On 2019-07-20, shadrock uhuru <niyal...@gmail.com> wrote: > Hi Stuart > thanks for the reply > > On 7/12/19 1:20 PM, owner-m...@openbsd.org wrote: >>> hypothetical ipv4 Address and ipv6 prefix from zen: >>> ND Prefix: aaaa:bbbb:cccc:dddd::/64 >>> PD Prefix: 1111:2222:3333::/48 >>> IPv4 Address: 12.34.56.78 (Subnet mask 255.255.255.255) > --------------------------------------------------------------------------- >>> fw1 em0: 192.168.2.2 (lan) >>> fw1 em1: 12.34.56.78 (wan) > i have taken carp out of the configuration which leaves me with: > > /etc/hostname.em0 > mtu 1508 > inet 192.168.2.2 255.255.255.0 NONE > > /etc/hostname.em1 > mtu 1508 > inet 12.34.56.78 255.255.255.255 NONE > inet6 autoconf -autoconfprivacy -soii > > /etc/hostname.pppoe > mtu 1500 > inet 0.0.0.0 255.255.255.255 0.0.0.1 pppoedev em1 authproto chap > authname "XXX@isp" authkey "XXX" up > dest 0.0.0.1 > inet6 eui64 > !/sbin/route add default -ifp pppoe0 0.0.0.1 > !/sbin/route add -inet6 default -ifp pppoe0 fe80::%pppoe0 -priority 8 > > /etc/rad.conf > interface em0 > > dhcpcd to be added > >> If you need DHCPv6-PD then don't hardcode the addresses on the >> inside interfaces, just let PD fetch them.(For the UK ISPs I'm most familiar >> with, zen seems to need PD otherwise >> they don't route the block to me, at least in the config they've got >> on my user account > by inside interfaces do you mean the lan facing nic on the firewall and > any tun interfaces ?
Yes any lan facing nics. tun depends on what you are doing with them, I haven't use that for ages. > i am on zen also and will have a look at dhcpcd >> question 5 >>>> do i need to put -autoconfprivacy -soii in the nics or should i remove it. >> Don't use autoconf on interfaces where you run rad(8), that is like >> running dhclient and dhcpd on the same interface. >> > so remove autoconf from em0 ? Yes. > should i be using the mtu option in rad.conf to ensure that all nodes on > a link use the same MTU value i.e. 1508 ? No - the only place MTU should be set to 1508 is the "pppoedev" (parent interface) for the pppoe connection, in your case em1. > could you send examples of the following files to compare with mine for > any misconfigurations on my side please. > wan hostname file pppoe is the "wan" interface. I guess you mean the pppoedev interface, em1 in my case: mtu 1508 up > lan hostname file Showing those will just add complication as I have multiple subnets and they're all on vlans. Typically just "inet XX.XX.XX.XX/YY" in those, no IPv6 setup. > pppoe hostname file mtu 1500 group zen inet 0.0.0.0 255.255.255.255 0.0.0.1 pppoedev em1 authproto chap authname "zenXXXXXX@zen" authkey "XXXXXXXXXXX" up inet6 eui64 inet6 autoconf -autoconfprivacy !/sbin/route add default -ifp pppoe1 0.0.0.1 !/sbin/route add -inet6 default -ifp pppoe1 fe80::%pppoe1 -priority 8 > rad.conf just "interface" lines listing all the "lan" interfaces, e.g. interface vlan2 interface vlan3 [...] > dhcpcd.conf the below tells it to fetch a handful of subnets from the ISP; one for vlan2, one for vlan3, one for vlan4, etc. if you only have one "lan" / "inside" interface then you would just list that instead of the multiple vlan interfaces. ===== ipv6only noipv6rs duid persistent option rapid_commit require dhcp_server_identifier slaac private nohook resolv.conf, lookup-hostname allowinterfaces pppoe1 vlan2 vlan3 vlan4 vlan5 script "" interface pppoe1 ia_na 1 ia_pd 2 vlan2/1 vlan3/2 vlan4/3 vlan5/4 =====
