| Subject: | Re: IPv6 link local address generation for P2P interfaces |
|---|---|
| From: | is@xxxxxxxxxx |
| Date: | Thu, 17 Jul 2008 10:28:39 UTC |
| Newsgroups: | fa.netbsd.tech.net |
Hi,
I'm using in my script /etc/rc.d/$provider :
EIF=sip2
PIF=pppoe1
case $1 in
start)
ifconfig ${EIF} up
ifconfig ${PIF} create
pppoectl -v -e ${EIF} ${PIF}
pppoectl -v ${PIF} \
myauthproto=pap \
myauthname="some-id" \
myauthsecret="some-secret" \
hisauthproto=none query-dns=3 \
max-auth-failure=0
ifconfig ${PIF} up
route add -inet6 my:pre:fix:: ::1 -prefixlen 48 -reject
route add -inet6 3ffe:: ::1 -prefixlen 16 -reject
route add -inet6 default fe80::2 -iface -ifp ${PIF}
# ifconfig ${PIF} 0.0.0.0 0.0.0.1 link1 up
# route add default 0.0.0.1
;;
There's no need to really know the ppp's real destination address
unless you want to ping it for a test; all that's needed is to
force the packet going out it, and not use your own side's address.
Don't forget the -reject route for your own /48, else you're susceptible
to (voluntary or involuntary) amplification attacks. (Your local network
routes will override that, as they're more specific.)
I reject the 6bone range because when it was shut down, some AAAA entries
persisted and let to black holes, resulting in looong timeouts. Maybe I
should remove that line in a few years ;-)
Regards
-is
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: IPv6 link local address generation for P2P interfaces, Martin Husemann |
|---|---|
| Next by Date: | Re: IPv6 link local address generation for P2P interfaces, Greg Troxel |
| Previous by Thread: | Re: IPv6 link local address generation for P2P interfaces, Martin Husemann |
| Next by Thread: | Re: IPv6 link local address generation for P2P interfaces, Greg Troxel |
| Indexes: | [Date] [Thread] [Top] [All Lists] |