kea, almost dynamic WAN IPv6 Prefix

Started by vimage22, December 17, 2025, 02:48:17 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
December 17, 2025, 02:48:17 PM
Anything wrong with this script, run via cron every 5 min.

Code Select
#!/bin/sh
# /usr/local/sbin/kea_prefix_change.sh

FILE_NAME='/usr/local/etc/kea/kea-dhcp6.conf'

# get kea current Prefix
VAR1=$(jq -r '.Dhcp6.subnet6[].subnet' $FILE_NAME)
VAR1="$(echo $VAR1 | cut -d'/' -f1)"
echo "VAR1 = $VAR1"

# get actual WAN Prefix
v6Prefix=$(cat /tmp/igc0_prefixv6 | cut -d'/' -f1)
VAR2=$v6Prefix
echo "VAR2 = $VAR2"

if [ "$VAR1" != "$VAR2" ]; then
echo "Variables are not equal. Running code."
# Perform the find and replace operation
sed -i '' "s/$VAR1/$VAR2/g" "$FILE_NAME"
echo "Replacement complete in $FILE_NAME."
# Log the event
echo "$(date) WAN IPv6 prefix change detected." >> /var/log/wan_ipv6_change.log
fi
echo "Done..."

December 17, 2025, 03:20:09 PM #1
Yes: Kea won't notice the change, AFAICS. Besides that, if the prefix changes and even if you got Kea DHCP to hand it out henceforth, your devices will only notice when the lease expires and they request a prolongation.

Maybe you should take a look at SLAAC and this howto. By using SLAAC, you will immediately notify clients to use the new prefix when it changes.
Intel N100, 4* I226-V, 2* 82559, 16 GByte, 500 GByte NVME, ZTE F6005

1100 down / 800 up, Bufferbloat A+
December 17, 2025, 03:36:25 PM #2
Thanks for looking at this. I use reservations for certain devices to allow for name resolution. That does not work with SLAAC, right? And just realized this needs to be added into the if statement:

Code Select
# Stop the Kea service
pluginctl -s kea-dhcp stop
sleep 1
# Start the Kea service
pluginctl -s kea-dhcp start

/var/etc/dhcp6c_wan_script.sh runs every hour. I think this looks see if the WAN IPv6 changes. So I would change the cron setting to run every 30 min.
I also realize "igc0" is machine specific, so that would need to be a variable.

Since this is a home setup, and nothing matters if there is a short window of downtime, would the start/stop of kea cause the new change to be seen and eventually the clients would see it as well?



December 17, 2025, 03:44:45 PM #3
I would suggest using dnsmasq in a home network scope as it has a dynamic constructor for IPv6.

https://docs.opnsense.org/manual/dnsmasq.html#dhcpv6-and-router-advertisements

It also knows tricks like "ra-names" to generate and register hostnames for SLAAC if the devices are dual stack and also get a DHCPv4 lease from Dnsmasq. -> Which means you can skip DHPv6 entirely and just do DHCPv4 and RA with Dnsmasq using the ra-names setting in the Router Advertisement mode
Hardware:
DEC740
December 17, 2025, 04:27:41 PM #4
Yes, I started with dnsmasq, but I was not happy about setting up unbound to do a query forward to dnsmasq for LAN requests. Other reasons as well, but in the end, i prefer the simplicity of kea and unbound.
Since I have one device that needs a reservation for IPv6, and it is set as an Alias (type=Host)(value=fqdn), this allows me to open one port with a NAT rule to allow access from the WAN, for both v4 and v6. BTW, all worked great with ISC DHCPv6, but I just did a clean install to the latest version and wanted to use your latest standards.

Other observations:
I make heavy use of a LAN Bridge. However, I struggled for a long time to get anything to work over IPv6. Resolved by finding this:
https://docs.opnsense.org/manual/how-tos/lan_bridge.html
"check Enable link-local address checkbox in case you are using IPv6"
It would be great if this was added to the help section in the GUI.

Got the error: "Danger. Unexpected error, check log for details". Ended up finding the explanation in the forum, but maybe something should be added to the release notes to make this more clear.

On the positive side, it could be my imagination, but the GUI seems faster, more responsive and just better in all sections.
And getting an IPv4/IPv6 address seems much faster. I bet this is because of kea using an in memory db, and just it's structure in general. I use linux devices that actually keep track on how long it takes to get a lease. And again, kea does seem very simple to use, at least in my setup.
So amazing work on opnsense!! Thank you.

Finally, I would test the script my self, but not sure how to trick my isp to hand out a new prefix. In looking at all this, the feature of dynamic Prefix, which ISC handled so well, seems like the only downside to kea.
Print
Go Up Pages1
User actions