Implement IPv6 in uplink role

[nis65]

There are two (or more) options:

• Rely on uplink providing IPv6 subnets via DHCPv6 prefix delegation.
• use IPv6 ULA adresses and IPv6 NAT.

The former is not very generic (e.g. for testing in a LAN you would need to have your own DHCPv6 server supporting PD) and would need full IPv6 renumbering support - which might imply some engineering beyond what the distro packages support. In addition, renumbering is properly doable for locally connected networks only, i.e. there must not be any additional routers in the localwlan zone.

The latter is very similar to the IPv4 approach: e.g.it allows for static IPv6 adresses in the localwlan zone but breaks protocols like SIP that communicate IP adresses in their payload. For some of those, there may be 'helpers' available to fix this.

The good: It's easily cascadable. The bad: it can break protocols. The ugly: It's against the IPv6 Mantra: do not NAT!

[nis65]

Decided to go for ULA/NAT and found out: As the goal of the uplink role is to pass any available connectivity to the WLAN clients, the naive IPv6 approach

• add a static ULA IPv6 address to ap0
• configure IPv6 masquerading in firewalld
• add a line to dnsmasq.conf like: dhcp-range=2001:db8:1234:6f2::1:1,2001:db8:1234:6f2::ffff:1,ra-names,64,24h

will nicely work when there is either no uplink or a dual stack uplink. However, if the uplink is IPv4 only, user experience is degraded ("happy eyeballs" in browsers, but 2min timeouts in most other network applications). IPv4 has a valid default route, but IPv6 not.

Therefore, some watchdog mechanism will be needed that removes (or hides or disables) IPv6 announcements in dnsmasq as long as there is an IPv4 only uplink. I still consider this as a small increase in complexity compared to the alternative: Adapting to all the various ways providers care to "properly" distribute IPv6-subnets.

[nis65]

Update: the "watchdog" as explained above is not needed (at least not for debian/ubuntu clients on the ap0 WLAN): They default to IPv4 because ULA IPv6 addresses have their own label in /etc/gai.conf.

This can be adjusted (if desired) by editing the label from the the ULA addresses in /etc/gai.conf on the WLAN client as follows (remove all comments from the label lines and change the label for ULA address to match the value of the ::/0 label):

#loopback
label ::1/128       0
# ALL
label ::/0          1
# 6to4 (deprecated)
label 2002::/16     2
# IPv4-compatible addresses (deprecated)
label ::/96         3
# IPv4-mapped (dual stack)
label ::ffff:0:0/96 4
# Site local (obsolete)
label fec0::/10     5
# Unique local addresses
label fc00::/7      1
# Teredo
label 2001:0::/32   7

I have added the comments, you won't find them on your client.

[nis65]

But IPv6 NAT works now - as long as the uplink has IPv6 too, of course. See #72.

[nis65]

solved in #72