openwrt使用rp-pppoe-server搭建ipv4+ipv6双栈PPPOE server

前期准备

使用openwrt1907按照openwrt配置ipv6，将openwrt配置好成nat6模式，pc机连接该openwrt，pc机可以ping通ipv4与ipv6确保openwrt双栈环境正常。

配置ipv4 pppoe server

1.安装rp-pppoe-server

opkg update
opkg install rp-pppoe-server

2.修改/etc/ppp/pppoe-server-options

require-chap
login
lcp-echo-interval 10
lcp-echo-failure 2
mru 1492
mtu 1492
ms-dns 8.8.8.8

3.修改/etc/ppp/chap-secrets，设置pppoe拨号的用户名与密码

#USERNAME  PROVIDER  PASSWORD  IPADDRESS
test * test *

4.修改防火墙规则

iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -j MASQUERADE
iptables -I FORWARD -i ppp0 -j ACCEPT
iptables -I FORWARD -o ppp0 -j ACCEPT

5.启动ipv4 pppoe server

pppoe-server -k -T 60 -I br-lan -N 100 -C Myp -L 10.0.0.1 -R 10.0.0.2

此时ipv4 pppoe server已经配置完成

配置ipv4+ipv6双栈pppoe server

在ipv4 pppoe基础上
1.修改/etc/ppp/pppoe-server-options

require-chap
login
lcp-echo-interval 10
lcp-echo-failure 2
mru 1492
mtu 1492
ms-dns 8.8.8.8
+ipv6
ipv6 ::1,::2

2.拷贝插件

cp /usr/lib/pppd/2.4.7/rp-pppoe.so /etc/ppp/plugins/

此时已经可以通过命令启动pppoe server

pppoe-server -k -T 60 -I br-lan -N 100 -C Myp -L 10.0.0.1 -R 10.0.0.2

下级终端（博主是使用另一台openwrt作为下级），pppoe拨号成功，查看log发现pppoe已经可以获取到ipv6链路地址

root@GL-MT1300:/# logread -f
Mon Aug 24 10:08:00 2020 daemon.info pppd[31992]: Using interface pppoe-wan
Mon Aug 24 10:08:00 2020 daemon.notice pppd[31992]: Connect: pppoe-wan <--> eth0.2
Mon Aug 24 10:08:03 2020 daemon.info pppd[31992]: CHAP authentication succeeded: Access granted
Mon Aug 24 10:08:03 2020 daemon.notice pppd[31992]: CHAP authentication succeeded
Mon Aug 24 10:08:03 2020 daemon.notice pppd[31992]: peer from calling number E4:95:6E:40:B6:6C authorized
Mon Aug 24 10:08:03 2020 daemon.notice pppd[31992]: local  IP address 10.0.0.2
Mon Aug 24 10:08:03 2020 daemon.notice pppd[31992]: remote IP address 10.0.0.1
Mon Aug 24 10:08:03 2020 daemon.notice pppd[31992]: primary   DNS address 8.8.8.8
Mon Aug 24 10:08:03 2020 daemon.notice pppd[31992]: secondary DNS address 8.8.8.8
Mon Aug 24 10:08:04 2020 daemon.notice pppd[31992]: local  LL address fe80::0000:0000:0000:0002
Mon Aug 24 10:08:04 2020 daemon.notice pppd[31992]: remote LL address fe80::0000:0000:0000:0001
^C
root@GL-MT1300:/# ifconfig pppoe-wan
pppoe-wan Link encap:Point-to-Point Protocol  
          inet addr:10.0.0.2  P-t-P:10.0.0.1  Mask:255.255.255.255
          inet6 addr: fe80::2/10 Scope:Link
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1
          RX packets:17 errors:0 dropped:0 overruns:0 frame:0
          TX packets:282 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3 
          RX bytes:1566 (1.5 KiB)  TX bytes:21714 (21.2 KiB)

接下来是配置pppoe server向下级分配Global ipv6，常见在ubuntu或Red Hat中都是使用radvd，但是openwrt默认使用了odhcpd，比较方便。

3.修改/etc/config/network
添加ppp0节点，然后绑定到odhcpd,用于向下级分配ipv6地址

config interface 'ppp0'
        option proto 'static'

4.修改/etc/config/dhcp
添加ppp0节点，然后绑定/etc/config/network中的ppp0节点

config dhcp 'ppp0'
        option interface 'ppp0'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option force '1'
        option ra_management '1'
        option dhcpv6 'server'
        option ra 'server'
        list dns 'dd8b:0000:05e3:0000:0000:0000:0000:0001'  #ipv6 dns server根据实际情况填写，这里填的是br-lan的地址
        option ra_default '1'

5.重启network、dhcp、odhcpd

/etc/init.d/network restart
/etc/init.d/dnsmasq restart
/etc/init.d/odhcpd restart

6.配置防火墙（如果已按照openwrt配置ipv6搭建好ipv6环境，则无需执行此步骤，因为在openwrt配置ipv6中已配置好防火墙，注意是nat6模式）

ip6tables -t nat -A POSTROUTING -s dd8b:0:5e3::1/64 -j MASQUERADE  #dd8b:0:5e3::1/64为br-lan ipv6地址
ip6tables -I FORWARD -i ppp0 -j ACCEPT
ip6tables -I FORWARD -o ppp0 -j ACCEPT

