Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
doc:howto:ipv6.softwire [2015/05/31 12:11] – old revision restored (2015/05/30 20:57) jowdocs:guide-user:network:ipv6:ipv6.softwire [2021/11/15 13:05] (current) – [Configuration] vgaetera
Line 1: Line 1:
-====== IPv6 on softwire ====== +====== IPv6 on L2TP softwire ====== 
- +This page documents how to configure IPv6 over a L2TP softwire, which is a method used by some ISP to provide IPv6 connectivity.
-This page documents how to configure IPv6 over a L2TP softwire, which is a method used by some ISP to provide IPv6 connectivity. It assumes Barrier Breaker (OpenWRT 14.07), but the old configuration for Attitude Adjustment (12.09) is available at the end of the page.+
  
 ===== About softwires ===== ===== About softwires =====
- +Softwire is the new fancy term for network tunnels, aka encapsulation. 
-"softwire" is the new fancy term for network tunnels, aka encapsulation. Reasonably accurate definitions about softwires are given in [[http://tools.ietf.org/html/rfc4925|RFC 4925]], and [[http://tools.ietf.org/html/rfc5571|RFC 5571]] describes an implementation using L2TPv2.+Reasonably accurate definitions about softwires are given in [[http://tools.ietf.org/html/rfc4925|RFC 4925]], and [[http://tools.ietf.org/html/rfc5571|RFC 5571]] describes an implementation using L2TPv2.
  
 Softwires are used as basic blocks to transport newer protocols (typically IPv6) over an older network (typically, the IPv4 core network of an ISP). Softwires are used as basic blocks to transport newer protocols (typically IPv6) over an older network (typically, the IPv4 core network of an ISP).
  
 ===== ISP using softwires to provide IPv6 ===== ===== ISP using softwires to provide IPv6 =====
- +SFR, in France, is known to use softwires to provide IPv6 to its residential customers. 
-  * SFR, in France, is known to use softwires to provide IPv6 to its residential customers. See some [[http://bitsofnetworks.org/utiliser-ipv6-chez-sfr-sans-la-neufbox-fr.html|documentation (in French)]].+See some [[http://bitsofnetworks.org/utiliser-ipv6-chez-sfr-sans-la-neufbox-fr.html|documentation (in French)]].
  
 ===== Overview ===== ===== Overview =====
- +This howto is derived from an experience with SFR, in France (FTTH residential access). 
-This howto is derived from an experience with SFR, in France (FTTH residential access). It might applies to other ISPs as well, but you'll need to adapt IP addresses, PPP login and passwords, and so on.+It might applies to other ISPs as well, but you'll need to adapt IP addresses, PPP login and passwords, and so on.
  
 The high-level description of the tunneling is the following: The high-level description of the tunneling is the following:
Line 24: Line 23:
   - an IPv6 prefix is obtained thanks to DHCPv6   - an IPv6 prefix is obtained thanks to DHCPv6
  
-In the case of SFR, steps 1 and 2 require an authentication. Fortunately, the L2TP password is hardcoded. The PPP password is not, but it's sent as cleartext, so a simple sniffing is enough to recover it.+In the case of SFR, steps 1 and 2 require an authentication. 
 +Fortunately, the L2TP password is hardcoded. 
 +The PPP password is not, but it's sent as cleartext, so a simple sniffing is enough to recover it.
  
-===== Setup for Barrier Breaker ===== +==== Installation ==== 
- +You need to install [[packages:pkgdata:xl2tpd]], which will handle the L2TP tunnel and PPP session.
-Barrier Breaker has native IPv6 support, which greatly simplifies the configuration. +
- +
-==== Requirements ==== +
- +
-You need to install ''xl2tpd'', which will handle the L2TP tunnel and PPP session.+
  
 ==== Configuration ==== ==== Configuration ====
- +<code bash> 
-''/etc/config/network'' +/etc/config/network
-<code>+
 config interface 6pe config interface 6pe
         option proto l2tp         option proto l2tp
Line 51: Line 46:
 </code> </code>
  
