2023/3/31追記
RTX830(Rev.15.02.29)
NVR700W(Rev.15.00.24)
では、biglobeのipv6オプションに対応したようです。
http://www.rtpro.yamaha.co.jp/RT/docs/biglobe/index.html
biglobeでは下記2種類のIPv4 over IPv6サービスを提供している。
① JPNEがVNEのIPv4 over IPv6(v6プラス)
→biglobe以外でMAP-EによるIPv4 over IPv6サービスを提供しているプロバイダの大半が採用している。
biglobeでは、2017年7月まではv6プラスとしてサービス提供を行っていた。
この期間までに契約していた場合は多分継続して使用できる状態にあると思う。
② biglobeがVNEのIPv4 over IPv6(v6オプション)
→見た限りではbiglobeのみ朝日ネットもでした。プロバイダ自身がVNEとしてサービス提供を行っている。
2017年8月以降に新規契約したりすると、このv6オプションに切り替わる。
自分は今年に入って初めて光回線(戸建てタイプ)を契約したので、②に該当する。
RTX830では試した限りこの"v6オプション"での自動設定には対応していないようで、一向に通信確立してくれなかった。
→v6プラス対応機能
"日本ネットワークイネイブラー株式会社が提供する「v6プラス」を利用してインターネット接続をする機能を提供します。"
そりゃできないわけだ。意気揚々とRTX810から乗り換えたのに涙目。
biglobeに聞いても光電話のHGWか有料で貸与するHGWを使うように勧めてくるだけで、他社製ルータでの設定方法は一切サポートしない。
そこで手動設定する必要がある。
基本的には、v6プラス導入(NVR510): ネトゲー回想録を参考に設定すれば良い。
今回接続先がJPNEではなくbiglobeなので、IPIPトンネルの接続先BR IPv6アドレスが問題となる。
アドレスは教えていただいたのだが、ここに書いてあった。
東日本(東京)2001:260:700:1::1:275
西日本(大阪)2001:260:700:1::1:276
これを元にコンフィグを作る。
CE/MAP-E IPv4アドレスおよびポート範囲は、ipv4.web.fc2.com/map-e.htmlで計算すると楽。
あ~スッキリした。
大阪まで距離が結構あるのでそこがボトルネックとなっているのかスピードこそ100〜200Mbps程度しか出ないが、混雑時でも100Mbpsを切らないのでまぁ満足。
ちなみにbiglobeのBRは西日本(大阪)、東日本(東京)のみらしいので、v6オプションにするとホスト名がflh2-***-***-***-***.osk/tky.mesh.ad.jpに変わる。
こちらは西日本(愛知)なので大阪となる。
ちなみに上記掲示板のここにMAP-E用設定ファイルへのURLも書いてある。
https://api.enabler.ne.jp/6a4a89a8639b7546793041643f5da608/get_rules?callback=v6plus
ここにアクセスすると、BRアドレスとCEアドレス、トンネリングに使うv4アドレスと思しきリストが下記のようなjsファイルとして入手できる。
実際にRTX830で使用していたコンフィグを公開しておく。
PPPoE/IPoE(Tunnel10で定義)混在可能なコンフィグ。
default gatewayを負荷分散するようにすればPPPoEとIPoE両方とも使うようにはできる。
が、通信が安定しなかったのでやめた。
VPN(L2TP/IPsec)はPPPoEの回線を使用して接続するようにしている。
console lines infinity
ip route default gateway tunnel 10 gateway pp 1 filter 701 702 703 704
ipv6 routing on
ipv6 prefix 1 ra-prefix@lan2::/64
ip lan1 address 192.168.1.1/24
ip lan1 proxyarp on
ipv6 lan1 address ra-prefix@lan2::1/64
ipv6 lan1 rtadv send 1 o_flag=on
ipv6 lan1 dhcp service server
switch control use lan1 on terminal=on
description lan2 "biglobe FTTH IPoE"
ipv6 lan2 address [CE IPv6アドレス]/64
ipv6 lan2 mtu 1500
ipv6 lan2 secure filter in 101000 101001 101002
ipv6 lan2 secure filter out 101099 dynamic 101080 101081 101082 101083 101084 101085 101098 101099
ipv6 lan2 dhcp service client ir=on
pp select 1
description pp "biglobe FTTH PPPoE"
pp keepalive interval 30 retry-interval=30 count=12
pp always-on on
pppoe use lan2
pppoe auto disconnect off
pp auth accept pap chap
pp auth myname hogehoge@biglobe.ne.jp fugafuga
ppp lcp mru on 1454
ppp ipcp ipaddress on
ppp ipcp msext on
ppp ccp type none
ip pp mtu 1454
ip pp secure filter in 100 102 103 200030 200032 601 602 603 604 199
ip pp secure filter out 200013 102 103 200026 200027 198 dynamic 580 581 582 583 584 585 598 599
ip pp nat descriptor 1000
netvolante-dns hostname host pp server=1 aiueo.netvolante.jp
pp enable 1
pp select anonymous
pp bind tunnel1
pp auth request mschap-v2
pp auth username hogehoge fugafuga
ppp ipcp ipaddress on
ppp ipcp msext on
ppp ccp type none
ip pp remote address pool dhcp
ip pp mtu 1258
pp enable anonymous
tunnel select 1
