1DHCP6C.CONF(5) BSD File Formats Manual DHCP6C.CONF(5)
2
4 dhcp6c.conf — DHCPv6 client configuration file
5
7 /etc/wide-dhcpv6/dhcp6c.conf
8
10 The dhcp6c.conf file contains configuration information for KAME's DHCPv6
11 client, dhcp6c. The configuration file consists of a sequence of state‐
12 ments terminated by a semi-colon (`;'). Statements are composed of
13 tokens separated by white space, which can be any combination of blanks,
14 tabs and newlines. In some cases a set of statements is combined with a
15 pair of brackets, which is regarded as a single token. Lines beginning
16 with ‘#’ are comments.
17
19 There are some statements that may or have to specify interface. Inter‐
20 faces are specified in the form of "name unit", such as fxp0 and gif1.
21
23 Some configuration statements take the description of a DHCPv6 option as
24 an argument. The followings are the format and description of available
25 DHCPv6 options.
26 domain-name-servers
27 means a Domain Name Server option.
28 domain-name
29 means a domain name option.
30 ntp-servers
31 means an NTP server option. As of this writing, the option type
32 for this option is not officially assigned. dhcp6c will reject
33 this option unless it is explicitly built to accept the option.
34 sip-server-address
35 means a SIP Server address option.
36 sip-server-domain-name
37 means a SIP server domain name option.
38 nis-server-address
39 means a NIS Server address option.
40 nis-domain-name
41 means a NIS domain name option.
42 nisp-server-address
43 means a NIS+ Server address option.
44 nisp-domain-name
45 means a NIS+ domain name option.
46 bcmcs-server-address
47 means a BCMCS Server address option.
48 bcmcs-server-domain-name
49 means a BCMCS server domain name option.
50 ia-pd ID
51 means an IA_PD (Identity Association for Prefix Delegation)
52 option. ID is a decimal number of the IAID (see below about
53 identity associations).
54 ia-na ID
55 means an IA_PD (Identity Association for Non-temporary Addresses)
56 option. ID is a decimal number of the IAID (see below about
57 identity associations).
58 rapid-commit
59 means a rapid-commit option.
60 authentication authname
61 means an authentication option. authname is a string specifying
62 parameters of the authentication protocol. An authentication
63 statement for authname must be provided.
64
66 An interface statement specifies configuration parameters on the inter‐
67 face. The generic format of an interface statement is as follows:
68 interface interface { substatements };
69 The followings are possible substatements in an interface state‐
70 ment.
71 send send-options ;
72 This statement specifies DHCPv6 options to be sent to the
73 server(s). Some options can only appear in particular
74 messages according to the specification, in which case
75 the appearance of the options is limited to be compliant
76 with the specification.
77 send-options is a comma-separated list of options, each
79 of which should be specified as described above. Multi‐
80 ple send statements can also be specified, in which case
81 all the specified options will be sent.
82 When rapid-commit is specified, dhcp6c will include a
84 rapid-commit option in solicit messages and wait for an
85 immediate reply instead of advertisements.
86 When ia-pd is specified, dhcp6c will initiate prefix del‐
88 egation as a requesting router by including an IA_PD
89 option with the specified ID in solicit messages.
90 When ia-na is specified, dhcp6c will initiate stateful
92 address assignment by including an IA_NA option with the
93 specified ID in solicit messages.
94 In either case, a corresponding identity association
96 statement must exist with the same ID.
97 request request-options;
98 This statement specifies DHCPv6 options to be included in
99 an option-request option. request-options is a comma-
100 separated list of options, which can consist of the fol‐
101 lowing options.
102 domain-name-servers
103 requests a list of Domain Name Server addresses.
104 domain-name
105 requests a DNS search path.
106 ntp-servers
107 requests a list of NTP server addresses. As of
108 this writing, the option type for this option is
109 not officially assigned. dhcp6c will reject this
110 option unless it is explicitly built to accept
111 the option.
112 sip-server-address
113 requests a list of SIP server addresses.
114 sip-domain-name
115 requests a SIP server domain name.
116 nis-server-address
117 requests a list of NIS server addresses.
118 nis-domain-name
119 requests a NIS domain name.
120 nisp-server-address
121 requests a list of NIS+ server addresses.
122 nisp-domain-name
123 requests a NIS+ domain name.
124 bcmcs-server-address
125 requests a list of BCMCS server addresses.
126 bcmcs-domain-name
127 requests a BCMCS domain name.
