[Cerowrt-devel] Got DHCPv6 working in CeroWrt 3.7.x over HE.net tunnel

[Cerowrt-devel] Got DHCPv6 working in CeroWrt 3.7.x over HE.net tunnel

[Richard E. Brown]

[-- Attachment #1: Type: text/plain, Size: 3207 bytes --]

Thanks to Dave Täht and Robert Bradley for the pointers to making CeroWrt 3.7.x hand out IPv6 addresses to LAN devices. (This has been tested with 3.7.4-2.)  The process is indeed a few simple steps:

1) remove dnsmasq & dnsmasq-dhcpv6, then install again (see Dave Täht's note below)
2) Add config to /etc/dnsmasq.conf to hand out DHCPv6 addresses (as suggested by Robert Bradley)
3) Tweak the firewall to put henet 6in4 tunnel into WAN zone
3) Bring up henet and restart network, firewall, dnsmasq

There's a fully-functional script at: http://www.bufferbloat.net/attachments/download/165/tunnelbroker.sh that does this. (You'll have to substitute your own credentials there…) Save the script as a file in /tmp and execute it - it does all the configuration for you.

Thanks again!

Rich Brown
Hanover, NH USA

On Jan 26, 2013, at 7:15 PM, Robert Bradley <robert.bradley1@gmail.com> wrote:

> I’m pretty certain that once dnsmasq has been removed and dnsmasq-dhcpv6 has been reinstalled, my previous instructions for modifying /etc/dnsmasq.conf work fine.  The methods in http://wiki.openwrt.org/doc/uci/network6 ought to work too, but I haven’t tested those.
>  
> From: Dave Taht [mailto:dave.taht@gmail.com] 
> Sent: 27 January 2013 00:09
> To: Richard Brown
> Cc: Robert Bradley; Maciej Soltysiak; Chris Lawrence; Phil Pennock; Török Edwin
> Subject: Re: Need help getting DHCPv6 working in CeroWrt 3.7.x
>  
>  
> 
> On Sat, Jan 26, 2013 at 3:40 PM, Richard Brown <Rich.Brown@intermapper.com> wrote:
> Dave, Robert, Maciej, Chris, Phil, Edwin,
> 
> [Sent off-list]
> 
> Notes on the list make it sound as if some of you have IPv6 is working in the CeroWrt 3.7.x series of builds. Tantalizing hints abound, but I have not succeeded in getting recent CeroWrt to assign IPv6 addresses to my LAN devices with my HE.net 6in4 tunnel.
> 
> My request: If you have IPv6 automatic address assignment working in a recent 3.7.x build, please send the steps you perform, starting from a clean firmware install. I'll summarize the info and update the Bufferbloat wiki to include those steps. Many thanks.
> 
> Rich Brown
> Hanover, NH USA
> 
> PS Dave: I see that 3.7.4-2 has been posted. Does that affect any of the IPv6 stuff?
> 
> 
> I'm hoping that fixes the last ipv6 kernel trap, and I've been testing it all day, and it does so far.
> 
> For some reason it keeps installing both dnsmasq for normal and ipv6 (I have the first configured as a module), and it takes a
> 
> opkg update 
> opkg remove dnsmasq
> opkg remove dnsmasq-dhcpv6
> opkg install dnsmasq-dhcpv6
> 
> to get the right version. And then that version is failing to distribute dhcp...
> 
> And even then, no luck on getting addresses distributed, but not a lot of trying. I'm just trying to kill the traps.
> 
> But TRAPS?!? dead as a doornail so far, so with my limited goals, I'm happy. 
> 
> Once those are honestly dead I can move up the stack to this problem. Next week. It is entirely feasible the that trap killing stuff is messing something else.
> 
> 
> 
> 
> 
> -- 
> Dave Täht
> 
> Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html


[-- Attachment #2: Type: text/html, Size: 6956 bytes --]

Re: [Cerowrt-devel] Got DHCPv6 working in CeroWrt 3.7.x over HE.net tunnel

[Török Edwin]

On 01/27/2013 06:17 AM, Richard E. Brown wrote:
> Thanks to Dave Täht and Robert Bradley for the pointers to making CeroWrt 3.7.x hand out IPv6 addresses to LAN devices. (This has been tested with 3.7.4-2.)  The process is indeed a few simple steps:
> 
> 1) remove dnsmasq & dnsmasq-dhcpv6, then install again (see Dave Täht's note below)
> 2) Add config to /etc/dnsmasq.conf to hand out DHCPv6 addresses (as suggested by Robert Bradley)

Yep, that sounds like what I've done too.

