From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-qa0-f45.google.com (mail-qa0-f45.google.com [209.85.216.45]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id 8ECA321F150 for ; Sun, 27 Jan 2013 07:11:49 -0800 (PST) Received: by mail-qa0-f45.google.com with SMTP id g10so525136qah.18 for ; Sun, 27 Jan 2013 07:11:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:content-type:mime-version:subject:from:in-reply-to:date :cc:message-id:references:to:x-mailer; bh=AOhJVUEvFz3jjE1u4xXypodHOVCScWtJ/E0z/ntIz78=; b=MlMPO4IjepDgSOi7ZmyWBcMWH55801sBuungRa1fMAxqZKqbLJ3E8+WGBWNYvthBRP Hke9ZvdPiUxGXL0K5O3DIknKGsTnp2vDE/rnm9941CnUKe5ixzbPD/0DAHiFcFJ7Mxz8 iSaGFzeRImI62m5fXCVEAdjE0wk0IDZediVKc6y6lG0sxGbSLalCc9H5nZ85OXJzprJn lvQvxSO79fYV897yLDFCIbrWdL41OV0T1S2Bq6hPJ+fiH+WSad5vA8OYboGqBOW9vKBP 6b/GUf/zlrIANvKCU+8exAzR8xO3L1KoGvJqNvfBUjHdtyYzC8QXIbh3rsc7EQ976SYx /i4Q== X-Received: by 10.229.106.34 with SMTP id v34mr3000975qco.116.1359299508290; Sun, 27 Jan 2013 07:11:48 -0800 (PST) Received: from ?IPv6:2001:470:8a63::1958:42ff:7bb2:a587? ([2001:470:8a63:0:1958:42ff:7bb2:a587]) by mx.google.com with ESMTPS id dj2sm4192039qab.9.2013.01.27.07.11.45 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sun, 27 Jan 2013 07:11:47 -0800 (PST) Content-Type: multipart/alternative; boundary="Apple-Mail=_E4846F8D-1185-4103-9389-E7F4F6D93C64" Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\)) From: "Richard E. Brown" In-Reply-To: Date: Sun, 27 Jan 2013 10:11:44 -0500 Message-Id: References: <54532012A5393D4E8F57704A4D55237E42B20614@CH1PRD0510MB381.namprd05.prod.outlook.com> <510471bf.4a63b40a.4aa1.67a7@mx.google.com> <5104E965.8030003@etorok.net> <51051107.5050300@etorok.net> To: Dave Taht X-Mailer: Apple Mail (2.1499) Cc: cerowrt-devel@lists.bufferbloat.net Subject: Re: [Cerowrt-devel] Got DHCPv6 working in CeroWrt 3.7.x over HE.net tunnel X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Jan 2013 15:11:50 -0000 --Apple-Mail=_E4846F8D-1185-4103-9389-E7F4F6D93C64 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=iso-8859-1 Folks, I just tested the DHCPv6 facilities of Dave's 3.7.4-3 build = (Congratulations, Dave!) and it works as desired. The default = configurations of dnsmasq-dhcpv6 and the IPv6 6in4 tunneling work almost = trivially. All you need to do is create the tunnel using your own = credentials, tweak the firewall configuration, and Presto! You're on the = air. I have updated the script on the wiki to do all this. It details all the = steps you need to do to get a 6in4 tunnel account and to run the = configuration script. The script got dramatically shorter, because the = desired behavior is now built in by default. Look at: http://www.bufferbloat.net/attachments/download/166/tunnelbroker.sh NB: This script only works with CeroWrt Modena 3.7.4-3 and newer.=20 NB: The script on the main "IPv6 Tunneling" page of the wiki will *not* = work with Modena - that's for Sugarland and older. Once Modena goes into = beta, I will update that page. Thanks for all the help I've received on this. Rich Brown Hanover, NH USA On Jan 27, 2013, at 6:47 AM, Dave Taht wrote: >=20 >=20 > On Sun, Jan 27, 2013 at 3:35 AM, T=F6r=F6k Edwin = wrote: > On 01/27/2013 01:25 PM, Dave Taht wrote: > > > > > > On Sun, Jan 27, 2013 at 12:46 AM, T=F6r=F6k Edwin = > = wrote: > > > > On 01/27/2013 06:17 AM, Richard E. Brown wrote: > > > Thanks to Dave T=E4ht and Robert Bradley for the pointers to = making CeroWrt 3.7.x hand out IPv6 addresses to LAN devices. (This has = been tested with 3.7.4-2.) The process is indeed a few simple > > steps: > > > > > > 1) remove dnsmasq & dnsmasq-dhcpv6, then install again (see = Dave T=E4ht's note below) > > > 2) Add config to /etc/dnsmasq.conf to hand out DHCPv6 = addresses (as suggested by Robert Bradley) > > > > Yep, that sounds like what I've done too. > > > > > > > > I have incorporated these changes (aside from the he specific = config) into the next build of cero. (which has dnsmasq 2.66 test12 in = it. > > > > Thx everyone for tracking this down. > > > > Incidentally, how do I get dnsmasq to hand out more than one dns = server to clients? I'd like it to > > do so - one for ipv6 and for ipv4, or 2 for ipv4, etc. > > > > What happens now is you can configure dnsmasq to talk to tons of dns = servers but it only hands out itself. Given the timeouts in DNS and so = on it seems saner to hand out two, or more, to clients, as > > per the RFC (if you have two or more) > > > > Another place I was stuck was on getting dhcpv6-pd