Re: OpenBSD 6.3, pppoe and IPv6 - default route missing
On Fri, Apr 13, 2018, at 10:55 AM, Daniel Gillen wrote: > Hi > > Just upgraded to 6.3 and it works for me. Here is my config: > --- /etc/pf.conf > if_ext="pppoe0" > icmp6_types="{ 1, 2, 133, 134, 135, 136 }" > pass in quick on $if_ext inet6 proto icmp6 from any to { ($if_ext), > ff02::1/16 } icmp6-type $icmp6_types > pass in quick on $if_ext inet6 proto icmp6 from any to { ($if_ext), > ff02::1/16 } icmp6-type 3 code 0 > pass in quick on $if_ext inet6 proto icmp6 from any to { ($if_ext), > ff02::1/16 } icmp6-type 3 code 1 > pass in quick on $if_ext inet6 proto icmp6 from any to { ($if_ext), > ff02::1/16 } icmp6-type 4 code 0 > pass in quick on $if_ext inet6 proto icmp6 from any to { ($if_ext), > ff02::1/16 } icmp6-type 4 code 1 > pass in quick on $if_ext inet6 proto icmp6 from any to { ($if_ext), > ff02::1/16 } icmp6-type 4 code 2 I added this to my pf.conf, and SLAAC now works, and pokes in a default route. So that's worked around the fact that '!/sbin/route add -inet6 default -ifp pppoe0 fe80::%pppoe0' no longer works on boot. Thanks for the pf config :) Ed
Re: OpenBSD 6.3, pppoe and IPv6 - default route missing
On 13.04.2018 18:54, Edmund Craske wrote: > On Fri, Apr 13, 2018, at 9:31 AM, Stuart Henderson wrote: >> Can you show your whole hostname.pppoe0 file? (mask your password of >> course). On Zen I'm using the following >> >> mtu 1500 >> inet 0.0.0.0 255.255.255.255 0.0.0.1 pppoedev em1 authproto chap >> authname "XXX@zen" authkey "XXX" up >> inet6 -autoconfprivacy >> inet6 autoconf >> !/sbin/route add default -ifp pppoe0 0.0.0.1 >> !/sbin/route add -inet6 default -ifp pppoe0 fe80::%pppoe0 -priority 8 >> >> and hostname.em1 has >> >> mtu 1508 >> up >> >> In my case, I'm using dhcpcd from packages to get addresses for my internal >> networks, Zen don't statically route my v6 block unless I request it via >> DHCPv6-PD, but you won't need that with A&A, you can just configure them >> statically on the inside interfaces. > > Of course, here is my /etc/hostname.pppoe0: > inet 0.0.0.0 255.255.255.255 NONE mtu 1500 pppoedev em1 authproto chap > authname foo authkey bar up > dest 0.0.0.1 > inet6 eui64 > !/sbin/route add default -ifp pppoe0 0.0.0.1 > !/sbin/route add -inet6 default -ifp pppoe0 fe80::%pppoe0 > > and my /etc/hostname.em1 is: > inet 192.168.2.2 255.255.255.0 NONE mtu 1508 > > Which I think was just me attempting to make it so that I could talk to my > modem previously... Anyway the connection comes up and I can do 1500 byte > packets over it so all good in that respect. > > My config is basically lifted almost verbatim from the first example on the > pppoe(4) man page, with the 1500 mtu modifications from the example lower > down... So either there is something really weird with my particular setup > which means that this example is no longer suitable, or the example does not > work like expected on 6.3. > > As previously mentioned I also tried it with 'eui64' changed to 'autoconf', > but it didn't seem that SLAAC was seeing RAs from the remote end - maybe > that's not set up on A&A, or something else is configured wrong? I did try > opening up my pf ruleset a bit but it made no difference. However I used an > older version of the manpage example on my previous OpenBSD 5.8 router (i.e. > no SLAAC or other thing doing any v6 configuration) and it worked fine, so > something is seemingly altering the v6 route table in between the pppoe0 if > being brought up, and it actually establishing a session... > > Thanks, > Edmund > Hi Just upgraded to 6.3 and it works for me. Here is my config: --- /etc/hostname.em1 llprio 1 mtu 1508 up --- /etc/hostname.vlan35 vnetid 35 parent em1 mtu 1508 llprio 1 up --- /etc/hostname.pppoe0 inet 0.0.0.0 255.255.255.255 NONE mtu 1500 llprio 1 \ pppoedev vlan35 \ authproto pap \ authname "foo" \ authkey "bar" dest 0.0.0.1 inet6 autoconf !/sbin/route add default -ifp pppoe0 0.0.0.1 !/sbin/route add -inet6 default -ifp pppoe0 fe80::%pppoe0 --- /etc/pf.conf if_ext="pppoe0" icmp6_types="{ 1, 2, 133, 134, 135, 136 }" pass in quick on $if_ext inet6 proto icmp6 from any to { ($if_ext), ff02::1/16 } icmp6-type $icmp6_types pass in quick on $if_ext inet6 proto icmp6 from any to { ($if_ext), ff02::1/16 } icmp6-type 3 code 0 pass in quick on $if_ext inet6 proto icmp6 from any to { ($if_ext), ff02::1/16 } icmp6-type 3 code 1 pass in quick on $if_ext inet6 proto icmp6 from any to { ($if_ext), ff02::1/16 } icmp6-type 4 code 0 pass in quick on $if_ext inet6 proto icmp6 from any to { ($if_ext), ff02::1/16 } icmp6-type 4 code 1 pass in quick on $if_ext inet6 proto icmp6 from any to { ($if_ext), ff02::1/16 } icmp6-type 4 code 2 You don't have to use a vlan as it seems from your config and won't need the llprio stuff either. If your ISP supports SLAAC, this should work for you too I guess. Daniel -- Unix _IS_ user friendly - it's just selective about who its friends are!