> 3) Tweak the firewall to put henet 6in4 tunnel into WAN zone
> 3) Bring up henet and restart network, firewall, dnsmasq

Not related to ipv6, but if you want a ntp server for your LAN you have to do this:
# opkg remove luci-app-ntpc
# opkg remove ntpclient
# killall ntpclient
# uci set system.ntp.enable_server 1
# uci commit system
# /etc/init.d/sysntpd restart

Otherwise sysntpd will fail to start because ntpclient has already bound the ntp port.
According to http://wiki.openwrt.org/doc/uci/system busybox ntpd can act both as a client&server so
I think that ntpclient is unnecessary.

> 
> There's a fully-functional script at: http://www.bufferbloat.net/attachments/download/165/tunnelbroker.sh that does this. (You'll have to substitute your own credentials there…) Save the script as a
> file in /tmp and execute it - it does all the configuration for you.

Just one note regarding this comment in your script:
# Append proper configuration commands to /etc/dnsmasq.conf
# This is the proper configuration file: you can ignore both
# /etc/config/dhcp and /var/etc/dnsmasq.conf as they seem not to have any effect

/var/etc/dnsmasq.conf is overwritten when you '/etc/init.d/dnsmasq restart', thats why it seems to not have an effect.
BTW initially I was doing this:

# /etc/init.d/dnsmasq stop
# vi /var/etc/dnsmasq.conf
# /usr/sbin/dnsmasq -C /var/etc/dnsmasq.conf -d
....
^C
# vi /var/etc/dnsmasq.conf
# /usr/sbin/dnsmasq -C /var/etc/dnsmasq.conf -d
....

But after reinstalling dnsmasq-dhcpv6 I realized that just modifying /etc/dnsmasq.conf and restarting dnsmasq worked too
(presumably due to this entry in /var/etc/dnsmasq.conf: conf-file=/etc/dnsmasq.conf).

Best regards,
--Edwin

Re: [Cerowrt-devel] Got DHCPv6 working in CeroWrt 3.7.x over HE.net tunnel

[Dave Taht]

[-- Attachment #1: Type: text/plain, Size: 5204 bytes --]

On Sun, Jan 27, 2013 at 12:46 AM, Török Edwin
<edwin+ml-cerowrt@etorok.net>wrote:

> On 01/27/2013 06:17 AM, Richard E. Brown wrote:
> > Thanks to Dave Täht and Robert Bradley for the pointers to making
> CeroWrt 3.7.x hand out IPv6 addresses to LAN devices. (This has been tested
> with 3.7.4-2.)  The process is indeed a few simple steps:
> >
> > 1) remove dnsmasq & dnsmasq-dhcpv6, then install again (see Dave Täht's
> note below)
> > 2) Add config to /etc/dnsmasq.conf to hand out DHCPv6 addresses (as
> suggested by Robert Bradley)
>
> Yep, that sounds like what I've done too.
>
>

I have incorporated these changes (aside from the he specific config) into
the next build of cero. (which has dnsmasq 2.66 test12 in it.

Thx everyone for tracking this down.

Incidentally, how do I get dnsmasq to hand out more than one dns server to
clients? I'd like it to
do so - one for ipv6 and for ipv4, or 2 for ipv4, etc.

What happens now is you can configure dnsmasq to talk to tons of dns
servers but it only hands out itself. Given the timeouts in DNS and so on
it seems saner to hand out two, or more, to clients, as per the RFC (if you
have two or more)

Another place I was stuck was on getting dhcpv6-pd to work. I'd setup an
isc-dhcp server as a test (on a laptop, pretending to be the master box)
and I could see it handing out a /56 prefix, as configured, but only the
external ge00 address would be configured. What seemed to be happening was
bombing out in the netifd script not putting in the ".ge00" interface into
a ubus function call. It was also only distributing a /128 to clients...

Perhaps now that this other stuff is correct, that will work. I will try it
in the morning.

this was how I'd setup the "dhcpv6 server"'s /etc/dhcp/dhcpd.conf

subnet6 2001:db8:0:1::/64 {
        # Range for clients
        range6 2001:db8:0:1::129 2001:db8:0:1::254;
        # Additional options
        option dhcp6.name-servers 2001:db8:0:1::1;
        option dhcp6.domain-search "cerowrt.org";
        # Prefix range for delegation to sub-routers
        prefix6 2001:db8:0:100:: 2001:db8:0:f00:: /56;
        # Example for a fixed host address
        host specialclient {
                host-identifier option dhcp6.client-id
00:01:00:01:4a:1f:ba:e3:60:b9:1f:01:23:45;
                fixed-address6 2001:db8:0:1::127;
        }
}

I think the last unaligned_instruction trap is dead.

Lastly, there is another nifty new feature of dnsmasq - secondary domain
updates. I have no idea how to get that going...


