Services
-DNSMasq Options (to enable DHCP to function for vlans)
*NOTE: option 3 is gateway
option 6 are dns servers
Code:
# Enable DHCP on VLAN11
interface=vlan11
dhcp-option=vlan11,3,192.168.B.254
dhcp-option=vlan11,6,192.168.A.2
dhcp-range=vlan11,192.168.B.20,192.168.B.40,255.255.255.0,6h
This works, hoenstly, FANTASTIC for IPv4. I have an internal DNS server for internal items with recursion out to my provider DNS, so I am my own DNS (192.168.A.2), soon to have an additional IPv6 address as well. Also using iptables to control traffic flow, so I'll do the same with IPv6
Now, fun with IPv6....
I'd like to add an additional IPv6 address to each vlan scope so I can dual-home my devices for 4 and 6, but using a subnetted version of the WAN IP I get from my ISP so I can use global IPs. I got lost in the documentation so I'm looking for some assistance. Can I ONLY do this with DNSMASQ or do I need something else? I'm looking to use a /120 for the internal subnets.
For example, the "interface=vlan11" section, I THINK I would need the following added:
Code:
dhcp-option=option6:dns-server,[ip6 of my internal dns server]
dhcp-range=::20,::40,constructor:vlan15,6h
enable-ra
But I would like to subnet the network ID from br0 interface I get from the /64 from my ISP to a /120 per network. I also need to figure out how to assign that network ID/host ID to the router's VLAN interface (like how I have that set as .254 above for each vlan)
They're providing a /64
nnnn:nnnn:nnnn:nnnn:hhhh:hhhh:hhhh:hhhh
I checked the nrvarm show |grep ipv6 and the "ipv6_prefix" value validates it's a /64
I wanted to assign each subnet as a range from the provided /64 I get from the ISP so I can assign global addresses (and control it) (aka, each vlan). This way I can get granular control over the routing and allowables through ip6tables just like I do with iptables for v4.
I picked a /120, since I only need 15-20 ip's, and the /120 gives me 254 usable IP addresses.
nnnn:nnnn:nnnn:nnnn:ssss:ssss:ssss:sshh
If I grow these out later, I can easily redo the mask to less than a 120, like a 112.
Two side notes:
-Since I set the vlan15 interface as the WAN, that is what ddwrt assigns my IPv4 address to, but... with IPv6, is assigns it to br0. Not sure how to get that IPv6 address assigned to vlan15.
-I tried a simple ping6 to google and it doesn't work. I left the default ipv6tables rules, so everything outbound is allowed, and inbound is related/established and also icmpv6 are all allowed. It's pretty open. My ip -6 route info has:
[ipv6 prefix from ISP]/64 dev br0 proto kernel metric 256
fe80::/64 dev eth0 proto kernel metric 256
fe80::/64 dev vlan3 proto kernel metric 256
fe80::/64 dev vlan4 proto kernel metric 256
fe80::/64 dev vlan11 proto kernel metric 256
fe80::/64 dev vlan1 proto kernel metric 256
fe80::/64 dev eth1 proto kernel metric 256
fe80::/64 dev eth2 proto kernel metric 256
fe80::/64 dev vlan2 proto kernel metric 256
fe80::/64 dev vlan15 proto kernel metric 256
default via fe80::201:5cff:fe7a:c46 dev vlan15 proto ra metric 1024 expires 1799sec
unreachable default dev lo proto kernel metric -1 error -128
DHCP Server - enable
DNSMasq for DHCP - enable
DNSMasq for DNS - enable
DHCP-Authoritative - enable
Recursive DNS Resolving - disabled
Forced DNS Redirection - enable
IPV6 enabled with DHCPv5 delegation and DNS.watch IPv6 addresses /64
Using DNS.Watch for forwarding DNS
Static DNS 1 - my router IP
Static DNS 2 - DNS.Watch1
Static DNS 4 - DNS Watch2
DNSMasq - Enable
Encrypt DNS - Disable
Local DNS - Enable
No DNS Rebind - Enable
Query DNS in Strict Order - Enable
Add Requestor MAC to DNS Query - Disaable
My set up is Gateway
Your ISP needs to support IPv6 and the modem/router they supply also needs to support it.
These settings pass IPv6 tests and show my internal DNS to be my router IPv4 and IPv6 addresses (ipconfig /all)
No IPLeaks after adding a couple browser extensions
VPN options are next up for me. I had conflicting info about my ISP and their equipment to contend with. After swapping the modem and getting the static DNS order right, it's doing what its supposed to.