I recently bought a UniFi Dream Machine Pro to replace the Cisco router used for my home internet (and inter-VLAN routing) function. I’ve really enjoyed using the UniFi wireless and switching gear, so I thought I’d try their router/firewall as well. On the whole the device is pretty cool, but they’ve clearly rushed it into production given the range of bugs found already (and seen in the community). In my case, the one causing me grief was their IPv6 support. It seems they’re using a BusyBox operating system with DNSMasq performing the IPv6 router advertisements and DHCPv6 functions. The configuration more or less forces you to use DHCPv6, which is completely unnecessary for an autoconfigured IPv6 network (which was more or less a key point of IPv6).
The problem encountered was that I was not receiving IPv6 router advertisements from the router, and therefore the clients were not autoconfiguring an IPv6 address. If I enabled DHCPv6, I could then see router advertisements being sent, but with incorrect flags set in the packet.
After a bit of research, I was able to determine that they were using DNSMasq for this function, and that the UniFi application was managing the configuration files for DNSMasq – and incorrectly I might add.
Whilst my ISP supports prefix delegation and I have a static /56 prefix, the prefix delegation function was also misbehaving in the UDM Pro.
I was able to correct the functionality from the UDM Pro with a couple of scripts, and a package created by BoostChicken. The high level steps involved:
- I assigned static IPv6 addresses to each LAN interface, and disabled Router Advertisements (they weren’t working anyway), and disabled DHCPv6.
- I created a custom DNSMasq configuration file configured to provide stateless router advertisements for the prefixes assigned to my LAN interfaces (/mnt/data/on_boot.d/customipv6.conf).
- I created a shell script to copy that DNSMasq configuration file from the persistent storage on the device to the DNSMasq config directory and then restart DNSMasq (/mnt/data/on_boot.d/customipv6.sh).
- I used the BoostChicken on boot script package. This was needed to ensure the UDM Pro would execute a script for me on each boot (as it wipes out most other changes you’d make to the OS).
Here’s my /mnt/data/on_boot.d/customipv6.conf file (I’ve replaced my addresses with fake ones for the purpose of the blog). I also assigned the IPv6 DNS servers to internal DNS servers of mine – could have used Google’s or the ISP’s DNS instead.
dhcp-range=240Y:ABCD:XXXX:a900::,ra-stateless dhcp-range=240Y:ABCD:XXXX:a901::,ra-stateless dhcp-range=240Y:ABCD:XXXX:a902::,ra-stateless dhcp-option=option6:dns-server,[240Y:ABCD:XXXX:a900::3],[240Y:ABCD:XXXX:a900::4]
Here’s my /mnt/data/on_boot.d/customipv6.sh script.
#!/bin/sh cp /mnt/data/on_boot.d/customipv6.conf /run/dnsmasq.conf.d/ start-stop-daemon -K -q -x /usr/sbin/dnsmasq
The installation procedure for the package is defined on the package owner’s GitHub page, but here is a copy of what I used (it may change in future versions of the package however). These commands were executed through SSH into the UDM Pro.
unifi-os shell curl -L https://raw.githubusercontent.com/boostchicken/udm-utilities/master/on-boot-script/packages/udm-boot_1.0.4_all.deb -o udm-boot_1.0.4_all.deb dpkg -i udm-boot_1.0.4_all.deb exit
Once the package was installed, I copied my .conf and .sh files to the /mnt/data/on_boot.d directory on the UDM Pro, and rebooted. Sure enough, I was now receiving the correct stateless router advertisements on all LAN interfaces, my clients then autoconfigured, and everything is working.
I’ll need to keep an eye on this as I do firmware updates on the UDM Pro. Hopefully they’ll offer a stateless (and working) router advertisement configuration in a later release.