tunnel encapsulation l2tp
ipsec tunnel 110
ipsec sa policy 110 1 esp aes-cbc sha-hmac
ipsec ike local address 1 192.168.1.1
ipsec ike nat-traversal 1 on
ipsec ike pre-shared-key 1 text fugafuga
ipsec ike remote address 1 any
l2tp tunnel disconnect time off
ip tunnel tcp mss limit auto
tunnel enable 1
tunnel select 10
tunnel encapsulation ipip
tunnel endpoint address [CE IPv6アドレス] [BR IPv6アドレス]
ip tunnel mtu 1460
ip tunnel nat descriptor 2000
tunnel enable 10
ip filter 100 reject 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 * * * *
ip filter 101 reject * 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 * * *
ip filter 102 reject * * tcp,udp * 135,netbios_ns-netbios_ssn,445
ip filter 103 reject * * tcp,udp 135,netbios_ns-netbios_ssn,445 *
ip filter 198 pass * * * * *
ip filter 199 reject * * * * *
ip filter 600 pass * 192.168.1.1 ah,esp
ip filter 601 pass * 192.168.1.1 esp * *
ip filter 602 pass * 192.168.1.1 udp * 500
ip filter 603 pass * 192.168.1.1 udp * 4500
ip filter 604 pass * 192.168.1.1 udp * 1701
ip filter 701 pass * * esp * *
ip filter 702 pass * * udp 500 *
ip filter 703 pass * * udp 4500 *
ip filter 704 pass * * udp 1701 *
ip filter 200026 restrict * * tcpfin * www,21,nntp
ip filter 200027 restrict * * tcprst * www,21,nntp
ip filter 200030 pass * 192.168.1.0/24 icmp * *
ip filter 200032 pass * 192.168.1.0/24 tcp * ident
ip filter dynamic 580 * * ftp
ip filter dynamic 581 * * domain
ip filter dynamic 582 * * www
ip filter dynamic 583 * * smtp
ip filter dynamic 584 * * pop3
ip filter dynamic 598 * * tcp
ip filter dynamic 585 * * submission
ip filter dynamic 599 * * udp
nat descriptor type 1000 masquerade
nat descriptor address outer 1000 ipcp
nat descriptor address inner 1000 auto
nat descriptor masquerade static 1000 1 192.168.1.1 udp 500
nat descriptor masquerade static 1000 2 192.168.1.1 esp
nat descriptor masquerade static 1000 3 192.168.1.1 udp 4500
nat descriptor masquerade static 1000 4 192.168.1.1 udp 1701
nat descriptor type 2000 masquerade
nat descriptor timer 2000 600
nat descriptor timer 2000 tcpfin 30
nat descriptor address outer 2000 [MAP-E IPv4アドレス]
nat descriptor address inner 2000 auto
nat descriptor masquerade port range 2000 [MAP-Eポート①] [MAP-Eポート②]...[MAP-Eポート⑮]
ipsec auto refresh on
ipsec transport 1 110 udp 1701
ipv6 filter 101000 pass * * icmp6 * *
ipv6 filter 101001 pass * * tcp * ident
ipv6 filter 101002 pass * * udp * 546
ipv6 filter 101099 pass * * * * *
ipv6 filter dynamic 101080 * * ftp
ipv6 filter dynamic 101081 * * domain
ipv6 filter dynamic 101082 * * www
ipv6 filter dynamic 101083 * * smtp
ipv6 filter dynamic 101084 * * pop3
ipv6 filter dynamic 101098 * * tcp
ipv6 filter dynamic 101085 * * submission
ipv6 filter dynamic 101099 * * udp
syslog notice on
syslog info on
syslog debug on
tftp host lan1
telnetd host lan1
dhcp service server
dhcp server rfc2131 compliant except remain-silent
dhcp scope 1 192.168.1.100-192.168.1.254/24
dns host lan1
dns service fallback on
dns server 1.1.1.1 8.8.8.8 1.0.0.1 8.1.1.8
dns server dhcp lan2
dns server select 500000 dhcp lan2 any .
