IPv6 SLAAC use /48 prefix for temporary addresses

[mzX1DDq9FXL5dS1JnPWRDFMyw]

I've created /48 IPv6 tunnel and configured ac68u with following settings:
LAN IPv6 Prefix: aaa:bbb:ccc::
LAN Prefix Length: 48

Everything works fine, I can manually assign any address in /48 subnet.
However, all my machines always use /64 prefix for temporary address assignment, so they end up with address like this: aaa:bbb:ccc:0:1234:5678:90ab:cdef. note the 0 in the middle. For privacy reasons I would like have their temporary addresses use full /48 subnet
I've tried to fiddle with dnsmasq router advertisement config in my router, but I was unable to do anything useful.

Is there any possibility to use full /48 subnet for temporary addresses?

 

[L&LD]

On what have you created this on?

 

[mzX1DDq9FXL5dS1JnPWRDFMyw]

On what have you created this on?

I've created 6in4 tunnel using Hurricane Electric Tunnel Broker - https://tunnelbroker.net
They assign you a tunnel with /64 subnet. After setting up your router, you can request /48 subnet.

 

[L&LD]

I've created 6in4 tunnel using Hurricane Electric Tunnel Broker - https://tunnelbroker.net
They assign you a tunnel with /64 subnet. After setting up your router, you can request /48 subnet.

I meant which router (and specific firmware).

Right now, it seems like either your router or your HETB, or both, is failing to give the /48 subnet.

 

[mzX1DDq9FXL5dS1JnPWRDFMyw]

I meant which router (and specific firmware).

Right now, it seems like either your router or your HETB, or both, is failing to give the /48 subnet.

I am running RT-AC68U with Merlin 380.59.
I've assigned manually an address by using this command: ip addr add aaa:bbb:ccc:ffff::1/48 dev eth0
and verified it with web ipv6 test. it is working correctly

I can write a simple script to assign my interface a random address from this /48 subnet, but I would prefer it to work automatically with router advertisement and across all my devices

 

[L&LD]

I'm not sure, but have you contacted HE themselves to request the /48? They may need to assign it to you first?

 

[sfx2000]

I'm not sure, but have you contacted HE themselves to request the /48? They may need to assign it to you first?

Need to set that up front when building the tunnel...

 

[mzX1DDq9FXL5dS1JnPWRDFMyw]

I'm not sure, but have you contacted HE themselves to request the /48? They may need to assign it to you first?

This has nothing to do with HE. My /48 subnet is working correctly, I can access internet from any ip in this range.

Current interface configuration:
(aaa:bbb:ccc::1/48 is my /48 subnet; aaa:bbb:70:dddd::2/64 is my /64 subnet)

ip addr

10: br0: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
    link/ether 78:24:af:e5:e3:c0 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.1/21 brd 192.168.7.255 scope global br0
    inet6 aaa:bbb:ccc::1/48 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::7a24:afff:fee5:e3c0/64 scope link
       valid_lft forever preferred_lft forever

12: v6in4: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1480 qdisc noqueue state UNKNOWN
    link/sit aa.bb.cc.dd peer 123.123.123.123
    inet6 aaa:bbb:70:dddd::2/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::594d:a2ab/128 scope link
       valid_lft forever preferred_lft forever

dnsmasq.conf:

local=/lan/
dhcp-range=lan,192.168.3.2,192.168.3.254,255.255.248.0,86400s
dhcp-option=lan,3,192.168.1.1
dhcp-option=lan,6,8.8.8.8,8.8.4.4,0.0.0.0
dhcp-option=lan,15,lan
dhcp-option=lan,252,"\n"
ra-param=br0,10,600
enable-ra
quiet-ra
dhcp-range=lan,::,constructor:br0,ra-stateless,64,600
dhcp-option=lan,option6:23,[::]
dhcp-option=lan,option6:24,lan
dhcp-authoritative

the important line in dmasq config is: dhcp-range=lan,::,constructor:br0,ra-stateless,64,600
however, when I change 64 to 48 or any other value, my clients get stuck at obtaining ip address

i've done some research on this configuration line, and from my understanding, something like:
dhcp-range=lan,::1,::ff,constructor:br0,ra-stateless,600
would force clients to use any address from aaa:bbb:ccc::1 to aaa::bbb:ccc::ff
however, this is not the case, as they still use aaa:bbb:ccc:0:rand:rand:rand:rand

is it possible, that dnsmasq/clients are internally limited to use /64 subnet?

