home Sonstiges Linux OpenBSD Links

OpenBSD 6.1 VDSL Router T-Online with IPv6

This page gives short instructions how to setup a OpenBSD router.
I don't use it in reality, I did it just for fun to learn a little bit. There are still things to improve like dynamic DNS for IPv6 hosts. Also Asterisk for SIP phones would be nice.
If you have ideas or general improvments for this site, please mail me: marty44 AT web DOT de.

First you need to write down some basic information:
1. User and password for your VDSL access. I use the german provider T-Online which has a little bit crazy user name. The correct order is [Anschlusskennung][T-Online-Nr][0001]@t-online.de
2. A computer with minimum 2 network interfaces. I use an ITX board (amd64 flavor) with 2 NICs onboard and an additional network card, so I have 3 NICs to play. Here is a dmesg of the machine.
3. A VDSL modem. These a quite rare, I use a Zyxel VMG1312-B30A.
4. My standard VDSL is access is via a Fritzbox, so I login and write down the DNS server inforation: Telekom T-Online IPv4 DNS: 217.237.148.70 and 217.237.150.115, IPv6 DNS: 2003:180:2:1000::53 and 2003:180:2:5000::53. Check out what prefix your provider assign to you. Telekom assigns a /56.
5. Write down what are your interfaces. For this example re0 is for internal LAN and at re1 is the VDSL modem connected. For WLAN is use a D-Link DWL-G122 Rev C1 USB stick. Not every USB WLAN stick is able to run in HOSTAP mode! DWL-G122 Rev C1 has the interface name rum0.
First install OpenBSD 6.1. There are many documentations around the web so I will not explain this.

After install, make the system a little bit more user friendly. Add following lines to the .profile file: 

PKG_PATH=http://ftp.hostserver.de/pub/OpenBSD/6.1/packages/amd64/
export PKG_PATH
alias 'll=ls -l'
Logout and in again, now install three packages. Joe is a nice editor (I'm not a fan of vi). Wget is always a good helper to download something and we need programs from the wide-dhcpv6 package: 
pkg_add joe wget wide-dhcpv6
Now patch everything so the system is up to date: 
cd /usr
cvs -qd anoncvs@ftp.hostserver.de:/cvs checkout -rOPENBSD_6_1 -P src
See errata page for installation details.

Now create all the required files:

/etc/hostname.pppoe0 
inet 0.0.0.0 255.255.255.255 NONE \
        pppoedev vlan7 authproto pap \
        authname AAAAAAAAAAAAAAAAAATTTTTTTTT0001@t-online.de authkey passwort \
        up
dest 0.0.0.1
inet6 eui64
!/sbin/route add default -ifp pppoe0 0.0.0.1
!/sbin/route delete -inet6 default
!/sbin/route add -inet6 default -ifp pppoe0 fe80::%pppoe0
!/sbin/ifconfig pppoe0 inet6 autoconf -autoconfprivacy
!/etc/rc.d/wait300seconds
!/etc/rc.d/dhcp6c restart
!/etc/rc.d/wait5seconds
!/etc/rc.d/rtadvd restart
The problem is that it takes up to 2-3 minutes before the PPPoE session is up. So we wait 5 minutes before we start dhcp6c and rtadvd.
/etc/rc.d/wait300seconds 
#!/bin/sh
sleep 300
/etc/rc.d/wait5seconds 
#!/bin/sh
sleep 5
Make both files executable: 
chmod 500 /etc/rc.d/wait*
/etc/hostname.rum0 
inet 10.0.0.1 255.255.255.0 NONE
inet6 eui64
mediaopt hostap
nwid PennyGetYourOwnWLAN
wpakey EinPasswort12345
wpaprotos wpa2
up
/etc/hostname.re0 
inet 192.168.44.2 255.255.255.0 192.168.44.255
inet6 eui64
/etc/hostname.re1 
up
/etc/hostname.vlan7 
vlan 7 vlandev re1 up
Telekom VDSL expect the PPPoE session in VLAN 7, so we must create this.
/etc/resolv.conf 
search fritz.box
nameserver 217.237.148.70
nameserver 217.237.150.115
nameserver 2003:180:2:1000::53
nameserver 2003:180:2:5000::53
/etc/sysctl.conf 
net.inet.ip.forwarding=1
net.inet6.ip6.forwarding=1
/etc/rc.conf.local 
dhcpd_flags=re0 rum0
rtadvd_flags=re0 rum0
dhcp6c_flags=pppoe0
/etc/rtadvd.conf 
rum0:\
:rdnss="2003:180:2:1000::53,2003:180:2:5000::53":\
:raflags#64:
re0:\
:rdnss="2003:180:2:1000::53,2003:180:2:5000::53":\
:raflags#64:
My Windows 7 box only accepted the RA with prefix length /64, everything else like a /60 is ignored.
/etc/dhcp6c.conf 
interface pppoe0 {
        send ia-pd 0;
        send domain-name-servers;
        send rapid-commit;
};

id-assoc pd {
        prefix-interface rum0 {
                sla-id 0;
                sla-len 8;
        };
        prefix-interface re0 {
                sla-id 4;
                sla-len 8;
        };
};
Here too, sla-len 8 mean that a /64 prefix is announced.
/etc/rc.d/dhcp6c 
#!/bin/sh

daemon="/usr/local/sbin/dhcp6c"

. /etc/rc.d/rc.subr

rc_reload=NO

rc_check() {
        kill -0 $(cat /var/run/dhcp6c.pid)
}

rc_stop() {
        kill -TERM $(
                cat /var/run/dhcp6c.pid
                rm -f /var/run/dhcp6c.pid 2> /dev/null > /dev/null
        )
}

rc_cmd $1
chmod 500 /etc/rc.d/dhcp6c
/etc/dhcpd.conf 
option domain-name "fritz.box";
option domain-name-servers 217.237.148.70, 217.237.150.115;
default-lease-time 43200;
max-lease-time 86400;

subnet 10.0.0.0 netmask 255.255.255.0 {
        option routers 10.0.0.1;
        range 10.0.0.10 10.0.0.20;
}

subnet 192.168.44.0 netmask 255.255.255.0 {
        option routers 192.168.44.2;
        range 192.168.44.50 192.168.44.254;
}
/etc/pf.conf 
set skip on lo
match in all scrub (no-df random-id)
match on pppoe0 scrub (max-mss 1440)

match out on egress inet from !(egress:network) to any nat-to (egress:0)

# RFC 4890, section 4.4
pass quick inet6 proto icmp6 to { (self) ff02::/16 } icmp6-type \
        { 133 143 135 136 141 142 130 131 132 143 148 149 151 152 153 }
# RFC 4890, section 4.3
pass quick inet6 proto icmp6 icmp6-type { 1 2 3 4 128 129 144 145 146 147 }
# DHCPv6 client: receive responses to IA_PD requests
pass quick inet6 proto udp to (self) port dhcpv6-client
# Pass all outbound IPv6 traffic
pass out quick inet6 from { (self) (rum0:network) }
pass out quick inet6 from { (self) (re0:network) }

block return    # block stateless traffic
pass            # establish keep-state

# By default, do not permit remote connections to X11
block return in on ! lo0 proto tcp to port 6000:6010

zurück zur OpenBSD-Übersicht
Letzte Aktualisierung dieser Seite: 22. Mai 2017