128 refreshtime
129 means an information refresh time option. This
130 can only be specified when sent with information-
131 request messages; dhcp6c will ignore this option
132 for other messages.
133 Multiple request statements can also be specified, in
134 which case all the specified options will be requested.
135 information-only;
136 This statement specifies dhcp6c to only exchange informa‐
137 tional configuration parameters with servers. A list of
138 DNS server addresses is an example of such parameters.
139 This statement is useful when the client does not need
140 stateful configuration parameters such as IPv6 addresses
141 or prefixes.
142 script "script-name";
143 This statement specifies a path to script invoked by
144 dhcp6c on a certain condition including when the daemon
145 receives a reply message. script-name must be the abso‐
146 lute path from root to the script file, be a regular
147 file, and be created by the same owner who runs the dae‐
148 mon.
149
151 Some setups may require to configure an interface independently from its
152 name. Profiles are available for this particular purpose. They follow
153 the same syntax as an interface statement except they can be arbitrarily
154 named. It is then possible to choose which profile to use for a given
155 interface on the command line.
156
158 Identity association (IA) is a key notion of DHCPv6. An IA is uniquely
159 identified in a client by a pair of IA type and IA identifier (IAID). An
160 IA is associated with configuration information dependent on the IA type.
161 An identity association statement defines a single IA with some client-
163 side configuration parameters. Its format is as follows:
164 id-assoc type [ID] { substatements };
165 type is a string for the type of this IA. The current implemen‐
166 tation supports ‘na’ (non-temporary address allocation) ‘pd’
167 (prefix delegation) for the IA type. ID is a decimal number of
168 IAID. If omitted, the value 0 will be used by default.
169 substatements is a sequence of statements that specifies configu‐
170 ration parameters for this IA. Each statement may or may not be
171 specific to the type of IA.
172 The followings are possible substatements for an IA of type na.
174 address ipv6-address pltime [vltime];
175 specifies an address and related parameters that the
176 client wants to be allocated. Multiple addresses can be
177 specified, each of which is described as a separate
178 address substatement. dhcp6c will include all the
179 addresses (and related parameters) in Solicit messages,
180 as an IA_NA prefix option encapsulated in the correspond‐
181 ing IA_NA option. Note, however, that the server may or
182 may not respect the specified prefix parameters. For
183 parameters of the address substatement, see
184 dhcp6s.conf(5).
185 The followings are possible substatements for an IA of type pd.
187 prefix_interface_statement
188 specifies the client's local configuration of how dele‐
189 gated prefixes should be used (see below).
190 prefix ipv6-prefix pltime [vltime];
191 specifies a prefix and related parameters that the client
192 wants to be delegated. Multiple prefixes can be speci‐
193 fied, each of which is described as a separate prefix
194 substatement. dhcp6c will include all the prefixes (and
195 related parameters) in Solicit messages, as an IA_PD pre‐
196 fix option encapsulated in the corresponding IA_PD
197 option. Note, however, that the server may or may not
198 respect the specified prefix parameters. For parameters
199 of the prefix substatement, see dhcp6s.conf(5).
200
202 A prefix interface statement specifies configuration parameters of pre‐
203 fixes on local interfaces that are derived from delegated prefixes. A
204 prefix interface statement can only appear as a substatement of an iden‐
205 tity association statement with the type pd. The generic format of an
206 interface statement is as follows:
207 prefix-interface interface { substatements };
208 When an IPv6 prefix is delegated from a DHCPv6 server, dhcp6c
209 will assign a prefix on the interface unless the interface
210 receives the DHCPv6 message that contains the prefix with the
211 delegated prefix and the parameters provided in substatements.
212 Possible substatements are as follows:
213 sla-id ID ;
214 This statement specifies the identifier value of the
215 site-level aggregator (SLA) on the interface. ID must be
216 a decimal integer which fits in the length of SLA IDs
217 (see below). For example, if ID is 1 and the client is
218 delegated an IPv6 prefix 2001:db8:ffff::/48, dhcp6c will
219 combine the two values into a single IPv6 prefix,
220 2001:db8:ffff:1::/64, and will configure the prefix on
221 the specified interface.
222 sla-len length ;
223 This statement specifies the length of the SLA ID in
224 bits. length must be a decimal number between 0 and 128.
225 If the length is not specified by this statement, the
226 default value 16 will be used.
227 ifid ID ;
228 This statement specifies the interface id. ID must be a
229 decimal integer. It will be combined with the delegated
230 prefix and the sla-id to form a complete interface
231 address. The default is to use the EUI-64 address of the
232 interface.