-:!: For the RC3 version of Barrier Breaker, you should use ''proto l2tpv2'' instead.+If you need authentication at the L2TP level (before PPP):
  
-See [[doc/uci/network#protocol.l2tp.ppp.over.l2tp.pseudowire.tunnel]] for more options. +<code bash> 
- +# /etc/xl2tpd/xl2tp-secrets
-If you need authentication at the L2TP level (before PPP), configure it in ''/etc/xl2tpd/xl2tp-secrets'': +
-<code>+
 * * my_l2tp_password * * my_l2tp_password
 </code> </code>
  
-At this point, rebooting or simply running ''ifup wan6'' should give you a fully working IPv6 setup.  To debug, look at the logs (''logread'') and the interfaces status (''ifstatus 6pe'' and ''ifstatus wan6'').+At this point, rebooting or simply running ''ifup wan6'' should give you a fully working IPv6 setup. 
 +To debug, look at the logs (''logread'') and the interfaces status (''ifstatus 6pe'' and ''ifstatus wan6'').
  
-===== Old setup for AA ===== +Note that SFR's CPE, the Neufbox, is running a modified version of OpenWrt. 
- +Since they publish their firmware (I used the [[http://download.nb6thd.neufbox.neuf.fr/nb6thd_Vers%203.3.4_ter/NB6-MAIN-R3.3.4|NB6-MAIN-R3.3.4]] firmware), it's possible to look at their config files (and hardcoded passwords), which greatly simplifies the task.
-This setup is doing everything "by hand", which might be useful for other Linux distribution as well (for instance, Debian).  More precisely, we do the following: +
- +
-  - use ''xl2tpd'' to negociate the L2TP tunnel and the PPP session: this creates a ''ppp0'' interface +
-  - use ''dhcp6c'' to request an IPv6 prefix through DHCPv6 +
-  - use ''radvd'' to distribute addresses to LAN clients from a /64 (which is automatically taken from the delegated prefix) +
- +
-Of course, you are free to use other methods. Most notably, newer OpenWRT versions handle IPv6 differently. It's also possible to distribute IPv6 addresses to LAN clients using ''dnsmasq''+
- +
-Note that SFR's CPE, the Neufbox, is running a modified version of OpenWRT. Since they publish their firmware (I used the [[http://download.nb6thd.neufbox.neuf.fr/nb6thd_Vers%203.3.4_ter/NB6-MAIN-R3.3.4|NB6-MAIN-R3.3.4]] firmware), it's possible to look at their config files (and hardcoded passwords), which greatly simplifies the task.+
  
 ==== L2TP tunnel using xl2tpd ==== ==== L2TP tunnel using xl2tpd ====
- +<code bash> 
-You need to install ''xl2tpd''. Then, a working ''/etc/x2ltpd/x2ltpd.conf'' for SFR is: +/etc/x2ltpd/x2ltpd.conf
- +
-<code>+
 [global] [global]
 port = 1701 port = 1701
Line 96: Line 79:
 flow bit = yes flow bit = yes
 length bit = yes length bit = yes
-</code> 
- 
-You need to fill out ''/etc/xl2tpd/xl2tp-secrets'' with the password. In the case of SFR: 
  
-<code>+# /etc/xl2tpd/xl2tp-secrets
 * * 6pe * * 6pe
 </code> </code>
- 
-This should be enough to see if it works or not. 
  
 === Starting the L2TP tunnel === === Starting the L2TP tunnel ===
- 
 You need to start ''xl2tpd'', and connect the profile we defined: You need to start ''xl2tpd'', and connect the profile we defined:
  
-<code>+<code bash>
 /etc/init.d/xl2tpd start /etc/init.d/xl2tpd start
 echo "c 6pe" > /var/run/xl2tpd/l2tp-control echo "c 6pe" > /var/run/xl2tpd/l2tp-control
 </code> </code>
  
-There doesn't seem to be an easy way to start a profile automatically at startup. Quick & dirty: edit ''/etc/rc.d/S60xl2tpd'' and add+There doesn't seem to be an easy way to start a profile automatically at startup. 
 +Quick & dirty:
  
-<code>+<code bash> 
 +# /etc/rc.d/S60xl2tpd 
 +...
 (sleep 10 && echo "c 6pe" > /var/run/xl2tpd/l2tp-control) & (sleep 10 && echo "c 6pe" > /var/run/xl2tpd/l2tp-control) &
 +$BIN $OPTIONS
 +...
 </code> </code>
- 
-just before the ''$BIN $OPTIONS'' line. 
  
