Это — старая версия документа!


Using the WIDE DHCPv6 Client on Online.net dedicated servers

Initially published on 2014-08-29

…and switching to it from Dibbler. Debian-only.

setup-dhcpv6.sh
#!/bin/bash
 
DUID=$1
 
skill -9 dibbler-client
dpkg -P dibbler-client
rm -rvf /etc/dibbler /var/log/dibbler /var/lib/dibbler
 
apt-get install -y wide-dhcpv6-client vim-common
 
/etc/init.d/wide-dhcpv6-client stop
 
echo 'profile default { script "/etc/wide-dhcpv6/dhcp6c-script"; };' > /etc/wide-dhcpv6/dhcp6c.conf
echo 'id-assoc pd { prefix-interface eth0 { }; };' >> /etc/wide-dhcpv6/dhcp6c.conf
echo 'interface eth0 { send ia-pd 0; };' >> /etc/wide-dhcpv6/dhcp6c.conf
echo $DUID | awk '{ gsub(":"," "); printf "0: 0a 00 %s\n", $0 }' | xxd -r > /var/lib/dhcpv6/dhcp6c_duid
 
/etc/init.d/wide-dhcpv6-client start

Download and run this with your online.net DUID specified, for example:

wget -O setup-dhcpv6.sh https://version6.ru/_export/code/en/online.net-wide-dhcpv6?codeblock=0
chmod +x setup-dhcpv6.sh

./setup-dhcpv6.sh 00:03:00:01:23:45:67:89:ab:cd

When the WIDE setup screen appears and asks on which interfaces to listen for DHCPv6, leave that as «eth0» (the default value), i.e. just press Enter.

Prevent outgoing request flood

Very rarely (happened just once yet, in months), WIDE can fail in a mysterious way and start sending SOLICIT requests continuously, without any back-off time in between. This can be detected by upstream as malicious flood and make them unhappy.

To prevent this issue, add the following into your ip6tables configuration:

ip6tables -A OUTPUT -p udp --dport 547 -m limit --limit 10/min  --limit-burst 5 -j ACCEPT
ip6tables -A OUTPUT -p udp --dport 547 -j DROP

…or just add this into /etc/rc.local if you don't use any other ip6tables rules.

Other HOWTOs


en/online.net-wide-dhcpv6.1417290920.txt.gz · Последние изменения: 2014-11-29 19:55 UTC От rm