dns server select 500001 pp 1 any . restrict pp 1
dns private address spoof on
dns notice order dhcp server
dns notice order msext server
schedule at 1 */* 04:30:00 * ntpdate ntp.nict.jp syslog
l2tp service on
httpd host lan1
operation http revision-up permit on
operation button function download http revision-up
sshd service on
sshd host lan1
sshd host key generate *
sftpd host lan1
external-memory syslog filename sd1:/syslog.log limit=1 backup=10
dashboard accumulate traffic on
dashboard accumulate nat on
sntpd service on
sntpd host lan1
biglobeでは下記2種類のIPv4 over IPv6サービスを提供している。
① JPNEがVNEのIPv4 over IPv6(v6プラス)
→biglobe以外でMAP-EによるIPv4 over IPv6サービスを提供しているプロバイダの大半が採用している。
biglobeでは、2017年7月まではv6プラスとしてサービス提供を行っていた。
この期間までに契約していた場合は多分継続して使用できる状態にあると思う。
② biglobeがVNEのIPv4 over IPv6(v6オプション)
→
2017年8月以降に新規契約したりすると、このv6オプションに切り替わる。
自分は今年に入って初めて光回線(戸建てタイプ)を契約したので、②に該当する。
RTX830では試した限りこの"v6オプション"での自動設定には対応していないようで、一向に通信確立してくれなかった。
→v6プラス対応機能
"日本ネットワークイネイブラー株式会社が提供する「v6プラス」を利用してインターネット接続をする機能を提供します。"
そりゃできないわけだ。意気揚々とRTX810から乗り換えたのに涙目。
biglobeに聞いても光電話のHGWか有料で貸与するHGWを使うように勧めてくるだけで、他社製ルータでの設定方法は一切サポートしない。
そこで手動設定する必要がある。
基本的には、v6プラス導入(NVR510): ネトゲー回想録を参考に設定すれば良い。
今回接続先がJPNEではなくbiglobeなので、IPIPトンネルの接続先BR IPv6アドレスが問題となる。
アドレスは教えていただいたのだが、ここに書いてあった。
東日本(東京)2001:260:700:1::1:275
西日本(大阪)2001:260:700:1::1:276
これを元にコンフィグを作る。
CE/MAP-E IPv4アドレスおよびポート範囲は、ipv4.web.fc2.com/map-e.htmlで計算すると楽。
RTX830でポリシールーティングを設定して特定IPアドレスのみPPPoE経由で接続、DHCPでアドレス設定時はIPoE経由するように変更した。んでスピテス。 pic.twitter.com/CKZQlIiQCo— ㅤ (@_0u) 2018年6月9日
あ~スッキリした。
大阪まで距離が結構あるのでそこがボトルネックとなっているのかスピードこそ100〜200Mbps程度しか出ないが、混雑時でも100Mbpsを切らないのでまぁ満足。
ちなみにbiglobeのBRは西日本(大阪)、東日本(東京)のみらしいので、v6オプションにするとホスト名がflh2-***-***-***-***.osk/tky.mesh.ad.jpに変わる。
こちらは西日本(愛知)なので大阪となる。
ちなみに上記掲示板のここにMAP-E用設定ファイルへのURLも書いてある。
https://api.enabler.ne.jp/6a4a89a8639b7546793041643f5da608/get_rules?callback=v6plus
ここにアクセスすると、BRアドレスとCEアドレス、トンネリングに使うv4アドレスと思しきリストが下記のようなjsファイルとして入手できる。
v6plus({"dmr":"2001:260:700:1::1:276","ipv6_fixlen":56,"id":"---------------id---------------" "fmr":[{"ipv6":"2404:7a80::/32","ipv4":"133.200.0.0/16","ea_length":24,"psid_offset":4} {ipv6":"2404:7a81::/32","ipv4":"133.201.0.0/16","ea_length":24,"psid_offset":4} {ipv6":"2404:7a82::/37","ipv4":"125.196.208.0/21","ea_length":19,"psid_offset":4} {ipv6":"2404:7a82:800::/38","ipv4":"125.198.140.0/22","ea_length":18,"psid_offset":4} {ipv6":"2404:7a82:c00::/38","ipv4":"125.198.144.0/22","ea_length":18,"psid_offset":4} {ipv6":"2404:7a82:1000::/38","ipv4":"125.198.212.0/22","ea_length":18,"psid_offset":4} {ipv6":"2404:7a82:1400::/38","ipv4":"125.198.244.0/22","ea_length":18,"psid_offset":4} {ipv6":"2404:7a82:1800::/38","ipv4":"122.131.104.0/22","ea_length":18,"psid_offset":4} {ipv6":"2404:7a82:1c00::/38","ipv4":"125.195.20.0/22","ea_length":18,"psid_offset":4} {ipv6":"2404:7a82:2000::/35","ipv4":"133.203.160.0/19","ea_length":21,"psid_offset":4} {ipv6":"2404:7a82:4000::/35","ipv4":"133.209.0.0/19","ea_length":21,"psid_offset":4} {ipv6":"2404:7a82:6000::/35","ipv4":"133.204.192.0/19","ea