[Dibbler] Problems assigning DNS on ppp interface

Steve Phillips steve at focb.co.nz
Sat Mar 17 09:31:07 CET 2012


On 16/03/2012 8:49 PM, Tomasz Mrugalski wrote:
> On 16.03.2012 01:13, Steve Phillips wrote:
>> Hey there,
>>
>> I am in the process of setting up a VPN server to allow clients to be
>> assigned both an IPv4 address as well as a global /64 IPv6 address, this
>> all worth with varying levels of reliability, however, trying to assign
>> IPv6 DNS addresses has gotten me completely stumped.
>>
>> The server is a linux box running dibbler-server 0.8.2
>> The client is a windows 7
>> the VPN client is just the built in vpn adaptor found with windows and
>> set to pptp mode
>>
>> I started off with the stateless option and just trying to pass back the
>> DNS server address.
>>
>> log-level 8
>> log-mode syslog
>> stateless
>> iface ppp0 {
>>    option dns-server 2001:49f0:1025::10
>>    option domain focb.co.nz
>>    option lifetime 500
>> }
>>
>> However, this didn't seem to work, so I tried to setup stateful
>> allocation by adding a class
> "Didn't seem to work" is awfully vague. What does the client logs say
> (there should be dibbler-client.log file)? Client claims to have sent
> SOLICIT messages correctly? How are you running your client? If you
> start your client before the link is up, client will simply complain
> that specified ppp0 is not present and quit (btw is your interface
> really named ppp0? It sounds very unixy). Different configs you listed
> do not help much if your client can't get to the server.

Sorry, I was a bit unclear.

The VPN server is linux based and running dibbler-server, the client is 
a windows 7 PC running the stock windows 7 vpn client that comes with 
windows 7. According to Microsoft this client will attempt to obtain DNS 
servers from a DHCPv6 server but they seem quite vague about how this 
happens.

There is no dibbler-client running on the Windows 7 box, from what I'm 
seeing, there doesn't seem to be any activity from the Windows 7 box 
once the VPN has stood up and the radvd process on the server has handed 
back an IPv6 prefix which has been assigned. I was assuming from looking 
at documentation that I should expect at least to see a solicit message 
of some kind asking for option from the dhcpv6 server ?

MY query was actually more toward other people on the list that appear 
to have had this work, and to verify that my dibbler-server config would 
be correct in order to work with a windows 7 client.

Am I having to also run a dibbler-client on the windows 7 box as well ? 
I was under the assumption that windows 7 had DHCPv6 use built in in 
this scenario. (connects to vpn server, dual stack, obtains ipv4 details 
(ip, dns, gateway) and then negotiates an ipv6 prefix and route 
information using RA, then enters a dhcpv6 phase to obtain additional 
options)


>
> Have you tried running the client from console (dibbler-client run,
> rather than dibbler-client start)? This will give you all the details.
> It is good that you are running on maximum (8) logging level.
>
> If your client happen to complain that interface is not ready and just
> quits, you may want to try inactive-mode. See section 4.18 of User's
> Guide. This mechanism was invented for cases like these. If your
> interface is not up, dibbler will wait couple of seconds and try again,
> rather than simply giving up. Inactive mode is an equivalent of trying
> to start client every 10 seconds manually.

I'm asking more from the server point of view - I have the v4 stuff all 
working, v6 RA stuff is also working, the client box (MS VPN Client) 
gets a global public address and routes ipv4 and ipv6 traffic to the 
greater internet, however, it simply lacks ipv6 DNS servers which I am 
trying to rectify.

ISCs DHCP server doesn't allow you to bind to ppp interfaces, so thats out

wide-dhcpv6s won't compile without reasonable effort and seems to be 
abandoned (and so I'm unsure if it will bind to ppp as well)

dibbler-server seems to work and bind to a ppp interface, however I'm 
not sure why it doesn't seem to work. I don't know if my config is 
broken or if the Microsoft client is simply being stupid.

And sadly the MS VPN client doesn't support RDNSS for obtaining DNS 
servers (and doesn't seem to support route options via DHCPv6 grr !)

>
>> It appears that no DHCPv6 traffic is even happening on the link once it
>> comes up, but it's difficult to see the initial negotiations due to the
>> dynamic nature of the link (tcpdump doesn't like to operate on an
>> interface that isn't there :-) )
> That's not a problem. Client will retransmit SOLICIT that remain
> unanswered using exponential backoff algorithm: after roughly 1, 2, 4,
> 8 etc. seconds. If you leave it up there without any answers, it should
> eventually hit the upper bound of about 120 seconds intervals. It is
> trivial to use tcpdump here: establish ppp link, start tcpdump, then
> start client.

I might just use the dibbler-client to see if that has any effect - at 
least it will validate my server config.. It's just not that practical 
for setting up remote users as it's an extra step when setting up a vpn 
for reasonably technically illiterate people.

>
>> I tried to tell windows to /renew6 the tunnel interface, but got an
>> error stating "the operation failed as there is no adapter in the state
>> permissible" when using the interface ID to force a renewal.
> That is a different mechanism, offered by windows stack itself. Dibbler
> is a separate software and cannot use said mechanism. This is just pure
> speculation, but perhaps windows run its own dhcpv6 client? If you want
> to use dibbler, make sure that you disable windows' own DHCPv6 client.
>
>> I suspect that windows is simply not trying to send an
>> INFORMATION_REQUEST message on the ppp link (or indeed, an other type of
>> dhcpv6 message) but am not too sure why this would be.
> I never heard about anyone running on ppp link on Windows.

The VPN server is currently running pptpd, this works by establishing a 
link on the pptp port, then tunnelling ppp over GRE. The next step is to 
use l2tp+ipsec, but I want to try and get this working first, although - 
both l2tp and pptp use the linux pppd as their framing system, which 
pretty much every other client seems to understand and work with. Some 
other VPN options have their own way of doing things but I believe this 
is pretty standardised, especially in the windows world since at least 
Windows XP (at least for pptp)

Keep in mind, I'm talking client = Native windows VPN client
Server = Linux box running pptpd, radvd and dibbler-server

> Hope that helps, at least a bit.

Everything helps :-) I'm also currently int he process of documenting 
the entire setup from scratch and can send a copy to the list once I've 
gotten this bit working and documented as well so if anyone else tries 
to be crazy enough to setup an IPv6 VPN server they won't need to ask 
the same dumb questions I seem to be asking :-)

I'm going to try the dibbler-client in the meantime and see if this 
actually has any effect, this should at least get me some logs on both 
client and server.

-- 
Steve.



More information about the Dibbler mailing list