DHCP6C.CONF(5) | File Formats Manual | DHCP6C.CONF(5) |
dhcp6c.conf
—
DHCPv6 client configuration file
/etc/wide-dhcpv6/dhcp6c.conf
The dhcp6c.conf
file contains
configuration information for KAME's DHCPv6 client,
dhcp6c
. The configuration file consists of a
sequence of statements terminated by a semi-colon (`;'). Statements are
composed of tokens separated by white space, which can be any combination of
blanks, tabs and newlines. In some cases a set of statements is combined
with a pair of brackets, which is regarded as a single token. Lines
beginning with ‘#
’ are comments.
There are some statements that may or have to specify interface. Interfaces are specified in the form of "name unit", such as fxp0 and gif1.
Some configuration statements take the description of a DHCPv6 option as an argument. The followings are the format and description of available DHCPv6 options.
domain-name-servers
domain-name
ntp-servers
dhcp6c
will
reject this option unless it is explicitly built to accept the
option.sip-server-address
sip-server-domain-name
nis-server-address
nis-domain-name
nisp-server-address
nisp-domain-name
bcmcs-server-address
bcmcs-server-domain-name
ia-pd
IDia-na
IDrapid-commit
authentication
authnameauthentication
statement for
authname must be provided.An interface statement specifies configuration parameters on the interface. The generic format of an interface statement is as follows:
interface
interface { substatements
};send
send-options ;send-options is a comma-separated
list of options, each of which should be specified as described
above. Multiple send
statements can also be
specified, in which case all the specified options will be sent.
When rapid-commit
is specified,
dhcp6c
will include a rapid-commit option in
solicit messages and wait for an immediate reply instead of
advertisements.
When ia-pd
is specified,
dhcp6c
will initiate prefix delegation as a
requesting router by including an IA_PD option with the specified
ID in solicit messages.
When ia-na
is specified,
dhcp6c
will initiate stateful address
assignment by including an IA_NA option with the specified
ID in solicit messages.
In either case, a corresponding identity association statement must exist with the same ID.
request
request-options;domain-name-servers
domain-name
ntp-servers
dhcp6c
will reject this option unless it
is explicitly built to accept the option.sip-server-address
sip-domain-name
nis-server-address
nis-domain-name
nisp-server-address
nisp-domain-name
bcmcs-server-address
bcmcs-domain-name
refreshtime
dhcp6c
will ignore this option for other
messages.request
statements can also be
specified, in which case all the specified options will be
requested.information-only
;dhcp6c
to only
exchange informational configuration parameters with servers. A list
of DNS server addresses is an example of such parameters. This
statement is useful when the client does not need stateful
configuration parameters such as IPv6 addresses or prefixes.script
"script-name";dhcp6c
on a certain condition including when
the daemon receives a reply message. script-name
must be the absolute path from root to the script file, be a regular
file, and be created by the same owner who runs the daemon.Some setups may require to configure an interface independently from its name. Profiles are available for this particular purpose. They follow the same syntax as an interface statement except they can be arbitrarily named. It is then possible to choose which profile to use for a given interface on the command line.
Identity association (IA) is a key notion of DHCPv6. An IA is uniquely identified in a client by a pair of IA type and IA identifier (IAID). An IA is associated with configuration information dependent on the IA type.
An identity association statement defines a single IA with some client-side configuration parameters. Its format is as follows:
id-assoc
type [ID] {
substatements };na
’
(non-temporary address allocation)
‘pd
’ (prefix
delegation) for the IA type. ID is a decimal number
of IAID. If omitted, the value 0 will be used by default.
substatements is a sequence of statements that
specifies configuration parameters for this IA. Each statement may or may
not be specific to the type of IA.