233
235 An authentication statement defines a set of authentication parameters
236 used in DHCPv6 exchanges with the server(s). The format of an authenti‐
237 cation statement is as follows:
238 authentication authname { substatements };
239 authname is a string which is unique among all authentication
240 statements in the configuration file. It will specify a particu‐
241 lar set of authentication parameters when authentication option
242 is specified in the interface statement. Possible substatements
243 of the authentication statement are as follows:
244 protocol authprotocol ;
245 specifies the authentication protocol. Currently, the
246 only available protocol as authprotocol is delayed, which
247 means the DHCPv6 delayed authentication protocol.
248 algorithm authalgorithm ;
249 specifies the algorithm for this authentication. Cur‐
250 rently, the only available algorithm is HMAC-MD5, which
251 can be specified as one of the followings: hmac-md5,
252 HMAC-MD5, hmacmd5, or HMACMD5. This substatement can be
253 omitted. In this case, HMAC-MD5 will be used as the
254 algorithm.
255 rdm replay-detection-method ;
256 specifies the replay protection method for this authenti‐
257 cation. Currently, the only available method is
258 monocounter, which means the use of a monotonically
259 increasing counter. If this method is specified, dhcp6c
260 will use an NTP-format timestamp when it authenticates
261 the message. This substatement can be omitted, in which
262 case monocounter will be used as the method.
263
265 A keyinfo statement defines a secret key shared with the server(s) to
266 authenticate DHCPv6 messages. The format of a keyinfo statement is as
267 follows:
268 keyinfo keyname { substatements };
269 keyname is an arbitrary string. It does not affect client's
270 behavior but is provided for readability of log messages. Possi‐
271 ble substatements of the keyinfo statement are as follows:
272 realm "realmname" ;
273 specifies the DHCP realm. realmname is an arbitrary
274 string, but is typically expected to be a domain name
275 like "kame.net" .
276 keyid ID ;
277 specifies the key identifier, ID, as a decimal number. A
278 secret key is uniquely identified within the client by
279 the DHCP realm and the key identifier.
280 secret "secret-value" ;
281 specifies the shared secret of this key. "secret-value"
282 is a base-64 encoded string of the secret.
283 expire "expiration-time" ;
284 specifies the expiration time of this key.
285 "expiration-time" should be formatted in one of the fol‐
286 lowings: yyyy-mm-dd HH:MM, mm-dd HH:MM, or HH:MM, where
287 yyyy is the year with century (e.g., 2004), mm is the
288 month, dd is the day of the month, HH is the hour of
289 24-hour clock, and MM is the minute, each of which is
290 given as a decimal number. Additionally, a special key‐
291 word forever can be specified as expiration-time, which
292 means the key has an infinite lifetime and never expires.
293 This substatement can be omitted, in which case forever
294 will be used by default.
295
297 The followings are a sample configuration to be delegated an IPv6 prefix
298 from an upstream service provider. With this configuration dhcp6c will
299 send solicit messages containing an IA_PD option, with an IAID 0, on to
300 an upstream PPP link, ppp0. After receiving some prefixes from a server,
301 dhcp6c will then configure derived IPv6 prefixes with the SLA ID 1 on a
302 local ethernet interface, ne0. Note that the IAID for the id-assoc
303 statement is 0 according to the default.
304 interface ppp0 {
306 send ia-pd 0;
307 };
308 id-assoc pd {
310 prefix-interface ne0 {
311 sla-id 1;
312 };
313 };
314 If a shared secret should be configured in both the client and the server
316 for DHCPv6 authentication, it would be specified in the configuration
317 file as follows:
318 keyinfo kame-key {
320 realm "kame.net";
321 keyid 1;
322 secret "5pvW2g48OHPvkYMJSw0vZA==";
323 };
324 One easy way of generating a new secret in the base64 format is to exe‐
326 cute the openssl(1) command (when available) as follows,
327 % openssl rand -base64 16
329 and copy the output to the dhcp6c.conf file.
331 To include an authentication option for DHCPv6 authentication, the
333 interface statement should be modified and an authentication statement
334 should be added as follows:
335 interface ppp0 {
337 send ia-pd 0;
338 send authentication kame;
339 };
340 authentication kame {
342 protocol delayed;
343 };
344 interface fxp0 {
346 send ia-na 0;
347 };
348
350 dhcp6s.conf(5) dhcp6c(8)
351
353 The dhcp6c.conf configuration file first appeared in the WIDE/KAME IPv6
354 protocol stack kit.
355KAME July 29, 2004 KAME