> > 3) Tweak the firewall to put henet 6in4 tunnel into WAN zone
> > 3) Bring up henet and restart network, firewall, dnsmasq
>
> Not related to ipv6, but if you want a ntp server for your LAN you have to
> do this:
> # opkg remove luci-app-ntpc
> # opkg remove ntpclient
> # killall ntpclient
> # uci set system.ntp.enable_server 1
> # uci commit system
> # /etc/init.d/sysntpd restart
>
>
This is an artifact of formerly using the isc ntp server in cero (for the
multicast, and autokey support, as well as for the possible linkage to the
gpsd daemon for a 1pps signal) At some future point I'd like to make this
work again (because testing against a stratum 1 clock like what gpsd can do
has long been on my list of worthwhile things to do), but I have no problem
with using the well integrated smaller default ntp server in openwrt.
(well, I'd like it to do ipv6, too)

I have made these two packages optional and enabled the local ntp server.

Still up here, no matter what ntp client/server is used is some means of
doing dnssec again.


> Otherwise sysntpd will fail to start because ntpclient has already bound
> the ntp port.
> According to http://wiki.openwrt.org/doc/uci/system busybox ntpd can act
> both as a client&server so
> I think that ntpclient is unnecessary.
>
> >
> > There's a fully-functional script at:
> http://www.bufferbloat.net/attachments/download/165/tunnelbroker.sh that
> does this. (You'll have to substitute your own credentials there…) Save the
> script as a
> > file in /tmp and execute it - it does all the configuration for you.
>
> Just one note regarding this comment in your script:
> # Append proper configuration commands to /etc/dnsmasq.conf
> # This is the proper configuration file: you can ignore both
> # /etc/config/dhcp and /var/etc/dnsmasq.conf as they seem not to have any
> effect
>
> /var/etc/dnsmasq.conf is overwritten when you '/etc/init.d/dnsmasq
> restart', thats why it seems to not have an effect.
> BTW initially I was doing this:
>
> # /etc/init.d/dnsmasq stop
> # vi /var/etc/dnsmasq.conf
> # /usr/sbin/dnsmasq -C /var/etc/dnsmasq.conf -d
> ....
> ^C
> # vi /var/etc/dnsmasq.conf
> # /usr/sbin/dnsmasq -C /var/etc/dnsmasq.conf -d
> ....
>
> But after reinstalling dnsmasq-dhcpv6 I realized that just modifying
> /etc/dnsmasq.conf and restarting dnsmasq worked too
> (presumably due to this entry in /var/etc/dnsmasq.conf:
> conf-file=/etc/dnsmasq.conf).
>
> Best regards,
> --Edwin
>



-- 
Dave Täht

Fixing bufferbloat with cerowrt:
http://www.teklibre.com/cerowrt/subscribe.html

[-- Attachment #2: Type: text/html, Size: 6357 bytes --]

Re: [Cerowrt-devel] Got DHCPv6 working in CeroWrt 3.7.x over HE.net tunnel

[Dave Taht]

[-- Attachment #1: Type: text/plain, Size: 5770 bytes --]

similarly,making dnsmasq talk ipv6 dns upstream of itself makes sense too.
It cuts down on natted ports in particular.

you guys are all WAY ahead of me on ipv6 at this point!

On Sun, Jan 27, 2013 at 3:25 AM, Dave Taht <dave.taht@gmail.com> wrote:

