Skip to content

Linux box as an IPv6 router with SLAAC and DHCPv6-PD

Linux box as an IPv6 router with SLAAC and DHCPv6-PD published on 3 Comments on Linux box as an IPv6 router with SLAAC and DHCPv6-PD

Some time ago I replaced my Mikrotik router with linux box which is working as a router for my home network and as a server for some services.
I had to spend some time to set up IPv6 on linux in such way, that everything was working automatically and without need to configuring anything in statically way. This post will be only about IPv6 part of router configurations.
I omit IPv4 part and configurations of network interfaces, because it is well documented in internet.

My router is running on linux openSUSE leap 42.2. The configurations are the same for other distros but file paths of config files may be different.
eth0 – wan interface of the router
eth1 – lan interface of the router
To make the router working, I had to:

  • change some sysctls to obtain IPv6 address on wan interface of my router by Stateless autoconfiguration (SLAAC).
  • I used wide-dhcpv6-client client to obtain IPv6 adresses pool (DHCPv6-PD) to redistribute addresses from pool on my devices in home network.
  • Redistributing addresses is done by dnsmasq.

First step – sysctls:
Part of my /etc/sysctl.conf confgured to obtain IPv6 address from Stateless autoconfiguration (SLAAC) on wan interface – eth0:

After reboot I can see that my wan interface has public IPv6 address:

Second step – wide-dhcpv6-client:
Configuration of wide-dhcpv6-client which will be obtaining IPv6 address pool (DHCPv6-PD) for lan interface (eth1)

Unfortunately package of wide-dhcpv6-client does not provide configuration file for systemd. To start up wide-dhcpv6-client by systemd I created wide-dhcpv6.service entry:

Enable it on system startup:

After reboot I can see that my lan interface (eth1) has assignment IPv6 address with prefix:

Last step – dnsmasq:
Part of configuration of dnsmasq (/etc/dnsmasq.conf) to redistributing IPv6 addresses in home network. Dnsmasq will also work as dns cache. :

Enable dnsmasq on system startup:

After reboot, devices in home network should be able to use internet by IPv6 🙂

But now, devices in home network are avaible from outside. Each of device has own public IPv6 address which is awailable from outside (internet).
We have to secure it, by allowing only for connections which are initialized from our internal network. It can be done by ip6tables.

It’s all, described configuration works flawlessly for me for days 🙂

3 Comments

a question:
wan got a /64 addr, however lan got /56?
inet6 addr: 2a03:XXXX:0:252:24f:62ff:fe16:bd48/64 Scope:Global
inet6 addr: 2a03:XXXX:252f:e900::1/56 Scope:Global
why?
is it your isp assigned you an /56 ipv6? prefix pull down /56 subnet?

if my isp only dhcp6-pd a /64 address, can we using wide-dhcpv6 to assign /80 subnet to computers in lan? which will be no slaac only dhcpv6.
or if I assign the same /64 address in lan, how to do route between wan and lan?
thanks

Hi,

Sorry for my late response.
You are right, My WAN interface gets /64 address from my ISP. This address is separate from pool of addresses (prefix pool) from ISP, which can be assigned do LAN interface (in my case this is /56 prefix) – and home router can assign addresses from this pool for devices inside LAN network.

Address with /64 subnet assigned on the router can be used by it for its own use.
Sometimes ISP provided ONLY prefix to assign on LAN interface and distribute between devices in this LAN – I suppose this is your case.
In this scenario you should assign your /64 prefix to your LAN interface and distribute addresses from this subnet via dhcp6-pd.
If you would use smaller subnet (which will only part of /64 from your ISP) please read about sla-len and sla-id parameters in wide-dhcpv6-client. Tthese parameters are responsible for extraching smaller subnets from subnet provided by ISP.

Regarding to the your question about routing prefix assigned to the LAN network and WAN interface.
From what I remember. If you obtain addresses prefix from your ISP (for usage in LAN network), then router of your ISP will routes traffic to this subnet to your router via IPv6 local addresses – in my case this is fe80::24f:62ff:fe16:bd48/64 on WAN interface.

Regards,
Jan Taczanowski

Leave a Reply

Your email address will not be published. Required fields are marked *