7.启动pppoe server

killall pppoe-server
pppoe-server -k -T 60 -I br-lan -N 100 -C Myp -L 10.0.0.1 -R 10.0.0.2 -S ppp0  #绑定ppp0接口

此时如果下级终端进行pppoe拨号，pppoe server会生成ppp0接口

root@GL-MT1300:/# ifconfig ppp0
ppp0      Link encap:Point-to-Point Protocol  
          inet addr:10.0.0.1  P-t-P:10.0.0.4  Mask:255.255.255.255
          inet6 addr: fe80::1/10 Scope:Link
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1
          RX packets:313 errors:0 dropped:0 overruns:0 frame:0
          TX packets:303 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3 
          RX bytes:27872 (27.2 KiB)  TX bytes:53936 (52.6 KiB)

8.给ppp0添加ipv6并将ppp0绑定到/etc/config/network中的ppp0节点

ip -6 addr add `uci get network.globals.ula_prefix | sed 's/\/48//g'`5/64 dev ppp0
ubus call network.interface.ppp0 add_device "{\"name\":\"ppp0\"}"

可发现dhcp已经生效ppp0接口，br-lan与ppp0都可以向下级分配ipv6地址

root@GL-MT1300:/# ubus call dhcp ipv6leases
{
        "device": {
                "br-lan": {
                        "leases": [

                        ]
                },
                "ppp0": {
                        "leases": [
                                {
                                        "duid": "00030001becc10bdafa0",
                                        "iaid": 1,
                                        "hostname": "GL-MT1300",
                                        "accept-reconf": true,
                                        "assigned": 3261,
                                        "flags": [
                                                "bound"
                                        ],
                                        "ipv6-addr": [
                                                {
                                                        "address": "dd8b:0:5e3:1::cbd",
                                                        "preferred-lifetime": -1,
                                                        "valid-lifetime": -1
                                                }
                                        ],
                                        "valid": 43180
                                }
                        ]
                }
        }
}

8 下级终端pppoe拨号成功，可正常上网ipv6

root@GL-MT1300:/# ifconfig pppoe-wan
pppoe-wan Link encap:Point-to-Point Protocol  
          inet addr:10.0.0.2  P-t-P:10.0.0.1  Mask:255.255.255.255
          inet6 addr: dd8b:0:5e3::cbd/128 Scope:Global
          inet6 addr: dd8b:0:5e3::2/64 Scope:Global
          inet6 addr: fe80::2/10 Scope:Link
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1
          RX packets:17 errors:0 dropped:0 overruns:0 frame:0
          TX packets:98 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3 
          RX bytes:1486 (1.4 KiB)  TX bytes:7384 (7.2 KiB)

root@GL-MT1300:/# ping6 gitlab.com
PING gitlab.com (2606:4700:90:0:f22e:fbec:5bed:a9b9): 56 data bytes
64 bytes from 2606:4700:90:0:f22e:fbec:5bed:a9b9: seq=1 ttl=54 time=252.504 ms
64 bytes from 2606:4700:90:0:f22e:fbec:5bed:a9b9: seq=3 ttl=54 time=471.681 ms
64 bytes from 2606:4700:90:0:f22e:fbec:5bed:a9b9: seq=4 ttl=54 time=422.203 ms
64 bytes from 2606:4700:90:0:f22e:fbec:5bed:a9b9: seq=5 ttl=54 time=371.975 ms
^C
--- gitlab.com ping statistics ---
6 packets transmitted, 4 packets received, 33% packet loss
round-trip min/avg/max = 252.504/379.590/471.681 ms

9.pppoe server开机自启动
在/etc/rc.local中加入

killall pppoe-server
pppoe-server -k -T 60 -I br-lan -N 100 -C Myp -L 10.0.0.1 -R 10.0.0.2 -S ppp0 

创建/etc/ppp/ipv6-up脚本（pppoe拨号成功或会执行这个脚本），vi /etc/ppp/ipv6-up

#!/bin/sh
#配置ipv4路由规则，$1为pppoe生成的设备名，一般为ppp0
iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -j MASQUERADE
iptables -I FORWARD -i $1 -j ACCEPT
iptables -I FORWARD -o $1 -j ACCEPT

设置ipv6路由规则
ip6tables -t nat -A POSTROUTING -s dd8b:0:5e3::1/64 -j MASQUERADE  #dd8b:0:5e3::1/64为br-lan ipv6地址
ip6tables -I FORWARD -i $1 -j ACCEPT
ip6tables -I FORWARD -o $1 -j ACCEPT

#给ppp0设置ipv6地址，使用的是network.globals.ula_prefix作为前缀
ip -6 addr add `uci get network.globals.ula_prefix | sed 's/\/48//g'`5/64 dev $1
#将ppp0绑定到network与dhcp中的ppp0，用于向下级分配ip
ubus call network.interface.ppp0 add_device "{\"name\":\"$1\"}"