Auteur Sujet: TUTO - Remplacer sa Livebox par routeur Ubiquiti + LIVEBOX (PARTIE 2 IPV6) (Lu 30697 fois)

hj67 · « **Réponse #72 le:** 09 septembre 2018 à 10:03:07 »

Le "patch de zoc pour la cos6" est disponible quelque part ? (pour pouvoir l'appliquer sur les sources de Dibbler et le compiler pour autre architecture)
Merci d'avance

mirtouf · « **Réponse #73 le:** 09 septembre 2018 à 10:06:54 »

C'est celui-ci:

Code: [Sélectionner]

--- a/Port-linux/lowlevel-linux.c
+++ b/Port-linux/lowlevel-linux.c
@@ -492,6 +492,9 @@ int sock_add(char * ifacename,int ifacei
 	sprintf(Message, "socket creation failed. Is IPv6 protocol supported by kernel?");
 	return LOWLEVEL_ERROR_UNSPEC;
     }	
+
+        int val=6;
+        setsockopt(Insock, SOL_SOCKET, SO_PRIORITY, &val, sizeof(val));
 	
     /* Set the options  to receivce ipv6 traffic */
     if (setsockopt(Insock, IPPROTO_IPV6, IPV6_RECVPKTINFO, &on, sizeof(on)) < 0) {
--- a/Port-linux/libnetlink.c
+++ b/Port-linux/libnetlink.c
@@ -45,6 +45,9 @@ int rtnl_open_byproto(struct rtnl_handle
 		return -1;
 	}
 
+	int val=6;
+	setsockopt(rth->fd, SOL_SOCKET, SO_PRIORITY, &val, sizeof(val));
+
 	if (setsockopt(rth->fd,SOL_SOCKET,SO_SNDBUF,&sndbuf,sizeof(sndbuf)) < 0) {
 		perror("SO_SNDBUF");
 		return -1;
--- a/Port-linux/lowlevel-linux-link-state.c
+++ b/Port-linux/lowlevel-linux-link-state.c
@@ -218,6 +218,9 @@ int report_link_state(const char* iface)
 	return -1;
     }
 
+        int val=6;
+        setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &val, sizeof(val));
+
     /* here just to make it more convenient for testing:if we define DEBUG,so a plugin-out and plugin-in event
      * will be detected if we do "ifconfig interface-name down" and ifconfig interface-name up".Otherwise,
      * if we do not define DEBUG, a plugin-in and plugin-out event can only be detected when the local link

mirtouf · « **Réponse #74 le:** 09 septembre 2018 à 18:52:33 »

Mon ER-X est connecté soit au MC220L soit au switch GS108Tv2
Bon ben je galère à déterminer l'erreur (j'ai censuré):

Code: [Sélectionner]

