[opensuse] openSUSE Router with IPV6
With all the chatter about IPV6 lately, I'm working on getting it setup on my home network. My ISP (Charter) does provide IPV6 addresses, but I'm struggling with making this work. I have an odroid C2 ARM board that is running Tumbleweed with 2 network interfaces: eth1 onboard interface is the WAN port. Uses wicked and dhcp to get an ipv4 and ipv6 address from my isp. eth0 on a usb to ethernet adapter is the LAN port. Uses wicked with a static ipv4 address assigned. walter@c2router:~> ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether e8:fc:af:c7:a8:21 brd ff:ff:ff:ff:ff:ff inet 172.16.4.1/24 brd 172.16.4.255 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::eafc:afff:fec7:a821/64 scope link valid_lft forever preferred_lft forever 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:1e:06:36:93:44 brd ff:ff:ff:ff:ff:ff inet 75.xxx.253.3/21 brd 255.255.255.255 scope global eth1 valid_lft forever preferred_lft forever inet6 2605:xxxx:afc0:2:ed44:6b09:12ab:2754/64 scope global dynamic valid_lft 518420sec preferred_lft 518420sec inet6 fe80::21e:6ff:fe36:9344/64 scope link valid_lft forever preferred_lft forever On the LAN side, I have dnsmasq handing out ipv4 addresses and taking care of DNS. This all works great for ipv4, but my workstations on the lan only have an ipv4 address plus an fe80... ipv6 address. In my /etc/sysctl.conf I have: net.ipv4.ip_forward = 1 net.ipv6.conf.all.forwarding = 1 net.ipv6.conf.all.accept_ra = 2 net.ipv6.conf.eth1.autoconf = 0 net.ipv6.conf.all.use_tempaddr = 0 net.ipv6.conf.default.use_tempaddr = 0 I was following this guide: https://taczanowski.net/linux-box-as-an-ipv6-router-with-slaac-and-dhcpv6-pd... which was running on openSUSE 42.2 using wide-dhcpv6-client. But wide-dhcpv6 is no longer available on openSUSE. So how can I get wicked to request the prefix from my isp, forward that prefix to dnsmasq so it can hand out ipv6 addresses, and using the prefix set an ipv6 address on the lan interface? Or is there another way? Thanks Mark -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Mark Petersen wrote:
So how can I get wicked to request the prefix from my isp, forward that prefix to dnsmasq so it can hand out ipv6 addresses, and using the prefix set an ipv6 address on the lan interface? Or is there another way?
I am sure James Knott will have some help to offer - afair, the problem is: 1) receiving a prefix from your uplink isp, and 2) dishing out addresses from that (radvd or dhcp) Keyword: "prefix delegation". -- Per Jessen, Zürich (16.4°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2019-08-20 01:24 AM, Per Jessen wrote:
So how can I get wicked to request the prefix from my isp, forward that prefix to dnsmasq so it can hand out ipv6 addresses, and using the prefix set an ipv6 address on the lan interface? Or is there another way? I am sure James Knott will have some help to offer - afair, the problem is:
I gave up on using openSUSE for my firewall and moved to pfSense, as DHCPv6-PD wasn't supported. I've been using pfSense for about 3.5 years and it works well. https://www.pfsense.org/download/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Tue, 2019-08-20 at 07:00 -0400, James Knott wrote:
On 2019-08-20 01:24 AM, Per Jessen wrote:
So how can I get wicked to request the prefix from my isp, forward that prefix to dnsmasq so it can hand out ipv6 addresses, and using the prefix set an ipv6 address on the lan interface? Or is there another way? I am sure James Knott will have some help to offer - afair, the problem is:
I gave up on using openSUSE for my firewall and moved to pfSense, as DHCPv6-PD wasn't supported. I've been using pfSense for about 3.5 years and it works well.
pfSense is only available for amd64 or Netgate hardware, so I'd have to replace my 10 watt Odroid C2 with a 100+ watt pc or spend $350 for a Netgate device. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Mark Petersen wrote:
On Tue, 2019-08-20 at 07:00 -0400, James Knott wrote:
On 2019-08-20 01:24 AM, Per Jessen wrote:
So how can I get wicked to request the prefix from my isp, forward that prefix to dnsmasq so it can hand out ipv6 addresses, and using the prefix set an ipv6 address on the lan interface? Or is there another way? I am sure James Knott will have some help to offer - afair, the problem is:
I gave up on using openSUSE for my firewall and moved to pfSense, as DHCPv6-PD wasn't supported. I've been using pfSense for about 3.5 years and it works well.
pfSense is only available for amd64 or Netgate hardware, so I'd have to replace my 10 watt Odroid C2 with a 100+ watt pc or spend $350 for a Netgate device.