_length":21,"psid_offset":4} {ipv6":"2404:7a82:8000::/35","ipv4":"133.203.224.0/19","ea_length":21,"psid_offset":4} {ipv6":"2404:7a82:a000::/36","ipv4":"125.194.192.0/20","ea_length":20,"psid_offset":4} {ipv6":"2404:7a82:b000::/36","ipv4":"119.239.128.0/20","ea_length":20,"psid_offset":4} {ipv6":"2404:7a82:c000::/36","ipv4":"125.194.32.0/20","ea_length":20,"psid_offset":4} {ipv6":"2404:7a82:d000::/37","ipv4":"125.195.24.0/21","ea_length":19,"psid_offset":4} {ipv6":"2404:7a82:d800::/37","ipv4":"122.130.192.0/21","ea_length":19,"psid_offset":4} {ipv6":"2404:7a82:e000::/37","ipv4":"122.135.64.0/21","ea_length":19,"psid_offset":4} {ipv6":"2404:7a82:e800::/37","ipv4":"125.192.240.0/21","ea_length":19,"psid_offset":4} {ipv6":"2404:7a82:f000::/37","ipv4":"125.193.176.0/21","ea_length":19,"psid_offset":4} {ipv6":"2404:7a82:f800::/37","ipv4":"122.130.176.0/21","ea_length":19,"psid_offset":4} {ipv6":"2404:7a83::/37","ipv4":"122.131.24.0/21","ea_length":19,"psid_offset":4} {ipv6":"2404:7a83:800::/37","ipv4":"122.131.32.0/21","ea_length":19,"psid_offset":4} {ipv6":"2404:7a83:1000::/37","ipv4":"119.243.112.0/21","ea_length":19,"psid_offset":4} {ipv6":"2404:7a83:1800::/37","ipv4":"219.107.136.0/21","ea_length":19,"psid_offset":4} {ipv6":"2404:7a83:2000::/37","ipv4":"220.144.224.0/21","ea_length":19,"psid_offset":4} {ipv6":"2404:7a83:2800::/37","ipv4":"125.194.64.0/21","ea_length":19,"psid_offset":4} {ipv6":"2404:7a83:3000::/37","ipv4":"221.171.40.0/21","ea_length":19,"psid_offset":4} {ipv6":"2404:7a83:3800::/37","ipv4":"110.233.80.0/21","ea_length":19,"psid_offset":4} {ipv6":"2404:7a83:4000::/37","ipv4":"119.241.184.0/21","ea_length":19,"psid_offset":4} {ipv6":"2404:7a83:4800::/37","ipv4":"119.243.56.0/21","ea_length":19,"psid_offset":4} {ipv6":"2404:7a83:5000::/37","ipv4":"125.199.8.0/21","ea_length":19,"psid_offset":4} {ipv6":"2404:7a83:5800::/37","ipv4":"125.196.96.0/21","ea_length":19,"psid_offset":4} {ipv6":"2404:7a83:6000::/37","ipv4":"122.130.104.0/21","ea_length":19,"psid_offset":4} {ipv6":"2404:7a83:6800::/37","ipv4":"122.130.112.0/21","ea_length":19,"psid_offset":4} {ipv6":"2404:7a83:7000::/37","ipv4":"49.129.152.0/21","ea_length":19,"psid_offset":4} {ipv6":"2404:7a83:7800::/37","ipv4":"49.129.192.0/21","ea_length":19,"psid_offset":4} {ipv6":"2404:7a83:8000::/37","ipv4":"49.129.120.0/21","ea_length":19,"psid_offset":4} {ipv6":"2404:7a83:8800::/37","ipv4":"221.170.40.0/21","ea_length":19,"psid_offset":4} {ipv6":"2404:7a83:9000::/38","ipv4":"60.239.108.0/22","ea_length":18,"psid_offset":4} {ipv6":"2404:7a83:9400::/38","ipv4":"60.236.24.0/22","ea_length":18,"psid_offset":4} {ipv6":"2404:7a83:9800::/38","ipv4":"122.130.120.0/22","ea_length":18,"psid_offset":4} {ipv6":"2404:7a83:9c00::/38","ipv4":"60.236.84.0/22","ea_length":18,"psid_offset":4} {ipv6":"2404:7a83:a000::/38","ipv4":"60.239.180.0/22","ea_length":18,"psid_offset":4} {ipv6":"2404:7a83:a400::/38","ipv4":"60.239.184.0/22","ea_length":18,"psid_offset":4} {ipv6":"2404:7a83:a800::/38","ipv4":"118.110.136.0/22","