概述
在PPPoE拨号场景下,通过DHCP获取IPv6前缀,并进行stateless地址分配。
环境准备
软件安装
apt update
apt install wide-dhcpv6-client pppoeconf radvd防火墙配置
*filter
:INPUT DROP [528:90495]
:FORWARD DROP [3:192]
:OUTPUT ACCEPT [2345:216964]
-A INPUT -p udp -m multiport --sports 546,547 -j ACCEPT
-A INPUT -p ipv6-icmp -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT ! -i ppp0 -j ACCEPT
-A FORWARD -p icmp -j ACCEPT
-A FORWARD -p ipv6-icmp -j ACCEPT
-A FORWARD -p icmp -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD ! -i ppp0 -j ACCEPT
COMMITPPPoE 拨号配置
终端输入pppoeconf按照提示进行PPPoE拨号。
pppoeconf编辑/etc/ppp/peers/dsl-provider配置文件,添加以下配置开启IPv6功能。
...
+ipv6
...查看/etc/network/interfaces,可以看到pppoe拨号的相关配置,可以使用ifup/ifdown命令启停dsl-provider。
auto dsl-provider
iface dsl-provider inet ppp
pre-up /bin/ip link set eth0 up # line maintained by pppoeconf
provider dsl-providerDHCPv6 PD
配置DHCPv6 Client,用于获取PD前缀和配置LAN口IPv6地址
/etc/wide-dhcpv6/dhcp6c.conf
profile default
{
information-only;
request domain-name-servers;
request domain-name;
script "/etc/wide-dhcpv6/dhcp6c-script";
};
interface ppp0 {
send ia-pd 0;
};
id-assoc pd {
prefix ::/64 infinity;
prefix-interface eth1 {
sla-len 0;
ifid 1;
};
};注意: sla-len应设置为满足(WAN-prefix) + (sla-len) = 64的值。这里示范的情况是针对一个长度/56的前缀,56+8=64。对于前缀长度/64的网络,sla-len应为0。
配置ifup脚本
在ppp拨号成功,获取IPv6地址后,自动更新前缀和LAN网卡IP
touch /etc/ppp/ipv6-up.d/assign_ipv6_address
chmod +x /etc/ppp/ipv6-up.d/assign_ipv6_address写入以下脚本,将eth1修改为对应LAN网卡即可
#!/bin/sh
# ppp.ip-up hook script for ipv6
LAN_IFACE="eth1"
LOCAL_ADDR=`ip addr show ${LAN_IFACE} to fe80::/64 | grep inet6 | awk '{print $2}'`
ip -6 addr flush ${LAN_IFACE}
ip addr add ${LOCAL_ADDR} dev ${LAN_IFACE}
systemctl restart wide-dhcpv6-client.serviceRadvd配置
配置radvd,并通过stateless模式分配IPv6地址。
cat >/etc/radvd.conf <<EOF
interface eth1 {
AdvSendAdvert on;
MinRtrAdvInterval 3;
MaxRtrAdvInterval 10;
prefix ::/64 {
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr on;
AdvValidLifetime 120;
AdvPreferredLifetime 120;
};
};
EOF