How To Setup IPv6 Only Network with OpenBSD as Router
Overview
I decided to see what a computer network running only IPv6 would be like and there are many ways to do this. I find the easy way is to disable IPv4 and set the name servers to Google's public DNS. But, for this lab, I decided to put a host behind an OpenBSD router with an internal LAN IPv6 only. You will quickly find many sites on the Internet do not have IPv6 addresses and the Internet turns into a lonely place. There are other solutions that could have been instead of NAT64 such as a proxy that could reach IPv4 addresses but I wanted to try NAT64, so here goes.
Video Demo
Configuration of OpenBSD NAT64 Router
The OpenBSD router needs two network interface for internal IPv6 and both IPv4 and IPv6 outbound connectivity. This guide uses OpenBSD snapshot which is 5.5 at the time of this writing. The good news is that OpenBSD makes NAT64 incredibly easy so here are the steps:
1) Install package libdaemon and totd from packages or ports.
2) Download and compile the Router Advertisement Daemon (radvd)
3) Configure rc scripts as seen at the bottom of this document.
4) Configure /etc/radvd.conf daemon configuration file. The RDNSS option will pass DNS info to the IPv6 client.
interface re0
{
AdvSendAdvert on;
MinRtrAdvInterval 3;
MaxRtrAdvInterval 10;
AdvDefaultPreference low;
AdvHomeAgentFlag off;
prefix 2001:db8:ff10:1::/64
{
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr off;
};
RDNSS 2001:db8:ff10:1::1
{
AdvRDNSSLifetime 30;
};
DNSSL localdomain
{
AdvDNSSLLifetime 30;
};
};
5) Configure /etc/totd.conf which will perform DNS64 using the RFC standard address range for DNS64.
; $OpenBSD: totd.conf.sample,v 1.3 2012/08/19 22:30:37 ajacoutot Exp $
; Totd sample configuration file
;forwarder 192.168.0.1 port 5000
forwarder 2001:db8:ff10::1 port 53
prefix 64:ff9b::
retry 300
6) Update pf.conf with NAT64 configuration by adding the IPv6 to IPv4 NAT rule. You will see I built my NAT64 server behind another IPv4 NAT gateway but if you do this in production, this server would probably be your gateway to the Internet.
pass in log on re0 inet6 from any to 64:ff9b::/96 af-to inet from 192.168.1.153
7) Give reboot test to ensure clean startup.
8) Test client with an IPv6 only host and ensure it works.
9) Test client with an IPv4 only host and ensure the DNS64 and NAT64 function correctly.
Summary
It is cool but just like IPv4's NAT, some things will break! The Macintosh will configure itself automatically on the network, but you might find some things don't work. Other clients may not get DNS information from RDNSS at this writing but you can find help on your particular client from searching the web. I hard coded the DNS into the Linux Mint client's config file but there is a Linux RDNSS daemon that will automate that for you.
Extra Information
Some extra things that you might already have figured out follow. You will see the two internal interface re0 and the external interface pcn0 along with the autostart options for rc.conf.local and the libdaemon package needed to compile radvd. Versions may change for packages listed since I used OpenBSD snapshot at the time of this publishing.
Internal Interface settings:
/etc/hostname.re0
inet6 alias 2001:db8:ff10:1::1
For /etc/hostname.pcn0, don't use DHCP for IPv4 since I was being lazy and assign a proper static address.
dhcp
inet6 2001:db8:ff10::100 64
!route add -inet6 :: 2001:db8:ff10::1
/etc/rc.conf.local
pkg_scripts="totd radvd"
totd_flags="" # for normal use: ""
/etc/rc.d/radvd copied from /etc/rc.d/totd script and modified for radvd.
#!/bin/sh
#
daemon="/usr/local/sbin/radvd"
. /etc/rc.d/rc.subr
rc_reload=NO
rc_cmd $1
pkg_info output showing libdaemon is needed to compile radvd.
libdaemon-0.14p0 lightweight C library that eases the writing of daemons
quirks-1.130 exceptions to pkg_add rules
totd-1.5.1p3 DNS proxy that supports IPv6 <==> IPv4 record translation
