RFC 9915: #DHCPv6

#IPv6 dispose de 3 mécanismes principaux pour l'allocation d'une adresse IP à une machine. L'allocation statique, « à la main », le système d'« autoconfiguration » SLAAC et #DHCP. DHCP pour IPv6 était normalisé dans le RFC 8415, que notre #RFC met à jour. Le protocole n'a guère changé, le principal changement est la suppression de certaines fonctions peu utilisées.

https://www.bortzmeyer.org/9915.html

Does anyone know how to setup #NAT46 on #pfSense within a #LAN?

The Problem is that I want to provide #IPv6-connectivity on #WAN without having to deal with IPv6 in #LAN.

• Right now I'm ponderig using fc:: /7 on #LAN with #DHCPv6 but the problem is that #Vodafone's shitbox connection is flaky af and the only #Fallback that I currently have is their shitty #LTE which is #IPv4only woth #CGNAT in #RFC1918 ( 10.0.0.0 /8) and no IPv6 connectivity, thus everytime shit flip-flops connectivity is completely gone on IPv6 and only #IPv4 is on that backup link.

So since I don't have a Provider-Independent IP space and my #ISP is so fucking incompetent that I hereby beg @BNetzA to finally seize their network and nationalize/socialize it I am basically stuck on IPv4 connectivity.

• The only workarounds I know would necessitate using a #HurricaneElectric #GIF-Tunnel for IPv6 on fallback, which won't work because OFC Vodafone doesn't offer me a static IPv4 or even stazic IPv6-Subnet on their mobile network and I got #DualStack on #WAN on the primary network.

• The problem re: routing exists for all #MultiWAN setups and I won't pay for #Vipritnet or setup my own #ASN and blow money on a @ripencc membership just to get PI Address Space and having to setup my own Gateway to VPN into through all my WAN & #WWAN connections.

Also the false premise of many sites to prefer IPv6 over IPv4 causes everything to break apart at the slightest disruption.

• IPv6 really annoys me because unlike IPv4, it just doesn't work and everytime I have to deal with it it's a pain in the ass...

Kea DHCP: Modern, open source DHCPv4 and DHCPv6 server

https://www.isc.org/kea/

#HackerNews #Kea #DHCP #open #source #DHCPv4 #DHCPv6 #server #ISC

About fucking time... Android finally doing proper DHCPv6. When this is live on my phone I can turn off SLAAC, and not have Windows insist on using it (yes, there's meant to be ways to stop Windows from using SLAAC, so it only uses DHCPv6, but I never saw any of them work). *I* don't want 'random' addresses, I want predictable ones for firewalling and ACLs: https://android-developers.googleblog.com/2025/09/simplifying-advanced-networking-with.html?m=1

#ipv6 #android #slaac #dhcpv6

[Перевод] Практическое руководство по атакам на IPv6 в локальной сети

Отключение IPv6 на шлюзе давно перестало быть надежной защитой. Протокол по умолчанию активен на большинстве клиентских машин, которые периодически отправляют в сеть служебные запросы вроде Router Solicitation. Именно эта «скрытая» активность открывает двери для целого класса атак, позволяющих перехватить трафик, подменить DNS или провести NTLM-Relay. В этой статье мы подробно, с примерами кода на Python/Scapy и командами для настройки, рассмотрим самые распространенные векторы атак на IPv6 в локальном сегменте: RA Spoofing: Как навязать себя в качестве шлюза по умолчанию. RDNSS Spoofing: Как стать DNS-сервером для современных ОС без DHCPv6. DHCPv6-атаки: Механика работы mitm6 и ее ручная реализация. Пассивный сбор данных: Как составить карту сети, просто слушая эфир. Материал будет полезен пентестерам, сетевым инженерам и системным администраторам, которые хотят понять реальные риски IPv6 и научиться им противостоять.

https://habr.com/ru/articles/930526/

#ipv6 #пентест #RA_Spoofing #RDNSS #DHCPv6 #Scapy #MITM #Kali_Linux #информационная_безопасность #infosec

I've published the -00 for a new IETF draft: #DHCPv6 Recommended #IPv6 Address Option"

https://datatracker.ietf.org/doc/html/draft-nygren-dhc-recommended-ipv6-address-00

The primary use-case for this is hosting, datacenter, and cloud environments that want to assign a /64 per host but which also want to ensure the host configures one or more addresses (such as for management and running services). Operators configuring servers in these environments want to be able to ensure that a host will be available on a given /128 (for ssh'ing into, putting into DNS as a service endpoint, etc) while DHCPv6-PD also means that the host is free to use the rest of the /64 for its own purposes (eg, containers, K8s pods, temporary addresses, etc).

I'd also be happy to add a co-author if someone else is interested in seeing this through.

For those who specialize in DHCPv6 and systemd: Is there a way to tell the DHCPv6 server "If this IP is available, just give me it, don't give me anything else", or at least get systemd to do that? I'm trying to make an oracle cloud instance running Arch+systemd-networkd that uses DHCPv6 for IP configuration only use one of two IPs assigned to the oracle instance, but leave the other one unused so I can do NDP proxying and route it to my laptop over wireguard, giving my laptop a public IPv6 address as a result, but it appears that oracle is forcing my VPS to use both IPv6 addresses, which is not what I want.
Redacted logs, for context:

Jun 18 06:08:27 somewhere systemd-networkd[-1]: eth0: DHCPv6 address 2000::4201/128 (valid for 1d 5
9min 59s, preferred for 23h 59min 59s)
Jun 18 06:08:27 somewhere systemd-networkd[-1]: eth0: DHCPv6 address 2000::1337/128 (valid for 1d 5
9min 59s, preferred for 23h 59min 59s)

Feel free to boost this for increased visibility if you wish, and if you know of any mailing lists or IRC channels I should ask on, please let me know.
Relevant tags to try to help people who might know something see this:
#dhcp #ipv6 #systemd #oracle #dhcpv6 #networking #systemdnetworkd #systemd-networkd