I have a working IPv4 PPPoE setup with freeradius, looking to add IPv6 dual-stack support (testing with a FritzBox 7570 which should support IPv6 properly). However, the instructions I found suggest to use an IPv6 pool. Is there a simple way to assign static IPv6 prefixes to customers, just like static IPv4 addresses? Customers are defined in /etc/freeradius/users like this:
Now, I’d like to assign (in addition to that single static IPv4) a static IPv6 prefix 2001:db8:2:7b00::/56 for that customer, from which a /60 delegated to the router for up to 16 subnets /64 each in customer’s home network, and a /64 used for the PPPoE link itself. How to do that?
How about Delegated-IPv6-Prefix (RFC4818) - any plans to support it soon? I’d like to have only static IPs/prefixes defined by RADIUS for each customer - no dynamic pools, or separate Mikrotik-Delegated-IPv6-Pool for each customer.
As far as i understand Framed-IPv6-Prefix assigns a static prefix to the ppp-peer. Sure your radius server could pick it from a pool but it’s up to you to configure the radius server to always give the same Framed-IPv6-Prefix. just as with Framed-IP-Address. i haven’t deployed IPv6 via PPP in my network jet will do it soon and that was the way i was going to do it.
Framed-IPv6-Prefix is for the WAN side of the customer’s router, and that seems to work. But that alone is only good for a single computer (not a router) to connect via PPPoE.
Delegated-IPv6-Prefix is for the LAN side (pppoe server should add a route to it via the customer’s router, that router should pick a /64 from it for use inside and advertise it), and I can’t get that to work.
I’ve just found accel-ppp claims to support Delegated-IPv6-prefix since 1.4.0 (2011-09-20) - might give it a try. But that needs an x86 Linux box (or better two for redundancy) instead of nice small quiet low-power routerboards.
Now i was curious how Framed-IPv6-Prefix is handled by RouterOS. So i did some example configs on my lab devices. You’re right it’s different as a prefix delegation.
The router installs a route for that Framed-IPv6-Prefix pointing towards the dynamic generated PPP interface for the user. That’s totally reasonable as it’s a point-to-point link there is no need to point the route to an IP address. It should be ok to have only link-local addresses on the PPP network. So there no need to use this prefix on the ppp network, you can configure it only on the internal network. Or even something like a Framed-IPv6-Prefix /62 split in 4 /64 Networks. for example LAN/DMZ/WIRELESS/WHATEVER.
What not happening is that the pppoe server delegates ( tells the pppoe-client ) this prefix. Therefore you have to do static configuration of the networks at the pppoe-client. For a static assigned prefix it’s not so bad to make a static config but i agree it would be nicer if there is a way to control the “dynamic” assigned prefix via Delegated-IPv6-Prefix.
As for Framed- vs. Delegated-IPv6-Prefix - both may be needed, the customer could connect a router or just a single host running a PPPoE client. Or do PPPoE clients on hosts (not routers) also ask for prefix delegation? It would be nice if everything configured itself automagically, all the customer needs is their PPPoE username/password with no static config on their side, with any kind of IPv6-ready off-the-shelf SOHO router (MT is too advanced for most of them - for some it’s hard enough they have to be walked through the very simple TP-Link web GUI over the phone to find their forgotten WiFi password).
Lack of Delegated-IPv6-Prefix support is one reason why I’m looking into replacing my two RB1100AH PPPoE servers with accel-ppp on x86 Linux boxes - unless there will be a way to run Linux on one of these many, mostly idle cores of the CCR… Customers don’t ask for IPv6 yet so we still have some time, but it still would be nice to become the first IPv6-ready WISP here.
Hi,
All my customers have a CPE with PPPoE client in IPv4.
Months ago I test vary carefully with a IPv6 addressing in order to asign IPv6 address to my CPE. Tests works fine if all devices talk IPv6.
In some cases, I have seen that some router clients have to sever IPv4 DHCP. However, I donot know how.
My hipotetical scenario is: a WAN interface with IPv6 and a LAN in IPv4. I unknow if it is possible.
Have you ever figured out how to do this? I am able to assign dynamic IPv6 pools to my users but I need to statically assign them with radius. I want to assign all users a /64 initially.
Server side:
/ipv6 dhcp-server
Nothing is needed here. The server will automatically bring up the DHCPv6. You should have use-ipv6 on your PPP profile set to yes. I think this is the default.
Notes:
You will need to allow input chain dst port 587/UDP on the PPPoE server and output chain src port 586/UDP on the client. This is to allow DHCPv6.
The current stable release 6.46.3 is broken for DHCPv6. I am using 6.45.8 LTS on both server and clients at the date of this post.
All of the above assumes you have a working IPv4 PPPoE server.
Is there any news if delegating an prefix is possible without defining it as a pool?
I wan’t to have the possibility to have 2 mikrotiks in active active redundancy. So client’s can connect to one of the mikrotik’s. If one of the boxes fail the client connect to the other mikrotik.
So that’s why the prefix can’t be defined at the mikrotik but have to be in radius.