1DHCP6C.CONF(5)              BSD File Formats Manual             DHCP6C.CONF(5)
2

NAME

4     dhcp6c.conf — DHCPv6 client configuration file
5

SYNOPSIS

7     /etc/wide-dhcpv6/dhcp6c.conf
8

DESCRIPTION

10     The dhcp6c.conf file contains configuration information for KAME's DHCPv6
11     client, dhcp6c.  The configuration file consists of a sequence of state‐
12     ments terminated by a semi-colon (`;').  Statements are composed of to‐
13     kens separated by white space, which can be any combination of blanks,
14     tabs and newlines.  In some cases a set of statements is combined with a
15     pair of brackets, which is regarded as a single token.  Lines beginning
16     with ‘#’ are comments.
17

Interface specification

19     There are some statements that may or have to specify interface.  Inter‐
20     faces are specified in the form of "name unit", such as fxp0 and gif1.
21

DHCPv6 options

23     Some configuration statements take the description of a DHCPv6 option as
24     an argument.  The followings are the format and description of available
25     DHCPv6 options.
26     domain-name-servers
27             means a Domain Name Server option.
28     domain-name
29             means a domain name option.
30     ntp-servers
31             means an NTP server option.  As of this writing, the option type
32             for this option is not officially assigned.  dhcp6c will reject
33             this option unless it is explicitly built to accept the option.
34     sip-server-address
35             means a SIP Server address option.
36     sip-server-domain-name
37             means a SIP server domain name option.
38     nis-server-address
39             means a NIS Server address option.
40     nis-domain-name
41             means a NIS domain name option.
42     nisp-server-address
43             means a NIS+ Server address option.
44     nisp-domain-name
45             means a NIS+ domain name option.
46     bcmcs-server-address
47             means a BCMCS Server address option.
48     bcmcs-server-domain-name
49             means a BCMCS server domain name option.
50     ia-pd ID
51             means an IA_PD (Identity Association for Prefix Delegation) op‐
52             tion.  ID is a decimal number of the IAID (see below about
53             identity associations).
54     ia-na ID
55             means an IA_PD (Identity Association for Non-temporary Addresses)
56             option.  ID is a decimal number of the IAID (see below about
57             identity associations).
58     rapid-commit
59             means a rapid-commit option.
60     authentication authname
61             means an authentication option.  authname is a string specifying
62             parameters of the authentication protocol.  An authentication
63             statement for authname must be provided.
64

Interface statement

66     An interface statement specifies configuration parameters on the inter‐
67     face.  The generic format of an interface statement is as follows:
68     interface interface { substatements };
69             The followings are possible substatements in an interface state‐
70             ment.
71             send send-options ;
72                     This statement specifies DHCPv6 options to be sent to the
73                     server(s).  Some options can only appear in particular
74                     messages according to the specification, in which case
75                     the appearance of the options is limited to be compliant
76                     with the specification.
77
78                     send-options is a comma-separated list of options, each
79                     of which should be specified as described above.  Multi‐
80                     ple send statements can also be specified, in which case
81                     all the specified options will be sent.
82
83                     When rapid-commit is specified, dhcp6c will include a
84                     rapid-commit option in solicit messages and wait for an
85                     immediate reply instead of advertisements.
86
87                     When ia-pd is specified, dhcp6c will initiate prefix del‐
88                     egation as a requesting router by including an IA_PD op‐
89                     tion with the specified ID in solicit messages.
90
91                     When ia-na is specified, dhcp6c will initiate stateful
92                     address assignment by including an IA_NA option with the
93                     specified ID in solicit messages.
94
95                     In either case, a corresponding identity association
96                     statement must exist with the same ID.
97             request request-options;
98                     This statement specifies DHCPv6 options to be included in
99                     an option-request option.  request-options is a comma-
100                     separated list of options, which can consist of the fol‐
101                     lowing options.
102                     domain-name-servers
103                             requests a list of Domain Name Server addresses.
104                     domain-name
105                             requests a DNS search path.
106                     ntp-servers
107                             requests a list of NTP server addresses.  As of
108                             this writing, the option type for this option is
109                             not officially assigned.  dhcp6c will reject this
110                             option unless it is explicitly built to accept
111                             the option.
112                     sip-server-address
113                             requests a list of SIP server addresses.
114                     sip-domain-name
115                             requests a SIP server domain name.
116                     nis-server-address
117                             requests a list of NIS server addresses.
118                     nis-domain-name
119                             requests a NIS domain name.
120                     nisp-server-address
121                             requests a list of NIS+ server addresses.
122                     nisp-domain-name
123                             requests a NIS+ domain name.
124                     bcmcs-server-address
125                             requests a list of BCMCS server addresses.
126                     bcmcs-domain-name
127                             requests a BCMCS domain name.
128                     refreshtime
129                             means an information refresh time option.  This
130                             can only be specified when sent with information-
131                             request messages; dhcp6c will ignore this option
132                             for other messages.
133                     Multiple request statements can also be specified, in
134                     which case all the specified options will be requested.
135             information-only;
136                     This statement specifies dhcp6c to only exchange informa‐
137                     tional configuration parameters with servers.  A list of
138                     DNS server addresses is an example of such parameters.
139                     This statement is useful when the client does not need
140                     stateful configuration parameters such as IPv6 addresses
141                     or prefixes.
142             script "script-name";
143                     This statement specifies a path to script invoked by
144                     dhcp6c on a certain condition including when the daemon
145                     receives a reply message.  script-name must be the abso‐
146                     lute path from root to the script file, be a regular
147                     file, and be created by the same owner who runs the dae‐
148                     mon.
149

