1.8b Development

Dear all,

I have been fiddling around with IPv6 a day now, and everything seems to work.
Well, the lease info does not, but this is a known thing.

When I have several clients, all of them auto configure 2 IPv6-Addresses (that have nothing to do with the IP-Range specified except same prefix of course) and also get 1 IPv6 Address that is from the specified range of the DHCPv6.
But: It is the very same address on all devices!
And of course, if I let the devices ping each other with that address, they have all ping-times like pinging localhost and not another device.

And on other odd thing: I made an address reservation for one of my computers, but it does not get this IPv6-Address but rather the one, that every computer else gets, too!

What could that?

Thankfull for any help!

Kindest

Are there reasons you don't assign addresses statically or use auto-configuration via router advertisements instead of DHCPv6?

As to DHCPv6 assigning the same address to all PCs, is "IPv6 Range" specified correctly?

hi,

thx for the response!

there is a reason: When I vpn into my home from work, I want to remote control one specific PC. Therefor i need a DNS (which I dont have) or the IP.

When i set fixed addresses then the computer won't take other auto addresses, right? just the one i set fixed?
Because when I use DHCPv6 it gets one from the DHCP and 2 autoconfed ones.

the setting on the dhcp is
aaaa:bbbb::10 - aaaa:bbbb::100 (where aaaa and bbbb is my prefix instead)


sorry for style, im on a mobile right now

There can be as many as three IPv6 addresses assigned to an interface depending on how addresses are assigned.

If you assign a static IPv6 address, that will be the only routable IP address. The other address, starting with fe80 is a link local address.

If you allow assignment via router advertisements, you will have one permanent routed IP based on the MAC address of the adapter, another routed IP with a short lifetime - more or less equivalent to a dynamic IP address, and the aforementioned link local address, for a total of three IPv6 IP addresses.

From what you are seeing, using DHCPv6 assigns an address from within the specified scope, and you also have the MAC related IP, and the link local IP.

Are you sure that the setting on the DHCP range is correct? Shouldn't there be four fields before the :: ?

Hey,

when I use static in my clients, I can set exactly one address and there shows no fe80 link local address.
Can't do an ifconfig right now (I am at work), so maybe there is one that just is not shown in the GUI.

When I use automatic and the DHCPv6 is turned on, I get definitly 3 addresses:
one derieved from the mac, one with short lifetime and the first from the DHCP-range.
Again, the fe80-address does not show in the GUI, also I saw it yesterday doing the ifconfig.
Router/Gateway and DNS will be assigned as well and do work.

When I use automatic and DHCPv6 is turned off, I get 3 addresses:
one derieved from the mac, one with short lifetime, and a fe80.
Router is assigned, but no DNS-Server. So when I disable IPv4, I got no name resolution...

And the other fun thing is, that when DHCPv6 is turned on, all of the machines get the first address from the range assigned as third address.
Even my on iMac, that has a reservation for his MAC-Address for the IP 2001:aaaa:xxxx:yyyy::5. He still gets the 10...

The range is, of course:
2001:aaaa:xxxx:yyyy::10 - 2001:aaaa:xxxx:yyyy::100
I just was lazy typing everything on my phone.

could just check it:

Autoconfig without DHCPv6: No DNS assigned
Autoconfig with DHCPv6: DNS assigned

in any case:
autoconf IP (derieved from MAC address)
autoconf IP (temporary)
fe80 link local address

in case of DHCPv6:
Additionally the first IP from the DHCP-Range (every Client gets the first IP from that range...)

My reason I want at least this one computer to have a fixed address: I vpn into my home network and remote control it. When I someday would turn off IPv4, I have no chance of knowing its IPv6-Address to reach it via RDP.

Sounds like you have it under control, but may have found a DHCHv6 bug in that it ignores reservations and hands out the same address more than once.

If you must know an IPv6 address, then assign it statically and place it on a DNS server against an easily remembered hostname. You can get this service for free in a few places, but I am unsure if they all support IPv6 addresses.

The one I use is at http://dyn.com/dns/ formerly known as DynDNS.org. I don't see the free service obviously placed on the home page or others, they seem to want to lead you into a trial of the Pro version of the service which has a nominal fee. But if you use the 'sign in' process at the upper right corner of the page, you can create a new account and then find the free service.

Another place that seems to offer free service for IPv6 is http://freedns.afraid.org/

thanks for the hints!

So, my next step would be to post a bug report and describe it as good as possible?

for the dyndns, I am already signed up for that and it works perfectly with IPv4, but I don't get IPv6 resolution yet.

So, if that thing with DHCPv6 is a bug, only one question remains:
Shouldn't my computers assign them a DNS when on autoconfiguration? Is there something else needed on the m0n0wall side? I'd gladly turn DHCPv6 off when autoconfig works DNS wise. For the one computer needing a fixed IP-address I could easily just give it another interface with a fixed address and leave everything else on auto.

