I did something a bit interesting recently, namely replace my pfSense virtual machine with just a plain Debian install which I configured myself. There were a few reasons I decided to do this replacement and build something myself instead of going with some sort of ready-made package, chief among them the feeling that almost all router distributions (at least the free ones that I have access to) had really subpar IPv6 support which is a problem since I want to look into potentially moving the home network into a single-stack IPv6 world if possible—spoiler alert: not possible.
Now this changeover didn’t go quite as painlessly as I had probably hoped, mainly because even in bespoke world there was quite a lot of additional scripting I needed to do in order to support some of the configurations I wanted, and even then there are some outliers like the “smart”-TV that seem to not like being in an IPv6-only world even though all the services the TV accesses are IPv6 enabled.
The first hurdle came fairly early on, after I had gotten the automatic address assignment working primarily through DHCPv6 when I wanted those addresses to get registered in DNS since an IPv6-address is obviously something of a pain to type in and relearn every time they go around changing due to the automatic assignment. Now, while this is something of a supported thing in the ISC DHCP and DNS servers, unfortunately the most important clients for this feature—the servers, mostly running Debian—didn’t include the necessary configuration in their DHCP clients out of the box to enable this to happen meaning they all needed to be reconfigured. Not a big deal—and something that makes me want to take another look at configuration management tools even if most of the configuration of most of my servers is still in the “pet” category since they tend to be one-offs serving only one purpose—but still rather annoying and required some debugging to find out why they were behaving that way since my Windows workstation had no problem registering itself.
The second problem in this saga came from reverse DNS entries. Since my address prefix is dynamic and assigned through DHCPv6 from my ISP, even if it rarely changes, I couldn’t go the easy route of simply configuring it in the DNS and DHCP server and letting the updates happen that way automatically but rather ended up having to add a hook on the router for the DHCP client to modify the configuration files of the two other services and then reload them as needed. Now this works and is the implementation that I’m currently using, but there were some growing pains since at one point the DNS server decided that these reloads meant it could also drop all of the dynamically assigned addresses from the DHCP server which meant ever time the router got a new DHCP assignemnt it also forgot where all the server were—or rather, their names—which is a less than ideal situation to be in. I found a workaround for this that is less than ideal—simply not updating the serial number of the DNS zone—and somewhat hacky but hey, at least it all works for now.
Having had all of this running now for a while has been something of a mixed bag. Sure, everything basically works and having been able to mostly switch over to IPv6 for internal traffic like was my goal from the start has been really nice, but it is all still a bit janky which I noticed most recently when the server froze due to a CPU bug and needed rebooting, which unfortunately did not lead to the router rebooting itself gracefully and it was instead stuck on bringing up network interfaces for something like 5 minutes before giving up and just booting up without doing that. So even a month or so later, it all still has some rough edges but to be fair I think that was to be expected what with there actually being so big a market for ready-made solutions. It just means I need to start taking the long view on this project instead of assuming it’s something I’m simply done with, which is fine.