tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: IPv6 link local address generation for P2P interfaces


I'm using in my script /etc/rc.d/$provider :


case $1 in

        ifconfig ${EIF} up
        ifconfig ${PIF} create
        pppoectl -v -e ${EIF} ${PIF}
        pppoectl -v ${PIF} \
                myauthproto=pap \
                myauthname="some-id" \
                myauthsecret="some-secret" \
                hisauthproto=none query-dns=3 \

        ifconfig ${PIF} up
        route add -inet6 my:pre:fix:: ::1 -prefixlen 48 -reject
        route add -inet6 3ffe:: ::1 -prefixlen 16 -reject
        route add -inet6 default fe80::2 -iface -ifp ${PIF}
#       ifconfig ${PIF} link1 up
#       route add default

There's no need to really know the ppp's real destination address
unless you want to ping it for a test; all that's needed is to
force the packet going out it, and not use your own side's address.

Don't forget the -reject route for your own /48, else you're susceptible
to (voluntary or involuntary) amplification attacks. (Your local network
routes will override that, as they're more specific.)

I reject the 6bone range because when it was shut down, some AAAA entries
persisted and let to black holes, resulting in looong timeouts. Maybe I
should remove that line in a few years ;-)


Home | Main Index | Thread Index | Old Index