Close
Glad You're Ready. Let's Get Started!

Let us know how we can contact you.

Thank you!

We'll respond shortly.

LABS
Configuring FreeBSD 9.1 as a Native IPv6 DHCP Client

Abstract

ISPs are now offering native IPv6 to their customers, which begs the question, “how do I configure my machine to use IPv6?” This blog post describes the steps to configure a FreeBSD 9.1 machine as an IPv6 DHCP client on the Comcast network.

Prerequisites

First, the machine you are configuring must have an interface on the Internet, it cannot be behind a firewall. This machine should be the firewall.

Second, disable any firewall rules. Really, I mean it. You can re-enable the rules once you have a working configuration, at which point any problems can be addressed by fixing the firewall rulesets. And for you firewall wizards out there who are not going to listen to this advice because you know better, I want to caution you that pf(4) IPv6 rulesets may not work as expected; you are better off disabling filters (or at least adopting a default-allow stance). It may save you several hours of pointless frustration.

Manual Procedure

In this example, the external interface (the one which will have the IPv6 address) is em3. First, let’s install the IPv6 DHCP client program:

sudo pkg_add -r dhcp6

Second, let’s create /usr/local/etc/dhcp6c.conf with the following contents:

interface em3 {
     send ia-pd 0;
     send ia-na 1;
};

id-assoc na 1 {
};

id-assoc pd {
  prefix-interface em0 {
    sla-id 1;
  };
};

Let’s run the client in the foreground to see if it can successfully acquire an IPv6 address (remember to substitute your interface name for em3):

sudo /usr/local/sbin/dhcp6c -fd em3

If you see a message client6_send: transmit failed: Network is unreachable, then hit ctrl-C to stop dhcp6, enable IPv6 and router advertisements on your interface, then start dhcp6 (again, substitute for em3):

sudo ifconfig em3 inet6 -ifdisabled accept_rtadv
sudo /usr/local/sbin/dhcp6c -fd em3
Sep/02/2013 18:09:28: dhcp6_ctl_authinit: failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory
Sep/02/2013 18:09:28: client6_init: failed initialize control message authentication
Sep/02/2013 18:09:28: client6_init: skip opening control port
Sep/02/2013 18:09:28: add_ifprefix: invalid prefix length 64 + 16 + 64

Now, in a separate terminal session (because dhcp6c doesn’t exit once it acquires a lease), let’s use ifconfig to determine if we have acquired an IPv6 address:

ifconfig em3
em3: flags=8843 metric 0 mtu 1500
	options=4219b
	ether 00:00:24:ce:7b:fb
	inet 24.24.190.190 netmask 0xfffffe00 broadcast 255.255.255.255
	inet6 fe80::200:24ff:fece:7bfb%em3 prefixlen 64 scopeid 0xc
	inet6 2001:558:6045:f6:84f:4343:4949:b3b3 prefixlen 128
	nd6 options=21
	media: Ethernet autoselect (1000baseT )
	status: active

Notice there are two IPv6 addresses. Ignore the one that begins with fe80::200— it’s a link-local address that only works on the local subnet; it doesn’t work on the Internet. The second IPv6 address, the one beginning with 2001:558, is your Internet-accessible IP address.

Let’s test:

ping6 -c 2 ipv6.google.com
PING6(56=40+8+8 bytes) 2001:558:6045:f6:84f:4319:4958:b363 --> 2607:f8b0:4005:800::1012
16 bytes from 2607:f8b0:4005:800::1012, icmp_seq=0 hlim=56 time=14.689 ms
16 bytes from 2607:f8b0:4005:800::1012, icmp_seq=1 hlim=56 time=15.811 ms

--- ipv6.l.google.com ping6 statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 14.689/15.250/15.811/0.561 ms

Success! Now let’s make our changes permanent.

Permanent and Persistent

To make your changes persistent (i.e. IPv6 comes up on reboot), add the following to /etc/rc.conf:

ifconfig_em3_ipv6="inet6 -ifdisabled accept_rtadv"
dhcp6c_enable="YES"
dhcp6c_interfaces="em3"

Reboot:

sudo shutdown -r now

Log in and test again:

ping6 -c 2 ipv6.google.com

Comments
  1. Jonathan says:

    A major issue I run into on FreeBSD8 is the default gateway. FreeBSD8 will not install the default gateway unless you explicitly enable router advertisements in the kernel (net.inet6.ip6.accept_rtadv=1)

    pf is terrible with IPv6 and FreeBSD. Sometimes it registers the DCHPv6 address, sometimes it does not.

    There are even more problems when you’re trying to configure FreeBSD as an ipv6 gateway. IPv6 services running on the box won’t work. (i.e. ssh, apache)

  2. What Jonathan says isn’t strictly true; you can set ipv6_cpe_wanif to the external interface and it will register any broadcasted routers in the default router list.

    Also: if you update your dhcpc.conf you can request a /60 prefix so that you can allocate multiple subnets.

  3. Brian Cunnie says:

    @Jonathan: I must say that my experience with pf and FreeBSD have been surprisingly uneventful; I assume the problem might have something to do with me being on FreeBSD 9.1 versus your experience with FreeBSD 8.

    @David: That’s wonderful news! I’m going to try to test {ipv6_cpe_wanif,/60} this weekend & update the blog post. I would be happy to list you in the acknowledgements if you give me a URL.

  4. Bob says:

    @Jonathan – FreeBSD 9 and later support RFC6204, which describes consumer routers. It is definitely worthwhile to check out the release notes for FreeBSD 9. Here’s a link:
    https://www.freebsd.org/releases/9.0R/relnotes-detailed.html#AEN1395

    Scroll down a bit until you see the section starting with “More specific explanations of the changes are as follows,” and then start reading.

    @David – what’s the conf syntax to request a /60? I’m still experimenting / learning dhcp6c. (my ISP turned on dual-stack IPv6 yesterday).

    Thanks.

  5. David Blewett says:

    Brian: sorry, I don’t maintain a public site at the moment. I don’t really need attribution.

    Bob: see this site for details: http://blog.kylemanna.com/ipv6/2013/09/29/using-native-ipv6-via-comcast-in-san-francisco/ . Here is my dhcp6c.conf:

    interface re0 {
    send ia-pd 0;
    send ia-na 1;
    request domain-name-servers;
    request domain-name;
    };

    id-assoc na 1 {
    };

    id-assoc pd {
    prefix ::/60 infinity;
    prefix-interface bridge0 {
    sla-len 4;
    sla-id 1;
    };
    };

    So right now I only have a single subnet, but could subnet further in the future.

Post a Comment

Your Information (Name required. Email address will not be displayed with comment.)

* Copy This Password *

* Type Or Paste Password Here *