Stateless/Statefull IPv6 addressing works perfectly in LEDE. I can receive a /48 delegation and server a full /60 split into several /64. All routing works and I am delighted.
I configured each host with "unguesssable" full-public hostname:
In LAN interface, I selected an "IPv6 assignment hint" for delegation, which gives more security.
I could not choose a suffix method (does not work)
The only "glitch" is that all my IPv6 public addresses are derived from MAC, which allows to explore the topology of my network (?). I am not sure of that, but it could be a security issue. If you have a list of all LEDE routers and their MAC addresses, it could restrict the number of possible hosts in a /64 and find them easily using pings. In /48 you are protected (relatively) by the 'hint' value making a /64. Anyhow, an attacker sniffing ONE IPv6 address with /64 in your network knows the subrange and can test all devices using ping6.
Am-I right to believe that?
Therefore i am trying to set-up IPv6 via dhcp addressing with custom suffix.
A sample config in /etc/conf/dhcp:
option name 'test-kieyei9edaemi9ai'
option dns '1'
option mac '00:16:3e:f0:16:3a'
option ip '192.168.2.209'
option hostid '42de:812c'
hostid '42de:812c' was set in LuCI ...
How can I set the suffix of my IPv6 guest in LEDE?
i am trying a Debian guest, but it is still received automatic IPv6 addressing derived from MAC.
How can I use this "hostid" in Debian DHCP?
Otherwize, the only remaining possibility is IPv6 static addressing.
Any comments and help welcome.