Profile statement

151     Some setups may require to configure an interface independently from its
152     name.  Profiles are available for this particular purpose.  They follow
153     the same syntax as an interface statement except they can be arbitrarily
154     named.  It is then possible to choose which profile to use for a given
155     interface on the command line.
156

Identity association statement

158     Identity association (IA) is a key notion of DHCPv6.  An IA is uniquely
159     identified in a client by a pair of IA type and IA identifier (IAID).  An
160     IA is associated with configuration information dependent on the IA type.
161
162     An identity association statement defines a single IA with some client-
163     side configuration parameters.  Its format is as follows:
164     id-assoc type [ID] { substatements };
165             type is a string for the type of this IA.  The current implemen‐
166             tation supports ‘na’ (non-temporary address allocation) ‘pd
167             (prefix delegation) for the IA type.  ID is a decimal number of
168             IAID.  If omitted, the value 0 will be used by default.
169             substatements is a sequence of statements that specifies configu‐
170             ration parameters for this IA.  Each statement may or may not be
171             specific to the type of IA.
172
173             The followings are possible substatements for an IA of type na.
174             address ipv6-address pltime [vltime];
175                     specifies an address and related parameters that the
176                     client wants to be allocated.  Multiple addresses can be
177                     specified, each of which is described as a separate
178                     address substatement.  dhcp6c will include all the ad‐
179                     dresses (and related parameters) in Solicit messages, as
180                     an IA_NA prefix option encapsulated in the corresponding
181                     IA_NA option.  Note, however, that the server may or may
182                     not respect the specified prefix parameters.  For parame‐
183                     ters of the address substatement, see dhcp6s.conf(5).
184
185             The followings are possible substatements for an IA of type pd.
186             prefix_interface_statement
187                     specifies the client's local configuration of how dele‐
188                     gated prefixes should be used (see below).
189             prefix ipv6-prefix pltime [vltime];
190                     specifies a prefix and related parameters that the client
191                     wants to be delegated.  Multiple prefixes can be speci‐
192                     fied, each of which is described as a separate prefix
193                     substatement.  dhcp6c will include all the prefixes (and
194                     related parameters) in Solicit messages, as an IA_PD pre‐
195                     fix option encapsulated in the corresponding IA_PD op‐
196                     tion.  Note, however, that the server may or may not re‐
197                     spect the specified prefix parameters.  For parameters of
198                     the prefix substatement, see dhcp6s.conf(5).
199

Prefix interface statement

201     A prefix interface statement specifies configuration parameters of pre‐
202     fixes on local interfaces that are derived from delegated prefixes.  A
203     prefix interface statement can only appear as a substatement of an iden‐
204     tity association statement with the type pd.  The generic format of an
205     interface statement is as follows:
206     prefix-interface interface { substatements };
207             When an IPv6 prefix is delegated from a DHCPv6 server, dhcp6c
208             will assign a prefix on the interface unless the interface re‐
209             ceives the DHCPv6 message that contains the prefix with the dele‐
210             gated prefix and the parameters provided in substatements.  Pos‐
211             sible substatements are as follows:
212             sla-id ID ;
213                     This statement specifies the identifier value of the
214                     site-level aggregator (SLA) on the interface.  ID must be
215                     a decimal integer which fits in the length of SLA IDs
216                     (see below).  For example, if ID is 1 and the client is
217                     delegated an IPv6 prefix 2001:db8:ffff::/48, dhcp6c will
218                     combine the two values into a single IPv6 prefix,
219                     2001:db8:ffff:1::/64, and will configure the prefix on
220                     the specified interface.
221             sla-len length ;
222                     This statement specifies the length of the SLA ID in
223                     bits.  length must be a decimal number between 0 and 128.
224                     If the length is not specified by this statement, the de‐
225                     fault value 16 will be used.
226             ifid ID ;
227                     This statement specifies the interface id.  ID must be a
228                     decimal integer.  It will be combined with the delegated
229                     prefix and the sla-id to form a complete interface ad‐
230                     dress.  The default is to use the EUI-64 address of the
231                     interface.
232             ifid-random;
233                     This statement instructs the client to generate a com‐
234                     pletely random interface id. This will override the ifid
235                     statement, if present. The resulting random interface id
236                     will be combined with the delegated prefix and the sla-id
237                     to form a complete interface address.
238

