[AusNOG] EdgeRouter IPv6 on AussieBB
Chris Lee
chris at datachaos.com.au
Sun Sep 8 17:21:00 EST 2019
Hi Alex,
Yes have ER-X running 2.0.6 working well with ABB.. some snippet of
interface and firewall stanzas below. I put the dhcpv6-pd on switch0
interface for my local LAN. I have a virtual interface on the WAN port as
well to manage the Netcomm NFV modem from ABB that I put into bridge mode.
Also have a Netgear 4G ethernet router on the second ethernet port that I
use the load-balancing features with to failover to 4G automatically if
NBN/ABB becomes unavailable (but haven't enabled IPv6 on the 4G yet), so
far works fairly well.
On occasion when there's been issues with IPv6 I've found I've had to
manually release/delete the DUID and renew dhcpv6-pd on the edgerouter with
the commands below.
release dhcpv6-pd interface eth0
delete dhcpv6-pd duid
renew dhcpv6-pd interface eth0
other than that just show interfaces and you should see your /128 IA-NA
IPv6 address on the eth0 interface and a /64 from the IA-PD on switch0
interface.
interfaces {
ethernet eth0 {
address dhcp
description "WAN Aussie Broadband FTTN"
dhcp-options {
default-route update
default-route-distance 10
name-server no-update
}
dhcpv6-pd {
pd 0 {
interface switch0 {
host-address ::1
prefix-id :1
service slaac
}
prefix-length /56
}
rapid-commit disable
}
duplex auto
firewall {
in {
ipv6-name WANv6_IN
name WAN_IN
}
local {
ipv6-name WANv6_LOCAL
name WAN_LOCAL
}
}
speed auto
vif 3 {
address 10.1.1.2/24
description "NetComm Management"
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
mtu 1500
}
}
}
firewall {
ipv6-name WANv6_IN {
default-action drop
description "WAN inbound traffic forwarded to LAN"
enable-default-log
rule 10 {
action accept
description "Allow established/related sessions"
protocol all
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
protocol all
state {
invalid enable
}
}
rule 30 {
action accept
description "allow ICMPv6"
protocol icmpv6
}
}
ipv6-name WANv6_LOCAL {
default-action drop
description "WAN inbound traffic to the router"
enable-default-log
rule 10 {
action accept
description "Allow established/related sessions"
protocol all
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
protocol all
state {
invalid enable
}
}
rule 30 {
action accept
description "Allow IPv6 icmp"
protocol ipv6-icmp
}
rule 40 {
action accept
description "allow dhcpv6"
destination {
port 546
}
protocol udp
source {
port 547
}
}
}
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians disable
}
Regards,
Chris
On Sun, Sep 8, 2019 at 2:14 PM Alex Wakefield <AlexWakefield at fastmail.com.au>
wrote:
> Hi,
>
> Does anyone have a working IPv6 setup for an EdgeRouter using the AussieBB
> beta? I'm using an EdgeRouter Lite running v2.0.6.
>
> My internal interface manages to get IPs out of the range handed out by
> Aussie but clients never get an address after that. I'm trying to use SLAAC
> to hand out IPs. Relevant config on my internet facing port below.
>
> ethernet eth0 {
> address dhcp
> description AussieBB
> dhcpv6-pd {
> pd 1 {
> interface eth2.20 {
> host-address ::1
> no-dns
> prefix-id 0
> service slaac
> }
> prefix-length 56
> }
> rapid-commit enable
> }
> duplex auto
> firewall {
> in {
> ipv6-name AussieIn
> name AussieIn
> }
> local {
> ipv6-name AussieLocal
> name AussieLocal
> }
> out {
> ipv6-name AussieOut
> name AussieOut
> }
> }
> ipv6 {
> address {
> autoconf
> }
> }
> speed auto
> }
>
> Regards,
> Alex
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20190908/7675afa5/attachment.html>
More information about the AusNOG
mailing list