From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-ia0-x234.google.com (mail-ia0-x234.google.com [IPv6:2607:f8b0:4001:c02::234]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id 1E41421F175 for ; Sun, 27 Jan 2013 03:47:41 -0800 (PST) Received: by mail-ia0-f180.google.com with SMTP id f27so2860835iae.39 for ; Sun, 27 Jan 2013 03:47:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=T0ptt80BtdxXy9uQWvVXv0O58yWgrOQta+2kRUYD+rw=; b=KtWsPpPdWOapZ0o5on3C5ZDvGN2RT/qv6g19svxvwews+YwgqjD/olvzgOnPtHcppG MdnobKUQlC82wduORj7dQxkt82gbjK+C1HL2ym6r91DDF9YAoZ+MzrYJZKPQtvcxqyxp z6qkawg0PXHQABNeijon3d6XVEM9xqnnjmk9WgUCZOK/YGK98o2qs1ZNLwc+FmklwS30 v1SsnXYG1nwKLwnXy697FoAdS7cwFNHuYQur1iDoSh0MCQe5z2Flza5rosuWz1mTe5Qd 24QyYXZu6udS8hcKXsZtHSyERva5abhytluSK/Z1BLXmp6wNO4KVSbXp928MnSyF7Ujm 9w0w== MIME-Version: 1.0 X-Received: by 10.50.88.136 with SMTP id bg8mr2658006igb.96.1359287260458; Sun, 27 Jan 2013 03:47:40 -0800 (PST) Received: by 10.64.135.39 with HTTP; Sun, 27 Jan 2013 03:47:40 -0800 (PST) In-Reply-To: <51051107.5050300@etorok.net> References: <54532012A5393D4E8F57704A4D55237E42B20614@CH1PRD0510MB381.namprd05.prod.outlook.com> <510471bf.4a63b40a.4aa1.67a7@mx.google.com> <5104E965.8030003@etorok.net> <51051107.5050300@etorok.net> Date: Sun, 27 Jan 2013 03:47:40 -0800 Message-ID: From: Dave Taht To: =?ISO-8859-1?Q?T=F6r=F6k_Edwin?= Content-Type: multipart/alternative; boundary=e89a8f235a174eae3b04d443bac0 Cc: Richard Brown , cerowrt-devel@lists.bufferbloat.net Subject: Re: [Cerowrt-devel] Got DHCPv6 working in CeroWrt 3.7.x over HE.net tunnel X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Jan 2013 11:47:41 -0000 --e89a8f235a174eae3b04d443bac0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On Sun, Jan 27, 2013 at 3:35 AM, T=F6r=F6k Edwin wrote: > On 01/27/2013 01:25 PM, Dave Taht wrote: > > > > > > On Sun, Jan 27, 2013 at 12:46 AM, T=F6r=F6k Edwin < > edwin+ml-cerowrt@etorok.net > wrote: > > > > On 01/27/2013 06:17 AM, Richard E. Brown wrote: > > > Thanks to Dave T=E4ht and Robert Bradley for the pointers to maki= ng > CeroWrt 3.7.x hand out IPv6 addresses to LAN devices. (This has been test= ed > with 3.7.4-2.) The process is indeed a few simple > > steps: > > > > > > 1) remove dnsmasq & dnsmasq-dhcpv6, then install again (see Dave > T=E4ht's note below) > > > 2) Add config to /etc/dnsmasq.conf to hand out DHCPv6 addresses > (as suggested by Robert Bradley) > > > > Yep, that sounds like what I've done too. > > > > > > > > I have incorporated these changes (aside from the he specific config) > into the next build of cero. (which has dnsmasq 2.66 test12 in it. > > > > Thx everyone for tracking this down. > > > > Incidentally, how do I get dnsmasq to hand out more than one dns server > to clients? I'd like it to > > do so - one for ipv6 and for ipv4, or 2 for ipv4, etc. > > > > What happens now is you can configure dnsmasq to talk to tons of dns > servers but it only hands out itself. Given the timeouts in DNS and so on > it seems saner to hand out two, or more, to clients, as > > per the RFC (if you have two or more) > > > > Another place I was stuck was on getting dhcpv6-pd to work. I'd setup a= n > isc-dhcp server as a test (on a laptop, pretending to be the master box) > > and I could see it handing out a /56 prefix, as configured, but only th= e > external ge00 address would be configured. What seemed to be happening wa= s > bombing out in the netifd script not putting in the > > ".ge00" interface into a ubus function call. It was also only > distributing a /128 to clients... > > dhcpv6-pd works with pppoe for me. > I have this in /etc/config/network which is pretty much the default, > except se00 is the only one with ip6assign: > > config interface 'ge01' > option ifname '@ge00' > option proto 'dhcpv6' > option broadcast '1' > option metric '2048' > option reqprefix 'auto' > This is the only difference betwen your setup and mine, in that I was specifically requesting a 60 rather than "auto". I'll try it. Still unintegrated at present is the p2p ipv6 ahcp/mesh networking support for ipv6, which is a shame because it used to be easier than all the other interfaces. What needs to happen there is that all the ahcp meshy interfaces (gw11 and gw01) need to get the same /128 prefix and ahcp server handed a /64 pool to deal with... > config interface 'se00' > option ifname 'se00' > option proto 'static' > option ipaddr '172.30.42.1' > option netmask '255.255.255.224' > option ip6assign '64' > > What happens then is that se00 gets the delegated /64 prefix directly, an= d > only that: > 2: se00: mtu 1500 qlen 1000 > inet6 2a02:2f02:1022:a2eb::1/64 scope global > valid_lft forever preferred_lft forever > inet6 fe80::c43d:c7ff:fe97:8050/64 scope link > > However, I will argue this is wrong, and the lifetimes should match whatever was handed to you from upstream. > With the default configuration I noticed something similar to you: only a > /128 assigned, but I thought thats because > I only get a /64 to begin with. > > Well, on a shared network it should be part of the local /64... > > > Perhaps now that this other stuff is correct, that will work. I will tr= y > it in the morning. > > > > this was how I'd setup the "dhcpv6 server"'s /etc/dhcp/dhcpd.conf > > > > subnet6 2001:db8:0:1::/64 { > > # Range for clients > > range6 2001:db8:0:1::129 2001:db8:0:1::254; > > # Additional options > > option dhcp6.name-servers 2001:db8:0:1::1; > > option dhcp6.domain-search "cerowrt.org "; > > # Prefix range for delegation to sub-routers > > prefix6 2001:db8:0:100:: 2001:db8:0:f00:: /56; > > # Example for a fixed host address > > host specialclient { > > host-identifier option dhcp6.client-id > 00:01:00:01:4a:1f:ba:e3:60:b9:1f:01:23:45; > > fixed-address6 2001:db8:0:1::127; > > } > > } > > > > I think the last unaligned_instruction trap is dead. > > > > Lastly, there is another nifty new feature of dnsmasq - secondary domai= n > updates. I have no idea how to get that going... > > > > > > > 3) Tweak the firewall to put henet 6in4 tunnel into WAN zone > > > 3) Bring up henet and restart network, firewall, dnsmasq > > > > Not related to ipv6, but if you want a ntp server for your LAN you > have to do this: > > # opkg remove luci-app-ntpc > > # opkg remove ntpclient > > # killall ntpclient > > # uci set system.ntp.enable_server 1 > > # uci commit system > > # /etc/init.d/sysntpd restart > > > > > > This is an artifact of formerly using the isc ntp server in cero (for > the multicast, and autokey support, as well as for the possible linkage t= o > the gpsd daemon for a 1pps signal) At some future point > > I'd like to make this work again (because testing against a stratum 1 > clock like what gpsd can do has long been on my list of worthwhile things > to do), but I have no problem with using the well > > integrated smaller default ntp server in openwrt. (well, I'd like it to > do ipv6, too) > > > > I have made these two packages optional and enabled the local ntp serve= r. > > > > Still up here, no matter what ntp client/server is used is some means o= f > doing dnssec again. > > Does dnsmasq support that? > > partial dnssec support is in a branch of dnsmasq. simon is seeking funding to complete it. > Best regards, > --Edwin > --=20 Dave T=E4ht Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html --e89a8f235a174eae3b04d443bac0 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable

On Sun, Jan 27, 2013 at 3:35 AM, T=F6r= =F6k Edwin <edwin+ml-cerowrt@etorok.net> wrote:
On 01/27/2013 01:25 PM, Dave Taht wrote:
>
>
> On Sun, Jan 27, 2013 at 12:46 AM, T=F6r=F6k Edwin <edwin+ml-cerowrt@etorok.net <mailto= :edwin+ml-cerowrt@etorok.n= et>> wrote:
>
> =A0 =A0 On 01/27/2013 06:17 AM, Richard E. Brown wrote:
> =A0 =A0 > Thanks to Dave T=E4ht and Robert Bradley for the pointers= to making CeroWrt 3.7.x hand out IPv6 addresses to LAN devices. (This has = been tested with 3.7.4-2.) =A0The process is indeed a few simple
> =A0 =A0 steps:
> =A0 =A0 >
> =A0 =A0 > 1) remove dnsmasq & dnsmasq-dhcpv6, then install agai= n (see Dave T=E4ht's note below)
> =A0 =A0 > 2) Add config to /etc/dnsmasq.conf to hand out DHCPv6 add= resses (as suggested by Robert Bradley)
>
> =A0 =A0 Yep, that sounds like what I've done too.
>
>
>
> I have incorporated these changes (aside from the he specific config) = into the next build of cero. (which has dnsmasq 2.66 test12 in it.
>
> Thx everyone for tracking this down.
>
> Incidentally, how do I get dnsmasq to hand out more than one dns serve= r to clients? I'd like it to
> do so - one for ipv6 and for ipv4, or 2 for ipv4, etc.
>
> What happens now is you can configure dnsmasq to talk to tons of dns s= ervers but it only hands out itself. Given the timeouts in DNS and so on it= seems saner to hand out two, or more, to clients, as
> per the RFC (if you have two or more)
>
> Another place I was stuck was on getting dhcpv6-pd to work. I'd se= tup an isc-dhcp server as a test (on a laptop, pretending to be the master = box)
> and I could see it handing out a /56 prefix, as configured, but only t= he external ge00 address would be configured. What seemed to be happening w= as bombing out in the netifd script not putting in the
> ".ge00" interface into a ubus function call. It was also onl= y distributing a /128 to clients...

