OpenBSD PPPoE and Zen Internet
Here is my OpenBSD setup for Zen Internet’s FTTC.
Zen seem to support larger frame sizes as described in RFC 4638, at least for their fiber offering.
So I was able to get full 1500 byte MTUs with this configuration. This is for OpenBSD 6.8, using a Vigor 130 (UK spec) as the PPPoA-to-PPPoE bridge.
/etc/hostname.em0
I used the em0
interface for the PPP connection to the bridge.
This is a gige interface that supports jumbo packets, so I explicitly set the mtu to 1508 to account for PPP overheads.
The bridge is on 192.168.2.1, so we set our side to 192.168.2.2.
inet 192.168.2.1 255.255.255.0 NONE mtu 1508
up
/etc/hostname.pppoe0
Standard pppoe(4)
configuration.
Note we explicitly set the mtu to 1500.
inet 0.0.0.0 255.255.255.255 NONE \
pppoedev em0 \
authproto chap authname 'zenXXXX@zen' authkey '<your-zen-password>' \
mtu 1500 \
up
dest 0.0.0.1
!/sbin/route add default -ifp \$if 0.0.0.1
Routing
The above configs will set up and maintain your IPv4 addresses and routing. Zen allocate static IPs, so nothing much changes.
I configured another nic on this host with my /28, and it all worked (remember to enable forwarding in sysctl).
But for IPv6 I found that placing inet6 autoconf
in hostname.pppoe0
didn’t really work.
SLAAC didn’t set up any kind of address, and manual IPv6 settings were lost whenever the PPPoE link flapped (cable disconnect or whatever).
The most reliable setup is dhcpcd
instead of slaacd
.
dhcpcd
isn’t part of the base install, so you have to install and enable dhcpcd
:
# pkg_add dhcpcd
# rcctl enable dhcpcd
So here is an /etc/dhcpcd.conf
that works for me.
ipv6only
noipv6rs
duid
persistent
option rapid_commit
script ""
allowinterfaces pppoe0
interface pppoe0
ipv6rs
ia_na
There is no prefix delegation configured because Zen seem to route my /48 automatically.
So with that dhcpcd
configuration my IPv6 routing is set up and maintained.
From here you can set up IPv6 to your network.
I route a /52 to another router, which then distributes /64s to my home network, and so on.
And of course there are more /52s for other networks, just in case I have billions of devices at home.