Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
| doc:howto:ipv6.softwire [2015/05/31 12:11] – old revision restored (2015/05/30 20:57) jow | docs:guide-user:network:ipv6:ipv6.softwire [2021/11/15 13:05] (current) – [Configuration] vgaetera | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== IPv6 on softwire ====== | + | ====== IPv6 on L2TP softwire ====== |
| - | + | This page documents how to configure IPv6 over a L2TP softwire, which is a method used by some ISP to provide IPv6 connectivity. | |
| - | This page documents how to configure IPv6 over a L2TP softwire, which is a method used by some ISP to provide IPv6 connectivity. It assumes Barrier Breaker (OpenWRT 14.07), but the old configuration for Attitude Adjustment (12.09) is available at the end of the page. | + | |
| ===== About softwires ===== | ===== About softwires ===== | ||
| - | + | Softwire | |
| - | " | + | Reasonably accurate definitions about softwires are given in [[http:// |
| Softwires are used as basic blocks to transport newer protocols (typically IPv6) over an older network (typically, the IPv4 core network of an ISP). | Softwires are used as basic blocks to transport newer protocols (typically IPv6) over an older network (typically, the IPv4 core network of an ISP). | ||
| ===== ISP using softwires to provide IPv6 ===== | ===== ISP using softwires to provide IPv6 ===== | ||
| - | + | SFR, in France, is known to use softwires to provide IPv6 to its residential customers. | |
| - | * SFR, in France, is known to use softwires to provide IPv6 to its residential customers. See some [[http:// | + | See some [[http:// |
| ===== Overview ===== | ===== Overview ===== | ||
| - | + | This howto is derived from an experience with SFR, in France (FTTH residential access). | |
| - | This howto is derived from an experience with SFR, in France (FTTH residential access). It might applies to other ISPs as well, but you'll need to adapt IP addresses, PPP login and passwords, and so on. | + | It might applies to other ISPs as well, but you'll need to adapt IP addresses, PPP login and passwords, and so on. |
| The high-level description of the tunneling is the following: | The high-level description of the tunneling is the following: | ||
| Line 24: | Line 23: | ||
| - an IPv6 prefix is obtained thanks to DHCPv6 | - an IPv6 prefix is obtained thanks to DHCPv6 | ||
| - | In the case of SFR, steps 1 and 2 require an authentication. Fortunately, | + | In the case of SFR, steps 1 and 2 require an authentication. |
| + | Fortunately, | ||
| + | The PPP password is not, but it's sent as cleartext, so a simple sniffing is enough to recover it. | ||
| - | ===== Setup for Barrier Breaker | + | ==== Installation |
| - | + | You need to install | |
| - | Barrier Breaker has native IPv6 support, which greatly simplifies the configuration. | + | |
| - | + | ||
| - | ==== Requirements ==== | + | |
| - | + | ||
| - | You need to install | + | |
| ==== Configuration ==== | ==== Configuration ==== | ||
| - | + | <code bash> | |
| - | '' | + | # / |
| - | < | + | |
| config interface 6pe | config interface 6pe | ||
| option proto l2tp | option proto l2tp | ||
| Line 51: | Line 46: | ||
| </ | </ | ||
| - | :!: For the RC3 version of Barrier Breaker, you should use '' | + | If you need authentication at the L2TP level (before PPP): |
| - | See [[doc/ | + | <code bash> |
| - | + | # / | |
| - | If you need authentication at the L2TP level (before PPP), configure it in '' | + | |
| - | < | + | |
| * * my_l2tp_password | * * my_l2tp_password | ||
| </ | </ | ||
| - | At this point, rebooting or simply running '' | + | At this point, rebooting or simply running '' |
| + | To debug, look at the logs ('' | ||
| - | ===== Old setup for AA ===== | + | Note that SFR's CPE, the Neufbox, is running a modified version of OpenWrt. |
| - | + | Since they publish their firmware (I used the [[http:// | |
| - | This setup is doing everything "by hand", which might be useful for other Linux distribution as well (for instance, Debian). | + | |
| - | + | ||
| - | - use '' | + | |
| - | - use '' | + | |
| - | - use '' | + | |
| - | + | ||
| - | Of course, you are free to use other methods. Most notably, newer OpenWRT versions handle IPv6 differently. It's also possible to distribute IPv6 addresses to LAN clients using '' | + | |