>
>
> On Sun, Jan 27, 2013 at 12:46 AM, Török Edwin <edwin+ml-cerowrt@etorok.net
> > wrote:
>
>> On 01/27/2013 06:17 AM, Richard E. Brown wrote:
>> > Thanks to Dave Täht and Robert Bradley for the pointers to making
>> CeroWrt 3.7.x hand out IPv6 addresses to LAN devices. (This has been tested
>> with 3.7.4-2.)  The process is indeed a few simple steps:
>> >
>> > 1) remove dnsmasq & dnsmasq-dhcpv6, then install again (see Dave Täht's
>> note below)
>> > 2) Add config to /etc/dnsmasq.conf to hand out DHCPv6 addresses (as
>> suggested by Robert Bradley)
>>
>> Yep, that sounds like what I've done too.
>>
>>
>
> I have incorporated these changes (aside from the he specific config) into
> the next build of cero. (which has dnsmasq 2.66 test12 in it.
>
> Thx everyone for tracking this down.
>
> Incidentally, how do I get dnsmasq to hand out more than one dns server to
> clients? I'd like it to
> do so - one for ipv6 and for ipv4, or 2 for ipv4, etc.
>
> What happens now is you can configure dnsmasq to talk to tons of dns
> servers but it only hands out itself. Given the timeouts in DNS and so on
> it seems saner to hand out two, or more, to clients, as per the RFC (if you
> have two or more)
>
> Another place I was stuck was on getting dhcpv6-pd to work. I'd setup an
> isc-dhcp server as a test (on a laptop, pretending to be the master box)
> and I could see it handing out a /56 prefix, as configured, but only the
> external ge00 address would be configured. What seemed to be happening was
> bombing out in the netifd script not putting in the ".ge00" interface into
> a ubus function call. It was also only distributing a /128 to clients...
>
> Perhaps now that this other stuff is correct, that will work. I will try
> it in the morning.
>
> this was how I'd setup the "dhcpv6 server"'s /etc/dhcp/dhcpd.conf
>
> subnet6 2001:db8:0:1::/64 {
>         # Range for clients
>         range6 2001:db8:0:1::129 2001:db8:0:1::254;
>         # Additional options
>         option dhcp6.name-servers 2001:db8:0:1::1;
>         option dhcp6.domain-search "cerowrt.org";
>         # Prefix range for delegation to sub-routers
>         prefix6 2001:db8:0:100:: 2001:db8:0:f00:: /56;
>         # Example for a fixed host address
>         host specialclient {
>                 host-identifier option dhcp6.client-id
> 00:01:00:01:4a:1f:ba:e3:60:b9:1f:01:23:45;
>                 fixed-address6 2001:db8:0:1::127;
>         }
> }
>
> I think the last unaligned_instruction trap is dead.
>
> Lastly, there is another nifty new feature of dnsmasq - secondary domain
> updates. I have no idea how to get that going...
>
>
>> > 3) Tweak the firewall to put henet 6in4 tunnel into WAN zone
>> > 3) Bring up henet and restart network, firewall, dnsmasq
>>
>> Not related to ipv6, but if you want a ntp server for your LAN you have
>> to do this:
>> # opkg remove luci-app-ntpc
>> # opkg remove ntpclient
>> # killall ntpclient
>> # uci set system.ntp.enable_server 1
>> # uci commit system
>> # /etc/init.d/sysntpd restart
>>
>>
> This is an artifact of formerly using the isc ntp server in cero (for the
> multicast, and autokey support, as well as for the possible linkage to the
> gpsd daemon for a 1pps signal) At some future point I'd like to make this
> work again (because testing against a stratum 1 clock like what gpsd can do
> has long been on my list of worthwhile things to do), but I have no problem
> with using the well integrated smaller default ntp server in openwrt.
> (well, I'd like it to do ipv6, too)
>
> I have made these two packages optional and enabled the local ntp server.
>
> Still up here, no matter what ntp client/server is used is some means of
> doing dnssec again.
>
>
>> Otherwise sysntpd will fail to start because ntpclient has already bound
>> the ntp port.
>> According to http://wiki.openwrt.org/doc/uci/system busybox ntpd can act
>> both as a client&server so
>> I think that ntpclient is unnecessary.
>>
>> >
>> > There's a fully-functional script at:
>> http://www.bufferbloat.net/attachments/download/165/tunnelbroker.sh that
>> does this. (You'll have to substitute your own credentials there…) Save the
>> script as a
>> > file in /tmp and execute it - it does all the configuration for you.
>>
>> Just one note regarding this comment in your script:
>> # Append proper configuration commands to /etc/dnsmasq.conf
>> # This is the proper configuration file: you can ignore both
>> # /etc/config/dhcp and /var/etc/dnsmasq.conf as they seem not to have any
>> effect
>>
>> /var/etc/dnsmasq.conf is overwritten when you '/etc/init.d/dnsmasq
>> restart', thats why it seems to not have an effect.
>> BTW initially I was doing this:
>>
>> # /etc/init.d/dnsmasq stop
>> # vi /var/etc/dnsmasq.conf
>> # /usr/sbin/dnsmasq -C /var/etc/dnsmasq.conf -d
>> ....
>> ^C
>> # vi /var/etc/dnsmasq.conf
>> # /usr/sbin/dnsmasq -C /var/etc/dnsmasq.conf -d
>> ....
>>
>> But after reinstalling dnsmasq-dhcpv6 I realized that just modifying
>> /etc/dnsmasq.conf and restarting dnsmasq worked too
>> (presumably due to this entry in /var/etc/dnsmasq.conf:
>> conf-file=/etc/dnsmasq.conf).
>>
>> Best regards,
>> --Edwin
>>
>
>
>
> --
> Dave Täht
>
> Fixing bufferbloat with cerowrt:
> http://www.teklibre.com/cerowrt/subscribe.html
>



-- 
Dave Täht

Fixing bufferbloat with cerowrt:
http://www.teklibre.com/cerowrt/subscribe.html

[-- Attachment #2: Type: text/html, Size: 7170 bytes --]

Re: [Cerowrt-devel] Got DHCPv6 working in CeroWrt 3.7.x over HE.net tunnel

[Török Edwin]

