#DHCPv6 isch au e Wüsseschaft für sich 
Aber die knack ich scho no, schwör!
Jedefalls: Persönleche Iidruck bishär isch, das falsch alles, was me so a Router überchund, sich mal hauptsächlech (au Feature-Mässig) uf IPv4 fokussiert, so das me praktisch zwunge isch, Dual Stack z fahre.
Ich glaube darum, NAT isch cho, um z bliibe - für immer 
IPv6-only, anyone? 
Ha! Great news from #MikroTik #RouterOS changelog. Looks like somebody finally tried to use #DHCPv6 Relay and figured out it was completely useless for DHCP-PD.
7.18
*) dhcpv6-relay - added option to create routes for bindings passing through relay;
7.18.1
*) dhcpv6-relay - clear saved routes on DHCP release;
**IPv6 connectivity and Synology Router**
Read it on my blog, it has a nicer image/text layout.
I’m writing this blog post for other users of Telekom SI who wonder ‘How to establish IPv6 connection on Synology RT6600ax router‘?
The issue: which IPv6 mode?
Maybe it is obvious how to setup IPv6 connection for networking professionals, for me it wasn’t. It took me few days before I managed to connect to IPv6.
The story went like this.
And it worked! But not for long. Next day, modem showed it was connected, but when I checked my IP (https://whatismyipaddress.com/), it didn’t show my IPv6 address and the network behaved strangely. I clicked DHCPv6-PD and then back to ‘manual’ and it worked again. But every day the connection broke and I have to repeat the procedure.
The solution – DHCPv6-PD
Then I read some German and Polish forums and found out they use DHCPv6-PD mode.
I tried it and it works! The SRM user interface behaves very strange – when I switch mode (IPv6 Setup pulldown) to DHPv6 I can not set prefix, DNS server etc. The solution was that I switched to ‘manual’ first, clicked OK, opened the setup again and switched to DHCPv6-PD. Then it worked.
The IPv6 connection is now stable.
Nevertheless, this setup works strange: Every day the router gets a new IPv6 address (DIFFERENT from the assigned static IPv6 range). Maybe because of security or something. But my devices have correct IPv6 addresses (from the assigned range).
Most probably, I just don’t know well enough how IPv6 works.
LAN setup
After establishing IPv6 Internet connection, I enabled IPv6 on my LAN.
Finally I could choose the prefix (xxxx:xxx:xxxx:xxx0-7::). As long as the setup on the ‘Internet’ page was wrong, I couldn’t select the prefix in LAN setup.
I’ve selected ‘Stateless DHCPv6 mode’.
I’ve also set static IPv6 addresses to my 2 Piholes and entered them here.
TL;DR
The good:
At the end, I’ve managed to setup IPv6 connection, it works and I’m already using it. I’ve noticed some minor speedups when accessing some web pages.
The bad:
ISP (Telekom SI) could explain somewhere how to connect to IPv6 in some document or FAQ. And educate its helpdesk support. Basic instructions (like – choose DHCPv6-PD) would be nice.
Synology could improve IPv6 setup menu. As it is currently designed (greyed out input fields that can be changed only when choosing ‘manual’ mode), it is completely illogical to me.
Disclaimer
Tags: #synology #innobox #ipv6 #telekomsi #DHCPv6-PD
https://blog.rozman.info/ipv6-connectivity-and-synology-router/
So … my ideal DDI solution consists of:
- #Kea #DHCPv4 #DHCPv6
- #PowerDNS Auth
- #ISC #Stork for Kea Management
- Custom application, that can
- Translate Kea Leases into a PowerDNS Remote backend
- Manipulate PowerDNS through its HTTP Api (i.e. an Admin interface)
Stork apparently got the ability to manage/configure Kea, so that's something I don't have to build.
Why not NSUpdate? Because it sucks.
@litchralee_v6 Yeah, ip security cameras can be a pain. Luckily we are almost exclusively a single camera brand that has had decent #ipv6 support for a long time. They even support #dhcpv6 which is nice.
You can only control the whole /64 subnet per routing. The devices get there configuration with the RA / RDNSS or with stateless #DHCPv6, but no static addresses for mobile devices, as it is best practice using temp addresses.
Monitoring should happen with Neighbor Discovery and also implement RA Guard etc.
@tschaefer
Habe mich länger mit meinem Epson Drucker beschäftigt.
Nur A queries, #IPv4 und #IPv6 -> kein NAT64 möglich
#PrivacyExtensionsforIPv6 möglich, dann aber auch mit jedem Neustart eine neue DUID für #DHCPv6.
Bei #Privacy aus - Leak der #EUI64.
Alles nicht wirklich rosig.
Well, seems I was wrong about this.
The #ipv6 assignment happens correctly (through #dhcpv6), but since I'm running #docker inside #lxc, it means that net.ipv6.conf.eth0.forwarding was set to 1 (forwarding enabled), and net.ipv6.conf.eth0.accept_ra was set to 1, which means that it would no longer accept route advertisements because forwarding=1.
Switching that to 2 fixed my ipv6 issue on that particular container.
Oh, that's why me KEA dhcpv6 configuration wasn't working:
1) I'd converted the configuration over from my prior isc-dhcpv6 one.
2) The configuration has some fixed address assignments, specified via duid, but these weren't working.
3) The dhcpv6 'ADVERTISE' message in this case was saying "Server could not select subnet for this client".
It turns out that the example configuration makes NO MENTION of needing an `"interface": "..."` stanza within the `"subnet6"` section. This is to tell the server the network is local and that, yes, it can reach such clients.
@mort #IPv6 doesn't support host-parts shorter than (and prefixes longer than) 64 bits.
Although some routers (e.g. my #FreeBSD VM) can deal with longer prefixes and I'd be perfectly fine for my small network to assign addresses manually and with #dhcpv6, not all devices and systems (e.g. #android) can do that but insist on #SLAAC, which strictly requires a 64bit host part.
In the life of the sysadmin...
1. Notice that #opnsense #dhcpv6 doesn't register dynamic leases in #DNS, only static ones.
2. Figure out you can set up your own DNS server and have it register them for you
3. Learn about #powerdns, be absolutely amazed by it
4. Set everything up, cursing frequently while doing so
5. Getting it all to work, marvel at it's beauty
6. Decide to just stick with static leases since there's too much that could break and while I do have documentation, I don't want to deal with it
7. Tear everything down again.
How can I advertise an NTP server with DHCPv6 on OpenWrt?
https://forum.openwrt.org/t/how-can-i-advertise-an-ntp-server-with-dhcpv6/204201