ea_length":18,"psid_offset":4} {ipv6":"2404:7a83:ac00::/38","ipv4":"119.242.136.0/22","ea_length":18,"psid_offset":4} {ipv6":"2404:7a83:b000::/38","ipv4":"60.238.188.0/22","ea_length":18,"psid_offset":4} {ipv6":"2404:7a83:b400::/38","ipv4":"60.238.204.0/22","ea_length":18,"psid_offset":4} {ipv6":"2404:7a83:b800::/38","ipv4":"122.134.52.0/22","ea_length":18,"psid_offset":4} {ipv6":"2404:7a83:bc00::/38","ipv4":"119.244.60.0/22","ea_length":18,"psid_offset":4} {ipv6":"2404:7a83:c000::/38","ipv4":"119.243.100.0/22","ea_length":18,"psid_offset":4} {ipv6":"2404:7a83:c400::/38","ipv4":"221.170.236.0/22","ea_length":18,"psid_offset":4} {ipv6":"2404:7a83:c800::/38","ipv4":"221.171.48.0/22","ea_length":18,"psid_offset":4} {ipv6":"2404:7a83:cc00::/38","ipv4":"60.238.36.0/22","ea_length":18,"psid_offset":4} {ipv6":"2404:7a83:d000::/38","ipv4":"125.195.236.0/22","ea_length":18,"psid_offset":4} {ipv6":"2404:7a83:d400::/38","ipv4":"60.236.20.0/22","ea_length":18,"psid_offset":4} {ipv6":"2404:7a83:d800::/38","ipv4":"118.108.76.0/22","ea_length":18,"psid_offset":4} {ipv6":"2404:7a83:dc00::/38","ipv4":"118.110.108.0/22","ea_length":18,"psid_offset":4} {ipv6":"2404:7a83:e000::/38","ipv4":"118.110.112.0/22","ea_length":18,"psid_offset":4} {ipv6":"2404:7a83:e400::/38","ipv4":"118.111.88.0/22","ea_length":18,"psid_offset":4} {ipv6":"2404:7a83:e800::/38","ipv4":"118.111.228.0/22","ea_length":18,"psid_offset":4} {ipv6":"2404:7a83:ec00::/38","ipv4":"118.111.236.0/22","ea_length":18,"psid_offset":4} {ipv6":"2404:7a83:f000::/38","ipv4":"119.241.148.0/22","ea_length":18,"psid_offset":4} {ipv6":"2404:7a83:f400::/38","ipv4":"119.242.124.0/22","ea_length":18,"psid_offset":4} {ipv6":"2404:7a83:f800::/38","ipv4":"125.194.28.0/22","ea_length":18,"psid_offset":4} {ipv6":"2404:7a83:fc00::/38","ipv4":"125.194.96.0/22","ea_length":18,"psid_offset":4} {ipv6":"2404:7a84::/32","ipv4":"133.206.0.0/16","ea_length":24,"psid_offset":4} {ipv6":"2404:7a85::/32","ipv4":"133.207.0.0/16","ea_length":24,"psid_offset":4} {ipv6":"2404:7a86::/34","ipv4":"133.204.128.0/18","ea_length":22,"psid_offset":4} {ipv6":"2404:7a86:4000::/35","ipv4":"133.203.192.0/19","ea_length":21,"psid_offset":4} {ipv6":"2404:7a86:6000::/35","ipv4":"133.204.0.0/19","ea_length":21,"psid_offset":4} {ipv6":"2404:7a86:8000::/35","ipv4":"133.204.64.0/19","ea_length":21,"psid_offset":4} {ipv6":"2404:7a86:a000::/36","ipv4":"221.171.112.0/20","ea_length":20,"psid_offset":4} {ipv6":"2404:7a86:b000::/38","ipv4":"125.195.184.0/22","ea_length":18,"psid_offset":4} {ipv6":"2404:7a86:b400::/38","ipv4":"125.196.216.0/22","ea_length":18,"psid_offset":4} {ipv6":"2404:7a86:b800::/38","ipv4":"221.171.108.0/22","ea_length":18,"psid_offset":4} {ipv6":"2404:7a86:bc00::/38","ipv4":"219.107.152.0/22","ea_length":18,"psid_offset":4} {ipv6":"2404:7a86:c000::/36","ipv4":"60.239.128.0/20","ea_length":20,"psid_offset":4} {ipv6":"2404:7a86:d000::/36","ipv4":"118.110.80.0/20","ea_length":20,"psid_offset":4} {ipv6":"2404:7a86:e000::/36","ipv4":"125.194.176.0/20","ea_length