On 01/27/2013 01:25 PM, Dave Taht wrote:
> 
> 
> On Sun, Jan 27, 2013 at 12:46 AM, Török Edwin <edwin+ml-cerowrt@etorok.net <mailto:edwin+ml-cerowrt@etorok.net>> wrote:
> 
>     On 01/27/2013 06:17 AM, Richard E. Brown wrote:
>     > Thanks to Dave Täht and Robert Bradley for the pointers to making CeroWrt 3.7.x hand out IPv6 addresses to LAN devices. (This has been tested with 3.7.4-2.)  The process is indeed a few simple
>     steps:
>     >
>     > 1) remove dnsmasq & dnsmasq-dhcpv6, then install again (see Dave Täht's note below)
>     > 2) Add config to /etc/dnsmasq.conf to hand out DHCPv6 addresses (as suggested by Robert Bradley)
> 
>     Yep, that sounds like what I've done too.
> 
> 
> 
> I have incorporated these changes (aside from the he specific config) into the next build of cero. (which has dnsmasq 2.66 test12 in it.
> 
> Thx everyone for tracking this down.
> 
> Incidentally, how do I get dnsmasq to hand out more than one dns server to clients? I'd like it to
> do so - one for ipv6 and for ipv4, or 2 for ipv4, etc.
> 
> What happens now is you can configure dnsmasq to talk to tons of dns servers but it only hands out itself. Given the timeouts in DNS and so on it seems saner to hand out two, or more, to clients, as
> per the RFC (if you have two or more)
> 
> Another place I was stuck was on getting dhcpv6-pd to work. I'd setup an isc-dhcp server as a test (on a laptop, pretending to be the master box)
> and I could see it handing out a /56 prefix, as configured, but only the external ge00 address would be configured. What seemed to be happening was bombing out in the netifd script not putting in the
> ".ge00" interface into a ubus function call. It was also only distributing a /128 to clients...

dhcpv6-pd works with pppoe for me.
I have this in /etc/config/network which is pretty much the default, except se00 is the only one with ip6assign:

config interface 'ge01'
        option ifname '@ge00'
        option proto 'dhcpv6'
        option broadcast '1'
        option metric '2048'
        option reqprefix 'auto'
config interface 'se00'
        option ifname 'se00'
        option proto 'static'
        option ipaddr '172.30.42.1'
        option netmask '255.255.255.224'
        option ip6assign '64'

What happens then is that se00 gets the delegated /64 prefix directly, and only that:
2: se00: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
    inet6 2a02:2f02:1022:a2eb::1/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::c43d:c7ff:fe97:8050/64 scope link

With the default configuration I noticed something similar to you: only a /128 assigned, but I thought thats because
I only get a /64 to begin with.

> 
> Perhaps now that this other stuff is correct, that will work. I will try it in the morning.
> 
> this was how I'd setup the "dhcpv6 server"'s /etc/dhcp/dhcpd.conf
> 
> subnet6 2001:db8:0:1::/64 {
>         # Range for clients
>         range6 2001:db8:0:1::129 2001:db8:0:1::254;
>         # Additional options
>         option dhcp6.name-servers 2001:db8:0:1::1;
>         option dhcp6.domain-search "cerowrt.org <http://cerowrt.org>";
>         # Prefix range for delegation to sub-routers
>         prefix6 2001:db8:0:100:: 2001:db8:0:f00:: /56;
>         # Example for a fixed host address
>         host specialclient {
>                 host-identifier option dhcp6.client-id 00:01:00:01:4a:1f:ba:e3:60:b9:1f:01:23:45;
>                 fixed-address6 2001:db8:0:1::127;
>         }
> }
> 
> I think the last unaligned_instruction trap is dead.
> 
> Lastly, there is another nifty new feature of dnsmasq - secondary domain updates. I have no idea how to get that going...
>  
> 
>     > 3) Tweak the firewall to put henet 6in4 tunnel into WAN zone
>     > 3) Bring up henet and restart network, firewall, dnsmasq
> 
>     Not related to ipv6, but if you want a ntp server for your LAN you have to do this:
>     # opkg remove luci-app-ntpc
>     # opkg remove ntpclient
>     # killall ntpclient
>     # uci set system.ntp.enable_server 1
>     # uci commit system
>     # /etc/init.d/sysntpd restart
> 
> 
> This is an artifact of formerly using the isc ntp server in cero (for the multicast, and autokey support, as well as for the possible linkage to the gpsd daemon for a 1pps signal) At some future point
> I'd like to make this work again (because testing against a stratum 1 clock like what gpsd can do has long been on my list of worthwhile things to do), but I have no problem with using the well
> integrated smaller default ntp server in openwrt. (well, I'd like it to do ipv6, too)
> 
> I have made these two packages optional and enabled the local ntp server.
> 
> Still up here, no matter what ntp client/server is used is some means of doing dnssec again.

