Reply
Emerging Member
Posts: 42
Registered: ‎10-23-2014
Kudos: 11

1.6 DHCPv6-PD with RDNSS (on Telenet in Belgium)

[ Edited ]

I mostly followed the instructions posted by @UBNT-stig in the beta forum. (Original post  for those that have access)

 

As this is on an ERL, it's only a little different. @UBNT-stig originally said to calculate the prefix-length, but I found you can just specify it with the /56 notatation. Much cleared, imo Smiley Very Happy

 

configure
edit interfaces ethernet eth0 dhcpv6-pd pd 1 
set prefix-length /56
set interface eth1 no-dns
set interface eth1 service slaac
top
commit
save
exit

 As my ISP does DNS injection for certain domains, I don't want their DNS entries (the no-dns)

 

Next, I wanted to advertise the ERL itself as DNS server for IPv6, with OpenDNS and google as fallbacks. I use RDNSS for advertizing this.

 

configure
edit interface ethernet eth1 ipv6 router-advert
set prefix ::/64 autonomous-flag true
set prefix ::/64 on-link-flag true
set cur-hop-limit 64
set send-advert true
set radvd-options "RDNSS fe80::1:2:3:4 2620:0:ccc::2 2001:4860:4860::8888 {};"
top
commit
save
exit

I originally did not set the prefix ::/64, which made it so the radvd either passed the prefix, or the RDNSS, but never both.

 

The fe80:: address is the link-local address of your eth1 interface. You can find your link local address using this command:

 

cnf@cerberus:~$ /sbin/ifconfig eth1|grep fe80|awk '{print $3}'|awk -F/ '{print $1}'

 The rest is pretty much exactly what @UBNT-stig wrote.

 

By default, you are now routing ipv6 traffic, meaning all your hosts are wide open to the internet. So we need to apply some firewall rules

 

configure
set firewall ipv6-name WANv6_IN default-action drop
set firewall ipv6-name WANv6_IN description 'WAN inbound traffic forwarded to LAN'
set firewall ipv6-name WANv6_IN enable-default-log
set firewall ipv6-name WANv6_IN rule 10 action accept
set firewall ipv6-name WANv6_IN rule 10 description 'Allow established/related sessions'
set firewall ipv6-name WANv6_IN rule 10 state established enable
set firewall ipv6-name WANv6_IN rule 10 state related enable
set firewall ipv6-name WANv6_IN rule 20 action drop
set firewall ipv6-name WANv6_IN rule 20 description 'Drop invalid state'
set firewall ipv6-name WANv6_IN rule 20 state invalid enable
set firewall ipv6-name WANv6_IN rule 30 action accept
set firewall ipv6-name WANv6_IN rule 30 description 'Allow IPv6 icmp'
set firewall ipv6-name WANv6_IN rule 30 protocol ipv6-icmp

set firewall ipv6-name WANv6_LOCAL default-action drop
set firewall ipv6-name WANv6_LOCAL description 'WAN inbound traffic to the router'
set firewall ipv6-name WANv6_LOCAL enable-default-log
set firewall ipv6-name WANv6_LOCAL rule 10 action accept
set firewall ipv6-name WANv6_LOCAL rule 10 description 'Allow established/related sessions'
set firewall ipv6-name WANv6_LOCAL rule 10 state established enable
set firewall ipv6-name WANv6_LOCAL rule 10 state related enable
set firewall ipv6-name WANv6_LOCAL rule 20 action drop
set firewall ipv6-name WANv6_LOCAL rule 20 description 'Drop invalid state'
set firewall ipv6-name WANv6_LOCAL rule 20 state invalid enable
set firewall ipv6-name WANv6_LOCAL rule 30 action accept
set firewall ipv6-name WANv6_LOCAL rule 30 description 'Allow IPv6 icmp'
set firewall ipv6-name WANv6_LOCAL rule 30 protocol ipv6-icmp
set firewall ipv6-name WANv6_LOCAL rule 40 action accept
set firewall ipv6-name WANv6_LOCAL rule 40 description 'allow dhcpv6'
set firewall ipv6-name WANv6_LOCAL rule 40 destination port 546
set firewall ipv6-name WANv6_LOCAL rule 40 protocol udp
set firewall ipv6-name WANv6_LOCAL rule 40 source port 547
commit
save
exit

