How can I delegate public IPv6 addresses to my LAN without interfering with an existing IPv4 DHCP (and DNS) server?
I've already got a Linux box on the LAN (CentOS 7) running the ISC DHCP server to configure all my Windows and IoT settings. It's running BIND DNS and the ISC DHCP server adds client names and addresses to the local DNS.
I've got OpenWRT working on my ZyXEL NBG6817 as an IPv4 router and I can see it getting an IPv6 address from the upstream Comcast modem/router. I don't see how to disable the DHCP v4 function without killing the v6 delegations. Is that possible?
I want the LAN clients to get v6 router advertisements and addresses from the ZyXEL. I don't want them getting v4 addresses or DNS settings from it. (They already get that from the CentOS box.) I can set the v6 DHCP DNS setting to the CentOS box's local v6 address.
Under Status/Overview I can see that there's one v6 lease issued to my CentOS box and I can see that it has a public address assigned (2601:644...). I haven't been able to ping6 a public v6 address but I can ping6 the link addresses on the ZyXEL and on my Windows box. The Windows box hasn't acquired a public address and is failing the tests at http://test-ipv6-vm4.comcast.net/.
I probably need to reboot the clients a few more times to better characterize things as I've tried to manually mess with the routing tables and I'm sure I've screwed something up worse.
BTW, OpenWRT still looks much better than the stock factory firmware.
On wan6 I'm seeing two records for ipv6-address (a /64 and /128) and ipv6-prefix is empty. lan has no ipv6-address nor ipv6-prefix but has an fd10 address in ipv6-prefix-assignment.
Another data point: "ipconfig /renew6" gives a semaphore timeout error, suggesting that nothing's responding. I tried it with the firewall down. The Windows box does have two fd10 addresses and an fe80 address assigned.
I'm not sure how to determine that. It's Comcast residential.
Meanwhile, I re-enabled IPv6 on my ASUS running Merlin firmware, setting it to "passthrough", and that seems to work. So I pulled the source code for that from GitHub to see if I can figure out how that works and will adapt the internal settings to OpenWRT. (The ASUS fronts my backup Comcast account with the cheaper plan and the Merlin support for that model was dropped due to the age of the router.)
For Comcrap, at least where I am, you can request a /60.
The use case of only offering IPv6 addresses from the OpenWrt device seems reasonable. You may be able to accomplish that by disabling the DHCP feature of dnsmasq as I believe that IPv6 is handled by another service under OpenWrt.
I dug down through the Merlin code to see what the passthrough setting does, and it seems to start 6relayd, which has been replaced by odhcpd in OpenWRT. 6relayd is invoked in start_6relayd() here:
I'm trying to track down some more detailed documentation on 6relayd to see if I can adapt that command into an odhcpd config.
While looking for 6relayd info, I tripped across this mailing list report about this migration from 2013. Not sure if it's relevant but as a software archaeologist it's interesting seeing the history of this stuff.
According to that, I should be able to set the requested prefix length to /60 and the delegated one to /64. I can see an address getting assigned to WAN6 but I'm not seeing clients get an address, yet. How do I know if I got a /60 instead of a /64?
Not in bridged mode. It's Xfinity's Arris modem and its connection status page shows a delegated prefix with a /64. (I hadn't thought to look at the modem's page, as I hadn't needed to mess with it for quite some time.)
BTW, the main reason I have a router after their modem/router is because their web management doesn't let me disable their DHCP function. I notice they have both IPv4 and IPv6 DHCP servers.
I've got the link between modem and router set to 172.24.0.0/24 with the modem as .1 and the ZyXEL as .2.
Damn, I didn't think bridge mode was available on their residential connection. It's a switch in the main Gateway At a Glance page. I'll have to try that once the family is done using the Internet for the day.
After switching to bridge mode and restoring the router setting to stock, I'm seeing v6 addresses everywhere, so things seem to be mostly working.
I ran the following v6 connectivity test and it tells me that the large packet ICMP isn't getting through, so it can't do PMTUD. I don't know what to do with that.