Since November 2020, A1 seems to send out IPv6 addresses on their FTTH pppoe lines as well. It only took 9 years since someone in the community forum asked for it...
My router has the following configuration:
- eth0 is connected to the GPON Terminator (i.e. the WAN interface)
- eth1 and eth2 as well as wlan0 are bridged to br0 and form the LAN interface
- A1 uses VLAN.2 for the PPPoE connection
Install wide-dhcp6-client radvd pppoe vlan.
Note, that by default your hosts will be exposed to the world!
As ppp0 is not available before dhcp6c and radvd starts, we need to deactivate the services and start them manually:
systemctl disable wide-dhcpv6-client.service
systemctl disable radvd
(Not sure if this is a bug or of the systemd unit could be tweaked...)
In /etc/network/interfaces:
auto eth0
auto eth0.2
auto a1
iface eth0 inet manual
iface eth0.2 inet manual
iface a1 inet ppp
pre-up /sbin/ifconfig eth0.2 up
provider a1
post-down /sbin/ifconfig eth0.2 down
# Configuration for br0 follows...
In /etc/sysctl.conf:
net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.ppp0.accept_ra = 2
net.ipv6.conf.ppp0.disable_ipv6 = 0
net.ipv6.conf.ppp0.autoconf = 1
net.ipv6.conf.ppp0.accept_ra_defrtr = 1
net.ipv6.conf.ppp0.accept_ra_pinfo = 1
net.ipv6.conf.ppp0.accept_redirects = 1
net.ipv6.conf.ppp0.accept_source_route = 0
in /etc/ppp/peers/a1:
# Get IP dynamically by provider
noipdefault
# Set default route for device
defaultroute
# Replace the route if necessary
replacedefaultroute
hide-password
noauth
persist
maxfail 0 # retry infinite number of times - the connection hopefully comes back later
plugin rp-pppoe.so eth0.2
# You should have a line in /etc/ppp/pap-secrets:
# YOURA1USERNAMEGOESHERE * YOURA1PASSWD
user "YOURA1USERNUMBERGOESHERE"
usepeerdns
lcp-echo-failure 2 # Connection is timedout after 2 failed echo requests
lcp-echo-interval 10 # Send an lcp echo request every 10 secs.
# PPPoE compliant settings.
noaccomp
default-asyncmap
mtu 1492
# Always assign ppp0
unit 0
# Activate IPv6 and use the address
+ipv6
ipv6cp-use-ipaddr
in /etc/ppp/ipv6-up.d/10-fixdhcp6:
#!/bin/sh
# The environment is cleared before executing this script.
PATH=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin
export PATH
sleep 2
systemctl restart wide-dhcpv6-client.service
# Give some time to add the prefixes
sleep 2
systemctl restart radvd.service
In /etc/wide-dhcpv6/dhcp6c.conf:
interface ppp0 {
# Request Prefix Delegation on ppp0, and give the received prefix id 0
send ia-pd 0;
send rapid-commit;
send ia-na 1;
};
id-assoc na 1 { };
# Use subnets from the prefix with id 0
id-assoc pd 0 {
prefix-interface br0 {
# A1 assignes a /64 network
sla-len 0; # therefore, this must be 0
# Assign subnet 1 to br0
sla-id 1;
# Can be used to force the IP to xxxx::1
# ifid 1;
};
};
profile default
{
request domain-name-servers;
request domain-name;
script "/etc/wide-dhcpv6/dhcp6c-script";
};
also adjust /etc/default/wide-dhcpv6-client:
INTERFACES="ppp0"
in /etc/radvd.conf:
interface br0
{
AdvLinkMTU 1492;
AdvSendAdvert on;
prefix ::/64
{
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr on;
# Provider might send another prefix on reconnect...
DeprecatePrefix on;
};
# Use the bind on our router
RDNSS fe80::.... { };
};
Unfortunately, there is a bug in Debian: Debian bug #891324 which sends weird messages that the prefix is invalid, but it should start anyway.
Adjust /etc/bind/named.conf.options, in the options section add:
// Adjust here the link local of br0
listen-on-v6 { fe80::...%br0; };
If you have a ACL, you might want to add something like:
acl goodclients {
// [...]
fe80::/64;
// [...]
};
Also check if in /etc/default/bind9 in the OPTIONS if there is a -4 (which
prevents bind to start on IPv6).
Some more information might be found here: