I’m trying to set up a NAT66 network. My ISP will give me a /56 if I ask for one, and if I use prefix delegation I’ll get an address on my LAN interfaces, but when I instead just try to ask for an address for only my WAN interface it claims there’s no addresses/prefix.
My interface configuration:
ethernet eth0 {
address dhcp
address dhcpv6
description WAN
dhcpv6-options {
duid 00:04:68:73:17:4a:3e:e8:4b:52:92:85:13:f0:4f:6d:aa:f0
}
hw-id 00:e0:b3:12:a6:03
ipv6 {
address {
autoconf
}
}
}
ethernet eth1 {
address 172.16.0.1/16
address fc00:1::1/64
description LAN
hw-id dc:4a:3e:58:7b:c9
vif 25 {
address 192.168.99.1/24
address fc00:2::1/64
description GUEST
}
}
But looking at the dhcpv6 client logs for eth0, I just see a constant loop of:
copy_option: set client ID (len 18)
copyout_option: set identity association
copy_option: set elapsed time (len 2)
copy_option: set option request (len 4)
client6_send: send solicit to ff02::1:2%eth0
dhcp6_reset_timer: reset a timer on eth0, state=SOLICIT, timeo=6, retrans=64380
client6_recv: receive advertise from fe80::8626:2bff:fe83:1571%eth0 on eth0
dhcp6_get_options: get DHCP option server ID, len 10
DUID: 00:03:00:01:84:26:2b:83:15:71
dhcp6_get_options: get DHCP option client ID, len 18
DUID: 00:04:68:73:17:4a:3e:e8:4b:52:92:85:13:f0:4f:6d:aa:f0
dhcp6_get_options: get DHCP option identity association, len 49
IA_NA: ID=0, T1=0, T2=0
copyin_option: get DHCP option status code, len 33
status code: no addresses
client6_recvadvert: server ID: 00:03:00:01:84:26:2b:83:15:71, pref=-1
client6_recvadvert: advertise contains no address/prefix
I’m on 1.5. My build:
Built on: Tue 03 Oct 2023 06:10 UTC
Build UUID: f352d002-6b74-4982-b907-32d5f0d6062c
Build commit ID: 86f80f99c57240
IMHO no need for NAT66 when doing IPv6.
The “proper” way would be that your firewall/router requests DHCP6-PD from the ISP and then use /64 out of that for every VLAN you will use on the LAN side (LAN side get its IP through SLAAC but you must have DHCPv6 running to also provide DNS resolver IPv6-addresses through the SLAAC O-flag).
You should also be able to setup your own DHCP6-PD (as in your own DHCPv6-server for the LAN side) if you want to further delegate whatever range the ISP provided to you through DHCP6-PD on the WAN-interface (lets say you got internal firewalls for whatever reason).
However I have no idea of how to setup the above in a VyOS box (my lab is more of a v4 rather than v6 lab but its on my todo-list to mimic an ISP config in the lab aswell).
Also you said your build is 3rd oct but which version is it as in 1.3, 1.4 or 1.5 (assuming 1.5-rolling)?
I am aware of the “proper” way, but that way has problems that I’m not sure how to address:
- I have a dynamic prefix from my ISP. They can change it at any time, but there are plenty of places within my configuration where I have to pass that dynamic prefix. I don’t want things to break just because my ISP gives me a new prefix.
- I use NAT for IPv4 and take advantage of local addressing with a local DNS domain for hosts on the LAN.
Additionally, I encountered problems when trying to set up prefix delegation where router advertisements from the guest VLAN were going to the LAN, hosts on the LAN subnet would get two addresses.
I’m on 1.5.
Also, how can we ever do loadbalancing without NAT66 ? Then it’s up to LAN clients to select correct ipv6 source IP
Loadbalancing is more of a proxyfunction rather than a NAT66 feature.
But sure one could argue thats more down to semantics.
But its the same as you dont call loadbalancing in IPv4 for NAT.
If you want to debate the “correct” or “incorrect” way to do IPv6 please make a new discussion - I’m still seeking either an answer to my original question, or a way to work around the issues I described when I explained why I’m electing to use NAT66.
And Im telling you that you are “doing it wrong”.
Better to find out the proper syntax in VyOS on how to properly configure and use DHCP6-PD provided by the ISP for your internal network(s).
Its not meant to use NAT along with IPv6.