dhcpv6-pd works with pppoe for me.
I have this in /etc/config/network which is pretty much the default, except= se00 is the only one with ip6assign:

config interface 'ge01'
=A0 =A0 =A0 =A0 option ifname '@ge00'
=A0 =A0 =A0 =A0 option proto 'dhcpv6'
=A0 =A0 =A0 =A0 option broadcast '1'
=A0 =A0 =A0 =A0 option metric '2048'
=A0 =A0 =A0 =A0 option reqprefix 'auto'

Th= is is the only difference betwen your setup
and mine, in that I was spec= ifically requesting a 60 rather than "auto".

I'll try= it.

Still unintegrated at present is the p2p ipv6 ahcp/mesh networking supp= ort for ipv6, which is a shame because it used to be easier than all the ot= her interfaces.

What needs to happen there is that all the ahcp mesh= y interfaces (gw11 and gw01) need to get the same /128 prefix and ahcp serv= er handed a /64 pool to deal with...
=A0
config interface 'se00'
=A0 =A0 =A0 =A0 option ifname 'se00'
=A0 =A0 =A0 =A0 option proto 'static'
=A0 =A0 =A0 =A0 option ipaddr '172.30.42.1'
=A0 =A0 =A0 =A0 option netmask '255.255.255.224'
=A0 =A0 =A0 =A0 option ip6assign '64'

What happens then is that se00 gets the delegated /64 prefix directly, and = only that:
2: se00: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
=A0 =A0 inet6 2a02:2f02:1022:a2eb::1/64 scope global
=A0 =A0 =A0 =A0valid_lft forever preferred_lft forever
=A0 =A0 inet6 fe80::c43d:c7ff:fe97:8050/64 scope link


However, I will argue this is wrong, and the life= times should match whatever was handed to you from upstream.
=A0
With the default configuration I noticed something similar to you: only a /= 128 assigned, but I thought thats because
I only get a /64 to begin with.


Well, on a shared network= it should be part of the local /64...

>
> Perhaps now that this other stuff is correct, that will work. I will t= ry it in the morning.
>
> this was how I'd setup the "dhcpv6 server"'s /etc/dh= cp/dhcpd.conf
>
> subnet6 2001:db8:0:1::/64 {
> =A0 =A0 =A0 =A0 # Range for clients
> =A0 =A0 =A0 =A0 range6 2001:db8:0:1::129 2001:db8:0:1::254;
> =A0 =A0 =A0 =A0 # Additional options
> =A0 =A0 =A0 =A0 option dhcp6.name-servers 2001:db8:0:1::1;
> =A0 =A0 =A0 =A0 option dhcp6.domain-search "cerowrt.org <http://cerowrt.org>";
> =A0 =A0 =A0 =A0 # Prefix range for delegation to sub= -routers
> =A0 =A0 =A0 =A0 prefix6 2001:db8:0:100:: 2001:db8:0:f00:: /56;
> =A0 =A0 =A0 =A0 # Example for a fixed host address
> =A0 =A0 =A0 =A0 host specialclient {
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 host-identifier option dhcp6.client-id= 00:01:00:01:4a:1f:ba:e3:60:b9:1f:01:23:45;
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 fixed-address6 2001:db8:0:1::127;
> =A0 =A0 =A0 =A0 }
> }
>
> I think the last unaligned_instruction trap is dead.
>
> Lastly, there is another nifty new feature of dnsmasq - secondary doma= in updates. I have no idea how to get that going...
>
>
> =A0 =A0 > 3) Tweak the firewall to put henet 6in4 tunnel into WAN z= one
> =A0 =A0 > 3) Bring up henet and restart network, firewall, dnsmasq<= br> >
> =A0 =A0 Not related to ipv6, but if you want a ntp server for your LAN= you have to do this:
> =A0 =A0 # opkg remove luci-app-ntpc
> =A0 =A0 # opkg remove ntpclient
> =A0 =A0 # killall ntpclient
> =A0 =A0 # uci set system.ntp.enable_server 1
> =A0 =A0 # uci commit system
> =A0 =A0 # /etc/init.d/sysntpd restart
>
>
> This is an artifact of formerly using the isc ntp server in cero (for = the multicast, and autokey support, as well as for the possible linkage to = the gpsd daemon for a 1pps signal) At some future point
> I'd like to make this work again (because testing against a stratu= m 1 clock like what gpsd can do has long been on my list of worthwhile thin= gs to do), but I have no problem with using the well
> integrated smaller default ntp server in openwrt. (well, I'd like = it to do ipv6, too)
>
> I have made these two packages optional and enabled the local ntp serv= er.
>
> Still up here, no matter what ntp client/server is used is some means = of doing dnssec again.

Does dnsmasq support that?


partial dnssec support is in a branch of dnsmasq.= simon is seeking funding to complete it.
=A0
Best regards,
--Edwin



--
Dave T=E4ht

Fixi= ng bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.ht= ml=20 --e89a8f235a174eae3b04d443bac0--