":20,"psid_offset":4} {ipv6":"2404:7a86:f000::/36","ipv4":"60.239.112.0/20","ea_length":20,"psid_offset":4} {ipv6":"2404:7a87::/37","ipv4":"125.195.56.0/21","ea_length":19,"psid_offset":4} {ipv6":"2404:7a87:800::/37","ipv4":"125.196.32.0/21","ea_length":19,"psid_offset":4} {ipv6":"2404:7a87:1000::/37","ipv4":"118.108.80.0/21","ea_length":19,"psid_offset":4} {ipv6":"2404:7a87:1800::/37","ipv4":"118.111.80.0/21","ea_length":19,"psid_offset":4} {ipv6":"2404:7a87:2000::/37","ipv4":"218.227.176.0/21","ea_length":19,"psid_offset":4} {ipv6":"2404:7a87:2800::/37","ipv4":"60.239.208.0/21","ea_length":19,"psid_offset":4} {ipv6":"2404:7a87:3000::/37","ipv4":"118.109.56.0/21","ea_length":19,"psid_offset":4} {ipv6":"2404:7a87:3800::/37","ipv4":"122.131.88.0/21","ea_length":19,"psid_offset":4} {ipv6":"2404:7a87:4000::/37","ipv4":"122.131.96.0/21","ea_length":19,"psid_offset":4} {ipv6":"2404:7a87:4800::/37","ipv4":"122.130.48.0/21","ea_length":19,"psid_offset":4} {ipv6":"2404:7a87:5000::/37","ipv4":"125.198.224.0/21","ea_length":19,"psid_offset":4} {ipv6":"2404:7a87:5800::/37","ipv4":"119.243.104.0/21","ea_length":19,"psid_offset":4} {ipv6":"2404:7a87:6000::/37","ipv4":"118.109.152.0/21","ea_length":19,"psid_offset":4} {ipv6":"2404:7a87:6800::/37","ipv4":"118.111.104.0/21","ea_length":19,"psid_offset":4} {ipv6":"2404:7a87:7000::/37","ipv4":"119.239.48.0/21","ea_length":19,"psid_offset":4} {ipv6":"2404:7a87:7800::/37","ipv4":"122.130.16.0/21","ea_length":19,"psid_offset":4} {ipv6":"2404:7a87:8000::/37","ipv4":"125.196.128.0/21","ea_length":19,"psid_offset":4} {ipv6":"2404:7a87:8800::/37","ipv4":"122.131.48.0/21","ea_length":19,"psid_offset":4} {ipv6":"2404:7a87:9000::/37","ipv4":"122.134.104.0/21","ea_length":19,"psid_offset":4} {ipv6":"2404:7a87:9800::/37","ipv4":"60.238.208.0/21","ea_length":19,"psid_offset":4} {ipv6":"2404:7a87:a000::/37","ipv4":"220.144.192.0/21","ea_length":19,"psid_offset":4} {ipv6":"2404:7a87:a800::/38","ipv4":"110.233.48.0/22","ea_length":18,"psid_offset":4} {ipv6":"2404:7a87:ac00::/38","ipv4":"122.131.84.0/22","ea_length":18,"psid_offset":4} {ipv6":"2404:7a87:b000::/38","ipv4":"111.169.152.0/22","ea_length":18,"psid_offset":4} {ipv6":"2404:7a87:b400::/38","ipv4":"119.241.132.0/22","ea_length":18,"psid_offset":4} {ipv6":"2404:7a87:b800::/38","ipv4":"119.241.136.0/22","ea_length":18,"psid_offset":4} {ipv6":"2404:7a87:bc00::/38","ipv4":"119.244.68.0/22","ea_length":18,"psid_offset":4} {ipv6":"2404:7a87:c000::/38","ipv4":"60.236.92.0/22","ea_length":18,"psid_offset":4} {ipv6":"2404:7a87:c400::/38","ipv4":"60.237.108.0/22","ea_length":18,"psid_offst":4} {ipv6":"2404:7a87:c800::/38","ipv4":"60.238.12.0/22","ea_length":18,"psid_offset":4} {ipv6":"2404:7a87:cc00::/38","ipv4":"60.238.44.0/22","ea_length":18,"psid_offset":4} {ipv6":"2404:7a87:d000::/38","ipv4":"60.238.216.0/22","ea_length":18,"psid_offset":4} {ipv6":"2404:7a87:d400::/38","ipv4":"60.238.232.0/22","ea_length":18,"psid_offset":4} {ipv6":"2404:7a87:d800::/38","ipv4":"49.129.72.0/22","ea_length":18