to work. I'd = setup an isc-dhcp server as a test (on a laptop, pretending to be the = master box) > > and I could see it handing out a /56 prefix, as configured, but only = the external ge00 address would be configured. What seemed to be = happening was bombing out in the netifd script not putting in the > > ".ge00" interface into a ubus function call. It was also only = distributing a /128 to clients... >=20 > dhcpv6-pd works with pppoe for me. > I have this in /etc/config/network which is pretty much the default, = except se00 is the only one with ip6assign: >=20 > config interface 'ge01' > option ifname '@ge00' > option proto 'dhcpv6' > option broadcast '1' > option metric '2048' > option reqprefix 'auto' >=20 > This is the only difference betwen your setup > and mine, in that I was specifically requesting a 60 rather than = "auto".=20 >=20 > I'll try it. >=20 > Still unintegrated at present is the p2p ipv6 ahcp/mesh networking = support for ipv6, which is a shame because it used to be easier than all = the other interfaces. >=20 > What needs to happen there is that all the ahcp meshy interfaces (gw11 = and gw01) need to get the same /128 prefix and ahcp server handed a /64 = pool to deal with... > =20 > config interface 'se00' > option ifname 'se00' > option proto 'static' > option ipaddr '172.30.42.1' > option netmask '255.255.255.224' > option ip6assign '64' >=20 > What happens then is that se00 gets the delegated /64 prefix directly, = and only that: > 2: se00: mtu 1500 qlen 1000 > inet6 2a02:2f02:1022:a2eb::1/64 scope global > valid_lft forever preferred_lft forever > inet6 fe80::c43d:c7ff:fe97:8050/64 scope link >=20 >=20 > However, I will argue this is wrong, and the lifetimes should match = whatever was handed to you from upstream. > =20 > With the default configuration I noticed something similar to you: = only a /128 assigned, but I thought thats because > I only get a /64 to begin with. >=20 >=20 > Well, on a shared network it should be part of the local /64... >=20 > > > > Perhaps now that this other stuff is correct, that will work. I will = try it in the morning. > > > > this was how I'd setup the "dhcpv6 server"'s /etc/dhcp/dhcpd.conf > > > > subnet6 2001:db8:0:1::/64 { > > # Range for clients > > range6 2001:db8:0:1::129 2001:db8:0:1::254; > > # Additional options > > option dhcp6.name-servers 2001:db8:0:1::1; > > option dhcp6.domain-search "cerowrt.org = "; > > # Prefix range for delegation to sub-routers > > prefix6 2001:db8:0:100:: 2001:db8:0:f00:: /56; > > # Example for a fixed host address > > host specialclient { > > host-identifier option dhcp6.client-id = 00:01:00:01:4a:1f:ba:e3:60:b9:1f:01:23:45; > > fixed-address6 2001:db8:0:1::127; > > } > > } > > > > I think the last unaligned_instruction trap is dead. > > > > Lastly, there is another nifty new feature of dnsmasq - secondary = domain updates. I have no idea how to get that going... > > > > > > > 3) Tweak the firewall to put henet 6in4 tunnel into WAN zone > > > 3) Bring up henet and restart network, firewall, dnsmasq > > > > Not related to ipv6, but if you want a ntp server for your LAN = you have to do this: > > # opkg remove luci-app-ntpc > > # opkg remove ntpclient > > # killall ntpclient > > # uci set system.ntp.enable_server 1 > > # uci commit system > > # /etc/init.d/sysntpd restart > > > > > > This is an artifact of formerly using the isc ntp server in cero = (for the multicast, and autokey support, as well as for the possible = linkage to the gpsd daemon for a 1pps signal) At some future point > > I'd like to make this work again (because testing against a stratum = 1 clock like what gpsd can do has long been on my list of worthwhile = things to do), but I have no problem with using the well > > integrated smaller default ntp server in openwrt. (well, I'd like it = to do ipv6, too) > > > > I have made these two packages optional and enabled the local ntp = server. > > > > Still up here, no matter what ntp client/server is used is some = means of doing dnssec again. >=20 > Does dnsmasq support that? >=20 >=20 > partial dnssec support is in a branch of dnsmasq. simon is seeking = funding to complete it. > =20 > Best regards, > --Edwin >=20 >=20 >=20 > --=20 > Dave T=E4ht >=20 > Fixing bufferbloat with cerowrt: = http://www.teklibre.com/cerowrt/subscribe.html --Apple-Mail=_E4846F8D-1185-4103-9389-E7F4F6D93C64 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=iso-8859-1 http://www.bufferbloat.net/attachments/download/166/tunnelbroker.sh=

