Page content

DualStack & Prefix Delegation with OpenBSD

OS: OpenBSD 6.5

Hint: wide-dhcpv6-20080615p9 was not working fine. So, i gave a try with dhcpcd

Install Package

pkg_add dhcpcd-7.1.1p4

Configure dhcpcd

option rapid_commit
require dhcp_server_identifier

# disable running any hooks; not typically required for simple DHCPv6-PD setup
script ""

# List interfaces explicitly so that dhcpcd doesn't touch others
allowinterfaces em1 vlan108 vlan110 vlan112

interface em1
    # the following two lines tell dhcpcd to do router solicitation
    # itself. don't use them if using "inet6 autoconf" (slaacd)
    ia_na 1

    # request prefixes from the provider to use for downstream networks
    ia_pd 2 vlan108/1 vlan110/2 vlan112/3

Enable and Start Service

rcctl enable dhcpcd
rcctl restart dhcpcd

You sould now get a ip address on your public interface. adjust the pf.conf accordingly for ipv6 !

Configure rad

interface em1

interface vlan112 {
  prefix 2a0b:2e00:0:7c03::/64
  dns {
    nameserver 2001:4860:4860::8888
    nameserver 2001:4860:4860::8844
    nameserver 2a0b:2e00:0:7c03::1
    search planet.noflow.ch

Enable and Start RAD

rcctl enable rad
rcctl restart rad

Edit unbound.conf

module-config: "dns64 validator iterator"
dns64-prefix: 64:ff9b::/96

Update pf.conf

# NAT 64, all outgoing traffic from vlan 112
pass  in  log quick on vlan112 inet6 from any to 64:ff9b::/96 af-to inet from (egress)

Reload unbound, pf. check log and traffic :)

sha256: 0814ffb55ca3854b2fccba0638fe82a1a26783260e09c646d5ba01bf291a299f