From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-ia0-x22a.google.com (ia-in-x022a.1e100.net [IPv6:2607:f8b0:4001:c02::22a]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id 533CD21F175 for ; Sun, 27 Jan 2013 03:28:32 -0800 (PST) Received: by mail-ia0-f170.google.com with SMTP id k20so2909035iak.15 for ; Sun, 27 Jan 2013 03:28:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=RCsXTpEE7x7tUnb3gDXCcA7F8ieUZYgOHtpfGGEbhxk=; b=R7jDN8p8idXVnP4z47Q9jAxGuLtF8iGpb94ZXjuXiXY8XoP5xNKMw3PpExHr9frWna fIzNGnnjtIMr6tihXqksL5R5HKqhjuTJ9JdP40A+UD/gYzt/kNdK/T78TqHfkvwScvHx 7zFkLkz8+bG5Qiu9Ge8rIV99bGlzPd3uLvX05vdYwUq3Cg6oL4n4VynRVpFolVEQdLoN 37FMQpDBMBZGO7YmRjsb5IEetMHsxOFqBw2yo4gA3EHWAdBRF/ds+BZUALBXSYsG8fLl e+ZrQxz9TYhE5UrsHWv5RqDSx5MbaYdk4nbQ8JcxpX5mD6xQQ1nr225xGIPPVd83JVt2 LQ1w== MIME-Version: 1.0 X-Received: by 10.50.88.136 with SMTP id bg8mr2634211igb.96.1359286111681; Sun, 27 Jan 2013 03:28:31 -0800 (PST) Received: by 10.64.135.39 with HTTP; Sun, 27 Jan 2013 03:28:31 -0800 (PST) In-Reply-To: References: <54532012A5393D4E8F57704A4D55237E42B20614@CH1PRD0510MB381.namprd05.prod.outlook.com> <510471bf.4a63b40a.4aa1.67a7@mx.google.com> <5104E965.8030003@etorok.net> Date: Sun, 27 Jan 2013 03:28:31 -0800 Message-ID: From: Dave Taht To: =?ISO-8859-1?Q?T=F6r=F6k_Edwin?= Content-Type: multipart/alternative; boundary=e89a8f235a17d5be4004d44375a3 Cc: Richard Brown , cerowrt-devel@lists.bufferbloat.net Subject: Re: [Cerowrt-devel] Got DHCPv6 working in CeroWrt 3.7.x over HE.net tunnel X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Jan 2013 11:28:32 -0000 --e89a8f235a17d5be4004d44375a3 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable similarly,making dnsmasq talk ipv6 dns upstream of itself makes sense too. It cuts down on natted ports in particular. you guys are all WAY ahead of me on ipv6 at this point! On Sun, Jan 27, 2013 at 3:25 AM, Dave Taht wrote: > > > On Sun, Jan 27, 2013 at 12:46 AM, T=F6r=F6k Edwin > wrote: > >> On 01/27/2013 06:17 AM, Richard E. Brown wrote: >> > Thanks to Dave T=E4ht and Robert Bradley for the pointers to making >> CeroWrt 3.7.x hand out IPv6 addresses to LAN devices. (This has been tes= ted >> with 3.7.4-2.) The process is indeed a few simple steps: >> > >> > 1) remove dnsmasq & dnsmasq-dhcpv6, then install again (see Dave T=E4h= t's >> note below) >> > 2) Add config to /etc/dnsmasq.conf to hand out DHCPv6 addresses (as >> suggested by Robert Bradley) >> >> Yep, that sounds like what I've done too. >> >> > > I have incorporated these changes (aside from the he specific config) int= o > the next build of cero. (which has dnsmasq 2.66 test12 in it. > > Thx everyone for tracking this down. > > Incidentally, how do I get dnsmasq to hand out more than one dns server t= o > clients? I'd like it to > do so - one for ipv6 and for ipv4, or 2 for ipv4, etc. > > What happens now is you can configure dnsmasq to talk to tons of dns > servers but it only hands out itself. Given the timeouts in DNS and so on > it seems saner to hand out two, or more, to clients, as per the RFC (if y= ou > have two or more) > > Another place I was stuck was on getting dhcpv6-pd to work. I'd setup an > isc-dhcp server as a test (on a laptop, pretending to be the master box) > and I could see it handing out a /56 prefix, as configured, but only the > external ge00 address would be configured. What seemed to be happening wa= s > bombing out in the netifd script not putting in the ".ge00" interface int= o > a ubus function call. It was also only distributing a /128 to clients... > > Perhaps now that this other stuff is correct, that will work. I will try > it in the morning. > > this was how I'd setup the "dhcpv6 server"'s /etc/dhcp/dhcpd.conf > > subnet6 2001:db8:0:1::/64 { > # Range for clients > range6 2001:db8:0:1::129 2001:db8:0:1::254; > # Additional options > option dhcp6.name-servers 2001:db8:0:1::1; > option dhcp6.domain-search "cerowrt.org"; > # Prefix range for delegation to sub-routers > prefix6 2001:db8:0:100:: 2001:db8:0:f00:: /56; > # Example for a fixed host address > host specialclient { > host-identifier option dhcp6.client-id > 00:01:00:01:4a:1f:ba:e3:60:b9:1f:01:23:45; > fixed-address6 2001:db8:0:1::127; > } > } > > I think the last unaligned_instruction trap is dead. > > Lastly, there is another nifty new feature of dnsmasq - secondary domain > updates. I have no idea how to get that going... > > >> > 3) Tweak the firewall to put henet 6in4 tunnel into WAN zone >> > 3) Bring up henet and restart network, firewall, dnsmasq >> >> Not related to ipv6, but if you want a ntp server for your LAN you have >> to do this: >> # opkg remove luci-app-ntpc >> # opkg remove ntpclient >> # killall ntpclient >> # uci set system.ntp.enable_server 1 >> # uci commit system >> # /etc/init.d/sysntpd restart >> >> > This is an artifact of formerly using the isc ntp server in cero (for the > multicast, and autokey support, as well as for the possible linkage to th= e > gpsd daemon for a 1pps signal) At some future point I'd like to make this > work again (because testing against a stratum 1 clock like what gpsd can = do > has long been on my list of worthwhile things to do), but I have no probl= em > with using the well integrated smaller default ntp server in openwrt. > (well, I'd like it to do ipv6, too) > > I have made these two packages optional and enabled the local ntp server. > > Still up here, no matter what ntp client/server is used is some means of > doing dnssec again. > > >> Otherwise sysntpd will fail to start because ntpclient has already bound >> the ntp port. >> According to http://wiki.openwrt.org/doc/uci/system busybox ntpd can act >> both as a client&server so >> I think that ntpclient is unnecessary. >> >> > >> > There's a fully-functional script at: >> http://www.bufferbloat.net/attachments/download/165/tunnelbroker.sh that >> does this. (You'll have to substitute your own credentials there=85) Sav= e the >> script as a >> > file in /tmp and execute it - it does all the configuration for you. >> >> Just one note regarding this comment in your script: >> # Append proper configuration commands to /etc/dnsmasq.conf >> # This is the proper configuration file: you can ignore both >> # /etc/config/dhcp and /var/etc/dnsmasq.conf as they seem not to have an= y >> effect >> >> /var/etc/dnsmasq.conf is overwritten when you '/etc/init.d/dnsmasq >> restart', thats why it seems to not have an effect. >> BTW initially I was doing this: >> >> # /etc/init.d/dnsmasq stop >> # vi /var/etc/dnsmasq.conf >> # /usr/sbin/dnsmasq -C /var/etc/dnsmasq.conf -d >> .... >> ^C >> # vi /var/etc/dnsmasq.conf >> # /usr/sbin/dnsmasq -C /var/etc/dnsmasq.conf -d >> .... >> >> But after reinstalling dnsmasq-dhcpv6 I realized that just modifying >> /etc/dnsmasq.conf and restarting dnsmasq worked too >> (presumably due to this entry in /var/etc/dnsmasq.conf: >> conf-file=3D/etc/dnsmasq.conf). >> >> Best regards, >> --Edwin >> > > > > -- > Dave T=E4ht > > Fixing bufferbloat with cerowrt: > http://www.teklibre.com/cerowrt/subscribe.html > --=20 Dave T=E4ht Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html --e89a8f235a17d5be4004d44375a3 Content-Type: text/html; charset=windows-1252 Content-Transfer-Encoding: quoted-printable similarly,making dnsmasq talk ipv6 dns upstream of itself makes sense too. = It cuts down on natted ports in particular.

