What the ISP offers
I’m using NTT flets as physical provider (fiber), and Biglobe for the packets ontop. Regarding IPv6, Biglobe allows on a webfrontent to request v6, which I did. Then they offer 2 options:
- IPv6オプション (“option”)
- IPv6オプションライト(“option light”)
I was first on the former, then switched to the latter. Their site on this. With both of these options, I get IPv4 via PPPoE tunnel, and IPv6 plainly onto my ethernet interface facing towards the ONU/modem.
Basic network setup of PPPoE, for IPv4 connectivity
With that, we can swap both NVMe and boot from the new system. No network configured right now, so access via serial console, details here. The previous distro on my Star64 router was Ubuntu based and I used NetworkManager (NM), which seemed preferred by the distro, and I’m also somewhat familiar with NM. It made setting up a Wifi AccessPoint very simple. As a downside: I never got the PPPoE session properly integrated with NM, so I always controlled the PPPoE interface in executing “pon dsl-provider” to activate and “poff” to bring down the interface.
The Debian way for Bookworm and later seems to be systemd-networkd right now, so I’m going with that. My ethernet devices appear as “end0” and “end1”, and wifi as “wlx14f5f9517bcc”.
|
|
This the LAN facing interface, just setting a static v4 and v6 address. After rebooting, this becomes active, “networkctl” and “ip addr s” confirm.
PPPoE and NAT setup
The pppoeconf tool does the setup for us - it’s working outside of systemd-networkd and setting up pieces in /etc/network/interfaces, so pppoe is started after reboots.
|
|
Setting up IPv4 NAT for the LAN clients, and Wifi clients on 192.168.5.0/24 network:
|
|
Manual triggering of the PPPoE session with “pon dsl-provider” and “poff” works then. The user/password for the pppoeconf tool are the ones used for the data ISP, here Biglobe. pppoe is then getting listed by networkctl, but is not fully managed by systemd-networkd:
|
|
IPv6 for router and LAN
Now it’s getting ugly.. I struggle with this forever. All ISP’s seem to do this differently. One needs to find out what the ISP is offering, how to get v6 for the router, and then how to best make it available for the LAN.
In my case: first step is requesting v6 with the ISP, via a web frontend from the ISP. Once the ISP has enabled IPv6 from their side, the kernel recognizes announcements and configures interface end0 - even if the PPPoE session is down:
|
|
From that point on, I can do IPv6 traffic from the router/star64.
I then had a journey through various tools, trying to understand what the ISP is offering, and how to best make IPv6 available to the systems on the LAN. The inconvenient truth is that NAT with IPv6 is the only thing I got working. These are the options:
Option 1: Subnet delegation, via systemd-networkd
Best option would be the ISP to provide a delegation of a /56 or bigger, which could then be used from the LAN. The router would then plainly route through. I sniffed traffic on the end0 interface right after activating the interface, seems like I get. One would use “radvd” to advertise the network to the LAN clients, activate forwarding on the router. I had no luck with requesting subnet delegation.
With
|
|
in my end0.network interface config file. The ISP facing interfact ends then up like this:
|
|
..which looks like I got a /64 network. But then, adding
|
|
to the interface facing to the LAN, I do not get networks announced on the systems connected on the LAN side.
Option 2: Subnet delegation, via wide-dhcpv6-client
This is another option to request a subnet from the ISP, instead of having systemd-networkd request the subnet. Package wide-dhcpv6-client is available in Debian repos. In removing file /etc/systemd/network/end0.network, I can take interface end0 out of systemd-networkd’s management, and try wide-dhcpv6-client:
|
|
Yet, after starting /etc/init.d/wide-dhcpv6-client, my interface just gets a link-local address. Not even the SLAAC configured 2404[..] address. I can run wide-dhcpv6 in debug mode, and it seems like no PD is offered by the ISP:
|
|
Dumping the traffic and investigating with tshark, I see my request for delegation, and the denial from the other side:
|
|
Also re questing /56 or /64 subnets makes no difference.
Option 3: Subnet delegation, via network scripts
After installing package isc-dhcp-client, I can also use
|
|
in /etc/network/interfaces to get a prefix. After a “ifup end0”, I get the 2404[..] address, but no network.
Option 4: DHCPv6 relay via wide-dhcpv6-relay
The idea is here to have
- LAN clients issue DHCPv6 requests
- have the router relay these to the ISP facing network
- and have the reply also relayed to the LAN client, so it can configure it’s interface
- then also ensure routing/proxying for normal v6 traffic from the LAN client
After installing package wide-dhcpv6-relay on the router, it seems like relaying is done, just that the IPv6 interface on the LAN client is not getting an address:
|
|
Option 5: DHCPv6 relay via dibbler-relay
Also with this, the interface on the LAN system is not getting an address:
|
|
Option 6: NDP proxy
Next best option is the router acting as IPv6 NDP proxy: this would proxy IPv6 config requests from the LAN to the ISP, and also answers. I installed ndppd and played around, without success.
Option 7: IPv6 NAT/masquerading
My last resort: a static IPv6 IP on the end1 interface which is facing the LAN, and static IPv6 IP on the LAN system. The router is then getting configured for NAT:
|
|
This state is not satisfying.. we should setup an exhaustive list of debug steps for IPv6, to find out what an ISP is offering and then investigate the options.