,"psid_offset":4} {ipv6":"2404:7a87:dc00::/38","ipv4":"110.233.4.0/22","ea_length":18,"psid_offset":4} {ipv6":"2404:7a87:e000::/38","ipv4":"110.233.192.0/22","ea_length":18,"psid_offset":4} {ipv6":"2404:7a87:e400::/38","ipv4":"119.243.20.0/22","ea_length":18,"psid_offset":4} {ipv6":"2404:7a87:e800::/38","ipv4":"119.243.24.0/22","ea_length":18,"psid_offset":4} {ipv6":"2404:7a87:ec00::/38","ipv4":"125.193.4.0/22","ea_length":18,"psid_offset":4} {ipv6":"2404:7a87:f000::/38","ipv4":"125.193.148.0/22","ea_length":18,"psid_offset":4} {ipv6":"2404:7a87:f400::/38","ipv4":"118.110.76.0/22","ea_length":18,"psid_offset":4} {ipv6":"2404:7a87:f800::/38","ipv4":"118.110.96.0/22","ea_length":18,"psid_offset":4} {ipv6":"2404:7a87:fc00::/38","ipv4":"125.193.152.0/22","ea_length":18,"psid_offset":4}]})
実際にRTX830で使用していたコンフィグを公開しておく。
PPPoE/IPoE(Tunnel10で定義)混在可能なコンフィグ。
default gatewayを負荷分散するようにすればPPPoEとIPoE両方とも使うようにはできる。
が、通信が安定しなかったのでやめた。
VPN(L2TP/IPsec)はPPPoEの回線を使用して接続するようにしている。
console lines infinity
ip route default gateway tunnel 10 gateway pp 1 filter 701 702 703 704
ipv6 routing on
ipv6 prefix 1 ra-prefix@lan2::/64
ip lan1 address 192.168.1.1/24
ip lan1 proxyarp on
ipv6 lan1 address ra-prefix@lan2::1/64
ipv6 lan1 rtadv send 1 o_flag=on
ipv6 lan1 dhcp service server
switch control use lan1 on terminal=on
description lan2 "biglobe FTTH IPoE"
ipv6 lan2 address [CE IPv6アドレス]/64
ipv6 lan2 mtu 1500
ipv6 lan2 secure filter in 101000 101001 101002
ipv6 lan2 secure filter out 101099 dynamic 101080 101081 101082 101083 101084 101085 101098 101099
ipv6 lan2 dhcp service client ir=on
pp select 1
description pp "biglobe FTTH PPPoE"
pp keepalive interval 30 retry-interval=30 count=12
pp always-on on
pppoe use lan2
pppoe auto disconnect off
pp auth accept pap chap
pp auth myname hogehoge@biglobe.ne.jp fugafuga
ppp lcp mru on 1454
ppp ipcp ipaddress on
ppp ipcp msext on
ppp ccp type none
ip pp mtu 1454
ip pp secure filter in 100 102 103 200030 200032 601 602 603 604 199
ip pp secure filter out 200013 102 103 200026 200027 198 dynamic 580 581 582 583 584 585 598 599
ip pp nat descriptor 1000
netvolante-dns hostname host pp server=1 aiueo.netvolante.jp
pp enable 1
pp select anonymous
pp bind tunnel1
pp auth request mschap-v2
pp auth username hogehoge fugafuga
ppp ipcp ipaddress on
ppp ipcp msext on
ppp ccp type none
ip pp remote address pool dhcp
ip pp mtu 1258
pp enable anonymous
tunnel select 1
tunnel encapsulation l2tp
ipsec tunnel 110
ipsec sa policy 110 1 esp aes-cbc sha-hmac
ipsec ike local address 1 192.168.1.1
ipsec ike nat-traversal 1 on
ipsec ike pre-shared-key 1 text fugafuga
ipsec ike remote address 1 any
l2tp tunnel disconnect time off
ip tunnel tcp mss limit auto
tunnel enable 1
tunnel select 10
tunnel encapsulation ipip
tunnel endpoint address [CE IPv6アドレス] [BR IPv6アドレス]
ip tunnel mtu 1460
ip tunnel nat descriptor 2000
tunnel enable 10
ip filter 100 reject 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 * * * *
ip filter 101 reject * 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 * * *
