Continuing from previous post, at the end I mentioned about using Vultr to avoid paying extra for static IPv4 address through my ISP.
Well, there has been a different problem with IPv4 connection crapping out every now and then so I ended up getting that ISP static IP option hoping it will lessen the problem. No comment on that yet because it’s only been less than 12 hours since I got it set up.
So, the setup itself, because I’m not using one of the supported routers, I had to figure it out myself.
The ISP provides a few needed information for the setup:
- Static IP Tunnel Endpoint: an IPv6 address to connect for IPv4 connectivity
- Interface ID: IPv6 address suffix (last 4 group)
- FreeBSD doesn’t support it (it’s ip-token in Linux) but it really is just for address suffix. Mine’s
::feedso my expected address is2409:11:1c0:2300::feed. I have it set as external IP address
- FreeBSD doesn’t support it (it’s ip-token in Linux) but it really is just for address suffix. Mine’s
- Static IPv4 Address: this is to be set at tunnel interface as source address.
- There’s no IPv4 target address provided which is required for FreeBSD’s
gifinterface but apparently any address works. I put in10.0.0.0 - This blog says to use source as target as well but apparently it results in packet being forwarded back and forth indicated by 14ms ping to the source IP
- There’s no IPv4 target address provided which is required for FreeBSD’s
- “Update Server Details”: I have no clue what this actually does
- It’s a set of URL, username, and password where you’re supposed to make a request to to update… something. The form is simple, just
$URL?username=$USERNAME&password=$PASSWORD. The URL uses internal domain so the DNS server from IPv6 autoconfiguration is required to resolve it - I just hit it with
curland the move on - I suspect it’s to tell the tunnel provider the expected source IPv6 address?
- It’s a set of URL, username, and password where you’re supposed to make a request to to update… something. The form is simple, just
Geared with information above, there are a few changes needed since last post for setup on FreeBSD:
- IP address on internet port should be suffixed with provided interface ID
- Tunnel source and target address need to be adjusted
- Tunnel interface need IPv4 address
- Default routing for IPv4 is no longer on interface level (
-iface gif) but instead the random IPv4 address used as tunnel target address (10.0.0.0in my example above) - NAT is not automatically available anymore so PF is required
- Also on NAT, MSS will need to be fixed as well
- I still don’t really understand how this works
Most of the changes should be obvious. And here’s the config for PF:
# This is pf.conf for FreeBSD and won't work on OpenBSD
# variable to not hardcode interface names and stuff
ext_if = gif0
net_local = "192.168.0.0/24"
# I still don't know if this is needed. Or even what the correct value is.
scrub on $ext_if max-mss 1420
# basic nat
nat on $ext_if from $net_local -> ($ext_if)