Configuring IPv6 ULA addresses in OpenBSD via SLAAC

I would like to have devices on my network autoconfigure ULA addresses in a prefix generated by https://www.unique-local-ipv6.com/ on my network, which is predominantly IPv6-only.

My main router is running OpenBSD 7.4 and I’m running rad with the following configuration:

dns {
  nameserver {
    fdd0:c720:85fa:100::1
  }
}

interface igc1 {
  prefix fdd0:c720:85fa:100::/64
}

interface igc3 {
  prefix fdd0:c720:85fa:100::/64
}

I’ve setup my main interface with an additional IPv6 ULA address as follows (/etc/hostname.igc0):

inet autoconf
inet6 autoconf
inet6 alias fdd0:c720:85fa:100::1 64

My client machine (also OpenBSD 7.4) is also set to configure its ethernet interface using inet6 autoconf. It gets an IPv6 ULA address in fdd0:c720:85fa:100::/64, but never receives a neighbor advertisement when sending out a neighbor solicitation for fdd0:c720:85fa:100::1:

router# tcpdump -i igc3 ip6
10:02:52.296838 fe80::6af7:28ff:fe64:348d > ff02::1:ff00:1: icmp6: neighbor sol: who has fdd0:c720:85fa:100::1
10:02:53.296831 fe80::6af7:28ff:fe64:348d > ff02::1:ff00:1: icmp6: neighbor sol: who has fdd0:c720:85fa:100::1
10:02:54.296897 fe80::6af7:28ff:fe64:348d > ff02::1:ff00:1: icmp6: neighbor sol: who has fdd0:c720:85fa:100::1
10:02:55.306817 fe80::6af7:28ff:fe64:348d > ff02::1:ff00:1: icmp6: neighbor sol: who has fdd0:c720:85fa:100::1
10:02:56.306761 fe80::6af7:28ff:fe64:348d > ff02::1:ff00:1: icmp6: neighbor sol: who has fdd0:c720:85fa:100::1

Addresses in fdd0:c720:85fa:100::/64 are currently un-routable. I think ndp -a confirms this (when running on the router):

Neighbor                                Linklayer Address   Netif Expire    S Flags
...
fdd0:c720:85fa:100::1                   a8:b8:e0:01:d0:51    igc0 permanent R l
fdd0:c720:85fa:100:222b:20ff:fef7:a413  (incomplete)         igc0 expired   N 
fdd0:c720:85fa:100:6094:e251:66e6:7bc9  (incomplete)         igc0 expired   N 
fdd0:c720:85fa:100:6754:e5:a200:1d9c    (incomplete)         igc0 expired   N 
fdd0:c720:85fa:100:bfbf:5645:c950:385f  (incomplete)         igc0 expired   N

I’m fairly convinced I’m missing something simple, but I don’t understand what. I’ve tried disabling pf on both machines to no effect. I’ve read through the man pages for slaacd(8), hostname.if(5), ifconfig(8), rad(8), & rad.conf(5) and didn’t find anything that looked (to me) to be relevant.

GUA IPv6 addresses from my prefix delegation returned by my ISP work fine on all my devices. I want to use ULAs for internal addressing as my prefix delegation from my ISP is not static and has already changed twice.

More details (additional configuration files, dmesg, etc.) can be found in the OpenBSD Misc Mailing List Archive, as I’ve also asked for help there.

What am I doing wrong here?

Asked By: neezer

||

(Reposted from my OpenBSD mailing list reply)

Ok, think I figured it out.

My core problem was that I was assigning prefixes manually in rad.conf, then assigning each interface an address in the same prefix. This created some kind of conflict—the nature of which I still don’t fully understand.

This was the key line I missed in rad.conf(5):

The default is to discover prefixes to announce by inspecting the IPv6 addresses configured on an interface.

So as long as my interface has both addresses assigned in their respective prefixes, rad can serve those without any extra configuration.

Here’s my final /etc/hostname.igc1:

inet 192.168.1.1 255.255.255.0 NONE
inet6 autoconf
inet6 alias fdd0:c720:85fa:100::1 64

And my final /etc/rad.conf:

interface igc1 {
  dns {
    nameserver {
      fdd0:c720:85fa:100::1
    }
  }
}

Now devices on my network are getting both GUA and ULA addresses assigned automatically through SLAAC.

Answered By: neezer
Categories: Answers Tags: , ,
Answers are sorted by their score. The answer accepted by the question owner as the best is marked with
at the top-right corner.