okay. let's give this a shot.

2020-05-18 04:59:00 -04:00
parent 4df9287abd
commit 80765e58ed
10 changed files with 203 additions and 81 deletions
--- a/utils/he_ipv6/example.tunnelbroker.xml
+++ b/utils/he_ipv6/example.tunnelbroker.xml
@@ -48,6 +48,8 @@
      the "ra" child element under <assign> for further details.
      If you are using dnsmasq, you will want to edit dnsmasq.conf to *include* the generated file, most likely, as it
      only generates configuration for IPv6 options.
+      If this is not specified, NO RA/DHCPv6 management will be done *regardless* of any "re" child elements for below
+      "assign" objects.
      -->
      <assignments raProvider="dnsmasq">
        <!--
@@ -76,27 +78,50 @@
            resolver via RDNSS.
            It takes one (optional) attribute, "domains", which is a space-separated list of search domains, referred
            to in IPv6 as DNSSL (RFC 6106).
-            Note that Windows does not support DNSSL, and as such you must use dhcpv6's "domains" attribute if you wish
-            to do that.
+            Note that Windows does not support DNSSL properly, and as such you must use dnsmasq as your RA provider if
+            you wish to send search domains.
            If "domains" is specified but the element is false, the configuration will only advertise DNSSL and not
            RDNSS.
+            If you also specify dhcpv6 below and are using dnsmasq as your raProvider, then:
+              * the same domains will be sent via DHCPv6 option 24
+              * the same RDNSS resolver will be passed via DHCPv6 option 23
            -->
            <dns domains="foo.com bar.com">true</dns>
            <!--
-            Enable DHCPv6 for this assignment. Only used for dnsmasq, has no effect for radvd. As mentioned above, you
-            can also specify the "domains" attribute here as well, which will pass them via a regular DHCPv6 option.
-            If "domains" is specified but the element is false, only the domains will be passed.
-            Again, this only pertains to dnsmasq since radvd offers no DHCPv6 capabilities whatsoever.
+            Enable DHCPv6 for this assignment.
+
+            RADVD:
+            If you're using radvd, this will only enable the "AdvManagedFlag" and/or "AdvOtherConfigFlag" flags
+            (the "MO" bits). *No actual DHCPv6 address assignment will, or can, occur via radvd, only SLAAC.*
+
+            DNSMASQ:
+            To ensure maximum compatability with SLAAC, addresses will be served in the fixed range of:
+              <PREFIX>:dead:beef:cafe:[0000-FFFF]
+              (65535 addresses per prefix assignment, a.k.a. a /112).
+            Obviously your assignment's prefix length *must* be smaller than /112 (but should be at LEAST a /64 anyways
+            per RFC specification). Regardless of settings below, SLAAC *will* be offered if an "ra" element is defined.
+
+            It has an optional attribute, "advOther", which controls the "Other Configuration" bit.
+            The default is "false".
+            The "MO" bits (RFC 4861 § 4.2) are set accordingly:
+            ===================================================================================================
+            | Condition                         | M | O | Will addresses be assigned via DHCPv6 (if dnsmasq)? |
+            ===================================================================================================
+            | advOther="true", dhcpv6 is true   | 1 | 1 |                        Yes                          |
+            | advOther="true", dhcpv6 is false  | 0 | 1 |                        No                           |
+            | advOther="false", dhcpv6 is false | 0 | 0 |                        No                           |
+            | advOther="false", dhcpv6 is true  | 1 | 0 |                        Yes                          |
+            ===================================================================================================
            -->
-            <dhcpv6 domains="foo.com bar.com">true</dhcpv6>
+            <dhcpv6 advOther="true">true</dhcpv6>
          </ra>
        </assign>
-        <!-- Disable RA for this set (no "ra" chiled specified). -->
+        <!-- Disable RA for this set (no "ra" child specified). -->
        <assign prefix="64" alloc="48" iface="eth0"/>
        <assign prefix="64" alloc="48" iface="eth1">
          <ra tag="vmlan">
            <!-- This will use strictly SLAAC (if using dnsmasq, obviously - radvd only does SLAAC). -->
-            <dhcpv6>false</dhcpv6>
+            <dhcpv6 advOther="false">false</dhcpv6>
            <!-- And let clients choose their own resolver. -->
            <dns>false</dns>
          </ra>
@@ -105,7 +130,7 @@
          <ra tag="wlan">
            <!-- Only pass RDNSS resolvers. -->
            <dns>true</dns>
-            <dhcpv6>false</dhcpv6>
+            <dhcpv6 advOther="false">false</dhcpv6>
          </ra>
        </assign>
      </assignments>
@@ -116,7 +141,8 @@
      <assignments>
        <!--
        Uses the default prefix of /64 from your standard /64 allocation from Hurricane Electric.
-        Most users probably want this unless they're running an IPv6 router.
+        Most users probably want this if they just want IPv6 for their local computer unless they're running an IPv6
+        router.
        -->
        <assign iface="eth0"/>
      </assignments>