Does dnsmasq support that?

Best regards,
--Edwin

Re: [Cerowrt-devel] Got DHCPv6 working in CeroWrt 3.7.x over HE.net tunnel

[Dave Taht]

[-- Attachment #1: Type: text/plain, Size: 6157 bytes --]

On Sun, Jan 27, 2013 at 3:35 AM, Török Edwin <edwin+ml-cerowrt@etorok.net>wrote:

> On 01/27/2013 01:25 PM, Dave Taht wrote:
> >
> >
> > On Sun, Jan 27, 2013 at 12:46 AM, Török Edwin <
> edwin+ml-cerowrt@etorok.net <mailto:edwin+ml-cerowrt@etorok.net>> wrote:
> >
> >     On 01/27/2013 06:17 AM, Richard E. Brown wrote:
> >     > Thanks to Dave Täht and Robert Bradley for the pointers to making
> CeroWrt 3.7.x hand out IPv6 addresses to LAN devices. (This has been tested
> with 3.7.4-2.)  The process is indeed a few simple
> >     steps:
> >     >
> >     > 1) remove dnsmasq & dnsmasq-dhcpv6, then install again (see Dave
> Täht's note below)
> >     > 2) Add config to /etc/dnsmasq.conf to hand out DHCPv6 addresses
> (as suggested by Robert Bradley)
> >
> >     Yep, that sounds like what I've done too.
> >
> >
> >
> > I have incorporated these changes (aside from the he specific config)
> into the next build of cero. (which has dnsmasq 2.66 test12 in it.
> >
> > Thx everyone for tracking this down.
> >
> > Incidentally, how do I get dnsmasq to hand out more than one dns server
> to clients? I'd like it to
> > do so - one for ipv6 and for ipv4, or 2 for ipv4, etc.
> >
> > What happens now is you can configure dnsmasq to talk to tons of dns
> servers but it only hands out itself. Given the timeouts in DNS and so on
> it seems saner to hand out two, or more, to clients, as
> > per the RFC (if you have two or more)
> >
> > Another place I was stuck was on getting dhcpv6-pd to work. I'd setup an
> isc-dhcp server as a test (on a laptop, pretending to be the master box)
> > and I could see it handing out a /56 prefix, as configured, but only the
> external ge00 address would be configured. What seemed to be happening was
> bombing out in the netifd script not putting in the
> > ".ge00" interface into a ubus function call. It was also only
> distributing a /128 to clients...
>
> dhcpv6-pd works with pppoe for me.
> I have this in /etc/config/network which is pretty much the default,
> except se00 is the only one with ip6assign:
>
> config interface 'ge01'
>         option ifname '@ge00'
>         option proto 'dhcpv6'
>         option broadcast '1'
>         option metric '2048'
>         option reqprefix 'auto'
>

This is the only difference betwen your setup
and mine, in that I was specifically requesting a 60 rather than "auto".

I'll try it.

Still unintegrated at present is the p2p ipv6 ahcp/mesh networking support
for ipv6, which is a shame because it used to be easier than all the other
interfaces.

What needs to happen there is that all the ahcp meshy interfaces (gw11 and
gw01) need to get the same /128 prefix and ahcp server handed a /64 pool to
deal with...


> config interface 'se00'
>         option ifname 'se00'
>         option proto 'static'
>         option ipaddr '172.30.42.1'
>         option netmask '255.255.255.224'
>         option ip6assign '64'
>
> What happens then is that se00 gets the delegated /64 prefix directly, and
> only that:
> 2: se00: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
>     inet6 2a02:2f02:1022:a2eb::1/64 scope global
>        valid_lft forever preferred_lft forever
>     inet6 fe80::c43d:c7ff:fe97:8050/64 scope link
>
>
However, I will argue this is wrong, and the lifetimes should match
whatever was handed to you from upstream.


> With the default configuration I noticed something similar to you: only a
> /128 assigned, but I thought thats because
> I only get a /64 to begin with.
>
>
Well, on a shared network it should be part of the local /64...

