Hello everybody,
I'm having trouble configuring DHCPv6 for ULA.
I have a working ipv6 situation using SLAAC. I get a dynamic prefix from my ISP, and I have a bunch of VLANs tracking it, so the clients receive a couple of ipv6 addresses via SLAAC. Since the prefix is dynamic, I also have ULAs for internal network use. I have some virtual IPs with them, and the router advertisments configured so they give out the prefixes, and every client is also getting a couple of ULAs via SLAAC. I can put them in the override list of unbound and they are being used, I can ping, everything.
Because I want to have a server with some services, I thought I could try to configure DHCPv6 so it can give out static addresses to these services. Since I only want to use them from the internal network, I thought I would only distribute the ULAs with DHCPv6, and the global addresses with SLAAC (I wouldn't mind if SLAAC also gives ULAs and DHCPv6 GUAs).
When I activated the DHCPv6, I found no way for it to give out ULAs, no matter how I configured, it only gives GUAs. Then I saw this pull request https://github.com/opnsense/core/pull/5313 (https://github.com/opnsense/core/pull/5313), which looked that it could help. I used the following file for a VLAN (not the real prefix):
subnet6 fd01:2345:6789:abcd::/64 {
# Range for clients
range6 fd01:2345:6789:abcd:ffff:: fd01:2345:6789:abcd:ffff:ffff:ffff:ffff;
# Range for clients requesting a temporary address
range6 fd01:2345:6789:abcd::/64 temporary;
# Additional options
option dhcp6.name-servers fd01:2345:6789:abcd::;
# Prefix range for delegation to sub-routers
prefix6 fd01:2345:6789:abef:: fd01:2345:6789:abff::/60;
}
DHCPv6 fails to start with the following error:
Quote/status_services.php: The command '/usr/local/sbin/dhcpd -6 -user dhcpd -group dhcpd -chroot /var/dhcpd -cf /etc/dhcpdv6.conf -pf /var/run/dhcpdv6.pid igb2_vlan20 igb2_vlan50 igb2_vlan30 igb2_vlan128' returned exit code '1', the output was 'Internet Systems Consortium DHCP Server 4.4.2-P1 Copyright 2004-2021 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ Config file: /etc/dhcpdv6.conf Database file: /var/db/dhcpd6.leases PID file: /var/run/dhcpdv6.pid Wrote 3 NA, 0 TA, 0 PD leases to lease file. Interface igb2_vlan20 matches multiple shared networks If you think you have received this message due to a bug rather than a configuration issue please read the section on submitting bugs on either our web page at www.isc.org or in the README file before submitting a bug. These pages explain the proper process and the information we find helpful for debugging. exiting.'
Commenting the different config lines doesn't help (I'm not sure if it was properly configured). Removing the ULA prefix from the router advertisments doesn't help neiter. Only removing the virtual IP for this VLAN allows it to start, but then DHCPv6 doesn't give out any ULA address, and ipv6 with ULAs stops working.
Could somebody help me to configure it, or maybe tell me another way of achieving what I want, static ULAs?
Thanks in advance
I haven't got as far as VLANs in my IPv6 journey, but shouldn't the first line "subnet6" allow for space in the prefix for the VLAN ID? I.e., should it be a /60 (I'm making an assumption from the "prefix6" line at the bottom) so that for each subnet, the ULA's VLAN bits can be made to match the corresponding GUA/GUAs for that interface?
(That "matches multiple shared networks" part of the error message is what got me thinking this...)
Quote from: efahl on July 10, 2022, 07:19:08 PM
I haven't got as far as VLANs in my IPv6 journey, but shouldn't the first line "subnet6" allow for space in the prefix for the VLAN ID? I.e., should it be a /60 (I'm making an assumption from the "prefix6" line at the bottom) so that for each subnet, the ULA's VLAN bits can be made to match the corresponding GUA/GUAs for that interface?
(That "matches multiple shared networks" part of the error message is what got me thinking this...)
That subnet6 already has the prefix for the VLAN ID, cd in the example (actually 02 in real life). I just copied the existing config for an existing VLAN and changed the IP addresses to ULA. Maybe you are right, I'm going to try it.
I've just naively changed the mask to 60 and it said "New subnet mask too short"