Can I impose on the wisdom of the LEDE community to help me understand how to configure LEDE to provide a dual-stack SoHo IPv4/6 environment? I apologise for this being something of an essay, but I'm a bit of an IPv6 novice, and I'm not sure how much of what I've done so far might be relevant to my questions at the end. So ...
I'm running LEDE 17.01 on a TP-Link WDR4300, with a PPPOE connection to a VDSL2 modem providing native IPv4 connectivity with a single static public IPv4 address. I then have a private lan behind the router with a couple of WiFi access points attached to it. A few devices on my LAN are using static IPv4 addresses, many devices are using pseudo-static IPv4 addresses via static DHCP leases, and transient devices get genuinely dynamic addresses. One of my devices with a static IPv4 address is a Linux system that acts as an internet-facing Web/Mail/VPN/etc server, using port redirection through the IPv4 NAT/Firewall in the router, with my (hosted) DNS A record pointing to the routers public IPv4 address.
The hostnames for the static & pseudo-static addresses are provided via the LEDE hosts file and the static DHCP leases respectively. I'm generally not worried about giving the truly dynamically assigned devices hostnames, but of course some of them provide a client name as part of the DHCP process, and that seems to be honoured in LEDE (by cleverness in dnsmasq I believe). So for IPv4, dnsmasq appears to act as the DNS server for the devices on my LAN, answering authoritatively for devices in my domain (ie, on my LAN) and proxying requests for names not on my LAN to public DNS servers. Devices inside my LAN can resolve hostnames within the LAN, devices outside are not even aware of them.
So far, I suspect this isn't particularly unusual. But now I'm trying to add IPv6 to the mix.
I've added an HE 6in4 tunnel to LEDE (as ISP's providing native IPv6 are rare in the UK) giving me IPv6 connectivity using a routed /48 prefix. My understanding is that LEDE will assign IPv6 addresses to my LAN from the first /64 prefix in the /48, and reserve the remaining prefixes in the /48 for delegation via DHCP-PD. I also have a ULA /64 prefix assigned, and IPv6 aware devices on my LAN are acquiring IPv6 addresses in both the prefixes as I would expect.
My first step has been to add a statically defined global scope IPv6 address to my Web/Mail/VPN server, within the first /64 of the routed /48, rather than letting it autoconfigure its own global IPv6 address in the prefix dynamically. I also disabled IPv6 privacy extensions on the server for clarity, and I can see it acquiring that single IPv6 address in the global prefix (and a dynamic link-local IPv6 address, obviously). I'll add a matching static IPv6 address in the ULA prefix next, just for completeness, and then punch holes in the firewall to the global prefix address for the relevant services, and add a DNS AAAA record to my DNS provider pointing to my servers static global IPv6 address.
So, to my questions:
-
I would like to assign some of my IPv6 aware devices pseudo-static global scope IPv6 addresses in the same way that I do for IPv4 addresses. How do I achieve this? I believe I can only do this using stateful DHCPv6, but is it done in LEDE using dnsmasq, odhcp6, something else? Do I need to configure this through LUCI or uci commands or editing config files? It's probably my lack of familiarity with LEDE, but I've not been able to work it out from the LEDE documentation, so while hints are always appreciated, for this, a clear simple description would be preferred!
-
I have a ULA prefix and a global prefix where devices can (will) acquire IPv6 addresses. Is there any way to control the Interface ID (ie, lowest 64bits) so a device has the same Interface ID in both the ULA prefix and the global prefix? Clearly I can do this if I assign static IPv6 addresses to every client, but can I also do this for pseudo-static addresses, using some variation of whatever the answer to my first question is?
-
But what about dynamic addresses? My belief is that anything that autoconfigures itself using SLAAC is largely outside of my control, so to maintain control I will need to assign dynamic IPv6 addresses using stateful DHCPv6. So given some MAC address, how can I assign common Interface IDs within two (or more) prefixes, while not knowing in advance what the MAC address will be? And for bonus points, is there any way to base those IPv6 Interface IDs on the IPv4 address being assigned to the device too? (I'm guessing there is not!)
-
From what I read, this use of DHCPv6 will expose a problem with Android devices, as they don't seem to implement DHCPv6 in any form, and ignore the M & O bits in the RAs. So I think they will always autoconfigure themselves, no matter what I try to do from the router. So the best I can hope for with Android devices is to try to put a meaningful hostname into LEDEs DNS service pointing at whatever address(es) the Android device has autoconfigured for itself. How do I do that? Is it even possible to do that?!
-
Finally, am I right in assuming that devices that configure themselves using stateful DHCPv6 will not use the IPv6 privacy extensions? And if not, is it possible to configure the router to force them to not use the privacy extensions?
Thanks for reading this far, and for any help you can offer.