 

[PabloAbonia]

Is this DHCP range right?

dhcp-range=lan,::1,::ff,constructor:br0,ra-stateless,600


Doesn't ::1 include the router in your range? Why not ::ffff to complete the range?

Also, why ra-stateless rather than slaac?

Pablo

This has nothing to do with HE. My /48 subnet is working correctly, I can access internet from any ip in this range.

Current interface configuration:
(aaa:bbb:ccc::1/48 is my /48 subnet; aaa:bbb:70:dddd::2/64 is my /64 subnet)

ip addr

10: br0: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
    link/ether 78:24:af:e5:e3:c0 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.1/21 brd 192.168.7.255 scope global br0
    inet6 aaa:bbb:ccc::1/48 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::7a24:afff:fee5:e3c0/64 scope link
       valid_lft forever preferred_lft forever

12: v6in4: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1480 qdisc noqueue state UNKNOWN
    link/sit aa.bb.cc.dd peer 123.123.123.123
    inet6 aaa:bbb:70:dddd::2/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::594d:a2ab/128 scope link
       valid_lft forever preferred_lft forever

dnsmasq.conf:

local=/lan/
dhcp-range=lan,192.168.3.2,192.168.3.254,255.255.248.0,86400s
dhcp-option=lan,3,192.168.1.1
dhcp-option=lan,6,8.8.8.8,8.8.4.4,0.0.0.0
dhcp-option=lan,15,lan
dhcp-option=lan,252,"\n"
ra-param=br0,10,600
enable-ra
quiet-ra
dhcp-range=lan,::,constructor:br0,ra-stateless,64,600
dhcp-option=lan,option6:23,[::]
dhcp-option=lan,option6:24,lan
dhcp-authoritative

the important line in dmasq config is: dhcp-range=lan,::,constructor:br0,ra-stateless,64,600
however, when I change 64 to 48 or any other value, my clients get stuck at obtaining ip address

i've done some research on this configuration line, and from my understanding, something like:
dhcp-range=lan,::1,::ff,constructor:br0,ra-stateless,600
would force clients to use any address from aaa:bbb:ccc::1 to aaa::bbb:ccc::ff
however, this is not the case, as they still use aaa:bbb:ccc:0:rand:rand:rand:rand

is it possible, that dnsmasq/clients are internally limited to use /64 subnet?

 

[mzX1DDq9FXL5dS1JnPWRDFMyw]

Is this DHCP range right?

dhcp-range=lan,::1,::ff,constructor:br0,ra-stateless,600


Doesn't ::1 include the router in your range? Why not ::ffff to complete the range?

Also, why ra-stateless rather than slaac?

Pablo

Well, I have done countless permutations of this command, for example:
dhcp-range=lan,::,constructor:br0,ra-stateless,64,600
dhcp-range=lan,::,constructor:br0,ra-stateless,48,600
dhcp-range=::,constructor:br0,ra-stateless,48,600

dhcp-range=::1,::ffff:ffff:ffff:ffff,constructor:br0
dhcp-range=::1,::ffff,constructor:br0
dhcp-range=aaa:bbb:ccc::2,aaa:bbb:ccc:ffff:ffff:ffff:ffff:ffff

including random combinations of ra-only, slaac, ra-names, ra-stateless, ra-advrouter, off-link and other options from http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html

each time I get one of 3 results:
a) obtaining ip completes successfully, client has ipv6: aaa:bbb:ccc:0:rand:rand:rand:rand
b) obtaining ip completes successfully, client has no global ipv6, only link local
c) obtaining ip hangs indefinitely

i just want my clients to have ip like this: aaa:bbb:ccc:rand:rand:rand:rand:rand, not aaa:bbb:ccc:0:rand:rand:rand:rand