Patch & Pray! IPv4/v6 dual-stack gateway w/ ubuntu, no-netplan, networkd
This was much tougher than it should have been. On the surface, take a small PC with a bunch of Ethernet ports. Slap 1 of them into a cable modem, slap the others into the WiFi system and desktop in the office. Make it be a gateway for v4 and v6. Couple networks (LAN, WiFi, Guest-WiFi). Done. Well. ipv4 was great success. But, getting upstream subnet from ipv6 and then splitting it, well, not so easy. Don your peril sensitive sunglasses if you will read on.
Earlier I wrote about the first problem, receiving a ipv6 address that might change, but having to hard-code that in the DHCP file. Hmm.
Another issue, IPv6 cannot (should not) be subnetted below /64. But, the cableco hands out a /64. They do support prefix-delegation, but, netplan does not. https://bugs.launchpad.net/netplan/+bug/1771886. My earlier experience with netplan and its feature gap was not that great, but this is more of a show-stopper.
So, lets do the obvious. Delete netplan. Well, you can’t, but, you can make /etc/netplan be an empty directory,
cp /run/systemd/network/ /etc/systemd/network; rm -f /etc/netplan/*; systemctl enable systemd-networkd.
OK, now we are on systemd, it should be all good? Wait? What’s that? prefix-delegation is only supported (as far as assigning an address to an interface so you can do RA or DHCP from it) as of a merge to master the day v245 released https://github.com/systemd/systemd/commit/5bb67b107f1d618453308c05958d6e987f995ee9. Hmm. I’m on v245, is it in or no? (no).
OK, its just code, I got this. But, systemd is a *dangerous* thing. Once doesn’t merely upgrade systemd, its got its tentacles in every aspect of your system.
Hmm. Let’s cherrypick that patch, its pretty simple. Just run:
git diff 5bb67b107f1d618453308c05958d6e987f995ee9^ 5bb67b107f1d618453308c05958d6e987f995ee9 and we have the patch.
Kinda rolls off the tongue, right? Now we do:
git clone https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd and we have the source tree we are using.
Now we do
git checkout v245 and
patch -p1 < mypatch from above.
Now we run
apt-get build-dep systemd and then
debuild to get going. Now its time to install and cross-fingers.
So, lets get the config. First, the WAN port:
[Match] Name=enp1s0 [Link] MTUBytes=1500 [Network] DHCP=yes DNS=127.0.0.1 Domains=agilicus.com IPForward=yes IPv6AcceptRA=yes LinkLocalAddressing=ipv6 [DHCP] RouteMetric=100 UseMTU=false [DHCPv6] PrefixDelegationHint=::/56 ForceDHCPv6PDOtherInformation=yes WithoutRA=solicit
Now lets do the LAN’s.
[Match] Name=lan [Network] Address=172.16.30.1/24 ConfigureWithoutCarrier=yes IPForward=yes IPv4LLRoute=yes IPv6AcceptRA=no IPv6PrefixDelegation=dhcpv6 LinkLocalAddressing=ipv6 [IPv6Prefix] Assign=yes [IPv6PrefixDelegation] RouterLifetimeSec=600
(it configures a bridge called LAN which has a few of the ports on it, the others going to the WiFi on a different subnet). I repeated for the various wifi subnets
Now, we have achieved our goal. Each LAN-side interface has a unique IP, on a unique prefix. And we route properly, a few iptables rules, good to go.
My takeaway? I guess not a lot of you are using ipv6 prefix delegation to multiple subnets from your ISP? Or you are not using networkd? Or?