NB: This script only works with CeroWrt Modena = 3.7.4-3 and newer. 
NB: The script on the main "IPv6 = Tunneling" page of the wiki will *not* work with Modena - that's for = Sugarland and older. Once Modena goes into beta, I will update that = page.

Thanks for all the help I've received on = this.

Rich Brown
Hanover, NH = USA


On Jan 27, 2013, = at 6:47 AM, Dave Taht <dave.taht@gmail.com> = wrote:



On Sun, Jan 27, 2013 at = 3:35 AM, T=F6r=F6k Edwin <edwin+ml-cerowrt@etorok.net> = wrote:
On 01/27/2013 01:25 PM, Dave Taht wrote:
>
>
> On Sun, Jan 27, 2013 at 12:46 AM, T=F6r=F6k Edwin <edwin+ml-cerowrt@etorok.net<= /a> <mailto:edwin+ml-cerowrt@etorok.net<= /a>>> wrote:
>
>     On 01/27/2013 06:17 AM, Richard E. Brown wrote:
>     > Thanks to Dave T=E4ht and Robert Bradley for the = pointers to making CeroWrt 3.7.x hand out IPv6 addresses to LAN devices. = (This has been tested with 3.7.4-2.)  The process is indeed a few = simple
>     steps:
>     >
>     > 1) remove dnsmasq & dnsmasq-dhcpv6, then = install again (see Dave T=E4ht's note below)
>     > 2) Add config to /etc/dnsmasq.conf to hand out = DHCPv6 addresses (as suggested by Robert Bradley)
>
>     Yep, that sounds like what I've done too.
>
>
>
> I have incorporated these changes (aside from the he specific = config) into the next build of cero. (which has dnsmasq 2.66 test12 in = it.
>
> Thx everyone for tracking this down.
>
> Incidentally, how do I get dnsmasq to hand out more than one dns = server to clients? I'd like it to
> do so - one for ipv6 and for ipv4, or 2 for ipv4, etc.
>
> What happens now is you can configure dnsmasq to talk to tons of = dns servers but it only hands out itself. Given the timeouts in DNS and = so on it seems saner to hand out two, or more, to clients, as
> per the RFC (if you have two or more)
>
> Another place I was stuck was on getting dhcpv6-pd to work. I'd = setup an isc-dhcp server as a test (on a laptop, pretending to be the = master box)
> and I could see it handing out a /56 prefix, as configured, but = only the external ge00 address would be configured. What seemed to be = happening was bombing out in the netifd script not putting in the
> ".ge00" interface into a ubus function call. It was also only = distributing a /128 to clients...

