1DHCP6C.CONF(5) BSD File Formats Manual DHCP6C.CONF(5)
2
4 dhcp6c.conf — DHCPv6 client configuration file
5
7 /etc/wide-dhcpv6/dhcp6c.conf
8
10 The dhcp6c.conf file contains configuration information for KAME's DHCPv6
11 client, dhcp6c. The configuration file consists of a sequence of state‐
12 ments terminated by a semi-colon (`;'). Statements are composed of to‐
13 kens separated by white space, which can be any combination of blanks,
14 tabs and newlines. In some cases a set of statements is combined with a
15 pair of brackets, which is regarded as a single token. Lines beginning
16 with ‘#’ are comments.
17
19 There are some statements that may or have to specify interface. Inter‐
20 faces are specified in the form of "name unit", such as fxp0 and gif1.
21
23 Some configuration statements take the description of a DHCPv6 option as
24 an argument. The followings are the format and description of available
25 DHCPv6 options.
26 domain-name-servers
27 means a Domain Name Server option.
28 domain-name
29 means a domain name option.
30 ntp-servers
31 means an NTP server option. As of this writing, the option type
32 for this option is not officially assigned. dhcp6c will reject
33 this option unless it is explicitly built to accept the option.
34 sip-server-address
35 means a SIP Server address option.
36 sip-server-domain-name
37 means a SIP server domain name option.
38 nis-server-address
39 means a NIS Server address option.
40 nis-domain-name
41 means a NIS domain name option.
42 nisp-server-address
43 means a NIS+ Server address option.
44 nisp-domain-name
45 means a NIS+ domain name option.
46 bcmcs-server-address
47 means a BCMCS Server address option.
48 bcmcs-server-domain-name
49 means a BCMCS server domain name option.
50 ia-pd ID
51 means an IA_PD (Identity Association for Prefix Delegation) op‐
52 tion. ID is a decimal number of the IAID (see below about
53 identity associations).
54 ia-na ID
55 means an IA_PD (Identity Association for Non-temporary Addresses)
56 option. ID is a decimal number of the IAID (see below about
57 identity associations).
58 rapid-commit
59 means a rapid-commit option.
60 authentication authname
61 means an authentication option. authname is a string specifying
62 parameters of the authentication protocol. An authentication
63 statement for authname must be provided.
64
66 An interface statement specifies configuration parameters on the inter‐
67 face. The generic format of an interface statement is as follows:
68 interface interface { substatements };
69 The followings are possible substatements in an interface state‐
70 ment.
71 send send-options ;
72 This statement specifies DHCPv6 options to be sent to the
73 server(s). Some options can only appear in particular
74 messages according to the specification, in which case
75 the appearance of the options is limited to be compliant
76 with the specification.
77 send-options is a comma-separated list of options, each
79 of which should be specified as described above. Multi‐
80 ple send statements can also be specified, in which case
81 all the specified options will be sent.
82 When rapid-commit is specified, dhcp6c will include a
84 rapid-commit option in solicit messages and wait for an
85 immediate reply instead of advertisements.
86 When ia-pd is specified, dhcp6c will initiate prefix del‐
88 egation as a requesting router by including an IA_PD op‐
89 tion with the specified ID in solicit messages.
90 When ia-na is specified, dhcp6c will initiate stateful
92 address assignment by including an IA_NA option with the
93 specified ID in solicit messages.
94 In either case, a corresponding identity association
96 statement must exist with the same ID.
97 request request-options;
98 This statement specifies DHCPv6 options to be included in
99 an option-request option. request-options is a comma-
100 separated list of options, which can consist of the fol‐
101 lowing options.
102 domain-name-servers
103 requests a list of Domain Name Server addresses.
104 domain-name
105 requests a DNS search path.
106 ntp-servers
107 requests a list of NTP server addresses. As of
108 this writing, the option type for this option is
109 not officially assigned. dhcp6c will reject this
110 option unless it is explicitly built to accept
111 the option.
112 sip-server-address
113 requests a list of SIP server addresses.
114 sip-domain-name
115 requests a SIP server domain name.
116 nis-server-address
117 requests a list of NIS server addresses.
118 nis-domain-name
119 requests a NIS domain name.
120 nisp-server-address
121 requests a list of NIS+ server addresses.
122 nisp-domain-name
123 requests a NIS+ domain name.
124 bcmcs-server-address
125 requests a list of BCMCS server addresses.
126 bcmcs-domain-name
127 requests a BCMCS domain name.
128 refreshtime
129 means an information refresh time option. This
130 can only be specified when sent with information-
131 request messages; dhcp6c will ignore this option
132 for other messages.