 And apply them to your WAN interface

configure
set interfaces ethernet eth0 firewall in ipv6-name WANv6_IN
set interfaces ethernet eth0 firewall local ipv6-name WANv6_LOCAL
commit
save
exit

 Make sure you have IPv6 offloading enabled

cnf@cerberus:~@ show ubnt offload

 If not, enable it

configure
set system offload ipv6 forwarding enable
commit
save
exit

 I now have native IPv6 at home with prefix delegation, using SLAAC and RDNSS to configure my devices internally.

 

The only confusing thing was the unpredictable behaviour of radvd when the prefix ::/64 was not set on my internal interface.

New Member
Posts: 1
Registered: ‎11-15-2014

Re: 1.6 DHCPv6-PD with RDNSS (on Telenet in Belgium)

Perfect. This also worked flawlessly for Comcast DHCPv6-PD, except I changed the prefix length to /60, and left the dns assignment enabled.

New Member
Posts: 23
Registered: ‎12-14-2013

Re: 1.6 DHCPv6-PD with RDNSS (on Telenet in Belgium)

Thanks guys! I also was able to get it working with Comcast using this configration. The only change I had to make was to add an exception for ipv6-ICMP in the firewall to allow successful pings from the network devices to an internet address.

 

If I want to assign another /64 to a different interface, do I put the second interface under pd 1 or do I have to create multiple prefix delegations of a smaller size?

 

 

Established Member
Posts: 871
Registered: ‎12-10-2009
Kudos: 186
Solutions: 16

Re: 1.6 DHCPv6-PD with RDNSS (on Telenet in Belgium)

New Member
Posts: 23
Registered: ‎12-14-2013

Re: 1.6 DHCPv6-PD with RDNSS (on Telenet in Belgium)

Thanks mgibbons! Found the issue and the key was rebooting the unit after making the configuration changes.

New Member
Posts: 11
Registered: ‎02-27-2015
Kudos: 12

Re: 1.6 DHCPv6-PD with RDNSS (on Telenet in Belgium)

Hi,

 

I'm trying the same with EdgeOS v1.6.0 but i'm having issues.

 

After enabling IPv6 i have lots of dhcpv6-pd-response.pl processes starting and stopping.

 

If I look at /var/log/dhcp6c.log I see:

Apr/06/2015 13:05:14: update_ia: status code for PD-0: no prefixes
Apr/06/2015 13:05:15: update_ia: status code for PD-0: no prefixes
Apr/06/2015 13:05:15: update_ia: status code for PD-0: no prefixes
Apr/06/2015 13:05:16: update_ia: status code for PD-0: no prefixes
Apr/06/2015 13:05:16: update_ia: status code for PD-0: no prefixes
Apr/06/2015 13:05:16: update_ia: status code for PD-0: no prefixes

 

On the IPv6 page of Telenet they say that they don't support router after router for Ipv6 because there is no standardized protocol?

https://klantenservice.telenet.be/content/ipv6-bij-telenet-technische-uitleg

 

cnfer,

Are you still using Ipv6 with Telenet, and on what version of EdgeOS are you?

Do you have the typical home router from telenet or the business version?