Re: OpenBSD 6.3, pppoe and IPv6 - default route missing
On Fri, Apr 13, 2018, at 9:31 AM, Stuart Henderson wrote: > Can you show your whole hostname.pppoe0 file? (mask your password of > course). On Zen I'm using the following > > mtu 1500 > inet 0.0.0.0 255.255.255.255 0.0.0.1 pppoedev em1 authproto chap > authname "XXX@zen" authkey "XXX" up > inet6 -autoconfprivacy > inet6 autoconf > !/sbin/route add default -ifp pppoe0 0.0.0.1 > !/sbin/route add -inet6 default -ifp pppoe0 fe80::%pppoe0 -priority 8 > > and hostname.em1 has > > mtu 1508 > up > > In my case, I'm using dhcpcd from packages to get addresses for my internal > networks, Zen don't statically route my v6 block unless I request it via > DHCPv6-PD, but you won't need that with A&A, you can just configure them > statically on the inside interfaces. Of course, here is my /etc/hostname.pppoe0: inet 0.0.0.0 255.255.255.255 NONE mtu 1500 pppoedev em1 authproto chap authname foo authkey bar up dest 0.0.0.1 inet6 eui64 !/sbin/route add default -ifp pppoe0 0.0.0.1 !/sbin/route add -inet6 default -ifp pppoe0 fe80::%pppoe0 and my /etc/hostname.em1 is: inet 192.168.2.2 255.255.255.0 NONE mtu 1508 Which I think was just me attempting to make it so that I could talk to my modem previously... Anyway the connection comes up and I can do 1500 byte packets over it so all good in that respect. My config is basically lifted almost verbatim from the first example on the pppoe(4) man page, with the 1500 mtu modifications from the example lower down... So either there is something really weird with my particular setup which means that this example is no longer suitable, or the example does not work like expected on 6.3. As previously mentioned I also tried it with 'eui64' changed to 'autoconf', but it didn't seem that SLAAC was seeing RAs from the remote end - maybe that's not set up on A&A, or something else is configured wrong? I did try opening up my pf ruleset a bit but it made no difference. However I used an older version of the manpage example on my previous OpenBSD 5.8 router (i.e. no SLAAC or other thing doing any v6 configuration) and it worked fine, so something is seemingly altering the v6 route table in between the pppoe0 if being brought up, and it actually establishing a session... Thanks, Edmund
Re: OpenBSD 6.3, pppoe and IPv6 - default route missing
On 2018-04-13, Edmund Craske wrote: > Hi, > I've just replaced my old OpenBSD 5.x-running router with a new one (Alix > APU2) running 6.3. > > Having copied over my old configuration and modified it where necessary, I've > got it bringing up my connections fine, IPv4 works, but IPv6 does not, > without having to manually add a default route after the connection is up. > > I already tripped over (and fixed) the fact that you have to put % > on the end of your inet6 route destinations now, but even having done that, > for some reason a default route does not get added correctly on boot with the > following line present in my /etc/hostname.pppoe0: > > !/sbin/route add -inet6 default -ifp pppoe0 fe80::%pppoe0 > > Looking at the console output on boot it doesn't show any error running that > command (implying that the route should have been added just fine) but it's > definitely not there any more when doing a 'netstat -rn' once the ppp session > is established - is something removing it as part of establishing the > connection? > > Is there a completely different way that I should be doing this than the one > shown in the pppoe(4) man page? I have already tried having 'inet6 autoconf' > instead of 'inet6 eui64' but for some reason I don't get a SLAAC > configuration and IPv6 doesn't come up that way. I don't know if anything has > to be explicitly enabled to make SLAAC work or if I am inadvertently blocking > something that I need to allow in my pf ruleset? > > I am in the UK, using a Draytek Vigor 130 VDSL modem with FTTC to Andrews & > Arnold (AAISP). > > Thanks in advance for any help :) > > Edmund > > Can you show your whole hostname.pppoe0 file? (mask your password of course). On Zen I'm using the following mtu 1500 inet 0.0.0.0 255.255.255.255 0.0.0.1 pppoedev em1 authproto chap authname "XXX@zen" authkey "XXX" up inet6 -autoconfprivacy inet6 autoconf !/sbin/route add default -ifp pppoe0 0.0.0.1 !/sbin/route add -inet6 default -ifp pppoe0 fe80::%pppoe0 -priority 8 and hostname.em1 has mtu 1508 up In my case, I'm using dhcpcd from packages to get addresses for my internal networks, Zen don't statically route my v6 block unless I request it via DHCPv6-PD, but you won't need that with A&A, you can just configure them statically on the inside interfaces.