Hi! Maybe I’m completely off track with my idea, so please let me know if that is the case. I’ve done some reading and experimenting with IPv6 but wouldn’t consider myself an expert yet.
Goal: ===== My Internet connection is using dynamic IPv6 prefixes. I want to configure a local (OpenBSD) machine so its public IPv6 address adjusts to changes in the network prefix but keeps a static Interface Identifier (IID). I’d also like to be able to configure the IID manually. Essentially this would be a server running on the LAN but with a public IPv6 address, reachable from the Internet. Details: ======== My Internet provider allocates a dynamic, public IPv6 /64 prefix to my router. The IID of the router is based on the MAC-address of its outside interface (EUI64) and doesn’t change. I’ll call this combination of /64 prefix and IID the "IPv6 address of the router". My Internet provider additionally allocates a dynamic, public IPv6 /56 prefix to my router. Traffic to addresses from this range are routed to the IPv6 address of the router. The router in turn communicates a /64 prefix based on this /56 prefix and a fixed 8-bit value to my LAN devices. Effectively the LAN devices operate with a dynamic, public /64 prefix. My router also allows configuration of LAN devices/ports that are reachable from the Internet. This forwarding configuration is based on the IID of the device for IPv6. Without such a forwarding rule, no Internet traffic can open a connection to any LAN device. So for an IPv6 service on the LAN to be reachable from the Internet, the following criteria must be met: - A forwarding rule must exist on the router that matches the port and IID of the LAN device. Packets from the Internet are routed to the public IPv6 address of the router. The forwarding rule sets up routing to the LAN device. - The LAN device must have an IPv6 address matching the current /64 prefix and the IID configured for the forwarding settings on the router. - A service must listen on the port and IPv6 address on the LAN device. (pf(4) must allow the traffic of course.) - (Optional) A DNS AAAA entry could point to the IPv6 address. This probably requires some form of DDNS to adjust the DNS record when the IPv6 prefix changes. Keeping this updated is a separate problem not relevant for my question. Note: When I use the term "its IPv6 address" I realize that this is generally only one of a number of IPv6 addresses in use on an interface at any given time. Basically I am referencing the address returned by: ifconfig em0|grep 'inet6'|grep -vE ' fe80:| fd|deprecated|temporary' I.e. no link-local, ULA, temporary or deprecated addresses. Also note that there is no DHCPv6 server in my configuration. Question/Problem: ================= After reading man pages for slaacd(8), hostname.if(5) and ifconfig(8) the only way to combine a static IID with a dynamic prefix seems to be the eui64 option: inet6 autoconf eui64 However this limits the IID to a fixed value based on the MAC-address of the interface and potentially leaks information about the vendor of the interface to the Internet. Is there a way to combine "inet6 autoconf" with an arbitrary manually defined IID? Example: So let’s say I want to use 0123:4567:89ab:cdef as the IID and the current prefix is 2001:db8:0:4201::/64 then how would I specify this in a way that allows slaacd(8) to generate an address using the current /64 prefix and this IID to form 2001:db8::4201:123:4567:89ab:cdef/128? When the prefix changes to e.g. 2001:db8:0:2a01::/64 I want the address of the interface to change to 2001:db8::2a01:123:4567:89ab:cdef/128. I may be showing my ignorance here but it seems to me that combining dynamic IPv6 prefixes with manually chosen IIDs should be possible? This question pertains to OpenBSD 7.0 stable on amd64 with all patches applied in case that makes a difference. Thanks! Regards, Mike
