search

HenriWahl / dhcpy6d

MAC address aware DHCPv6 server written in Python
https://dhcpy6d.de
GNU General Public License v2.0
94 stars 27 forks source link

Setting the prefix-length of assigned addresses #24

Closed waybeforenow closed 4 years ago

waybeforenow commented 4 years ago

Hi, thanks for building and maintaining this tool! It's very useful.

I would like some advice on how to configure the prefix length of IPv6 addresses that dhcpy6d assigns.

I'm using dhcpy6d to dynamically assign IP addresses to clients on a VPN. They need to all be in the same logical network, so they should all have some address that looks like 2001:db8:beef::x/64. So I wrote this configuration:

[address_default]
category = range
range = 1000-2fff
pattern = 2001:db8:beef::$range$

And I was able to get a dynamically assigned address using this config, but it was 2001:db8:beef::1000/128 - no good. But it makes sense, since I never configured a prefix length. So I added a prefix and an associated class to advertise it:

[prefix_default]
category = range
range = 0-0
pattern = 2001:db8:beef:$range$::
length = 64

[class_default_vpn6]
addresses = default
prefixes = default
advertise = addresses prefixes

(Btw, I needed to put a range in my prefix even though I only needed one prefix - might be worth adding a separate category for this type of configuration.)

When I install this configuration, I'm still getting 2001:db8:beef::1000/128 instead of 2001:db8:beef::1000/64. I've been playing around with the configuration some more, but I haven't been able to fix this. Is it possible to assign a /64 address using dhcpy6d?

HenriWahl commented 4 years ago

The [prefix_*] defiinitons are made for prefix delegation - PD. See https://dhcpy6d.ifw-dresden.de/documentation/config/prefixes/.

What OS are you using? I see the same behaviour on Fedora Linux for example which automatically uses a /128.

As far as I understand the DHCPv6 RFC 3315 there is no way to tell the prefix length to the clients.

waybeforenow commented 4 years ago

Thanks, I think I now understand why prefix delegation isn't what I'm trying to achieve (though the documentation doesn't explain why prefix delegation is useful; maybe including a link to the Wikipedia article or similar would be a helpful pointer).

What OS are you using?

This is a testing network for a VPN I intend to deploy sometime in the future. For testing purposes, the network has three hosts running different operating systems. These hosts are bridged

Both my laptop and the embedded device receive /128 addresses.

As far as I understand the DHCPv6 RFC 3315 there is no way to tell the prefix length to the clients.

I'm having some trouble understanding this, since I come from IPv4-land where it would make no sense to dynamically assign an address with a /32 netmask. How exactly am I supposed to route to anything with a /128 address? My ostensible default gateway on the VPN has a static address of 2001:db8:beef::1/64; I'm unable to ping it.

HenriWahl commented 4 years ago

I have a macOS here which has this ifconfig:

en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    options=50b<RXCSUM,TXCSUM,VLAN_HWTAGGING,AV,CHANNEL_IO>
    ether 68:5b:35:94:32:5a 
    inet6 fe80::13:d6e8:bd49:241a%en0 prefixlen 64 secured scopeid 0x7 
    inet 172.16.106.135 netmask 0xffff0000 broadcast 172.16.255.255
    inet6 2001:638:90a:1600:e917:fd7:bbb6:a336 prefixlen 128 dynamic 
    nd6 options=201<PERFORMNUD,DAD>
    media: autoselect (1000baseT <full-duplex,flow-control>)
    status: active

Your local router should be requested automatically by your client.

Edit: What does a netstat-rn on your macOS show you?

waybeforenow commented 4 years ago

I guess there is no way to give the client a prefix-length using DHCPv6 per the RFC, and I figured out how to route to a /128 address, so all is well. I'll close this issue now.