 

my interfaces config:

Spoiler
ethernet eth0 {
     address dhcp
     description Internet
     dhcpv6-pd {
         pd 0 {
             interface switch0 {
                 service slaac
             }
             prefix-length 56
         }
     }
     duplex auto
     firewall {
         in {
             name WAN_IN
         }
         local {
             name WAN_LOCAL
         }
     }
     poe {
         output off
     }
     speed auto
 }

switch switch0 {
     address 192.168.2.1/24
     description "Local 2"
     ipv6 {
         router-advert {
             prefix ::/64 {
             }
         }
     }
     mtu 1500
     switch-port {
         interface eth2
         interface eth3
         interface eth4
     }
 }

 

thanks,

Stijn

Emerging Member
Posts: 42
Registered: ‎10-23-2014
Kudos: 11

Re: 1.6 DHCPv6-PD with RDNSS (on Telenet in Belgium)


cnfer,

Are you still using Ipv6 with Telenet, and on what version of EdgeOS are you?

Do you have the typical home router from telenet or the business version?

 

thanks,

Stijn


 

Hi Stijn,

 

I have a modem only on a business subscription. Only router involved is the ERL.

New Member
Posts: 11
Registered: ‎02-27-2015
Kudos: 12

Re: 1.6 DHCPv6-PD with RDNSS (on Telenet in Belgium)

I was afraid you were gonna answer that :-)

 

Found this post for pfSense, also mentioning that it will only work with a modem-only model.

http://www.stroobant.be/telenet-ipv6-pfsense-configuratie

 

Guess I will have to try to exchange the home router for a modem-only. I do have a business subscription, but I forgot to ask for it when they came to install it :s

 

thanks,

Stijn

Member
Posts: 140
Registered: ‎11-04-2015
Kudos: 2

Re: 1.6 DHCPv6-PD with RDNSS (on Telenet in Belgium)

[ Edited ]

could someone explain each line of the original post please? I need to adapt the line to my configuration

 

For example here the original poster is on a cable company but I'm on a phone company, So I have the possibility to put the modem in bridge mode and not as the original poster to go trough the modem which is a router.

 

So I have a PPPOE interface on eth1, So I would like some explanation about at least the first line of the script.

 

And also what's an ERL?

 

By the way, the interface eth1 which you used, for me it's switch0 but edit interface swtich swtich0 result as "the specified configuration node is not valid"

Emerging Member
Posts: 42
Registered: ‎10-23-2014
Kudos: 11

Re: 1.6 DHCPv6-PD with RDNSS (on Telenet in Belgium)


vigilian wrote:

could someone explain each line of the original post please? I need to adapt the line to my configuration

 

For example here the original poster is on a cable company but I'm on a phone company, So I have the possibility to put the modem in bridge mode and not as the original poster to go trough the modem which is a router.

 

So I have a PPPOE interface on eth1, So I would like some explanation about at least the first line of the script.

 

And also what's an ERL?

 

By the way, the interface eth1 which you used, for me it's switch0 but edit interface swtich swtich0 result as "the specified configuration node is not valid"


I'm not sure what kind of explanation you want besides what is already there?

 

My Cable modem is NOT a router, it is just a modem. I get my public ip from my ISP on the ERL.

 

The ERL is the EdgeRouter Lite, an UBNT router which this forum is about, what device are you on? I doubt you need to configure anything of relevance on a bridge interface...

 

So again, I'm not sure what your question, exacty, is... could you elaborate?

Member
Posts: 140
Registered: ‎11-04-2015
Kudos: 2

Re: 1.6 DHCPv6-PD with RDNSS (on Telenet in Belgium)

mmmmh sorry i wasn't familiar with this acronym.

 

so :

edit interfaces ethernet eth0 dhcpv6-pd pd 1 

pd and 1 is for the status enabled I guess? 

eth0 is the interface on which you get your public ISP IP ?

 

set interface eth1 no-dns

telenet gives dns v6 support? I guess that this line is not necessary for most of people in belgium since nor mobistar, proximus and others gives dnsv- support?

set interface eth1 service slaac

 what's this exactly? the transfer of the advertisement to the rest of the network? if yes, I guess I should put in place of eth1 my switch0? is it necessary, is it the only protocol in palce in RFC 4862, so we wouldn't be misconfiguring?