I guess it ought to be possible porting whatever software pfsense is using and run it on openSUSE on ARM ? -- Per Jessen, Zürich (16.6°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2019-08-20 09:02 AM, Per Jessen wrote:
I guess it ought to be possible porting whatever software pfsense is using and run it on openSUSE on ARM ?
PfSense is based on FreeBSD. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
On 2019-08-20 09:02 AM, Per Jessen wrote:
I guess it ought to be possible porting whatever software pfsense is using and run it on openSUSE on ARM ?
PfSense is based on FreeBSD.
Yeah, I saw that somewhere. Still seems possible to grab the code and build it on openSUSE. I guess the main hurdle might be the integration with wicked, if needed, dunno. Which dhcp client/server does pfsense use, James? -- Per Jessen, Zürich (16.6°C) http://www.cloudsuisse.com/ - your owncloud, hosted in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2019-08-20 08:48 AM, Mark Petersen wrote:
pfSense is only available for amd64 or Netgate hardware, so I'd have to replace my 10 watt Odroid C2 with a 100+ watt pc or spend $350 for a Netgate device.
Then you'll have to convince openSUSE to add proper DHCPv6-PD support. I used openSUSE with IPv6 for almost 6 years, when I used a 6in4 tunnel to get IPv6. It was OK with that, but not supporting DHCPv6-PD is a show stopper, as that's how most ISPs provide IPv6. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2019-08-20 09:07 AM, James Knott wrote:
On 2019-08-20 08:48 AM, Mark Petersen wrote:
pfSense is only available for amd64 or Netgate hardware, so I'd have to replace my 10 watt Odroid C2 with a 100+ watt pc or spend $350 for a Netgate device.
Then you'll have to convince openSUSE to add proper DHCPv6-PD support. I used openSUSE with IPv6 for almost 6 years, when I used a 6in4 tunnel to get IPv6. It was OK with that, but not supporting DHCPv6-PD is a show stopper, as that's how most ISPs provide IPv6.
One other possibility, can one of those WRT firewalls be used on that hardware? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 20/08/2019 07.24, Per Jessen wrote:
Mark Petersen wrote:
So how can I get wicked to request the prefix from my isp, forward that prefix to dnsmasq so it can hand out ipv6 addresses, and using the prefix set an ipv6 address on the lan interface? Or is there another way?
I am sure James Knott will have some help to offer - afair, the problem is:
1) receiving a prefix from your uplink isp, and 2) dishing out addresses from that (radvd or dhcp)
Keyword: "prefix delegation".
But the prefix he already has: inet6 2605:xxxx:afc0:2:ed44:6b09:12ab:2754/64 scope global dynamic valid_lft 518420sec preferred_lft 518420sec 64 bits for the prefix and 64 for the hosts. So the prefix would be "2605:xxxx:afc0:2::" At least that is what I understand. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
On 2019-08-20 11:58 AM, Carlos E. R. wrote:
But the prefix he already has:
inet6 2605:xxxx:afc0:2:ed44:6b09:12ab:2754/64 scope global dynamic valid_lft 518420sec preferred_lft 518420sec
64 bits for the prefix and 64 for the hosts.
So the prefix would be "2605:xxxx:afc0:2::"
At least that is what I understand.
This is intended to be a router, which means different prefixes on the WAN and LAN sides. He shows the WAN address and doesn't have a LAN address. The "PD" in DHCPv6-PD stands for Prefix Delegation, where the ISP provides the prefix for use on the LAN side. The smallest address block provided has a /64 prefix, which allows for 2^64 addresses. ISPs can generally provide larger blocks. For example, my ISP provides a /56 prefix, which gives me 256 /64s. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (4)
-
Carlos E. R. -
James Knott -
Mark Petersen -
Per Jessen