schrodyn/!README.md

## !README.md

      
    Raw
  

              !README.md
            
          
    Replacing the CenturyLink provided ethernet router with OpenBSD

Unfortunately CenturyLink provisions their fiber to the home
with a PPPoE authentication over vlan 201, this makes replacing
the router more difficult than it should be.  I also had to call
CenturyLink support to get the password for the PPPoE connection.
cnmac0 is the egress interface on my EdgeRouter Lite.
You also need to add match on pppoe0 scrub (max-mss 1440)
to your pf.conf because otherwise many things don't work.  (Thanks Bryan)
If you're doing ipsec over this link, you also need to scrub the enc0 max-mss to 64 smaller than the max-mss on the pppoe interface. match on enc0 scrub (max-mss 1376).
Overall it ends up being fairly forward, the PPPoE config is copied directly
from the man page with the minor change that
CenturyLink uses chap instead of pap.
The IPv6 setup was based on these resources from some DuckDuckGo.com searches

http://internethelp.centurylink.com/internethelp/modem-q1000-ipv6rd.html
http://undeadly.org/cgi?action=article&sid=20130828151241
https://forum.openwrt.org/viewtopic.php?id=37516
https://www.reddit.com/r/ipv6/comments/15u4hi/6rd_centurylinkqwest/


## 6rd.sh
#!/bin/sh
# http://internethelp.centurylink.com/internethelp/modem-q1000-ipv6rd.html
# http://undeadly.org/cgi?action=article&sid=20130828151241
# https://forum.openwrt.org/viewtopic.php?id=37516
# https://www.reddit.com/r/ipv6/comments/15u4hi/6rd_centurylinkqwest/

if [ "$( pgrep -f '^/bin/sh '$0 )" != "$$" ]; then
    echo "$0: Already running" >&2
    exit 1
fi

if=gif0
internalif=vlan40
publicif=vlan41

# CenturyLink
rdprefix="2602"
rdmask="24"
v4dest=205.171.2.64

v4ip=''
while [ -z "$v4ip" ]; do
  v4ip=$( ifconfig pppoe0 |
    sed -ne 's/[[:space:]]*inet[[:space:]]\([^[:space:]]*\).*/\1/p' )
  sleep 1
done

if [ "$v4ip" = "0.0.0.0" ]; then
  echo "No IP on pppoe0" >&2
  exit 1
fi

v6ip=$( ifconfig $if |
    sed -ne "s/[[:space:]]*inet6[[:space:]]\($rdprefix[^[:space:]]*\).*prefixlen[[:space:]]*\([[:digit:]]*\)/\1\/\2/p" )

v6format="$rdprefix:%x:%x%02x:%x"
v6prefix=$( printf ${v6format}      $( echo $v4ip   | tr '.' ' ' ) )
v6dest=$(   printf ${v6format}00::1 $( echo $v4dest | tr '.' ' ' ) )

v6external=${v6prefix}00::1/$rdmask
v6internal=${v6prefix}40::1/64
v6public=${v6prefix}41::1/64

# We're already configured, don't try again
[ "$v6ip" = "$v6external" ] && exit

ifconfig $if mtu    1472
ifconfig $if tunnel $v4ip $v4dest

# reset any old v6 addresses
/sbin/route -qn delete -inet6 default
ifconfig $if           -inet6
ifconfig $internalif   -inet6
ifconfig $publicif     -inet6

set -x # because I want to know the new IPs

# and add them back in
ifconfig $publicif   inet6 $v6public
ifconfig $internalif inet6 $v6internal
ifconfig $if         inet6 $v6external
/sbin/route -qn add -inet6 default $v6dest

# echo interface $internalif >> /etc/rad.conf
# echo interface $publicif   >> /etc/rad.conf
# rcctl start rad
# rcctl restart rad

## hostname.pppoe0
inet 0.0.0.0 255.255.255.255 NONE \
        pppoedev vlan201 authproto chap \
        authname 'myaddress@qwest.net' authkey 'mypassword' up
dest 0.0.0.1
!/sbin/route add default -ifp \$if 0.0.0.1
!/usr/local/sbin/6rd.sh

## hostname.vlan201
vnetid 201 parent cnmac0
up
	#!/bin/sh
	# http://internethelp.centurylink.com/internethelp/modem-q1000-ipv6rd.html
	# http://undeadly.org/cgi?action=article&sid=20130828151241
	# https://forum.openwrt.org/viewtopic.php?id=37516
	# https://www.reddit.com/r/ipv6/comments/15u4hi/6rd_centurylinkqwest/

	if [ "$( pgrep -f '^/bin/sh '$0 )" != "$$" ]; then
	echo "$0: Already running" >&2
	exit 1
	fi

	if=gif0
	internalif=vlan40
	publicif=vlan41

	# CenturyLink
	rdprefix="2602"
	rdmask="24"
	v4dest=205.171.2.64

	v4ip=''
	while [ -z "$v4ip" ]; do
	v4ip=$( ifconfig pppoe0 \|
	sed -ne 's/[[:space:]]inet[[:space:]]\([^[:space:]]\).*/\1/p' )
	sleep 1
	done

	if [ "$v4ip" = "0.0.0.0" ]; then
	echo "No IP on pppoe0" >&2
	exit 1
	fi

	v6ip=$( ifconfig $if \|
	sed -ne "s/[[:space:]]inet6[[:space:]]\($rdprefix[^[:space:]]\).prefixlen[[:space:]]\([[:digit:]]*\)/\1\/\2/p" )

	v6format="$rdprefix:%x:%x%02x:%x"
	v6prefix=$( printf ${v6format} $( echo $v4ip \| tr '.' ' ' ) )
	v6dest=$( printf ${v6format}00::1 $( echo $v4dest \| tr '.' ' ' ) )

	v6external=${v6prefix}00::1/$rdmask
	v6internal=${v6prefix}40::1/64
	v6public=${v6prefix}41::1/64

	# We're already configured, don't try again
	[ "$v6ip" = "$v6external" ] && exit

	ifconfig $if mtu 1472
	ifconfig $if tunnel $v4ip $v4dest

	# reset any old v6 addresses
	/sbin/route -qn delete -inet6 default
	ifconfig $if -inet6
	ifconfig $internalif -inet6
	ifconfig $publicif -inet6

	set -x # because I want to know the new IPs

	# and add them back in
	ifconfig $publicif inet6 $v6public
	ifconfig $internalif inet6 $v6internal
	ifconfig $if inet6 $v6external
	/sbin/route -qn add -inet6 default $v6dest

	# echo interface $internalif >> /etc/rad.conf
	# echo interface $publicif >> /etc/rad.conf
	# rcctl start rad
	# rcctl restart rad
	inet 0.0.0.0 255.255.255.255 NONE \
	pppoedev vlan201 authproto chap \
	authname 'myaddress@qwest.net' authkey 'mypassword' up
	dest 0.0.0.1
	!/sbin/route add default -ifp \$if 0.0.0.1
	!/usr/local/sbin/6rd.sh