Discussion:
OpenBSD 6.3, pppoe and IPv6 - default route missing
(too old to reply)
Edmund Craske
2018-04-13 08:42:09 UTC
Permalink
Hi,
I've just replaced my old OpenBSD 5.x-running router with a new one (Alix APU2) running 6.3.

Having copied over my old configuration and modified it where necessary, I've got it bringing up my connections fine, IPv4 works, but IPv6 does not, without having to manually add a default route after the connection is up.

I already tripped over (and fixed) the fact that you have to put %<interface> on the end of your inet6 route destinations now, but even having done that, for some reason a default route does not get added correctly on boot with the following line present in my /etc/hostname.pppoe0:

!/sbin/route add -inet6 default -ifp pppoe0 fe80::%pppoe0

Looking at the console output on boot it doesn't show any error running that command (implying that the route should have been added just fine) but it's definitely not there any more when doing a 'netstat -rn' once the ppp session is established - is something removing it as part of establishing the connection?

Is there a completely different way that I should be doing this than the one shown in the pppoe(4) man page? I have already tried having 'inet6 autoconf' instead of 'inet6 eui64' but for some reason I don't get a SLAAC configuration and IPv6 doesn't come up that way. I don't know if anything has to be explicitly enabled to make SLAAC work or if I am inadvertently blocking something that I need to allow in my pf ruleset?

I am in the UK, using a Draytek Vigor 130 VDSL modem with FTTC to Andrews & Arnold (AAISP).

Thanks in advance for any help :)

Edmund
Stuart Henderson
2018-04-13 16:31:53 UTC
Permalink
Post by Edmund Craske
Hi,
I've just replaced my old OpenBSD 5.x-running router with a new one (Alix APU2) running 6.3.
Having copied over my old configuration and modified it where necessary, I've got it bringing up my connections fine, IPv4 works, but IPv6 does not, without having to manually add a default route after the connection is up.
!/sbin/route add -inet6 default -ifp pppoe0 fe80::%pppoe0
Looking at the console output on boot it doesn't show any error running that command (implying that the route should have been added just fine) but it's definitely not there any more when doing a 'netstat -rn' once the ppp session is established - is something removing it as part of establishing the connection?
Is there a completely different way that I should be doing this than the one shown in the pppoe(4) man page? I have already tried having 'inet6 autoconf' instead of 'inet6 eui64' but for some reason I don't get a SLAAC configuration and IPv6 doesn't come up that way. I don't know if anything has to be explicitly enabled to make SLAAC work or if I am inadvertently blocking something that I need to allow in my pf ruleset?
I am in the UK, using a Draytek Vigor 130 VDSL modem with FTTC to Andrews & Arnold (AAISP).
Thanks in advance for any help :)
Edmund
Can you show your whole hostname.pppoe0 file? (mask your password of
course). On Zen I'm using the following

mtu 1500
inet 0.0.0.0 255.255.255.255 0.0.0.1 pppoedev em1 authproto chap authname "***@zen" authkey "XXX" up
inet6 -autoconfprivacy
inet6 autoconf
!/sbin/route add default -ifp pppoe0 0.0.0.1
!/sbin/route add -inet6 default -ifp pppoe0 fe80::%pppoe0 -priority 8

and hostname.em1 has

mtu 1508
up

In my case, I'm using dhcpcd from packages to get addresses for my internal
networks, Zen don't statically route my v6 block unless I request it via
DHCPv6-PD, but you won't need that with A&A, you can just configure them
statically on the inside interfaces.
Edmund Craske
2018-04-13 16:54:00 UTC
Permalink
Post by Stuart Henderson
Can you show your whole hostname.pppoe0 file? (mask your password of
course). On Zen I'm using the following
mtu 1500
inet 0.0.0.0 255.255.255.255 0.0.0.1 pppoedev em1 authproto chap
inet6 -autoconfprivacy
inet6 autoconf
!/sbin/route add default -ifp pppoe0 0.0.0.1
!/sbin/route add -inet6 default -ifp pppoe0 fe80::%pppoe0 -priority 8
and hostname.em1 has
mtu 1508
up
In my case, I'm using dhcpcd from packages to get addresses for my internal
networks, Zen don't statically route my v6 block unless I request it via
DHCPv6-PD, but you won't need that with A&A, you can just configure them
statically on the inside interfaces.
Of course, here is my /etc/hostname.pppoe0:
inet 0.0.0.0 255.255.255.255 NONE mtu 1500 pppoedev em1 authproto chap authname foo authkey bar up
dest 0.0.0.1
inet6 eui64
!/sbin/route add default -ifp pppoe0 0.0.0.1
!/sbin/route add -inet6 default -ifp pppoe0 fe80::%pppoe0

and my /etc/hostname.em1 is:
inet 192.168.2.2 255.255.255.0 NONE mtu 1508

Which I think was just me attempting to make it so that I could talk to my modem previously... Anyway the connection comes up and I can do 1500 byte packets over it so all good in that respect.

My config is basically lifted almost verbatim from the first example on the pppoe(4) man page, with the 1500 mtu modifications from the example lower down... So either there is something really weird with my particular setup which means that this example is no longer suitable, or the example does not work like expected on 6.3.

As previously mentioned I also tried it with 'eui64' changed to 'autoconf', but it didn't seem that SLAAC was seeing RAs from the remote end - maybe that's not set up on A&A, or something else is configured wrong? I did try opening up my pf ruleset a bit but it made no difference. However I used an older version of the manpage example on my previous OpenBSD 5.8 router (i.e. no SLAAC or other thing doing any v6 configuration) and it worked fine, so something is seemingly altering the v6 route table in between the pppoe0 if being brought up, and it actually establishing a session...

