Re: IPv6 link local address generation for P2P interfaces

[is%netbsd.org@localhost]

Hi,

I'm using in my script /etc/rc.d/$provider :

EIF=sip2
PIF=pppoe1

case $1 in
start)

        ifconfig ${EIF} up
        ifconfig ${PIF} create
        
        pppoectl -v -e ${EIF} ${PIF}
        pppoectl -v ${PIF} \
                myauthproto=pap \
                myauthname="some-id" \
                myauthsecret="some-secret" \
                hisauthproto=none query-dns=3 \
                max-auth-failure=0

        ifconfig ${PIF} up
        route add -inet6 my:pre:fix:: ::1 -prefixlen 48 -reject
        route add -inet6 3ffe:: ::1 -prefixlen 16 -reject
        route add -inet6 default fe80::2 -iface -ifp ${PIF}
#       ifconfig ${PIF} 0.0.0.0 0.0.0.1 link1 up
#       route add default 0.0.0.1
        ;;


There's no need to really know the ppp's real destination address
unless you want to ping it for a test; all that's needed is to
force the packet going out it, and not use your own side's address.

Don't forget the -reject route for your own /48, else you're susceptible
to (voluntary or involuntary) amplification attacks. (Your local network
routes will override that, as they're more specific.)

I reject the 6bone range because when it was shut down, some AAAA entries
persisted and let to black holes, resulting in looong timeouts. Maybe I
should remove that line in a few years ;-)

Regards
        -is