133 Multiple request statements can also be specified, in
134 which case all the specified options will be requested.
135 information-only;
136 This statement specifies dhcp6c to only exchange informa‐
137 tional configuration parameters with servers. A list of
138 DNS server addresses is an example of such parameters.
139 This statement is useful when the client does not need
140 stateful configuration parameters such as IPv6 addresses
141 or prefixes.
142 script "script-name";
143 This statement specifies a path to script invoked by
144 dhcp6c on a certain condition including when the daemon
145 receives a reply message. script-name must be the abso‐
146 lute path from root to the script file, be a regular
147 file, and be created by the same owner who runs the dae‐
148 mon.
149
151 Some setups may require to configure an interface independently from its
152 name. Profiles are available for this particular purpose. They follow
153 the same syntax as an interface statement except they can be arbitrarily
154 named. It is then possible to choose which profile to use for a given
155 interface on the command line.
156
158 Identity association (IA) is a key notion of DHCPv6. An IA is uniquely
159 identified in a client by a pair of IA type and IA identifier (IAID). An
160 IA is associated with configuration information dependent on the IA type.
161 An identity association statement defines a single IA with some client-
163 side configuration parameters. Its format is as follows:
164 id-assoc type [ID] { substatements };
165 type is a string for the type of this IA. The current implemen‐
166 tation supports ‘na’ (non-temporary address allocation) ‘pd’
167 (prefix delegation) for the IA type. ID is a decimal number of
168 IAID. If omitted, the value 0 will be used by default.
169 substatements is a sequence of statements that specifies configu‐
170 ration parameters for this IA. Each statement may or may not be
171 specific to the type of IA.
172 The followings are possible substatements for an IA of type na.
174 address ipv6-address pltime [vltime];
175 specifies an address and related parameters that the
176 client wants to be allocated. Multiple addresses can be
177 specified, each of which is described as a separate
178 address substatement. dhcp6c will include all the ad‐
179 dresses (and related parameters) in Solicit messages, as
180 an IA_NA prefix option encapsulated in the corresponding
181 IA_NA option. Note, however, that the server may or may
182 not respect the specified prefix parameters. For parame‐
183 ters of the address substatement, see dhcp6s.conf(5).
184 The followings are possible substatements for an IA of type pd.
186 prefix_interface_statement
187 specifies the client's local configuration of how dele‐
188 gated prefixes should be used (see below).
189 prefix ipv6-prefix pltime [vltime];
190 specifies a prefix and related parameters that the client
191 wants to be delegated. Multiple prefixes can be speci‐
192 fied, each of which is described as a separate prefix
193 substatement. dhcp6c will include all the prefixes (and
194 related parameters) in Solicit messages, as an IA_PD pre‐
195 fix option encapsulated in the corresponding IA_PD op‐
196 tion. Note, however, that the server may or may not re‐
197 spect the specified prefix parameters. For parameters of
198 the prefix substatement, see dhcp6s.conf(5).
199
201 A prefix interface statement specifies configuration parameters of pre‐
202 fixes on local interfaces that are derived from delegated prefixes. A
203 prefix interface statement can only appear as a substatement of an iden‐
204 tity association statement with the type pd. The generic format of an
205 interface statement is as follows:
206 prefix-interface interface { substatements };
207 When an IPv6 prefix is delegated from a DHCPv6 server, dhcp6c
208 will assign a prefix on the interface unless the interface re‐
209 ceives the DHCPv6 message that contains the prefix with the dele‐
210 gated prefix and the parameters provided in substatements. Pos‐
211 sible substatements are as follows:
212 sla-id ID ;
213 This statement specifies the identifier value of the
214 site-level aggregator (SLA) on the interface. ID must be
215 a decimal integer which fits in the length of SLA IDs
216 (see below). For example, if ID is 1 and the client is
217 delegated an IPv6 prefix 2001:db8:ffff::/48, dhcp6c will
218 combine the two values into a single IPv6 prefix,
219 2001:db8:ffff:1::/64, and will configure the prefix on
220 the specified interface.
221 sla-len length ;
222 This statement specifies the length of the SLA ID in
223 bits. length must be a decimal number between 0 and 128.
224 If the length is not specified by this statement, the de‐
225 fault value 16 will be used.
226 ifid ID ;
227 This statement specifies the interface id. ID must be a
228 decimal integer. It will be combined with the delegated
229 prefix and the sla-id to form a complete interface ad‐
230 dress. The default is to use the EUI-64 address of the
231 interface.
232 ifid-random;
233 This statement instructs the client to generate a com‐
234 pletely random interface id. This will override the ifid
235 statement, if present. The resulting random interface id
236 will be combined with the delegated prefix and the sla-id
237 to form a complete interface address.
