DHCP mixing server and relay for ipv4/v6?

Grommish · December 2, 2020, 3:47am

My CPE seems to have IPv6 on its WAN and LAN interfaces, and is handing out IPv6 addresses to the WAN port of my OpenWrt device:

          inet6 addr: 2600:0000:0000:0000:0000:0000:0000:0000/64 Scope:Global
          inet6 addr: 2600:0000:0000:0000::2/128 Scope:Global
          inet6 addr: fe80::2e26:5fff:fe80:4a4/64 Scope:Link

I am needing to relay the IPv6 from the WAN to the LAN (so my LAN clients get proper IPv6 addresses from my ISP). However, I would like hand out the IPv4 addresses locally with dnsmasq (as it does now).

My clients do not get a 2600 IPv6 address

Connection-specific DNS Suffix: lan
Description: Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
Physical Address: ‎D4-BE-D9-00-00-00
DHCP Enabled: Yes
IPv4 Address: 192.168.1.200
IPv4 Subnet Mask: 255.255.255.0
Lease Obtained: Tuesday, December 01, 2020 9:05:33 PM
Lease Expires: Wednesday, December 02, 2020 10:21:10 AM
IPv4 Default Gateway: 192.168.1.1
IPv4 DHCP Server: 192.168.1.1
IPv4 DNS Server: 192.168.1.1
IPv4 WINS Server: 
NetBIOS over Tcpip Enabled: Yes
IPv6 Address: fdbf:4774:b171::c2c
Lease Obtained: Tuesday, December 01, 2020 10:21:19 PM
Lease Expires: Wednesday, December 02, 2020 10:21:19 AM, fdbf:4774:b171:0:9d7:6828:adbb:3d7a
Temporary IPv6 Address: fdbf:4774:b171:0:e5e0:22c6:a25c:a323
Link-local IPv6 Address: fe80::9d7:6828:adbb:3d7a%10
IPv6 Default Gateway: 
IPv6 DNS Servers: fdbf:4774:b171::1, fdbf:4774:b171::1

root@OpenWrt:/# cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'
        option ednspacket_max '1232'
        option confdir '/tmp/dnsmasq.d'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv6 'server'
        option ra 'server'
        option ra_slaac '1'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'

config dhcp 'wan6'
        option dhcpv6 relay
        option ra relay
        option ndp relay
        option master 1

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

root@OpenWrt:/#

I know it's set under LAN to option dhcpv6 'server' but since my wan6 has relay already, I'm not sure if I'm to remove the option, or set it to relay as well.

Appreciate the help!

Grommish · December 3, 2020, 6:14pm

No one?

vgaetera · December 4, 2020, 5:15am

uci set dhcp.lan.dhcpv6="relay"
uci set dhcp.lan.ndp="relay"
uci set dhcp.lan.ra="relay"
uci set dhcp.wan6.interface="wan6"
uci commit dhcp
/etc/init.d/odhcpd restart

https://openwrt.org/docs/guide-user/network/ipv6/start#router_advertisement_dhcpv6

Grommish · December 4, 2020, 5:52am

Now to get dnsmasq to act as a local ipv6 DNS forwarder. I'm not sure how well that is going to work, since the bridge has a static IPv4/6

          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::2e26:5fff:fe80:4a5/64 Scope:Link
          inet6 addr: fdbf:4774:b171::1/60 Scope:Global

Is there a way to have just the IPv6 on the br-lan pull dhcp and still use static for v4?

I'm heading over to look at https://openwrt.org/docs/guide-user/network/ipv6/ipv6.dns and see what I can find. If you have any better resources, I'm open to them!

vgaetera · December 4, 2020, 6:10am

You can use an IPv4 or IPv6 ULA address for custom DNSv6.
Intercepting DNSv6 is also possible.

Grommish · December 4, 2020, 6:20am

Thank you, I will check them out.

I already have dnsmasq and Adblock running, for IPv4. I'm not sure if it already includes v6 support or not, but that's what I'm trying to enable/replicate for v6. I would like the dnsmasq instance on the device to act as the local DNS server, so Adblock can do it's thing. It looks like I might be able to do this a few ways, so I'll experiment some

vgaetera · December 4, 2020, 6:27am

Disable encrypted DNS on your devices and in the browsers, otherwise it can override your local DNS.

Grommish · December 4, 2020, 6:39am

As in, disable DoH? Done.. Thank you again!

system · December 14, 2020, 6:39am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.