides the 2a02:x:x:x::/64 from the provider.

The problem I have is, if I assign fd00::1 in rc.conf, I can't ping it from other machines in the LAN (nor the other way around).

I noticed, if I just add another IP (like fd00::2) at a later time with ifconfig(), ping starts working (both ways, on all IPs). So, as a workaround, I don't assign the gateway's fd00::1 during boot in rc.conf, but in dhcpcd.conf like this:

# instead of rc.conf:
interface igb0
    static ip6_address=fd00::1/64

The only difference in the the outcome is the line

fd00::/64                         link#1                        U          igb0

I tried to add this route in the "static" version, but couldn't manage to do so (neither in rc.conf, nor later with route(8))

ifconfig_igb0="inet 192.168.1.1 netmask 255.255.255.0"

# doesn't work, not pingable; use dhcpcd
#ifconfig_igb0_ipv6="inet6 fd00::1/64 defaultif"
#ipv6_static_routes="lan"
#ipv6_route_lan="-net -inet6 fd00::/64 fd00::1"

ifconfig_tun0_ipv6="inet6 accept_rtadv"
ipv6_cpe_wanif="tun0"
ipv6_activate_all_interfaces="YES"

gateway_enable="YES"
ipv6_gateway_enable="YES"

dhcpcd_enable="YES"

# ppp
[...]

rtadvd_enable="YES"
rtadvd_interfaces="igb0"

# dhcp server
dhcpd_enable="YES"
dhcpd_ifaces="igb0"

# don't start here; service (re-)started in dhcpcd.enter-hook
#dhcpd6_enable="YES"
dhcpd6_ifaces="igb0"

igb0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=e527bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6>
    ether [...]
    inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
    inet6 fe80::4262:31ff:fe00:66b8%igb0 prefixlen 64 scopeid 0x1
    inet6 fd00::1 prefixlen 64
    inet6 2a02:[...]::1 prefixlen 64
    media: Ethernet autoselect (1000baseT <full-duplex>)
    status: active
    nd6 options=1<PERFORMNUD>
igb3: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=e527bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6>
    ether [...]
    inet6 fe80::4262:31ff:fe00:66bb%igb3 prefixlen 64 scopeid 0x4
    media: Ethernet autoselect (1000baseT <full-duplex>)
    status: active
    nd6 options=1<PERFORMNUD>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
    options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
    inet6 ::1 prefixlen 128
    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
    inet 127.0.0.1 netmask 0xff000000
    groups: lo
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1492
    options=80000<LINKSTATE>
    inet6 fe80::[...]%tun0 prefixlen 64 scopeid 0x6
    inet6 2a02:[...] prefixlen 128
    inet xx.xx.xx.xx --> 10.0.0.1 netmask 0xffffffff
    groups: tun
    nd6 options=41<PERFORMNUD,NO_RADR>
    Opened by PID xxx
 % netstat -nr
Routing tables

Internet:
Destination        Gateway            Flags     Netif Expire
default            10.0.0.1           UGS        tun0
10.0.0.1           link#6             UH         tun0
yy.yy.yy.yy        link#6             UHS         lo0
127.0.0.1          link#5             UH          lo0
192.168.1.0/24     link#1             U          igb0
192.168.1.1        link#1             UHS         lo0

Internet6:
Destination                       Gateway                       Flags     Netif Expire
::/96                             ::1                           UGRS        lo0
default                           fe80::1%tun0                  UGS        tun0
::1                               link#5                        UH          lo0
::ffff:0.0.0.0/96                 ::1                           UGRS        lo0
2a02:[...]::/64                   link#1                        U          igb0
2a02:[...]::1                     link#1                        UHS         lo0
2a02:[...]                        link#6                        UHS         lo0
fd00::/64                         link#1                        U          igb0
fd00::1                           link#1                        UHS         lo0 <--- only in workaround
fe80::/10                         ::1                           UGRS        lo0
fe80::%igb0/64                    link#1                        U          igb0
fe80::4262:31ff:fe00:66b8%igb0    link#1                        UHS         lo0
fe80::%igb3/64                    link#4                        U          igb3
fe80::4262:31ff:fe00:66bb%igb3    link#4                        UHS         lo0
fe80::%lo0/64                     link#5                        U           lo0
fe80::1%lo0                       link#5                        UHS         lo0
fe80::%tun0/64                    link#6                        US         tun0
fe80::bc18:874c%tun0              link#6                        UHS         lo0
ff02::/16                         ::1                           UGRS        lo0
ff02::%tun0/32                    fe80::bc18:874c%tun0          US         tun0

 

[SirDice]

#ifconfig_igb0_ipv6="inet6 fd00::1/64 defaultif"

Remove the defaultif and use an alias:

ifconfig_igb0_ipv6_alias0="inet6 fd00::1/64"

#ipv6_static_routes="lan" 
#ipv6_route_lan="-net -inet6 fd00::/64 fd00::1"

When fd00::1/64 is assigned to the interface it is a so-called "directly connected" network, the route is implicitly set.

 

[arveex]

Thanks for the answer!