Authentication statement

240     An authentication statement defines a set of authentication parameters
241     used in DHCPv6 exchanges with the server(s).  The format of an authenti‐
242     cation statement is as follows:
243     authentication authname { substatements };
244             authname is a string which is unique among all authentication
245             statements in the configuration file.  It will specify a particu‐
246             lar set of authentication parameters when authentication option
247             is specified in the interface statement.  Possible substatements
248             of the authentication statement are as follows:
249             protocol authprotocol ;
250                     specifies the authentication protocol.  Currently, the
251                     only available protocol as authprotocol is delayed, which
252                     means the DHCPv6 delayed authentication protocol.
253             algorithm authalgorithm ;
254                     specifies the algorithm for this authentication.  Cur‐
255                     rently, the only available algorithm is HMAC-MD5, which
256                     can be specified as one of the followings: hmac-md5,
257                     HMAC-MD5, hmacmd5, or HMACMD5.  This substatement can be
258                     omitted.  In this case, HMAC-MD5 will be used as the al‐
259                     gorithm.
260             rdm replay-detection-method ;
261                     specifies the replay protection method for this authenti‐
262                     cation.  Currently, the only available method is
263                     monocounter, which means the use of a monotonically in‐
264                     creasing counter.  If this method is specified, dhcp6c
265                     will use an NTP-format timestamp when it authenticates
266                     the message.  This substatement can be omitted, in which
267                     case monocounter will be used as the method.
268

Keyinfo statement

270     A keyinfo statement defines a secret key shared with the server(s) to au‐
271     thenticate DHCPv6 messages.  The format of a keyinfo statement is as fol‐
272     lows:
273     keyinfo keyname { substatements };
274             keyname is an arbitrary string.  It does not affect client's be‐
275             havior but is provided for readability of log messages.  Possible
276             substatements of the keyinfo statement are as follows:
277             realm "realmname" ;
278                     specifies the DHCP realm.  realmname is an arbitrary
279                     string, but is typically expected to be a domain name
280                     like "kame.net" .
281             keyid ID ;
282                     specifies the key identifier, ID, as a decimal number.  A
283                     secret key is uniquely identified within the client by
284                     the DHCP realm and the key identifier.
285             secret "secret-value" ;
286                     specifies the shared secret of this key.  "secret-value"
287                     is a base-64 encoded string of the secret.
288             expire "expiration-time" ;
289                     specifies the expiration time of this key.
290                     "expiration-time" should be formatted in one of the fol‐
291                     lowings: yyyy-mm-dd HH:MM, mm-dd HH:MM, or HH:MM, where
292                     yyyy is the year with century (e.g., 2004), mm is the
293                     month, dd is the day of the month, HH is the hour of
294                     24-hour clock, and MM is the minute, each of which is
295                     given as a decimal number.  Additionally, a special key‐
296                     word forever can be specified as expiration-time, which
297                     means the key has an infinite lifetime and never expires.
298                     This substatement can be omitted, in which case forever
299                     will be used by default.
300

Examples

302     The followings are a sample configuration to be delegated an IPv6 prefix
303     from an upstream service provider.  With this configuration dhcp6c will
304     send solicit messages containing an IA_PD option, with an IAID 0, on to
305     an upstream PPP link, ppp0.  After receiving some prefixes from a server,
306     dhcp6c will then configure derived IPv6 prefixes with the SLA ID 1 on a
307     local ethernet interface, ne0.  Note that the IAID for the id-assoc
308     statement is 0 according to the default.
309
310     interface ppp0 {
311             send ia-pd 0;
312     };
313
314     id-assoc pd {
315             prefix-interface ne0 {
316                     sla-id 1;
317             };
318     };
319
320     If a shared secret should be configured in both the client and the server
321     for DHCPv6 authentication, it would be specified in the configuration
322     file as follows:
323
324     keyinfo kame-key {
325             realm "kame.net";
326             keyid 1;
327             secret "5pvW2g48OHPvkYMJSw0vZA==";
328     };
329
330     One easy way of generating a new secret in the base64 format is to exe‐
331     cute the openssl(1) command (when available) as follows,
332
333     % openssl rand -base64 16
334
335     and copy the output to the dhcp6c.conf file.
336
337     To include an authentication option for DHCPv6 authentication, the
338     interface statement should be modified and an authentication statement
339     should be added as follows:
340
341     interface ppp0 {
342             send ia-pd 0;
343             send authentication kame;
344     };
345
346     authentication kame {
347             protocol delayed;
348     };
349
350     interface fxp0 {
351             send ia-na 0;
352     };
353

SEE ALSO

355     dhcp6s.conf(5) dhcp6c(8)
356

HISTORY

358     The dhcp6c.conf configuration file first appeared in the WIDE/KAME IPv6
359     protocol stack kit.
360
361KAME                             July 29, 2004                            KAME
Impressum