238
240 An authentication statement defines a set of authentication parameters
241 used in DHCPv6 exchanges with the server(s). The format of an authenti‐
242 cation statement is as follows:
243 authentication authname { substatements };
244 authname is a string which is unique among all authentication
245 statements in the configuration file. It will specify a particu‐
246 lar set of authentication parameters when authentication option
247 is specified in the interface statement. Possible substatements
248 of the authentication statement are as follows:
249 protocol authprotocol ;
250 specifies the authentication protocol. Currently, the
251 only available protocol as authprotocol is delayed, which
252 means the DHCPv6 delayed authentication protocol.
253 algorithm authalgorithm ;
254 specifies the algorithm for this authentication. Cur‐
255 rently, the only available algorithm is HMAC-MD5, which
256 can be specified as one of the followings: hmac-md5,
257 HMAC-MD5, hmacmd5, or HMACMD5. This substatement can be
258 omitted. In this case, HMAC-MD5 will be used as the al‐
259 gorithm.
260 rdm replay-detection-method ;
261 specifies the replay protection method for this authenti‐
262 cation. Currently, the only available method is
263 monocounter, which means the use of a monotonically in‐
264 creasing counter. If this method is specified, dhcp6c
265 will use an NTP-format timestamp when it authenticates
266 the message. This substatement can be omitted, in which
267 case monocounter will be used as the method.
268
270 A keyinfo statement defines a secret key shared with the server(s) to au‐
271 thenticate DHCPv6 messages. The format of a keyinfo statement is as fol‐
272 lows:
273 keyinfo keyname { substatements };
274 keyname is an arbitrary string. It does not affect client's be‐
275 havior but is provided for readability of log messages. Possible
276 substatements of the keyinfo statement are as follows:
277 realm "realmname" ;
278 specifies the DHCP realm. realmname is an arbitrary
279 string, but is typically expected to be a domain name
280 like "kame.net" .
281 keyid ID ;
282 specifies the key identifier, ID, as a decimal number. A
283 secret key is uniquely identified within the client by
284 the DHCP realm and the key identifier.
285 secret "secret-value" ;
286 specifies the shared secret of this key. "secret-value"
287 is a base-64 encoded string of the secret.
288 expire "expiration-time" ;
289 specifies the expiration time of this key.
290 "expiration-time" should be formatted in one of the fol‐
291 lowings: yyyy-mm-dd HH:MM, mm-dd HH:MM, or HH:MM, where
292 yyyy is the year with century (e.g., 2004), mm is the
293 month, dd is the day of the month, HH is the hour of
294 24-hour clock, and MM is the minute, each of which is
295 given as a decimal number. Additionally, a special key‐
296 word forever can be specified as expiration-time, which
297 means the key has an infinite lifetime and never expires.
298 This substatement can be omitted, in which case forever
299 will be used by default.
300
302 The followings are a sample configuration to be delegated an IPv6 prefix
303 from an upstream service provider. With this configuration dhcp6c will
304 send solicit messages containing an IA_PD option, with an IAID 0, on to
305 an upstream PPP link, ppp0. After receiving some prefixes from a server,
306 dhcp6c will then configure derived IPv6 prefixes with the SLA ID 1 on a
307 local ethernet interface, ne0. Note that the IAID for the id-assoc
308 statement is 0 according to the default.
309 interface ppp0 {
311 send ia-pd 0;
312 };
313 id-assoc pd {
315 prefix-interface ne0 {
316 sla-id 1;
317 };
318 };
319 If a shared secret should be configured in both the client and the server
321 for DHCPv6 authentication, it would be specified in the configuration
322 file as follows:
323 keyinfo kame-key {
325 realm "kame.net";
326 keyid 1;
327 secret "5pvW2g48OHPvkYMJSw0vZA==";
328 };
329 One easy way of generating a new secret in the base64 format is to exe‐
331 cute the openssl(1) command (when available) as follows,
332 % openssl rand -base64 16
334 and copy the output to the dhcp6c.conf file.
336 To include an authentication option for DHCPv6 authentication, the
338 interface statement should be modified and an authentication statement
339 should be added as follows:
340 interface ppp0 {
342 send ia-pd 0;
343 send authentication kame;
344 };
345 authentication kame {
347 protocol delayed;
348 };
349 interface fxp0 {
351 send ia-na 0;
352 };
353
355 dhcp6s.conf(5) dhcp6c(8)
356
358 The dhcp6c.conf configuration file first appeared in the WIDE/KAME IPv6
359 protocol stack kit.
360KAME July 29, 2004 KAME