The followings are possible
substatements for an IA of type
na
.
address
ipv6-address pltime
[vltime];address
substatement.
dhcp6c
will include all the addresses (and
related parameters) in Solicit messages, as an IA_NA prefix option
encapsulated in the corresponding IA_NA option. Note, however, that
the server may or may not respect the specified prefix parameters. For
parameters of the address
substatement, see
dhcp6s.conf(5).The followings are possible
substatements for an IA of type
pd
.
prefix
ipv6-prefix pltime
[vltime];prefix
substatement.
dhcp6c
will include all the prefixes (and
related parameters) in Solicit messages, as an IA_PD prefix option
encapsulated in the corresponding IA_PD option. Note, however, that
the server may or may not respect the specified prefix parameters. For
parameters of the prefix
substatement, see
dhcp6s.conf(5).A prefix interface statement specifies configuration parameters of
prefixes on local interfaces that are derived from delegated prefixes. A
prefix interface statement can only appear as a substatement of an identity
association statement with the type pd
. The generic
format of an interface statement is as follows:
prefix-interface
interface { substatements
};dhcp6c
will assign a prefix on the
interface unless the interface receives the DHCPv6
message that contains the prefix with the delegated prefix and the
parameters provided in substatements. Possible
substatements are as follows:
sla-id
ID ;dhcp6c
will
combine the two values into a single IPv6 prefix,
2001:db8:ffff:1::/64, and will configure the prefix on the specified
interface.sla-len
length ;ifid
ID ;ifid-random
;ifid
statement, if present. The resulting random interface id will be
combined with the delegated prefix and the sla-id to form a complete
interface address.An authentication statement defines a set of authentication parameters used in DHCPv6 exchanges with the server(s). The format of an authentication statement is as follows:
authentication
authname { substatements };authentication
option is specified in the
interface
statement. Possible substatements of the
authentication
statement are as follows:
protocol
authprotocol ;delayed
, which means the DHCPv6 delayed
authentication protocol.algorithm
authalgorithm ;hmac-md5
,
HMAC-MD5
, hmacmd5
, or
HMACMD5
. This substatement can be omitted. In
this case, HMAC-MD5 will be used as the algorithm.rdm
replay-detection-method ;monocounter
, which means the use of a
monotonically increasing counter. If this method is specified,
dhcp6c
will use an NTP-format timestamp when
it authenticates the message. This substatement can be omitted, in
which case monocounter
will be used as the
method.A keyinfo statement defines a secret key shared with the server(s) to authenticate DHCPv6 messages. The format of a keyinfo statement is as follows:
keyinfo
keyname { substatements };keyinfo
statement
are as follows:
realm
"realmname" ;keyid
ID ;secret
"secret-value" ;expire
"expiration-time" ;forever
can be specified as
expiration-time, which means the key has an
infinite lifetime and never expires. This substatement can be omitted,
in which case forever
will be used by
default.The followings are a sample configuration to be delegated an IPv6
prefix from an upstream service provider. With this configuration
dhcp6c
will send solicit messages containing an
IA_PD option, with an IAID 0, on to an upstream PPP link,
ppp0. After receiving some prefixes from a server,
dhcp6c
will then configure derived IPv6 prefixes
with the SLA ID 1 on a local ethernet interface, ne0.
Note that the IAID for the id-assoc
statement is 0
according to the default.
interface ppp0 { send ia-pd 0; }; id-assoc pd { prefix-interface ne0 { sla-id 1; }; };
If a shared secret should be configured in both the client and the server for DHCPv6 authentication, it would be specified in the configuration file as follows:
keyinfo kame-key { realm "kame.net"; keyid 1; secret "5pvW2g48OHPvkYMJSw0vZA=="; };
One easy way of generating a new secret in the base64 format is to execute the openssl(1) command (when available) as follows,
% openssl rand -base64 16
and copy the output to the dhcp6c.conf
file.
To include an authentication option for DHCPv6 authentication, the
interface
statement should be modified and an
authentication
statement should be added as
follows:
interface ppp0 { send ia-pd 0; send authentication kame; }; authentication kame { protocol delayed; };
interface fxp0 { send ia-na 0; };
The dhcp6c.conf
configuration file first
appeared in the WIDE/KAME IPv6 protocol stack kit.
July 29, 2004 | KAME |