Probably a good idea to post a bug report, but describe everything as best as you can. Someone will decide if it's really a bug or not.

Who is your dyndns provider? Mine began resolving to an IPv6 IP within minutes of updating the host. Does the tool you use to do lookups default to IPv6 behavior or does that take a special switch, etc?

I am unsure if autoconfiguration supplies a DNS to clients, it may hand them out, try it and see. I use m0n0wall as my DNS resolver/forwarder, so my clients use the m0n0wall LAN IP as their DNS and I put an IPv6 DNS server in m0n0wall's General Setup page: 2001:470:20::2 I think it's publicly accessible, and your tunnel broker surely told you of their's.

If you are going to assign a client a static IPv6 addresses, you will also have to specify the gateway, and specifying a DNS or two there can also be done. No need for another interface, just fully configure the one you have.

here is the bug report: http://forum.m0n0.ch/index.php/topic,5419.0.html

It might as well be that my nslookup-tool does not support ipv6. It is from MacOS X 10.7.2, and I can't get it to work even though I can ping6 six.heise.de for example.

My dyndns-provider is www.dyn.com (former dyndns.org). As for IPv6: I can't see anything on the website. I could manually input a IPv6 address (which would be ok, because my tunnel is static, but Telekom Germany will enable non static IPv6-Addresses, so as of next year that would not work anymore). But there is no information that my m0n0wall ever tried to register it's IPv6 address.

as for the additional interface, my idea just was: I would use the autoconfigured interface for websurfing and everything, so not to have everything sent/recieved from the same IP, and just use the additional interface only for RDP.

I don't think m0n0wall will register and/or update IPv6 addresses to dyndns.org or others configured in the Dynamic DNS service, nor would it be appropriate to do so since the address you want to have registered is a LAN client static IPv6 address, not the m0n0wall LAN or WAN IPv6 IPs (there is no NAT involved here like IPv4).

I registered one of my LAN client static IPv6 addresses manually at www.dyn.com by editing the host there. There is a box to enter the IPv6 address. Since it's static, it's a one time process. Also, you can create more than one host there under the same account, so you can register other LAN client machines if you want to under different names. How many hosts you can create there and at what point this attracts negative attention I do not know.

Now I understand the idea for the additional interface. Instead you could use autoconfiguration to give you the two routable addresses. One is MAC related and never changes, the other is short lived and dynamic. The latter is the one that is the source address when web surfing and such. The MAC related one could be used to reach the machine at any time even after the dynamic one changes. But the form of that address is ugly (at least the ones I get are) and has no fields consisting of all zeros that can be shorthanded with a ::, so it's awkward to use unless you have it listed at DynDns.org. So long as you don't change the ethernet adapter in the machine The MAC related address will be permanent and the registration up at dyn.com would be a one time thing.

As far as Telekom Germany enabling non static IPv6 addresses soon, I assume this would be native IPv6 service with no tunnel involved? The lack of tunneling might be a plus, but I have no idea why they can not or will not hand out static subnets.

somehow I re-did the config, now everything is setup identical as it was before, but now the DHCPv6 works as it should, giving out addresses and increasing the last number for every client.

But now that I know I would not even need it because one of the autoconf-addresses is persistent as well, I would rather not use the DHCPv6.

But then I still have the problem that without DHCPv6 none of the clients will configure a DNS server.
That is true even if I do specify a IPv6 DNS in "General Setup"

As for the Telekom Germany: They will give out native untunneld /56 Prefixes and router firmware, that rotates between the possible /64 networks you can have in your /56 prefix. And even the /56-Prefix will change over time.
That is sold as a privacy thing, but you may request a static /56 if you whish.

Glad you have it sorted out. Feel free to delete your bug report post.

You can configure DNS on each machine separate to and regardless of how they acquire IP addresses.

So long as you have a choice between static vs dynamic addresses, I'd take native IPv6 over tunneled. But given the history of the way my ISP does things, I wouldn't expect either anytime soon, and if they did offer it, they would be inept at it.

The only problem I have right now is that my IPv4 IP is dynamic. Dynamic DNS has made that a non issue. But since my IPv6 tunnel is configured to my IPv4 address, it needs to be updated at the tunnel broker every time my IPv4 IP changes. This is not automated in m0n0wall yet, I have to do it by other means. I have requested a feature to be added to m0n0wall that does this there. We'll see.

yeah, thx for the hints!

I can't delete my bug report, maybe I don't have the rights?

as for configuring a DNS on each machine: That is possible for my Desktops, but not the tablets :-(
So, at least for them that would be necesarry to have a DNS by autoconf

I might be able to delete your bug report, if you explicitly ask me to try.