dhcpv6-pd works with pppoe for me.
I have this in /etc/config/network which is pretty much the default, = except se00 is the only one with ip6assign:

config interface 'ge01'
        option ifname '@ge00'
        option proto 'dhcpv6'
        option broadcast '1'
        option metric '2048'
        option reqprefix = 'auto'
config interface 'se00'
        option ifname 'se00'
        option proto 'static'
        option ipaddr '172.30.42.1'
        option netmask '255.255.255.224'
        option ip6assign '64'

What happens then is that se00 gets the delegated /64 prefix directly, = and only that:
2: se00: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
    inet6 2a02:2f02:1022:a2eb::1/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::c43d:c7ff:fe97:8050/64 scope link

With the default configuration I noticed something similar to you: only = a /128 assigned, but I thought thats because
I only get a /64 to begin with.

>
> Perhaps now that this other stuff is correct, that will work. I = will try it in the morning.
>
> this was how I'd setup the "dhcpv6 server"'s = /etc/dhcp/dhcpd.conf
>
> subnet6 2001:db8:0:1::/64 {
>         # Range for clients
>         range6 2001:db8:0:1::129 = 2001:db8:0:1::254;
>         # Additional options
>         option dhcp6.name-servers = 2001:db8:0:1::1;
>         option dhcp6.domain-search "cerowrt.org <http://cerowrt.org>";
>         # Prefix range for = delegation to sub-routers
>         prefix6 2001:db8:0:100:: = 2001:db8:0:f00:: /56;
>         # Example for a fixed host address
>         host specialclient {
>                 = host-identifier option dhcp6.client-id = 00:01:00:01:4a:1f:ba:e3:60:b9:1f:01:23:45;
>                 = fixed-address6 2001:db8:0:1::127;
>         }
> }
>
> I think the last unaligned_instruction trap is dead.
>
> Lastly, there is another nifty new feature of dnsmasq - secondary = domain updates. I have no idea how to get that going...
>
>
>     > 3) Tweak the firewall to put henet 6in4 tunnel = into WAN zone
>     > 3) Bring up henet and restart network, firewall, = dnsmasq
>
>     Not related to ipv6, but if you want a ntp server for = your LAN you have to do this:
>     # opkg remove luci-app-ntpc
>     # opkg remove ntpclient
>     # killall ntpclient
>     # uci set system.ntp.enable_server 1
>     # uci commit system
>     # /etc/init.d/sysntpd restart
>
>
> This is an artifact of formerly using the isc ntp server in cero = (for the multicast, and autokey support, as well as for the possible = linkage to the gpsd daemon for a 1pps signal) At some future point
> I'd like to make this work again (because testing against a stratum = 1 clock like what gpsd can do has long been on my list of worthwhile = things to do), but I have no problem with using the well
> integrated smaller default ntp server in openwrt. (well, I'd like = it to do ipv6, too)
>
> I have made these two packages optional and enabled the local ntp = server.
>
> Still up here, no matter what ntp client/server is used is some = means of doing dnssec again.

Does dnsmasq support that?


partial dnssec support is in a branch of = dnsmasq. simon is seeking funding to complete = it.
 
Best regards,
--Edwin



--
Dave = T=E4ht

Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html=20

= --Apple-Mail=_E4846F8D-1185-4103-9389-E7F4F6D93C64--