 

 

 

second script:

edit interface ethernet eth1 ipv6 router-advert

again I guess that your LAN is on eth1? but again edit interface swtich swtich0 ... doesn't work.

 

the router here is a POE5

Member
Posts: 140
Registered: ‎11-04-2015
Kudos: 2

Re: 1.6 DHCPv6-PD with RDNSS (on Telenet in Belgium)

no answer?

Emerging Member
Posts: 42
Registered: ‎10-23-2014
Kudos: 11

Re: 1.6 DHCPv6-PD with RDNSS (on Telenet in Belgium)

pd stands for Prefix Delegation

 

slaac means Stateless Address_AutoConfiguration

 

Router Advertisement is part of the Neighbour Discovery Protocol

 

These are all basic IPv6 concepts... I suggest studying IPv6 a bit more before you get into using it. Edgemax is a platform that sort of assumes you have basic knowledge of the protocols you are working with.

Member
Posts: 140
Registered: ‎11-04-2015
Kudos: 2

Re: 1.6 DHCPv6-PD with RDNSS (on Telenet in Belgium)

okey all that I already knew. So you obviously didn't understand my questions.

Generally from what I've seen from other OS, is dhcpv6-pd for the router adress in /64 and a RA with dhcp6s for the subnet in /56 or at least dnsmasq but basically they use the same processes. It's like that at least in openwrt and ddwrt.

But I was going forward with your configuration but since I never used slaac, i was asking syntaxic problems, not conceptual problems. And as I stated in my previous post, I had a syntaxic problem with your configuration that's why I was posting!

So no need to be condenscending about that just because you think there are conceptual problems in place of syntaxic problems.

And since you activate the ipv6 iptables firewall there is no need to freak out.

So my previous questions remains and in particular the error message which I got when I tried your way.

New Member
Posts: 11
Registered: ‎12-16-2014
Kudos: 4

Re: 1.6 DHCPv6-PD with RDNSS (on Telenet in Belgium)

Given that you are using pppoe, the config is a bit different compared to the configuration given in this thread, and isn't entirely integrated into the 'normal' edgemax configuration. And pppoe is most probably the reason that you are having issues getting it to work.

 

Probably the best information for dhcpv6-pd over pppoe is this post/thread:

https://community.ubnt.com/t5/EdgeMAX-Beta/IPv6-DHCP-PD-in-v1-6-0alpha2/m-p/1118064#M7896

 

(Note that the thread is in the beta forum, so you may need to get access to the beta forum, which is fairly quick & easy).

 

But, to answer some of the questions:

 

edit interfaces ethernet eth0 dhcpv6-pd pd 1  

eth0 in this case is the interface on which the delegation is being requested, and the '1' at the end is the instance number, i.e. you probably need multiple instances if you want to make requests for different prefix lengths or something like that.

 

set interface eth1 no-dns

In this particular example, the ISP plays silly games with DNS results, so the original poster chooses not to use the ISP's DNS resolvers, and separately sets the ones they wish to use.

 

set interface eth1 service slaac

This bit is pretty much what you guessed, the association between the specific pd instance, and the interface that the delegation is to be used on.

 

edit interface ethernet eth1 ipv6 router-advert

This last section is pretty much just enabling router advertisements on the relevant internal interface and configuring the RA settings.

 

 

Anyway, tl;dr version: check out the post linked at the top.

 

 

Member
Posts: 140
Registered: ‎11-04-2015
Kudos: 2

Re: 1.6 DHCPv6-PD with RDNSS (on Telenet in Belgium)

thanks for the answer, i will dig further based on what you gave me. And thanks again for answering, apparently I have offensed the other guy.

New Member
Posts: 1
Registered: a month ago

Re: 1.6 DHCPv6-PD with RDNSS (on Telenet in Belgium)

You have no idea howmuch you just saved me!

Thank you so much!

Reply