On Fri, 3 Aug 2018, Bart Trojanowski wrote:
The key things to configure are:
* pppd / rp-pppoe
* sysctl (forwarding=1, autoconf=1, accept_ra=2)
These were key. I am unsure if I had them right at one time and then not.
But I certainly needed autoconf and accept_ra=2. I think a missing / reset
autoconf was the main problem though.
* iptables ... -j TCPMSS --clamp-mss-to-pmtu
Indeed, I had this one already for ipv4 frag problems.
Hmm. I just realized I probably have to make sure this is in ip*6*tables
too... I did notice that ufw had a bunch of needed/useful rules in the
ipv6 default already, possibly with this.
* dnsmasq
I spent far too much time with dnsmasq this weekend! Previously I had been
using and am still using bind9 as an authoritative (for my domains) and
recursive/caching DNS server (for my lan). I wanted to have better dhcp
for my lan, and dnsmasq could provide that too. It also gave me a
authenticating server too. I think there may be a bug in bind9 which
disallows the ad bit being set on an an server that is also authoritative.
* TekSavvy gives me 2 logins, one for static IPv4 and another for IPv6
-- I don't know if they still do this, but back when they started this is what they did :-)
I had a wiredhighspeed login for ipv6 before, which I never got around to
using.
I understand they are not both needed now. If you have stabilty problems,
you might want to try single login.
My connection normally (only, but frequently enough) goes down because I
reboot after a core (kernel, libc, whatever) update.
* I have /etc/ppp/peers/ipv4 and /etc/ppp/peers/ipv6
-- "pon ipv4" brings up ppp0, "pon ipv6" brings up ppp1
* /etc/ppp/ipv6-up.d/0-local script does the heavy lifting
-- sets up sysctl params,
I thought I might need to do that but the sysctl params from above are
'sticking' just being set at boot. Thankfully.
-- sometimes the pppoe sessions stay up for weeks, sometimes for minutes
I will keep an eye out for this.
Other than the last part (the script that restart ipv6 pppoe sessions), I found
all the details in various HOWTOs online. It's been a while, so I don't recall
how it all works at a protocol level anymore. And I certainly, I don't remember
exactly what sources I used to learn all this crap :-)
I've been bookmarking with ipv6 tag like crazy ;-) And still confused,
because I have visted so many sites now...
Let me know what specifically doesn't work for you.
Well, thanks very much! I will add on the routing later this week, after I
get dnsmasq stable and make sure my host/router is working on v6 reliably
- so far, so good. Dnsmasq just hasn't been responding to DHCP REQUESTs
reliably... driving me and my wife trying to work on her computer) crazy.
;-)
I'm really glad to get to this state after years of foot-dragging (but in
the meantime I at least got my webserver running HTTP2 with HSTS and a
proxied php, on ipv6 on a DNSSEC-signed domain. And now I can reach it on
ipv6 :-) Thanks! I am hitting all the buzzwords ;-)
I'll let you know how the ipv6 routing goes.
Thanks again for taking the time to help Bart.
Brett