Wednesday, May 14, 2025

IPv6 - Part 2 - IPv6 configuration in FreeBSD

Before configuration of IPv6 in FreeBSD, I highly recommend to read my (Part 1) blog post "Everything I need to know about IPv6 address blocks" to get familiar with IPv6 basic concepts.

In all three sites of my home lab environment I use FreeBSD as a primary Operating System. I'll start exploring IPv6 right on the FreeBSD operating system.

The IPv6 configuration in FreeBSD is usually easy. ISP router typically supports SLAAC, so you can dynamically get IPv6 addresses, IPv6 default route, and even IPv6 DNS addresses from ISP router. The second option how to get IPv6 configuration from ISP router is DHCPv6.

Let’s explore and configure both SLAAC and DHCPv6 in my environment, and document all the details in this blog post - Part 2 of my blog series on IPv6.

SLAAC

If you want to get just IP address and do not need DNS servers, you can use SLAAC and it is very easy.

Below is the interface config you must have in /etc/rc.conf

ifconfig_vmx0_ipv6="inet6 accept_rtadv"

You can check assigned IPv6 address with command

ifconfig vmx0

Check you IPv6 default gateway with command

netstat -rn

and verify that you have received also IPv6 DNS servers by command

cat /etc/resolv.conf

If everything look good you can ping www.google.com and see IPv6 communication with Google

root@test-ipv6-01:~ # ping www.google.com
16 bytes from 2a00:1450:4014:80f::2004, icmp_seq=0 hlim=119 time=10.584 ms
16 bytes from 2a00:1450:4014:80f::2004, icmp_seq=1 hlim=119 time=10.874 ms
16 bytes from 2a00:1450:4014:80f::2004, icmp_seq=2 hlim=119 time=7.492 ms
16 bytes from 2a00:1450:4014:80f::2004, icmp_seq=3 hlim=119 time=6.926 ms
16 bytes from 2a00:1450:4014:80f::2004, icmp_seq=4 hlim=119 time=7.550 ms

DHCP6 Client (dhcp6c)

If we cannot get IPv6 addresses, defoult gateway, and DNS from SLAAC, or we need to get more options from ISP DHCP Server, we have to configure DHCP6 Client (dhcpd).

DHCPv6 client is not installed in FreeBSD base operating system, therefore it must be installed explicitely.

Below is the DHCP configuration you must have in /etc/rc.conf

dhcp6c_enable="yes"
dhcp6c_interfaces="vmx0"

Installation

pkg install dhcp6

System Config

We should have it already in /etc/rc.conf so following commands are not necesssary.

sysrc dhcp6c_enable="YES"
sysrc dhcp6c_interfaces="vmx0"

Start service

/usr/local/etc/rc.d/dhcp6c start
or
service dhcp6c start 

Restart service

/usr/local/etc/rc.d/dhcp6c restart
or
service dhcp6c restart

Note that the current dhcp6c implementation does not support temporary IPv6 address allocation by DHCPv6, and there is no plan to implement that feature at the moment, but it should not be big deal.

The minimal /usr/local/etc/dhcp6c.conf just to get IA-NA is this

 interface vmx0 {
       send ia-na 0;            # Request a non-temporary address
};

The /usr/local/etc/dhcp6c.conf to get IA-NA and IA_PD is this

interface vmx0 {
       send ia-na 0;            # Request a non-temporary address
       send ia-pd 1;            # Request a delegated prefix
       send rapid-commit;       # Optional: speed up the handshake
       send domain-name-servers;# Ask for DNS info if ISP provides it
};

id-assoc na 0 {
    # No additional settings needed unless you want to override lifetimes
};

id-assoc pd 1 {
    prefix-interface vmx2 {     # Interface to assign a subnet of the delegated
prefix
        sla-id 0;               # Subnet ID (e.g., /64 within a /56)
    };
};

IPv6 Troubleshooting

When things go wrong, the following basic IPv6 troubleshooting tools can be very helpful.

ping6 - Test ICMPv6 reachability (like ping for IPv4).
traceroute6 - Trace the route to an IPv6 destination.
ifconfig - View and configure network interfaces, including IPv6 addresses.
ndp - Neighbor Discovery Protocol tool: show and manage the IPv6 neighbor cache.
netstat -rn -f inet6  -  Show IPv6 routing table.
sockstat -6 - List open IPv6 sockets and the processes using them.

PING

ping6 and ping is the same command. It works with IPv4 and IPv6.
 
ping -S <src-addr> <dest-addr> - Ping from a specific IPv6 source address.

NDP (Neighbor Discovery Protocol)

NDP (Neighbor Discovery Protocol) is control/diagnose IPv6 neighbor discovery protocol and the ndp utility manipulates the address mapping table used by the Neighbor Discovery Protocol (NDP).

Following command dumps the currently existing NDP entries.

ndp -a 

Here is the screenshot of ndp -a

Dump of Neighbor Discovery Protocol mapping table

Specialized IPv6 Tools

rtsol - Router solicitation client (manual trigger for SLAAC).
radvdump - Decode and display Router Advertisement packets.
tcpdump -i <iface> ip6 - Capture and analyze IPv6 traffic. Use filters like icmp6, dhcp6, etc.
dhcp6c -    DHCPv6 client for requesting IPv6 addresses and options.
dig -6 or drill -6 - DNS resolution over IPv6.
route -6 - Manage IPv6 routing entries.
ip6addrctl - Configure address selection policy (useful when multiple IPv6 addresses exist).

DHCP Client (dhcpc)

dhcpd is usualy runing as a service in background, but when you troubleshoot the DHCP problem, it is good to stop dhcpc service and run dhcpc in foregound mode and in verbose debug mode.

# This runs the DHCPv6 client in the foreground with basic debug mode enabled.
dhcp6c -fd vmx0 

Here is the screenshot of dhcpc -fd vmx0
 
Standard debug information from dhcp6 client (dhcp6c)


 
# This runs the DHCPv6 client in the foreground with more verbose debug mode enabled.
dhcp6c -fD vmx0

Here is the screenshot of dhcpc -fD vmx0

Verbose debug information from dhcp6 client (dhcp6c)

 

on

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)