Re:  DHCPv6 IA_PD - how-to

2024-07-26 Thread moto kawasaki 


Hi Chris, all

I am struggling the same problem too, and here is my working
configuration for dhcp6c in my test environment.
Hope this can be help.


vtnet0 is uplink, where I expect to receive RA from ISP.

If upstream router send RA with PD with 2001:db8:beef::/56, dhcp6c
will add sla-len (8 in this configuration) to the prefix length (/56)
to get the final prefix length of /64.
Also, dhcp6c will add sla-id (11 and 12, decimal) to prefix, so that
I will use 2001:db8:beef:b/64 and 2001:db8:beef:c/64 for assigning my
internal network interfaces (vtnet1 and vtnet2).

Well, I am wondering how I can tell "authentication isp_auth" entry to
use the "isp_key", especially when I have multiple "keyinfo" entries.



= /usr/local/etc/dhcp6c.conf =
keyinfo isp_key {
realm "example.org";
keyid 1;
secret "JTY0XXX==";  # masked.
};

authentication isp_auth {
protocol delayed;
};

interface vtnet0 {
script "/usr/local/etc/dhcp6c-script.sh";
send ia-pd 3;
send authentication isp_auth;
request domain-name-servers;
request domain-name;
request ntp-servers;
#send rapid-commit;
};

id-assoc pd 3 {
prefix-interface vtnet1 {
sla-id 11;
sla-len 8;
};
prefix-interface vtnet2 {
sla-id 12;
sla-len 8;
    };
};
=




Thanks and Best Regards,

-- 
moto kawasaki  +81-90-2464-8454


on Wed, 24 Jul 2024 00:04:12 -0400, Chris Ross  wrote:

> 
> 
> > On Jul 23, 2024, at 13:23, Roy Marples  wrote:
> >  On Tue, 23 Jul 2024 18:11:18 +0100 cross+free...@distal.com wrote 
> > 
> > 
> >> tl;dr; anyone have a good IPv6 network setup based on an IA_PD from
> >> their provider? Any details or advice to share?
> > 
> > 
> > I'm upstream for dhcpcd.
> > All options related to PD are configurable in the dhcpcd.conf(5) 
> > configuration file. There are also some examples.
> 
> My apologies, I think I may’ve misremembered which attempt produced which
> result.  More careful investigation suggests it was actually dhclient I
> was unable to configure in a config file.  So, I’m not sure I ever even
> got the PD recognized by dhcpcd.  Perhaps I was not finding the right
> examples.
> 
> > What are you struggling with specifically?
> 
> First, I’d like to request of my ISP the PD and understand the answer.
> If dhcpcd can also set up internal networks within the PD, that would
> be ideal.  Again, I found with earlier work that some clients are able
> to do more with “using” the network than others.  I have half a dozen
> ish internal networks that I assign /64’s to, and distribute via RA.
> 
> Perhaps an answer to Karl’s question might provide me with what I need
> as well.  Otherwise, an example or three of receiving and utilizing an
> IA_PD response is what I am looking for.
> 
>   - Chris

Re:  DHCPv6 IA_PD - how-to

2024-07-28 Thread moto kawasaki 

Hi Chris and all,

Thank you for your reply, and I am feeling like I should go dhcpcd
too :-)

Thanks!

-- 
moto kawasaki  +81-90-2464-8454


on Sun, 28 Jul 2024 14:50:53 -0400, Chris Ross  wrote:

> > On Jul 26, 2024, at 23:21, moto kawasaki  wrote:
> > 
> > 
> > Hi Chris, all
> > 
> > I am struggling the same problem too, and here is my working
> > configuration for dhcp6c in my test environment.
> > Hope this can be help.
> 
> Thank you, moto-san.  Roy was/is helping me get dhcpcd working, and I have
> begun replacing my old FreeBSD 11.4 router with a new FreeBSD 14.1 router.
> At which point, I’ll be bringing up dhcpcd based on Roys advice.
> 
> I remember that I tried dhcp6c, but I do not think I was able to get it
> working for myself.  I will keep your config for reference, in case I
> try it again.  Thank you for sharing!
> 
> 
> - Chris

Re:  DHCPv6 IA_PD - how-to

2024-07-29 Thread moto kawasaki 


Hi Roy,

Thank you very much for the configuration example with dhcpcd!
Also I didn't know delayed auth had been obsoleted, thanks for letting
me to notice.
I'll try dhcpcd instead of dhcp6c.

Best Regards,

-- 
moto kawasaki  +81-90-2464-8454


on Mon, 29 Jul 2024 11:05:37 +0100, Roy Marples  wrote:

> For dhcpcd you would do this:
> 
> interface vtnet0
>   ia_pd 3 vtnet1/11 vtnet2/12
>   option domain_name_servers, domain_name, ntp_servers
>   authproto delayed
>   authtoken 1 "example.org" forever "JTY0XXX=="
> 
> 
> But please note that delayed authentication has now been obsoleted:
> https://datatracker.ietf.org/doc/html/rfc8415#section-25
> While dhcpcd supports it to some extend, it's not widely tested and could be 
> broken in any given release as I don't have a means of testing it right now.
> 
> The only real authentication support that is in the RFC's is the reconfigure 
> key.
> https://datatracker.ietf.org/doc/html/rfc8415#section-20.4
> 
> Roy