• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

OpenBSD - rtadvd.conf and raflags

Started by netmc, August 25, 2010, 03:05:45 PM

Previous topic - Next topic

netmc

I am running OpenBSD 4.7 (as a router) and have successfully connected using IPv6 from my dual WAN/LAN setup using both manual configuration and stateless (rtadvd) on my internal hosts (Windows and Linux).  (I am using a routed /48 on two distinct LANs.)

My goal is to use managed DHCPv6 as I would like to make anonymous my internal computers rather than exposing the mac addresses to the world.  I just can't figure out how to set the rtadvd setting to advertise the managed option to the network.

The problem I am having is with the raflags setting inside the rtadvd.conf file.  I can't figure out the structure of the file and I can't locate any good examples which show a setting other than "raflags#0"

here is an excerpt from the man page:

    raflags
            (num) Flags field in router advertisement message header.  Bit 7
            (0x80) means Managed address configuration flag bit, and Bit 6
            (0x40) means Other stateful configuration flag bit.  The default
            value is 0.


and the example from man:

    default:\
            :chlim#64:raflags#0:rltime#1800:rtime#0:retrans#0:\
            :pinfoflags="la":vltime#2592000:pltime#604800:mtu#0:
    ef0:\
            :addr="2001:db8:ffff:1000::":prefixlen#64:tc=default:



I need to set both bits active for managed and other configuration, so what would I set the raflags setting to?

My guess would be:

managed only - raflags#64
optional only - raflags#32
both options - raflags#96

but I am completely lost in trying to configure this option.

I am also trying to figure out which package to install for DHCPv6 support in OpenBSD 4.7, so any help would be appreciated.

cholzhauer

Quote
I am also trying to figure out which package to install for DHCPv6 support in OpenBSD 4.7, so any help would be appreciated.

For FreeBSD, it's just the "normal" ISC DHCP server (/usr/ports/net/isc-dhcp41-server/)  I think I ended up building 4.2 from source though

netmc

Yeah, I tried building ISC DHCP 4.2 from source, but encountered a weird bug.  (This is for IPv4.) The DHCP server would respond to requests when run as a foreground process, but would not when run as a daemon.  I know DHCP listens on the BPF interface, so it seems like it could be a permissions issue or something else strange.  I'm still learning how OpenBSD works.  It seems like the root user permissions are being dropped when in daemon mode and the process no longer has access to the BPF interface to listen for DHCP requests.  I know OpenBSD does a few things differently from FreeBSD in the name of security...  I just have to figure out what..  :(

The newer ISC DHCP servers are not in the ports tree yet for OpenBSD.

theultramage

#3
If it's the same case as in freebsd, then the explanation is very simple - http://www.freebsd.org/cgi/query-pr.cgi?pr=docs/141032.
I've been stumped with this issue when I was setting up rtadvd too, took me an hour or so to narrow down the reason.
The reason being that rtatvd can't read hex values even though the doc says it can. Use 'm' or #128 instead.
Other than that, there's no reason not to use the rtadvd daemon already provided by the system.

This is how my current config looks like:
fxp0:\
   :raflags="o":  # m - use the ip address offered by dhcp6
                  # o - get dns servers via dhcp6

(I leave ip address assignment to ipv6 autoconfiguration (although I did successfully set it up before), and just use "option domain-name-servers" in dhcp6s to propagate dns info).

cholzhauer

Quote
(I leave ip address assignment to ipv6 autoconfiguration (although I did successfully set it up before), and just use "option domain-name-servers" in dhcp6s to propagate dns info).

I'd love to do that at work, but then I'd have to add like 4 nic's to my Ipv6 router to do it all..bleh (Cisco doesn't support it yet)

lukec

QuoteI'd love to do that at work, but then I'd have to add like 4 nic's to my Ipv6 router to do it all..bleh (Cisco doesn't support it yet)

Pretty sure Cisco do suport this (not sure why 4 additional NICs though)...i.e. On your router (from Cisco)

ipv6 dhcp pool foo
  domain-name <your-domain>
  dns-server <IPv6 address of yourDNS-Server>
  prefix-delegation pool foo lifetime 1800 600

ipv6 local pool foo <prefix/prefix-length> <assigned-length>
ipv6 dhcp database tftp://<your-tftp-server>/dhcp-bindings

interface <interface-name>
  ipv6 address <prefix/64> eui-64
  ipv6 dhcp server foo rapid-commit
  ipv6 nd managed-config-flag


"The managed configuration flag is enabled to inform clients via RAs that they should use stateful configuration for DHCP.
DHCPv6 can deliver either stateful and stateless information.
DHCP used udp 546 & 547 to convey IPv6 assignment and parameter information. Hosts communicate with the local DHCPv6
outer using the all-DHCPv6-agents multicast address of FF02::1:2 with it's link-local address (FE80::/10 as the source address"

rgds












cholzhauer

routers might support that, but the asa's do not; ive put in a feature request with cisco.

maschwar77

To set managed: raflags#64
To set other stateful: raflags#128
To set both: raflags#192

This should solve your problem.