upstream1: prepare dhcp6

salt/top.sls

@@ -41,6 +41,8 @@ base:
   'upstream2':
     - upstream.port-forwarding
     - upstream.ipv6-tunnel
+  'upstream1':
+    - upstream.dhcp6
   'anon*':
     - no-ssh
     - forwarding

salt/upstream/dhcp6.sls

@@ -0,0 +1,19 @@
+{%- set interface = pillar['upstream']['interface'] %}
+
+/etc/wide-dhcpv6/dhcp6c.conf:
+  file.managed:
+    - source: salt://upstream/dhcp6c.conf
+    - template: 'jinja'
+    - context:
+        interface: {{ interface }}
+    - mode: 744
+
+wide-dhcpv6-client:
+  pkg.installed: []
+  service:
+    - running
+    - enable: True
+    - restart: True
+    - watch:
+      - file: /etc/wide-dhcpv6/dhcp6c.conf
+      - pkg: wide-dhcpv6-client

salt/upstream/dhcp6c.conf

@@ -0,0 +1,21 @@
+interface {{ interface }} {
+    send rapid-commit;
+    send ia-pd 0;
+    send ia-na 0;
+    request sip-server-domain-name;
+    request sip-server-address;
+};
+
+id-assoc pd 0 {
+    prefix ::/56 infinity;
+    prefix-interface core {
+        # 0x81 in decimal
+        sla-id 129;
+        # 64 - 56
+        sla-len 8;
+        # …::0/64
+        ifid 0;
+    };
+};
+id-assoc na 0 {
+};

salt/upstream/iptables

@@ -11,6 +11,8 @@ if [ "$IFACE" = "{{ interface }}" ]; then
    ip6tables -A INPUT -i "$IFACE" -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables -A INPUT -i "$IFACE" -p icmp -j ACCEPT
    ip6tables -A INPUT -i "$IFACE" -p icmp -j ACCEPT
+   # DHCPv6
+   ip6tables -A INPUT -i "$IFACE" -p udp --sport 547 --dport 546 -j ACCEPT
    iptables -A INPUT -i "$IFACE" -j DROP
    ip6tables -A INPUT -i "$IFACE" -j DROP
    iptables -P INPUT ACCEPT