 === Troubleshooting === === Troubleshooting ===
- 
   * look at the logs (''logread'')   * look at the logs (''logread'')
   * try to activate some ''xl2tpd'' debug options   * try to activate some ''xl2tpd'' debug options
Line 130: Line 109:
  
 ==== PPP configuration ==== ==== PPP configuration ====
 +Last, you need to set PPP options for IPv6 negotiation.
  
-Last, you need to set PPP options for IPv6 negotiation. In ''/etc/ppp/options.xl2tpd'': +<code bash> 
- +/etc/ppp/options.xl2tpd
-<code>+
 # From the official firmware # From the official firmware
 ipv6 , ipv6 ,
Line 149: Line 128:
 You then need to define the PPP password in ''/etc/ppp/chap-secrets'': You then need to define the PPP password in ''/etc/ppp/chap-secrets'':
  
-<code>+<code bash>
 #USERNAME  PROVIDER  PASSWORD  IPADDRESS #USERNAME  PROVIDER  PASSWORD  IPADDRESS
 dhcp/XX.XX.XX.XX@YYYYYYYYYYYY * <PPP password> dhcp/XX.XX.XX.XX@YYYYYYYYYYYY * <PPP password>
 </code> </code>
  
-For SFR, the password is not obvious. It's sent in cleartext, thus recoverable by sniffing the WAN port of the official box.+For SFR, the password is not obvious. 
 +It's sent in cleartext, thus recoverable by sniffing the WAN port of the official box.
  
 ==== Prefix delegation through DHCPv6 ==== ==== Prefix delegation through DHCPv6 ====
- 
 Once the PPP session is established inside the L2TP tunnel, a new interface ''ppp0'' should appear. Once the PPP session is established inside the L2TP tunnel, a new interface ''ppp0'' should appear.
  
 The only remaining step is to request an IPv6 prefix to the ISP, by using for instance the ''wide-dhcp6c'' client. The only remaining step is to request an IPv6 prefix to the ISP, by using for instance the ''wide-dhcp6c'' client.
  
-=== OpenWRT integration === +=== OpenWrt integration ===
 Note that this is specific to Attitude Adjustment, as IPv6 support is expected to changed a lot in the upcoming Barrier Breaker release. Note that this is specific to Attitude Adjustment, as IPv6 support is expected to changed a lot in the upcoming Barrier Breaker release.
  
 === Interface declaration === === Interface declaration ===
 +We need to tell OpenWrt about the new interface:
  
-We need to tell OpenWRT about the new interface, in ''/etc/config/network'': +<code bash> 
- +/etc/config/network 
-<code> +config interface wan6
-config interface wanv6+
         option ifname   ppp0         option ifname   ppp0
         option proto    none         option proto    none
 </code> </code>
  
-If, at some point, you don't get a default route for IPv6, you could try to add the route yourself:+If, at some point, you don't get a default route for IPv6, you could try to add the route yourself, where the gateway is the link-local address of the router at the other end of the softwire:
  
-<code>+<code bash> 
 +# /etc/config/network
 config route6                            config route6                           
-        option interface wanv6          +        option interface wan6          
         option target '::/0'                     option target '::/0'            
         option gateway 'fe80::XXXX:XXff:feXX:XXXX'         option gateway 'fe80::XXXX:XXff:feXX:XXXX'
 </code> </code>
  
-where the gateway is the link-local address of the router at the other end of the softwire. 
- 
-=== Firewall rules === 
- 
-Start by modifying the ''wan'' zone in ''/etc/config/firewall'': 
- 
-<code> 
-        option network          'wan wanv6' 
-</code> 
  • Last modified: 2021/11/15 13:05
  • by vgaetera