>
> > Perhaps now that this other stuff is correct, that will work. I will try
> it in the morning.
> >
> > this was how I'd setup the "dhcpv6 server"'s /etc/dhcp/dhcpd.conf
> >
> > subnet6 2001:db8:0:1::/64 {
> >         # Range for clients
> >         range6 2001:db8:0:1::129 2001:db8:0:1::254;
> >         # Additional options
> >         option dhcp6.name-servers 2001:db8:0:1::1;
> >         option dhcp6.domain-search "cerowrt.org <http://cerowrt.org>";
> >         # Prefix range for delegation to sub-routers
> >         prefix6 2001:db8:0:100:: 2001:db8:0:f00:: /56;
> >         # Example for a fixed host address
> >         host specialclient {
> >                 host-identifier option dhcp6.client-id
> 00:01:00:01:4a:1f:ba:e3:60:b9:1f:01:23:45;
> >                 fixed-address6 2001:db8:0:1::127;
> >         }
> > }
> >
> > I think the last unaligned_instruction trap is dead.
> >
> > Lastly, there is another nifty new feature of dnsmasq - secondary domain
> updates. I have no idea how to get that going...
> >
> >
> >     > 3) Tweak the firewall to put henet 6in4 tunnel into WAN zone
> >     > 3) Bring up henet and restart network, firewall, dnsmasq
> >
> >     Not related to ipv6, but if you want a ntp server for your LAN you
> have to do this:
> >     # opkg remove luci-app-ntpc
> >     # opkg remove ntpclient
> >     # killall ntpclient
> >     # uci set system.ntp.enable_server 1
> >     # uci commit system
> >     # /etc/init.d/sysntpd restart
> >
> >
> > This is an artifact of formerly using the isc ntp server in cero (for
> the multicast, and autokey support, as well as for the possible linkage to
> the gpsd daemon for a 1pps signal) At some future point
> > I'd like to make this work again (because testing against a stratum 1
> clock like what gpsd can do has long been on my list of worthwhile things
> to do), but I have no problem with using the well
> > integrated smaller default ntp server in openwrt. (well, I'd like it to
> do ipv6, too)
> >
> > I have made these two packages optional and enabled the local ntp server.
> >
> > Still up here, no matter what ntp client/server is used is some means of
> doing dnssec again.
>
> Does dnsmasq support that?
>
>
partial dnssec support is in a branch of dnsmasq. simon is seeking funding
to complete it.


> Best regards,
> --Edwin
>



-- 
Dave Täht

Fixing bufferbloat with cerowrt:
http://www.teklibre.com/cerowrt/subscribe.html

[-- Attachment #2: Type: text/html, Size: 7907 bytes --]

Re: [Cerowrt-devel] Got DHCPv6 working in CeroWrt 3.7.x over HE.net tunnel

[Richard E. Brown]

[-- Attachment #1: Type: text/plain, Size: 7223 bytes --]

Folks,

I just tested the DHCPv6 facilities of Dave's 3.7.4-3 build (Congratulations, Dave!) and it works as desired. The default configurations of dnsmasq-dhcpv6 and the IPv6 6in4 tunneling work almost trivially. All you need to do is create the tunnel using your own credentials, tweak the firewall configuration, and Presto! You're on the air.

I have updated the script on the wiki to do all this. It details all the steps you need to do to get a 6in4 tunnel account and to run the configuration script. The script got dramatically shorter, because the desired behavior is now built in by default. Look at:

http://www.bufferbloat.net/attachments/download/166/tunnelbroker.sh

NB: This script only works with CeroWrt Modena 3.7.4-3 and newer. 
NB: The script on the main "IPv6 Tunneling" page of the wiki will *not* work with Modena - that's for Sugarland and older. Once Modena goes into beta, I will update that page.

Thanks for all the help I've received on this.

Rich Brown
Hanover, NH USA


On Jan 27, 2013, at 6:47 AM, Dave Taht <dave.taht@gmail.com> wrote:

