kaeru


"Stuff I'm working on ..."

Basic FreeBSD IPv6 configuration for TMNet Unifi

by kaeru published 2021/11/22 23:47:00 GMT+8, last modified 2023-06-21T09:27:04+08:00
Network switch
Network switch

Recently upgraded home server to FreeBSD 13.0 and decided it was a good time as any to switch over to a dual stack IPv4 and IPv6 network setup. One thing about IPv6 is that there is less examples to be found, especially for local setups. The documentation is there, but takes some time to get used to the differences to IPv4. "Hello IPv6" is one of the better guides for this transition recommended by peers.

So here are some configuration files for connecting to Malaysian ISP provider TMNET for IPv6 on FreeBSD.

ppp.conf

Not much to this. Just have enable ipv6cp and add default HISADDR6. As before you will need to configure for a VLAN 500 network interface for pppoe connection fibre modem. I use alias of unifi but you can use em0.500 or whatever naming convention you prefer.

default:
 set log Phase Chat LCP IPCP IPV6CP CCP tun command
 #set log tun command
 ident user-ppp VERSION (built COMPILATIONDATE)
 set redial 10
 set dial
 set login
 disable dns
 enable ipv6cp

unifi:
 set device PPPoE:unifi
 set authname username
 set authkey password
 add! default HISADDR
 add default HISADDR6

At this stage, you should be able to connect to ipv6 via the tun0 device on the server.

dhpc6c.conf

You will need dhcp6 client to get an address on your network interface and address address prefix. The pkg to install is dhcp6

interface tun0 {
send ia-pd 0
send rapid-commit;
};

id-assoc pd 0 {
prefix ::/64 infinity;
prefix-interface em1 { sla-id 0; sla-len 0; };
};

rtadvd.conf

Instead of dhcp, the default way of assigning routing, address and dns is via router advertisements (SLAAC), and on FreeBSD this is rtadvd which is part of the base system.

default:\
    :raflags#0:
em1:\
        :prefixlen#64:tc=default:

rc.conf

For ipv6 configuration and to start all the relevant services needed

### Networking ###
ipv6_enable_all_interfaces="YES"
ipv6_gateway_enable="YES"
hostname="yourserverhostname"

# PPP
ppp_enable="yes"
ppp_mode="ddial"
ppp_profile="unifi"

# TMNet PPPoE is on VLAN 500, create vlan netif
vlans_em0="unifi"
create_args_unifi="vlan 500"

#ipv6
rtadvd_enable="YES"
rtadvd_interfaces="em1" #LAN or WIFI interface

#prefix assigment from ISP
dhcp6c_enable="YES"
dhcp6c_interfaces="tun0" #default ppp tun0 interface

Very basic PF firewall

Since every single device on your network will now have a global public address, it's probably a good idea to have a firewall. It's always a good idea anyways. Here is a very basic one, using same devices as the previous examples. pf rules keep state by default, so the last line is basically keeping state to allow incoming traffic based on outgoing connections.

# Interfaces
ext_if="tun0" #unifi PPPOE
int_if="em1"  #Internal LAN Ethernet

#block/pass rules
block in on $ext_if all

#DHCP6
pass in on $ext_if inet6 proto udp from any to ( $ext_if ) port dhcpv6-client
pass out on $ext_if inet6 proto udp from self to ( $ext_if ) port dhcpv6-server

#IPV6 pass all ICMP traffic
pass in quick  proto icmp6 all

#Allow all local traffic
pass quick on { lo0, $int_if }

#Pass out 
pass out on $ext_if inet6

These configuration files are also on github

Ideally you want a dual stack setup, which also include NAT for ipv4 connections, it's not complicated, but examples are always helpful. I have a basic pf + nat + altq config here. Will cover that in future notes, including finding out how surprising seamless everything at home such as wireless printers just switched over to ipv6 without any issues.