Re: [Cerowrt-devel] Got DHCPv6 working in CeroWrt 3.7.x over HE.net tunnel

[Dave Taht <dave.taht@gmail.com>]

[-- Attachment #1: Type: text/plain, Size: 5204 bytes --]

On Sun, Jan 27, 2013 at 12:46 AM, Török Edwin
<edwin+ml-cerowrt@etorok.net>wrote:

> On 01/27/2013 06:17 AM, Richard E. Brown wrote:
> > Thanks to Dave Täht and Robert Bradley for the pointers to making
> CeroWrt 3.7.x hand out IPv6 addresses to LAN devices. (This has been tested
> with 3.7.4-2.)  The process is indeed a few simple steps:
> >
> > 1) remove dnsmasq & dnsmasq-dhcpv6, then install again (see Dave Täht's
> note below)
> > 2) Add config to /etc/dnsmasq.conf to hand out DHCPv6 addresses (as
> suggested by Robert Bradley)
>
> Yep, that sounds like what I've done too.
>
>

I have incorporated these changes (aside from the he specific config) into
the next build of cero. (which has dnsmasq 2.66 test12 in it.

Thx everyone for tracking this down.

Incidentally, how do I get dnsmasq to hand out more than one dns server to
clients? I'd like it to
do so - one for ipv6 and for ipv4, or 2 for ipv4, etc.

What happens now is you can configure dnsmasq to talk to tons of dns
servers but it only hands out itself. Given the timeouts in DNS and so on
it seems saner to hand out two, or more, to clients, as per the RFC (if you
have two or more)

Another place I was stuck was on getting dhcpv6-pd to work. I'd setup an
isc-dhcp server as a test (on a laptop, pretending to be the master box)
and I could see it handing out a /56 prefix, as configured, but only the
external ge00 address would be configured. What seemed to be happening was
bombing out in the netifd script not putting in the ".ge00" interface into
a ubus function call. It was also only distributing a /128 to clients...

Perhaps now that this other stuff is correct, that will work. I will try it
in the morning.

this was how I'd setup the "dhcpv6 server"'s /etc/dhcp/dhcpd.conf

subnet6 2001:db8:0:1::/64 {
        # Range for clients
        range6 2001:db8:0:1::129 2001:db8:0:1::254;
        # Additional options
        option dhcp6.name-servers 2001:db8:0:1::1;
        option dhcp6.domain-search "cerowrt.org";
        # Prefix range for delegation to sub-routers
        prefix6 2001:db8:0:100:: 2001:db8:0:f00:: /56;
        # Example for a fixed host address
        host specialclient {
                host-identifier option dhcp6.client-id
00:01:00:01:4a:1f:ba:e3:60:b9:1f:01:23:45;
                fixed-address6 2001:db8:0:1::127;
        }
}

I think the last unaligned_instruction trap is dead.

Lastly, there is another nifty new feature of dnsmasq - secondary domain
updates. I have no idea how to get that going...


> > 3) Tweak the firewall to put henet 6in4 tunnel into WAN zone
> > 3) Bring up henet and restart network, firewall, dnsmasq
>
> Not related to ipv6, but if you want a ntp server for your LAN you have to
> do this:
> # opkg remove luci-app-ntpc
> # opkg remove ntpclient
> # killall ntpclient
> # uci set system.ntp.enable_server 1
> # uci commit system
> # /etc/init.d/sysntpd restart
>
>
This is an artifact of formerly using the isc ntp server in cero (for the
multicast, and autokey support, as well as for the possible linkage to the
gpsd daemon for a 1pps signal) At some future point I'd like to make this
work again (because testing against a stratum 1 clock like what gpsd can do
has long been on my list of worthwhile things to do), but I have no problem
with using the well integrated smaller default ntp server in openwrt.
(well, I'd like it to do ipv6, too)

I have made these two packages optional and enabled the local ntp server.

Still up here, no matter what ntp client/server is used is some means of
doing dnssec again.


> Otherwise sysntpd will fail to start because ntpclient has already bound
> the ntp port.
> According to http://wiki.openwrt.org/doc/uci/system busybox ntpd can act
> both as a client&server so
> I think that ntpclient is unnecessary.
>
> >
> > There's a fully-functional script at:
> http://www.bufferbloat.net/attachments/download/165/tunnelbroker.sh that
> does this. (You'll have to substitute your own credentials there…) Save the
> script as a
> > file in /tmp and execute it - it does all the configuration for you.
>
> Just one note regarding this comment in your script:
> # Append proper configuration commands to /etc/dnsmasq.conf
> # This is the proper configuration file: you can ignore both
> # /etc/config/dhcp and /var/etc/dnsmasq.conf as they seem not to have any
> effect
>
> /var/etc/dnsmasq.conf is overwritten when you '/etc/init.d/dnsmasq
> restart', thats why it seems to not have an effect.
> BTW initially I was doing this:
>
> # /etc/init.d/dnsmasq stop
> # vi /var/etc/dnsmasq.conf
> # /usr/sbin/dnsmasq -C /var/etc/dnsmasq.conf -d
> ....
> ^C
> # vi /var/etc/dnsmasq.conf
> # /usr/sbin/dnsmasq -C /var/etc/dnsmasq.conf -d
> ....
>
> But after reinstalling dnsmasq-dhcpv6 I realized that just modifying
> /etc/dnsmasq.conf and restarting dnsmasq worked too
> (presumably due to this entry in /var/etc/dnsmasq.conf:
> conf-file=/etc/dnsmasq.conf).
>
> Best regards,
> --Edwin
>



-- 
Dave Täht

Fixing bufferbloat with cerowrt:
http://www.teklibre.com/cerowrt/subscribe.html

[-- Attachment #2: Type: text/html, Size: 6357 bytes --]