ip filter 102 reject * * tcp,udp * 135,netbios_ns-netbios_ssn,445
ip filter 103 reject * * tcp,udp 135,netbios_ns-netbios_ssn,445 *
ip filter 198 pass * * * * *
ip filter 199 reject * * * * *
ip filter 600 pass * 192.168.1.1 ah,esp
ip filter 601 pass * 192.168.1.1 esp * *
ip filter 602 pass * 192.168.1.1 udp * 500
ip filter 603 pass * 192.168.1.1 udp * 4500
ip filter 604 pass * 192.168.1.1 udp * 1701
ip filter 701 pass * * esp * *
ip filter 702 pass * * udp 500 *
ip filter 703 pass * * udp 4500 *
ip filter 704 pass * * udp 1701 *
ip filter 200026 restrict * * tcpfin * www,21,nntp
ip filter 200027 restrict * * tcprst * www,21,nntp
ip filter 200030 pass * 192.168.1.0/24 icmp * *
ip filter 200032 pass * 192.168.1.0/24 tcp * ident
ip filter dynamic 580 * * ftp
ip filter dynamic 581 * * domain
ip filter dynamic 582 * * www
ip filter dynamic 583 * * smtp
ip filter dynamic 584 * * pop3
ip filter dynamic 598 * * tcp
ip filter dynamic 585 * * submission
ip filter dynamic 599 * * udp
nat descriptor type 1000 masquerade
nat descriptor address outer 1000 ipcp
nat descriptor address inner 1000 auto
nat descriptor masquerade static 1000 1 192.168.1.1 udp 500
nat descriptor masquerade static 1000 2 192.168.1.1 esp
nat descriptor masquerade static 1000 3 192.168.1.1 udp 4500
nat descriptor masquerade static 1000 4 192.168.1.1 udp 1701
nat descriptor type 2000 masquerade
nat descriptor timer 2000 600
nat descriptor timer 2000 tcpfin 30
nat descriptor address outer 2000 [MAP-E IPv4アドレス]
nat descriptor address inner 2000 auto
nat descriptor masquerade port range 2000 [MAP-Eポート①] [MAP-Eポート②]...[MAP-Eポート⑮]
ipsec auto refresh on
ipsec transport 1 110 udp 1701
ipv6 filter 101000 pass * * icmp6 * *
ipv6 filter 101001 pass * * tcp * ident
ipv6 filter 101002 pass * * udp * 546
ipv6 filter 101099 pass * * * * *
ipv6 filter dynamic 101080 * * ftp
ipv6 filter dynamic 101081 * * domain
ipv6 filter dynamic 101082 * * www
ipv6 filter dynamic 101083 * * smtp
ipv6 filter dynamic 101084 * * pop3
ipv6 filter dynamic 101098 * * tcp
ipv6 filter dynamic 101085 * * submission
ipv6 filter dynamic 101099 * * udp
syslog notice on
syslog info on
syslog debug on
tftp host lan1
telnetd host lan1
dhcp service server
dhcp server rfc2131 compliant except remain-silent
dhcp scope 1 192.168.1.100-192.168.1.254/24
dns host lan1
dns service fallback on
dns server 1.1.1.1 8.8.8.8 1.0.0.1 8.1.1.8
dns server dhcp lan2
dns server select 500000 dhcp lan2 any .
dns server select 500001 pp 1 any . restrict pp 1
dns private address spoof on
dns notice order dhcp server
dns notice order msext server
schedule at 1 */* 04:30:00 * ntpdate ntp.nict.jp syslog
l2tp service on
httpd host lan1
operation http revision-up permit on
operation button function download http revision-up
sshd service on
sshd host lan1
sshd host key generate *
sftpd host lan1
external-memory syslog filename sd1:/syslog.log limit=1 backup=10
dashboard accumulate traffic on
dashboard accumulate nat on
sntpd service on
sntpd host lan1