I am attempting to build my own router rather than using the suspicious box I've been offered to rent by the network provider.
I'm fairly confident in Linux sysadmin (netwroking with iproute and iptables is kind of my weak spot though).
My ISP (in Japan) only provides IPv6 connectivity in the uplink, and in order to get access to the IPv4 part of the Internet, I have to set up what they refer to as an "IPoE connection" on their "v6Direct" plan - the only guidance they provide is to Japanese routers already providing support for this protocol. Basically it's an IPv4-over-IPv4 tunnel, referred to as `ipip6` in Linux. After reading it seems to be the same, at least in principle, to the more well-known "DS-Lite" protocol. Not sure if they're doing proper DS-Lite or if there's something they're doing differently (or is DS-Lite just a synonym for ipip6?).
I bought a PC Engines APU4 kit that I am now attempting to set up.
After much toil and trouble, I just can't figure out how to get the tunneling set up on the router/firewall.
IPv6 connection works fine from what I can see.
What I tried:
- pfSense: There is GRE and GIF tunnels. Can't get any of these working. No configuration allows me to ping the remote gateway, despite trying to route all IPv4 traffic through the tunnel in various configurations. First time I'm using pfSense and FreeBSD - maybe GRE/GIF are not compatible protocols here? DHCP6 RA seems broken as well due to a bug in radv 2.17 which was fixed in the upstream 2.18, which is not installable.
- OpenWRT: Has a "dslite" package with a hardcoded IP which is different from the one I'm using. Found a modification that should work for the network I'm on, but the uci interface fails to start - logs just show "unknown error" and I found a couple of issues in the tracker related to this, so it seems to be broken in OpenWRT as of now, possibly due to some bug in the odhcpd package. Gave up on OpenWRT.
- OPNsense: Didn't try yet but this issue put me off after the above. And looks like they're still on radvd 2.17 as well.
- Connecting directly with my laptop running Arch: Working!
On Arch I can get it up using the following:
ip -6 tun add mytunnel mode ipip6 local $MY_IPV6_ADDRESS remote $GATEWAY_IPV6_ADDRESS dev $INTERFACE ip a add dev mytunnel $PROVIDED_STATIC_IPV4/32 ip route add default dev mytunnel ip link set dev mytunnel up VyOS might work, but I've played with it before and just go nuts over how they're forcing every single parameter change to go through a single command in their CLI rather than allowing me to edit configuration files directly by hand...
At this point I'm considering giving up with all these router/firewall distros, install Debian and calling it a day... But can something so simple really be this hard?
Did anyone have success doing something similar with any of the above? Some other distro I should give a shot? Is IPFire worth it?
EDIT: ISP graciously provides a sample config for Yamaha RTX1210, one of those domestic routers.
No comments:
Post a Comment