you guys are all WAY ahe= ad of me on ipv6 at this point!

On Sun, J= an 27, 2013 at 3:25 AM, Dave Taht <dave.taht@gmail.com> wr= ote:


On Sun, Jan 27, 2013 at 12:46 AM, T=F6r=F6k Edwin <edwi= n+ml-cerowrt@etorok.net> wrote:
On 01/27/2013 06:17 AM, Richard E. Brown wrote:
> Thanks to Dave T=E4ht and Robert Bradley for the pointers to making Ce= roWrt 3.7.x hand out IPv6 addresses to LAN devices. (This has been tested w= ith 3.7.4-2.) =A0The process is indeed a few simple steps:
>
> 1) remove dnsmasq & dnsmasq-dhcpv6, then install again (see Dave T= =E4ht's note below)
> 2) Add config to /etc/dnsmasq.conf to hand out DHCPv6 addresses (as su= ggested by Robert Bradley)

Yep, that sounds like what I've done too.



I have incorporated these ch= anges (aside from the he specific config) into the next build of cero. (whi= ch has dnsmasq 2.66 test12 in it.

Thx everyone for tracking this dow= n.

Incidentally, how do I get dnsmasq to hand out more than one dns server= to clients? I'd like it to
do so - one for ipv6 and for ipv4, or 2 = for ipv4, etc.

What happens now is you can configure dnsmasq to tal= k to tons of dns servers but it only hands out itself. Given the timeouts i= n DNS and so on it seems saner to hand out two, or more, to clients, as per= the RFC (if you have two or more)

Another place I was stuck was on getting dhcpv6-pd to work. I'd set= up an isc-dhcp server as a test (on a laptop, pretending to be the master b= ox)
and I could see it handing out a /56 prefix, as configured, but only= the external ge00 address would be configured. What seemed to be happening= was bombing out in the netifd script not putting in the ".ge00" = interface into a ubus function call. It was also only distributing a /128 t= o clients...

Perhaps now that this other stuff is correct, that will work. I will tr= y it in the morning.

this was how I'd setup the "dhcpv6 ser= ver"'s /etc/dhcp/dhcpd.conf

subnet6 2001:db8:0:1::/64 {
=A0=A0=A0=A0=A0=A0=A0 # Range for clients
=A0=A0=A0=A0=A0=A0=A0 range6 2= 001:db8:0:1::129 2001:db8:0:1::254;
=A0=A0=A0=A0=A0=A0=A0 # Additional o= ptions
=A0=A0=A0=A0=A0=A0=A0 option dhcp6.name-servers 2001:db8:0:1::1;<= br>=A0=A0=A0=A0=A0=A0=A0 option dhcp6.domain-search "cerowrt.org";
=A0=A0=A0=A0=A0=A0=A0 # Prefix range for delegation to sub-routers
=A0= =A0=A0=A0=A0=A0=A0 prefix6 2001:db8:0:100:: 2001:db8:0:f00:: /56;
=A0=A0= =A0=A0=A0=A0=A0 # Example for a fixed host address
=A0=A0=A0=A0=A0=A0=A0= host specialclient {
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 host= -identifier option dhcp6.client-id 00:01:00:01:4a:1f:ba:e3:60:b9:1f:01:23:4= 5;
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 fixed-address6 2001:db8:0:1::= 127;
=A0=A0=A0=A0=A0=A0=A0 }
}

I think the last unaligned_inst= ruction trap is dead.

Lastly, there is another nifty new feature of = dnsmasq - secondary domain updates. I have no idea how to get that going...=
=A0
> 3) Tweak the firewall to put henet 6in4 tunnel into WAN zone
> 3) Bring up henet and restart network, firewall, dnsmasq

Not related to ipv6, but if you want a ntp server for your LAN you ha= ve to do this:
# opkg remove luci-app-ntpc
# opkg remove ntpclient
# killall ntpclient
# uci set system.ntp.enable_server 1
# uci commit system
# /etc/init.d/sysntpd restart


This is an artifact of formerly using the i= sc ntp server in cero (for the multicast, and autokey support, as well as f= or the possible linkage to the gpsd daemon for a 1pps signal) At some futur= e point I'd like to make this work again (because testing against a str= atum 1 clock like what gpsd can do has long been on my list of worthwhile t= hings to do), but I have no problem with using the well integrated smaller = default ntp server in openwrt. (well, I'd like it to do ipv6, too)

I have made these two packages optional and enabled the local ntp serve= r.

Still up here, no matter what ntp client/server is used is some m= eans of doing dnssec again.
=A0
Otherwise sysntpd will fail to start because ntpclient has already bound th= e ntp port.
According to http://wiki.openwrt.org/doc/uci/system busybox ntpd can act both= as a client&server so
I think that ntpclient is unnecessary.

>
> There's a fully-functional script at: http:= //www.bufferbloat.net/attachments/download/165/tunnelbroker.sh that doe= s this. (You'll have to substitute your own credentials there=85) Save = the script as a
> file in /tmp and execute it - it does all the configuration for you.
Just one note regarding this comment in your script:
# Append proper configuration commands to /etc/dnsmasq.conf
# This is the proper configuration file: you can ignore both
# /etc/config/dhcp and /var/etc/dnsmasq.conf as they seem not to have any e= ffect

/var/etc/dnsmasq.conf is overwritten when you '/etc/init.d/dnsmasq rest= art', thats why it seems to not have an effect.
BTW initially I was doing this:

# /etc/init.d/dnsmasq stop
# vi /var/etc/dnsmasq.conf
# /usr/sbin/dnsmasq -C /var/etc/dnsmasq.conf -d
....
^C
# vi /var/etc/dnsmasq.conf
# /usr/sbin/dnsmasq -C /var/etc/dnsmasq.conf -d
....

But after reinstalling dnsmasq-dhcpv6 I realized that just modifying /etc/d= nsmasq.conf and restarting dnsmasq worked too
(presumably due to this entry in /var/etc/dnsmasq.conf: conf-file=3D/etc/dn= smasq.conf).

Best regards,
--Edwin



--
Dave T=E4ht

Fixing bufferbloat with cerowrt: = http://www.teklibre.com/cerowrt/subscribe.html=20



--
Dave T=E4ht=

Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/= subscribe.html=20 --e89a8f235a17d5be4004d44375a3--