Unfortunately, it doesn't work.

ifconfig_igb0_ipv6_alias0="inet6 fd00::1/64"

should actually be ifconfig_igb0_alias0="inet6 ..." .The manpage is a bit confusing, there is an example though:

     ifconfig_<interface>_ipv6
         [...]
         Aliases should be set by ifconfig_<interface>_alias<n> with ``inet6'' keyword.  For example:

         ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64"
         ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64"

That aside, alias alone doesn't add the address if there's not already one configured with ifconfig_<iface>_ipv6=..., so I tried this:

ifconfig_igb0_ipv6="inet6 fd00::250 prefixlen 64"
ifconfig_igb0_alias0="inet6 fd00::1 prefixlen 64"

which adds the 2 addresses to igb0, but then:

% ping6 fd00::32
PING6(56=40+8+8 bytes) 2a02:2f0e:d2ff:ffff::bc18:821a --> fd00::32

Which isn't quite right

--- Edit ---
seems dhcpcd is the culprit, probably messing up the routes after it gets the configuration from the tunnel. I'll dig into that.

# Inform the DHCP server of our hostname for DDNS.
hostname

# Rapid commit support.
# Safe to enable by default because it requires the equivalent option set
# on the server to actually work.
option rapid_commit

# options to request from the DHCP
option domain_name_servers, interface_mtu

# A ServerID is required by RFC2131.
require dhcp_server_identifier

# only configure ipv6
ipv6only

# disable routing solicitation
noipv6rs

# don't touch these interfaces at all
#denyinterfaces eth0 eth1 eth2 eth3

interface tun0
 # enable routing solicitation get the default IPv6 route
 ipv6rs
 # request a normal (IA_NA) IPv6 address with IAID 0
 ia_na 0
 # request prefix delegation (IA_PD) and make routes from br0, 
 # also sets first IP from the prefix to that interface
 # IAID is 1
 ia_pd 1 igb0/0


# instead of rc.conf:
#interface igb0
#    static ip6_address=fd00::1/64

static domain_name_servers=127.0.0.1 ::1

nohook resolv.conf

 

[SirDice]

I haven't actually bothered with those unique local addresses. The global /64 prefix I have is more than enough to cover all my systems and it barely makes a dent in the usage. If I run out, which is quite unlikely, the tunnel broker also gave me a different /48 prefix I can use.

 

[arveex]

Thanks SirDice! Talking to you got me on the right path into finding the problem. I edited the last post.

Of course I don't actually *need* that, I'm just playing around. I don't even need ipv6 inside my LAN, assigning fixed ipv4 addresses is a lot easier (MAC instead of DUID).

Previously I had that on AlpineLinux (with dnsmasq) and I'm practicing with FreeBSD trying to replicate that setup.

 

[SirDice]

I don't even need ipv6 inside my LAN

Neither do I but I've had it running long before any of the Dutch ISPs started supporting it, I like to stay ahead of the game

assigning fixed ipv4 addresses is a lot easier (MAC instead of DUID).

I don't use DHCP for static addresses, I just split up the ranges. For example 2-100 for DHCP and the rest can be used for statics. But I've since then also added several VLANs, more IPv4 ranges, and added many more "servers" (I use that term lightly, it's just a bunch of VMs I use for testing different things).

 

[arveex]

I almost have it. Changed dhcpcd.conf like this:

# ia_pd 1 igb0/0
 ia_pd 1/::/64 igb0/0/64

(whatever that means...)

I'm able to ping the gateway, but not the LAN from the gateway; missing this route:

fd00::/64                         link#1                        U          igb0

This in rc.conf:

ipv6_static_routes="lan"
ipv6_route_lan="fd00:: -prefixlen 64 ::1"

doesn't do anything.

 

[arveex]

Got it. Just set the static IP again in dhcpcd.conf, it doesn't hurt. This way the route doesn't break and the IP is available from the start so that dhcpd6 can be started here and dhcpcd.enter-hook is not needed any longer.

Here the configuration, maybe someone needs it.
(igb0 is facing the LAN and igb3 the modem)

/etc/rc.conf

ifconfig_igb0="inet 192.168.1.1 netmask 255.255.255.0"
ipv6_activate_all_interfaces="YES"

# *almost* works; route fd00::/64 is missing
# add this IP again as static in dhcpcd, it doesn't hurt
ifconfig_igb0_ipv6="inet6 fd00::1/64"

ifconfig_tun0_ipv6="inet6 accept_rtadv"
ipv6_cpe_wanif="tun0"

gateway_enable="YES"
ipv6_gateway_enable="YES"

dhcpcd_enable="YES"

# ppp
ppp_enable="YES"
ppp_mode="ddial"
ppp_nat="YES"
ppp_profile="[...]"

rtadvd_enable="YES"
rtadvd_interfaces="igb0"

# dhcp server
dhcpd_enable="YES"
dhcpd_ifaces="igb0"
dhcpd6_enable="YES"
dhcpd6_ifaces="igb0"

# dns
local_unbound_enable="YES"

/usr/local/etc/dhcpcd.conf

hostname
option rapid_commit
option domain_name_servers, interface_mtu
require dhcp_server_identifier
ipv6only
noipv6rs

interface tun0
 ipv6rs
 ia_na 0
 ia_pd 1/::/64 igb0/0/64

# add this again, otherwise the route breaks
interface igb0
    static ip6_address=fd00::1/64

# running local_unbound
static domain_name_servers=127.0.0.1 ::1

nohook resolv.conf