Thanks,
Edmund
Daniel Gillen
2018-04-13 17:55:26 UTC
Permalink
Post by Edmund Craske
Post by Stuart Henderson
Can you show your whole hostname.pppoe0 file? (mask your password of
course). On Zen I'm using the following
mtu 1500
inet 0.0.0.0 255.255.255.255 0.0.0.1 pppoedev em1 authproto chap
inet6 -autoconfprivacy
inet6 autoconf
!/sbin/route add default -ifp pppoe0 0.0.0.1
!/sbin/route add -inet6 default -ifp pppoe0 fe80::%pppoe0 -priority 8
and hostname.em1 has
mtu 1508
up
In my case, I'm using dhcpcd from packages to get addresses for my internal
networks, Zen don't statically route my v6 block unless I request it via
DHCPv6-PD, but you won't need that with A&A, you can just configure them
statically on the inside interfaces.
inet 0.0.0.0 255.255.255.255 NONE mtu 1500 pppoedev em1 authproto chap authname foo authkey bar up
dest 0.0.0.1
inet6 eui64
!/sbin/route add default -ifp pppoe0 0.0.0.1
!/sbin/route add -inet6 default -ifp pppoe0 fe80::%pppoe0
inet 192.168.2.2 255.255.255.0 NONE mtu 1508
Which I think was just me attempting to make it so that I could talk to my modem previously... Anyway the connection comes up and I can do 1500 byte packets over it so all good in that respect.
My config is basically lifted almost verbatim from the first example on the pppoe(4) man page, with the 1500 mtu modifications from the example lower down... So either there is something really weird with my particular setup which means that this example is no longer suitable, or the example does not work like expected on 6.3.
As previously mentioned I also tried it with 'eui64' changed to 'autoconf', but it didn't seem that SLAAC was seeing RAs from the remote end - maybe that's not set up on A&A, or something else is configured wrong? I did try opening up my pf ruleset a bit but it made no difference. However I used an older version of the manpage example on my previous OpenBSD 5.8 router (i.e. no SLAAC or other thing doing any v6 configuration) and it worked fine, so something is seemingly altering the v6 route table in between the pppoe0 if being brought up, and it actually establishing a session...
Thanks,
Edmund
Hi

Just upgraded to 6.3 and it works for me. Here is my config:

--- /etc/hostname.em1


llprio 1 mtu 1508 up

--- /etc/hostname.vlan35


vnetid 35 parent em1 mtu 1508 llprio 1 up

--- /etc/hostname.pppoe0
inet 0.0.0.0 255.255.255.255 NONE mtu 1500 llprio 1 \
pppoedev vlan35 \
authproto pap \
authname "foo" \
authkey "bar"
dest 0.0.0.1
inet6 autoconf
!/sbin/route add default -ifp pppoe0 0.0.0.1
!/sbin/route add -inet6 default -ifp pppoe0 fe80::%pppoe0

--- /etc/pf.conf
if_ext="pppoe0"
icmp6_types="{ 1, 2, 133, 134, 135, 136 }"
pass in quick on $if_ext inet6 proto icmp6 from any to { ($if_ext),
ff02::1/16 } icmp6-type $icmp6_types
pass in quick on $if_ext inet6 proto icmp6 from any to { ($if_ext),
ff02::1/16 } icmp6-type 3 code 0
pass in quick on $if_ext inet6 proto icmp6 from any to { ($if_ext),
ff02::1/16 } icmp6-type 3 code 1
pass in quick on $if_ext inet6 proto icmp6 from any to { ($if_ext),
ff02::1/16 } icmp6-type 4 code 0
pass in quick on $if_ext inet6 proto icmp6 from any to { ($if_ext),
ff02::1/16 } icmp6-type 4 code 1
pass in quick on $if_ext inet6 proto icmp6 from any to { ($if_ext),
ff02::1/16 } icmp6-type 4 code 2

You don't have to use a vlan as it seems from your config and won't need
the llprio stuff either. If your ISP supports SLAAC, this should work
for you too I guess.

Daniel
--
Unix _IS_ user friendly - it's just
selective about who its friends are!
Edmund Craske
2018-04-16 08:31:55 UTC
Permalink
Post by Daniel Gillen
Hi
<snip>
Post by Daniel Gillen
--- /etc/pf.conf
if_ext="pppoe0"
icmp6_types="{ 1, 2, 133, 134, 135, 136 }"
pass in quick on $if_ext inet6 proto icmp6 from any to { ($if_ext),
ff02::1/16 } icmp6-type $icmp6_types
pass in quick on $if_ext inet6 proto icmp6 from any to { ($if_ext),
ff02::1/16 } icmp6-type 3 code 0
pass in quick on $if_ext inet6 proto icmp6 from any to { ($if_ext),
ff02::1/16 } icmp6-type 3 code 1
pass in quick on $if_ext inet6 proto icmp6 from any to { ($if_ext),
ff02::1/16 } icmp6-type 4 code 0
pass in quick on $if_ext inet6 proto icmp6 from any to { ($if_ext),
ff02::1/16 } icmp6-type 4 code 1
pass in quick on $if_ext inet6 proto icmp6 from any to { ($if_ext),
ff02::1/16 } icmp6-type 4 code 2
I added this to my pf.conf, and SLAAC now works, and pokes in a default route. So that's worked around the fact that '!/sbin/route add -inet6 default -ifp pppoe0 fe80::%pppoe0' no longer works on boot. Thanks for the pf config :)

Ed

Loading...