FreeBSD router with ppp and ds-lite

zirias@ · Feb 11, 2021

Hello all, this is so far a hypothetical question as I plan to stick with internet (DSL) providers that have a full dual-stack, but I'm still interested for the future, as more and more ISPs try to push "ds-lite".

Right now, with a simple ppp(8) config like this:

Code:

default:
 set log Phase Chat IPCP IPV6CP CCP tun command
 set ifaddr 10.0.0.1/0 10.0.0.2/0

dsl:
 set device PPPoE:<iface>
 set authname XXXXXXXXXXX@myisp.invalid
 set authkey XXXXXXX
 set dial
 set login
 add default HISADDR

I get an IPv4 address assigned and also a link-local IPv6 address that can be used to get router advertisements etc.

Does anything change with ds-lite? Do I still get an IPv4 address from the ISP, or would it be my job to set up the tunnel for v4, and if so, how?

Mjölnir · Feb 16, 2021

What is "ds-lite"?

VladiBG · Feb 16, 2021

Dual-Stack Lite

IPv6 Dual-Stack Lite | Junos OS | Juniper Networks

At the OP:
It depend how your ISP is giving your ip address, anyway here is the example how to configure an ipv4 over ipv6 tunnel

ifconfig gif0 create
ifconfig gif0 inet6 tunnel $localIPv6addr $remoteIPv6addr prefixlen 128
ifconfig gif0 up
sysctl net.inet.ip.forwarding=1
route add default -interface gif0

/etc/rc.conf

ifconfig_bge0_ipv6="inet6 $localIPv6addr prefixlen 64 accept_rtadv"
cloned_interfaces="gif0"
ifconfig_gif0_ipv6="inet6 tunnel $localIPv6addr $remoteIPv6addr prefixlen128 mtu 1500"
gateway_enable="YES"
defaultrouter="-interface gif0"

Another example: https://forums.freebsd.org/threads/creating-gif0-for-ipv6-when-you-have-dhcp.44770/

zirias@ · Feb 17, 2021

Mjölnir said:
What is "ds-lite"?

In a nutshell, you only get IPv6 from your ISP. For IPv4, you use a tunnel with a private/reserved IPv4 address and the provider-side endpoint will do NAT.

I think this is actually a good idea to handle IPv4 address shortage and still allow connections to IPv4 services. But it's just "too early" if you need your systems at home accessible, as long as there are still so many IPv4-only networks – if you're connected to one of them "on the road", there's no way to reach your home.

VladiBG said:
It depend how your ISP is giving your ip address, anyway here is the example how to configure an ipv4 over ipv6 tunnel

Ok thanks, so gif is the correct device for such a tunnel. But then, how would I know the ISP's endpoint and how would I get my (private) IPv4 address on that tunnel?

Mjölnir · Feb 17, 2021

I do dial in via a HSDPA+ WWAN modem, my ISP rejects IPv6 & doesn't assign me a non-private IPv4 #, so it seems they're doing that ds-lite NAT thingy.

zirias@ · Feb 17, 2021

Yes, in mobile networks, this is already the common thing. I'm fine with that for my mobile phone, reaching it from the outside isn't really a usecase

VladiBG · Feb 17, 2021

In ppp ipv6cp negotiate only the link-level address and then depending of what your ISP is using the actual IPv6 address may be received via DHCPv6, ICMPv6 RAs or configured manually. For the ipv4 address you need to ask your ISP.

FreeBSD router with ppp and ds-lite

zirias@

Mjölnir

VladiBG

zirias@

Mjölnir

zirias@

VladiBG