Sunday, 20 February 2011

Compiling ISC DHCP 4.2.0 DD-WRT

Afternoon all, time for me to share how I compiled dhcpv6. This is not the smallest implementation by a long way, so make sure you have plenty of free space on your rotuer for it. I have been looking at compiling other, smaller implementations but as yet I don't have any working builds. Here's how I got ISC DHCP 4.2 compiled and working.

Firstly you'll need to grab and unpack the source:
# wget http://ftp.isc.org/isc/dhcp/dhcp-4.2.0-P2.tar.gz
# tar xzvf dhcp-4.2.0-P2.tar.gz
# cd dhcp-4.2.0-P2

As I said before, this one was a little tricky, and getting it passed the configure stage involved many hours of Googling. The first issue is that it fails trying to work out where /dev/random should be as it is a cross compile environment, the for the bind libraries it fails to set the correct compilers up. So here's what we do.

# echo ac_cv_file__dev_random=yes > config.cache

This fools the configure script into thinking it's found /dev/random, we can now configure.

# ./configure --prefix=/opt --host=mipsel-linux-uclibc --cache-file=config.cache

The next bit is a little strange, but it works. We will run make, but we will cancel it as soon as it has unpacked the bind source with Ctrl+C. So:

# make

As soon as it says "Configuring BIND Export libraries for DHCP" press Ctrl+C to cancel. We need to make some small changes. (I probably should do a patch for this).

Open this file in your favorite text editor:

bind/bind-9.7.1/lib/export/dns/Makefile.in

Change ${CC} on line 163 to ${BUILD_CC}. Next modify this Makefile:
bind/Makefile

Line 48, replace ./configure with
BUILD_CC=gcc ./configure --host=mipsel-linux-uclibc --with-randomdev=/dev/random

Change back into the DHCP directory and start the build again.

# make
# make install

Copy the files over the same way we did last time. Now you've got it installed, time to get it working. DHCPv6 does not work the same way as DHCP, and is not the first port of call for clients. First, tell radvd that we have DHCPv6 for 'other' configuration information, not IPv6 addresses, so modify radvd config to look like to following in the UI:

interface br0 { 
    AdvSendAdvert on; 
    AdvHomeAgentFlag on; 
    AdvLinkMTU 1480; 
    MinRtrAdvInterval 3; 
    MaxRtrAdvInterval 10;
    AdvOtherConfigFlag on; // this is the new flag to add
    prefix 2001:db8:: { 
        AdvOnLink on; 
        AdvAutonomous on; 
        AdvRouterAddr on; 
    };
};

Next, we need to configure DHCP itself. Create the /opt/etc/dhcpd6.conf

default-lease-time 600;
max-lease-time 7200;

lease-file-name "/tmp/dhcp6.leases";

subnet6 2001:db8::/64 {
        option dhcp6.name-servers 2001:db8::1;
}

This is all that is required to tell clients to use IPv6 DNS servers. Change the prefix and name server as applicable for your network. DNSmasq supports IPv6 for dns forwarding, so we'll configure that next. In the UI for DNSmasq Additional Options, add:

interface=br0
server=2a01:348:0:1::e:1
server=2a01:348:0:1::f:1
server=8.8.8.8
server=8.8.4.4
no-resolv
strict-order

Replacing all the server= lines with the addresses of the upstream DNS servers you wish to use. The eagle eyed amongst you will notice that the IPv4 addresses are Google's dns service. The IPv6 ones are provided by Goscomb Technologies. Upstream IPv6 DNS servers are a requirement to access services that use what is known as 'dns whitelisting', that is, AAAA records are only served with end-to-end IPv6 connectivity.

The other 2 options override the resolv.conf and force it to try the IPv6 DNS servers first.

We now need to allow these new services in the firewall, with these commands:

# ip6tables -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
# ip6tables -A INPUT -p udp -m udp --dport 53 -j ACCEPT
# ip6tables -A INPUT -i br0 -p tcp -m tcp --dport 547 -j ACCEPT
# ip6tables -A INPUT -i br0 -p udp -m udp --dport 547 -j ACCEPT

Add these to startup/firewall.

Also add this following line to startup make DHCPv6 start at boot:
dhcpd -6 -cf /opt/etc/dhcpd6.conf br0

Because of the amount of settings we've just change, I recommend you reboot your router. Once it's started you should have a working DHCPv6 server! Not all clients support DHCPv6 out of the box so you may need to do some tweaking. I can however confirm that this setup does work with Windows 7.

Now assuming I've not made any silly mistakes, that should be all you need to get that going. If there are any I'm sure you guys will be kind enough to point them out for me. I will be attempting other implementations of DHCPv6 that will hopefully be smaller and more lightweight. Next time (by request) will be instructions on compiling your own ping6. Those of you who asked about kismet will have to wait a while, as I am having more difficulty with that than DHCP.

Edit 2011-02-22: Added interface=br0 to the DNSmasq options as I discovered it didn't listen on IPv6 by default.

3 comments:

  1. Thanks you very much, you indeed involved for me many hours of Googling!

    ReplyDelete
  2. Hi, my line on 48 looks like
    -------------------------------------------------------------------------------------------------------
    @(cd ${bindsrcdir} && BUILD_CC=gcc ./configure --host=mipsel-linux-uclibc --with-randomdev=/dev/random
    --disable-epoll --disable-devpoll --without-openssl --without-libxml2 --enable-exportlib --enable-threads=no --with-export-includedir=${binddir}/include --with-export-libdir=${binddir}/lib > ${binddir}/configure.log)
    -------------------------------------------------------------------------------------------------------
    With make I get an error.
    (
    make[1]: Betrete Verzeichnis '/home/mpman/Downloads/dhcp-4.2.0-P2/bind'
    Makefile:52: *** Befehle beginnen vor dem ersten Ziel. Schluss.
    make[1]: Verlasse Verzeichnis '/home/mpman/Downloads/dhcp-4.2.0-P2/bind'
    make: *** [all-recursive] Fehler 1
    )
    I need actually only dhclient bin . Maybe you can send it to me by mail ? Big THX

    Rob

    ReplyDelete
  3. Hi,

    I am compiling for ARM with changes prescribed by you.
    I am getting this error

    [root@localhost dhcp-4.2.5]# make
    Making all in bind
    make[1]: Entering directory `/home/lokesh/chumma/dhcp-4.2.5/bind'
    bind-9.8.4-P1 already unpacked...
    Configuring BIND Export libraries for DHCP.
    configure: WARNING: using cross tools not prefixed with host triplet
    Building BIND Export libraries - this takes some time.
    building in /home/lokesh/chumma/dhcp-4.2.5/bind/bind-9.8.4-P1/lib/export
    /bin/sh: ./gen: cannot execute binary file
    gmake[3]: *** [include/dns/enumtype.h] Error 126
    gmake[2]: *** [subdirs] Error 1
    Installing BIND Export libraries to /home/lokesh/chumma/dhcp-4.2.5/bind.
    /bin/sh: ./gen: cannot execute binary file
    gmake[3]: *** [include/dns/enumclass.h] Error 126
    gmake[2]: *** [subdirs] Error 1
    make[1]: *** [all] Error 2
    make[1]: Leaving directory `/home/lokesh/chumma/dhcp-4.2.5/bind'
    make: *** [all-recursive] Error 1


    How to resolve this ?

    ReplyDelete