From owner-freebsd-current@freebsd.org Fri Nov 30 18:23:35 2018 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 58D24114BFB7 for ; Fri, 30 Nov 2018 18:23:35 +0000 (UTC) (envelope-from zbeeble@gmail.com) Received: from mail-it1-x133.google.com (mail-it1-x133.google.com [IPv6:2607:f8b0:4864:20::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 7FE746FAD9 for ; Fri, 30 Nov 2018 18:23:34 +0000 (UTC) (envelope-from zbeeble@gmail.com) Received: by mail-it1-x133.google.com with SMTP id o19so10477734itg.5 for ; Fri, 30 Nov 2018 10:23:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=dDf2nWkn6r21PS6R2yOZqBxmg+4dutpMGdzG0Ix8uow=; b=UEwPNiI1L/Q1Zp5D8WyUMhWNqtuDCHUfY5eL+iZ8IxWwW9eJzBHun9t8AAwpOFsv1B a31CMmHc2Y03b90qN0Ih8brftfa074XmOGtjF9mklnGtHZOhjr5KGQh9cWK8ugZzWiWG 3HDngre0stbtxGpYaJ+GOnb8l1p38d7CgeKc815hBYsyHVGPkn7it9SbecVz9VlxYO7x hk/mUZpsCICEjN2N2H2K0bDBHGFatcqjmE6stugYSSlvXPM33+xU9t3MEL7fqZ+ohcE5 t8sQ7vjOejUzSeZs5Gxoi0pJXVvBphWMkexZ2Hsa5tEeoL5ubZ7iLsYMGzTinNIYsIjP hMKA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=dDf2nWkn6r21PS6R2yOZqBxmg+4dutpMGdzG0Ix8uow=; b=G7AEqvK5E1pm4+s0Qur/v9/ErB0E4xGVGoK4bAumHy0hUKZrPRJPWpvvs3phdDEBVp ShZz31xjfaEXRwk/aYCQ3goxu5++od333AeNPwlB2KuWE8mOKtLAE4/0f0XK7DHvXNDl YCKdhpNrJJx/nVWIlDI5ziYOrBE6i8jGJ6iU90y82TgEFwGkcbphCK2OofFa5Wfn+sz3 OihNiDv7U5qhgvdWyFgAsPwwDS3tRCSBiTJBJ2TSCFGSnal6EiC4ukCKZGWZrwPDVnec XZpO9SBOPj067VT94BkGmagSoSgPstAa7yQNcOeP0qRPWGT2b+MexjOOIINzWxK+SffV zEsQ== X-Gm-Message-State: AA+aEWY2xHP99KKQ6x75cLxmVmeU1EICo4PAExBszlXpj+EX3eNhFefW 6FF0XmAsJpL027m18z1ZZ6bOII7lNblnHnaruHgb2Sk= X-Google-Smtp-Source: AFSGD/XjWBpiP2qfuwWjyN7xAceTMpCA1eaBNJESKp+r6Cjj1vvY+y2l9RY3beeAqi5Vi67b2xsKPOmW1xXLHddxce0= X-Received: by 2002:a24:e38f:: with SMTP id d137mr5773812ith.69.1543602213785; Fri, 30 Nov 2018 10:23:33 -0800 (PST) MIME-Version: 1.0 References: <20181130131259.1654aee3@thor.intern.walstatt.dynvpn.de> <20181130155937.GA74153@elch.exwg.net> <20181130171920.GB74153@elch.exwg.net> In-Reply-To: <20181130171920.GB74153@elch.exwg.net> From: Zaphod Beeblebrox Date: Fri, 30 Nov 2018 13:23:22 -0500 Message-ID: Subject: Re: ipv6/ppp: FreeBSD obtains linklocal on tun0 only To: cmt@burggraben.net Cc: freebsd-current X-Rspamd-Queue-Id: 7FE746FAD9 X-Spamd-Result: default: False [-6.06 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; FREEMAIL_FROM(0.00)[gmail.com]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-current@freebsd.org]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[3.3.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; IP_SCORE(-2.05)[ip: (-7.10), ipnet: 2607:f8b0::/32(-1.74), asn: 15169(-1.34), country: US(-0.09)]; NEURAL_HAM_SHORT(-0.99)[-0.993,0]; FROM_EQ_ENVFROM(0.00)[]; RCVD_TLS_LAST(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_COUNT_TWO(0.00)[2] X-Rspamd-Server: mx1.freebsd.org Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Nov 2018 18:23:35 -0000 As someone who controls both ends of the link (runs the ISP, has service from the ISP), so far (a bit out of laziness) I have the following solution... Now... of note is that we statically assign addresses. This is not just being nice, but being practical. We deal out IPv4 addresses vi IPCP, but they are, in fact, statically assigned. In radius we assign IPv6 addresses. On the servers, we run this ifaceup script: #!/bin/bash # # Add a route to the interface, if appropriate. PATH=/sbin:/usr/local/bin:$PATH date=`date` interface="$1" authname="$5" route=`psql -tA --user mpd5 --host postgres.host.com -c "select value from radreply where username = '$authname' and attribute = 'Framed-IPv6-Route'" radius` if [ -n "$route" ]; then route -n6 add $route -iface $interface fi echo $interface $authname $route $date >>/tmp/mpd5-if-up It may be prudent to note here that OSPF keeps track of these routes, so we don't need to. There's no ifdown script because mpd5 destroys the ngX interface which deletes the route (99 out of 100 times). On the client side, we enable ipv6cp (for link local stuff). Then we add an ifup script: /sbin/route -n add -inet6 default -iface ng0 >/tmp/ipv6routeup.log 2>&1 ... it might be useful to note that non-BSD endpoints (we use the linux-based SmartRG modems) seem to add the IPv6 default route automatically. We then set the first address statically to the ethernet device. This, so far, has been enough to make things work smoothly. (obPitch: if you're in Canada and can get DSL where you are, hit me up for a FreeBSD-only (no Cisco) connection)