> 
> 
> On Sun, Jan 27, 2013 at 3:35 AM, Török Edwin <edwin+ml-cerowrt@etorok.net> wrote:
> On 01/27/2013 01:25 PM, Dave Taht wrote:
> >
> >
> > On Sun, Jan 27, 2013 at 12:46 AM, Török Edwin <edwin+ml-cerowrt@etorok.net <mailto:edwin+ml-cerowrt@etorok.net>> wrote:
> >
> >     On 01/27/2013 06:17 AM, Richard E. Brown wrote:
> >     > Thanks to Dave Täht and Robert Bradley for the pointers to making CeroWrt 3.7.x hand out IPv6 addresses to LAN devices. (This has been tested with 3.7.4-2.)  The process is indeed a few simple
> >     steps:
> >     >
> >     > 1) remove dnsmasq & dnsmasq-dhcpv6, then install again (see Dave Täht's note below)
> >     > 2) Add config to /etc/dnsmasq.conf to hand out DHCPv6 addresses (as suggested by Robert Bradley)
> >
> >     Yep, that sounds like what I've done too.
> >
> >
> >
> > I have incorporated these changes (aside from the he specific config) into the next build of cero. (which has dnsmasq 2.66 test12 in it.
> >
> > Thx everyone for tracking this down.
> >
> > Incidentally, how do I get dnsmasq to hand out more than one dns server to clients? I'd like it to
> > do so - one for ipv6 and for ipv4, or 2 for ipv4, etc.
> >
> > What happens now is you can configure dnsmasq to talk to tons of dns servers but it only hands out itself. Given the timeouts in DNS and so on it seems saner to hand out two, or more, to clients, as
> > per the RFC (if you have two or more)
> >
> > Another place I was stuck was on getting dhcpv6-pd to work. I'd setup an isc-dhcp server as a test (on a laptop, pretending to be the master box)
> > and I could see it handing out a /56 prefix, as configured, but only the external ge00 address would be configured. What seemed to be happening was bombing out in the netifd script not putting in the
> > ".ge00" interface into a ubus function call. It was also only distributing a /128 to clients...
> 
> dhcpv6-pd works with pppoe for me.
> I have this in /etc/config/network which is pretty much the default, except se00 is the only one with ip6assign:
> 
> config interface 'ge01'
>         option ifname '@ge00'
>         option proto 'dhcpv6'
>         option broadcast '1'
>         option metric '2048'
>         option reqprefix 'auto'
> 
> This is the only difference betwen your setup
> and mine, in that I was specifically requesting a 60 rather than "auto". 
> 
> I'll try it.
> 
> Still unintegrated at present is the p2p ipv6 ahcp/mesh networking support for ipv6, which is a shame because it used to be easier than all the other interfaces.
> 
> What needs to happen there is that all the ahcp meshy interfaces (gw11 and gw01) need to get the same /128 prefix and ahcp server handed a /64 pool to deal with...
>  
> config interface 'se00'
>         option ifname 'se00'
>         option proto 'static'
>         option ipaddr '172.30.42.1'
>         option netmask '255.255.255.224'
>         option ip6assign '64'
> 
> What happens then is that se00 gets the delegated /64 prefix directly, and only that:
> 2: se00: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
>     inet6 2a02:2f02:1022:a2eb::1/64 scope global
>        valid_lft forever preferred_lft forever
>     inet6 fe80::c43d:c7ff:fe97:8050/64 scope link
> 
> 
> However, I will argue this is wrong, and the lifetimes should match whatever was handed to you from upstream.
>   
> With the default configuration I noticed something similar to you: only a /128 assigned, but I thought thats because
> I only get a /64 to begin with.
> 
> 
> Well, on a shared network it should be part of the local /64...
> 
> >
> > Perhaps now that this other stuff is correct, that will work. I will try it in the morning.
> >
> > this was how I'd setup the "dhcpv6 server"'s /etc/dhcp/dhcpd.conf
> >
> > subnet6 2001:db8:0:1::/64 {
> >         # Range for clients
> >         range6 2001:db8:0:1::129 2001:db8:0:1::254;
> >         # Additional options
> >         option dhcp6.name-servers 2001:db8:0:1::1;
> >         option dhcp6.domain-search "cerowrt.org <http://cerowrt.org>";
> >         # Prefix range for delegation to sub-routers
> >         prefix6 2001:db8:0:100:: 2001:db8:0:f00:: /56;
> >         # Example for a fixed host address
> >         host specialclient {
> >                 host-identifier option dhcp6.client-id 00:01:00:01:4a:1f:ba:e3:60:b9:1f:01:23:45;
> >                 fixed-address6 2001:db8:0:1::127;
> >         }
> > }
> >
> > I think the last unaligned_instruction trap is dead.
> >
> > Lastly, there is another nifty new feature of dnsmasq - secondary domain updates. I have no idea how to get that going...
> >
> >
> >     > 3) Tweak the firewall to put henet 6in4 tunnel into WAN zone
> >     > 3) Bring up henet and restart network, firewall, dnsmasq
> >
> >     Not related to ipv6, but if you want a ntp server for your LAN you have to do this:
> >     # opkg remove luci-app-ntpc
> >     # opkg remove ntpclient
> >     # killall ntpclient
> >     # uci set system.ntp.enable_server 1
> >     # uci commit system
> >     # /etc/init.d/sysntpd restart
> >
> >
> > This is an artifact of formerly using the isc ntp server in cero (for the multicast, and autokey support, as well as for the possible linkage to the gpsd daemon for a 1pps signal) At some future point
> > I'd like to make this work again (because testing against a stratum 1 clock like what gpsd can do has long been on my list of worthwhile things to do), but I have no problem with using the well
> > integrated smaller default ntp server in openwrt. (well, I'd like it to do ipv6, too)
> >
> > I have made these two packages optional and enabled the local ntp server.
> >
> > Still up here, no matter what ntp client/server is used is some means of doing dnssec again.
> 
> Does dnsmasq support that?
> 
> 
> partial dnssec support is in a branch of dnsmasq. simon is seeking funding to complete it.
>  
> Best regards,
> --Edwin
> 
> 
> 
> -- 
> Dave Täht
> 
> Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html


[-- Attachment #2: Type: text/html, Size: 10161 bytes --]