| - | + | ||
| - | Note that SFR's CPE, the Neufbox, is running a modified version of OpenWRT. Since they publish their firmware (I used the [[http:// | + | |
| ==== L2TP tunnel using xl2tpd ==== | ==== L2TP tunnel using xl2tpd ==== | ||
| - | + | <code bash> | |
| - | You need to install '' | + | # / |
| - | + | ||
| - | < | + | |
| [global] | [global] | ||
| port = 1701 | port = 1701 | ||
| Line 96: | Line 79: | ||
| flow bit = yes | flow bit = yes | ||
| length bit = yes | length bit = yes | ||
| - | </ | ||
| - | |||
| - | You need to fill out ''/ | ||
| - | < | + | # / |
| * * 6pe | * * 6pe | ||
| </ | </ | ||
| - | |||
| - | This should be enough to see if it works or not. | ||
| === Starting the L2TP tunnel === | === Starting the L2TP tunnel === | ||
| - | |||
| You need to start '' | You need to start '' | ||
| - | < | + | < |
| / | / | ||
| echo "c 6pe" > / | echo "c 6pe" > / | ||
| </ | </ | ||
| - | There doesn' | + | There doesn' |
| + | Quick & dirty: | ||
| - | < | + | < |
| + | # / | ||
| + | ... | ||
| (sleep 10 && echo "c 6pe" > / | (sleep 10 && echo "c 6pe" > / | ||
| + | $BIN $OPTIONS | ||
| + | ... | ||
| </ | </ | ||
| - | |||
| - | just before the '' | ||
| === Troubleshooting === | === Troubleshooting === | ||
| - | |||
| * look at the logs ('' | * look at the logs ('' | ||
| * try to activate some '' | * try to activate some '' | ||
| Line 130: | Line 109: | ||
| ==== PPP configuration ==== | ==== PPP configuration ==== | ||
| + | Last, you need to set PPP options for IPv6 negotiation. | ||
| - | Last, you need to set PPP options for IPv6 negotiation. In '' | + | <code bash> |
| - | + | # / | |
| - | < | + | |
| # From the official firmware | # From the official firmware | ||
| ipv6 , | ipv6 , | ||
| Line 149: | Line 128: | ||
| You then need to define the PPP password in ''/ | You then need to define the PPP password in ''/ | ||
| - | < | + | < |
| # | # | ||
| dhcp/ | dhcp/ | ||
| </ | </ | ||
| - | For SFR, the password is not obvious. It's sent in cleartext, thus recoverable by sniffing the WAN port of the official box. | + | For SFR, the password is not obvious. |
| + | It's sent in cleartext, thus recoverable by sniffing the WAN port of the official box. | ||
| ==== Prefix delegation through DHCPv6 ==== | ==== Prefix delegation through DHCPv6 ==== | ||
| - | |||
| Once the PPP session is established inside the L2TP tunnel, a new interface '' | Once the PPP session is established inside the L2TP tunnel, a new interface '' | ||
| The only remaining step is to request an IPv6 prefix to the ISP, by using for instance the '' | The only remaining step is to request an IPv6 prefix to the ISP, by using for instance the '' | ||
| - | === OpenWRT | + | === OpenWrt |
| Note that this is specific to Attitude Adjustment, as IPv6 support is expected to changed a lot in the upcoming Barrier Breaker release. | Note that this is specific to Attitude Adjustment, as IPv6 support is expected to changed a lot in the upcoming Barrier Breaker release. | ||
| === Interface declaration === | === Interface declaration === | ||
| + | We need to tell OpenWrt about the new interface: | ||
| - | We need to tell OpenWRT about the new interface, in '' | + | <code bash> |
| - | + | # / | |
| - | < | + | config interface |
| - | config interface | + | |
| option ifname | option ifname | ||
| option proto none | option proto none | ||
| </ | </ | ||
| - | If, at some point, you don't get a default route for IPv6, you could try to add the route yourself: | + | If, at some point, you don't get a default route for IPv6, you could try to add the route yourself, where the gateway is the link-local address of the router at the other end of the softwire: |
| - | < | + | < |
| + | # / | ||
| config route6 | config route6 | ||
| - | option interface | + | option interface |
| option target '::/ | option target '::/ | ||
| option gateway ' | option gateway ' | ||
| </ | </ | ||
| - | where the gateway is the link-local address of the router at the other end of the softwire. | ||
| - | |||
| - | === Firewall rules === | ||
| - | |||
| - | Start by modifying the '' | ||
| - | |||
| - | < | ||
| - | option network | ||
| - | </ | ||