OpenBSD, dhcp6leased and Altibox
OpenBSD 7.6 was released this week and now includes support for DHCPv6-PD as part of the base installation, provided by a new program called dhcp6leased.
I use OpenBSD on my router, for a symmetric fiber connection provided by
Altibox. They provide a single IPv4 address assigned through DHCP, as well as
IPv6 prefixes assigned through DHCPv6-PD. Until now, I've had to use dhcpcd for
the DHCPv6-part, but this is no longer necessary now that dhcp6leased is
available!
So how do you configure OpenBSD to work with an Altibox link then?
VLAN and IPv4
Note that this assumes that you terminate the connection directly in your OpenBSD router, either through a NIC with a SFP module, or via a media converter.
Altibox expects packets for their Internet service to be tagged with VLAN
ID 102. Assuming ix0 is the network interface connected to the ISP uplink,
this can be configured like this:
$ ifconfig ix0 up $ ifconfig vlan102 create $ ifconfig vlan102 parent ix0 $ ifconfig vlan102 vnetid 102
To request an IPv4 address via DHCP we tell the interface to use autoconf:
$ ifconfig vlan102 inet autoconf
At this point an IPv4 address should already be assigned. Verify this with:
$ dhcpleasectl -l vlan102
Finally, we can make this configuration persistent across reboots by creating the following files:
# /etc/hostname.ix0 up # /etc/hostname.vlan102 parent ix0 vnetid 102 inet autoconf
DHCPv6-PD
For a home network, we typically want a single IPv6 address for the router
itself as well as a /64 prefix that can be used by machines on our local
network.
dhcpcd
Before 7.6 was released I already had a working setup running using dhcpcd,
with the following configuration that requests a /128 non-temporary address
(ia_na) for vlan102 , and a /64 prefix delegation (ia_pd) for vlan1:
# configure only ipv6 addresses ipv6only # disable router solicitation noipv6rs # wait for ipv6 address waitip 6 # allow configuration of these interfaces allowinterfaces vlan102 vlan1 # request ip address for the external if and a prefix delegation for the internal if interface vlan102 ipv6rs ia_na 1 ia_pd 2 vlan1/0
However, I was not able to replicate this configuration exactly in
dhcp6leased, since it only supports requesting prefix delegations.
dhcp6leased
So how can we replace dhcpcd with dhcp6leased then? Luckily, dhcp6leased
makes it very easy to request arbitrary prefixes, without doing boring prefix
math.
First we need to enable IPv6 router solicitation so that our machine can
discover router advertisement messages. This had me stumped for a while because
I forgot that this is what the ipv6rs line in dhcpcd.conf does.
$ ifconfig vlan102 inet6 autoconf
Make this change persist across reboots by updating /etc/hostname.vlan102 as follows:
# /etc/hostname.vlan102 parent ix0 vnetid 102 inet autoconf inet6 autoconf
We then configure dhcp6leased as follows:
# /etc/dhcp6leased.conf
request rapid commit
request prefix delegation on vlan102 for {
vlan102/128
vlan1/64
}
And enable and start the daemon:
$ rcctl enable dhcp6leased $ rcctl start dhcp6leased
After a few seconds you should have a /63 prefix delegation available. Verify
this with
$ dhcp6leasectl -l vlan102
Note: If no prefix delegation becomes available and you have PF enabled, you may
need to allow DHCPv6 packets on the vlan102 interface. This can be done with
the following rule:
# /etc/pf.conf pass in on vlan102 inet6 proto udp from fe80::/10 to port dhcpv6-client
rad
Finally, we want to provide IPv6 addresses to our local network. This is done
with the rad daemon. Assuming vlan1 is our LAN interface, create the
following configuration file:
# /etc/rad.conf interface vlan1
And enable and start the daemon:
$ rcctl enable rad $ rcctl start rad
And we're done! Machines on the local network should now receive IPv6 addresses through SLAAC.