sudo dibbler-client run
| Dibbler - a portable DHCPv6, version 1.0.1 (CLIENT, Linux port)
| Authors : Tomasz Mrugalski<thomson(at)klub.com.pl>,Marek Senderski<msend(at)o2.pl>
| Licence : GNU GPL v2 only. Developed at Gdansk University of Technology.
| Homepage: http://klub.com.pl/dhcpv6/
2018.09.09 18:40:45 Client Notice    My pid (2876) is stored in /var/lib/dibbler/client.pid
2018.09.09 18:40:45 Client Notice    Detected iface eth0.832/10, MAC=78:8a:20:.
2018.09.09 18:40:45 Client Notice    Detected iface eth0.840/9, MAC=78:8a:20:.
2018.09.09 18:40:45 Client Notice    Detected iface eth4/8, MAC=78:8a:20:.
2018.09.09 18:40:45 Client Notice    Detected iface eth3/7, MAC=78:8a:20:.
2018.09.09 18:40:45 Client Notice    Detected iface eth2/6, MAC=78:8a:20:.
2018.09.09 18:40:45 Client Notice    Detected iface eth1/5, MAC=78:8a:20:.
2018.09.09 18:40:45 Client Notice    Detected iface eth0/4, MAC=78:8a:20:.
2018.09.09 18:40:45 Client Notice    Detected iface imq0/3, MAC=.
2018.09.09 18:40:45 Client Notice    Detected iface switch0/2, MAC=78:8a:20:.
2018.09.09 18:40:45 Client Notice    Detected iface lo/1, MAC=00:00:00:00:00:00.
2018.09.09 18:40:45 Client Notice    Parsing /etc/dibbler/client.conf config file...
2018.09.09 18:40:45 Client Debug     PD: Following interfaces marked as downlink: none
2018.09.09 18:40:45 Client Debug     Prefix delegation option (no parameters) found.
2018.09.09 18:40:45 Client Debug     Will send option 16 (hex data, len11)
2018.09.09 18:40:45 Client Debug     Will send option 15 (hex data, len45)
2018.09.09 18:40:45 Client Debug     Will send option 11 (hex data, len22)
2018.09.09 18:40:45 Client Debug     Will send option 11 (hex data, len22)
2018.09.09 18:40:45 Client Debug     Parsing /etc/dibbler/client.conf done, result=0(success)
2018.09.09 18:40:45 Client Debug     1 interface(s) specified in /etc/dibbler/client.conf
2018.09.09 18:40:45 Client Info      Interface eth0.832/10 configuration has been loaded.
2018.09.09 18:40:45 Client Debug     DUID's value = 00:01:00:01:23:27:fe:e7:78: was loaded from client-duid file.
2018.09.09 18:40:45 Client Info      My DUID is 00:01:00:01:23:27:fe:e7:78:8a:.
2018.09.09 18:40:45 Client Info      Loading old address database (client-AddrMgr.xml), using built-in routines.
2018.09.09 18:40:45 Client Info      DB timestamp:1536511241, now()=1536511245, db is 4 second(s) old.
2018.09.09 18:40:45 Client Debug     Auth: Replay detection value loaded 0
2018.09.09 18:40:45 Client Info      All client's 00:01:00:01:23:27:fe:e7:78:8a: leases are not valid.
2018.09.09 18:40:45 Client Debug     Bind reuse enabled (multiple instances allowed).
2018.09.09 18:40:45 Client Notice    Creating control (::) socket on the lo/1 interface.
2018.09.09 18:40:45 Client Notice    Creating socket (addr=fe80::7a8a:20ff:) on eth0.832/10 interface.
2018.09.09 18:40:45 Client Debug     Initialising link-state detection for interfaces: eth0.832/10 
2018.09.09 18:40:45 Client Notice    CONFIRM support compiled in.
2018.09.09 18:40:45 Client Info      Creating SOLICIT message with 0 IA(s), no TA and 1 PD(s) on eth0.832/10 interface.
2018.09.09 18:40:45 Client Error     AUTH: protocol 6529048 not supported yet.
2018.09.09 18:40:45 Client Debug     Sending SOLICIT(opts:1 25 8 16 15 11 11 6 ) on eth0.832/10 to multicast.
2018.09.09 18:40:45 Client Debug     Sleeping for 1 second(s).
2018.09.09 18:40:46 Client Info      Processing msg (SOLICIT,transID=0x6359e9,opts: 1 25 8 16 15 11 11 6)
2018.09.09 18:40:46 Client Error     AUTH: protocol 6529048 not supported yet.
2018.09.09 18:40:46 Client Debug     Sending SOLICIT(opts:1 25 8 16 15 11 11 6 ) on eth0.832/10 to multicast.
2018.09.09 18:40:46 Client Debug     Sleeping for 2 second(s).
2018.09.09 18:40:48 Client Info      Processing msg (SOLICIT,transID=0x6359e9,opts: 1 25 8 16 15 11 11 6)
2018.09.09 18:40:48 Client Error     AUTH: protocol 6529048 not supported yet.
2018.09.09 18:40:48 Client Debug     Sending SOLICIT(opts:1 25 8 16 15 11 11 6 ) on eth0.832/10 to multicast.
2018.09.09 18:40:48 Client Debug     Sleeping for 4 second(s).
2018.09.09 18:40:52 Client Info      Processing msg (SOLICIT,transID=0x6359e9,opts: 1 25 8 16 15 11 11 6)
2018.09.09 18:40:52 Client Error     AUTH: protocol 6529048 not supported yet.
2018.09.09 18:40:52 Client Debug     Sending SOLICIT(opts:1 25 8 16 15 11 11 6 ) on eth0.832/10 to multicast.
2018.09.09 18:40:52 Client Debug     Sleeping for 8 second(s).
2018.09.09 18:41:00 Client Info      Processing msg (SOLICIT,transID=0x6359e9,opts: 1 25 8 16 15 11 11 6)
2018.09.09 18:41:00 Client Error     AUTH: protocol 6529048 not supported yet.
2018.09.09 18:41:00 Client Debug     Sending SOLICIT(opts:1 25 8 16 15 11 11 6 ) on eth0.832/10 to multicast.
2018.09.09 18:41:00 Client Debug     Sleeping for 16 second(s).
2018.09.09 18:41:16 Client Info      Processing msg (SOLICIT,transID=0x6359e9,opts: 1 25 8 16 15 11 11 6)
2018.09.09 18:41:16 Client Error     AUTH: protocol 6529048 not supported yet.
2018.09.09 18:41:16 Client Debug     Sending SOLICIT(opts:1 25 8 16 15 11 11 6 ) on eth0.832/10 to multicast.
2018.09.09 18:41:16 Client Debug     Sleeping for 32 second(s).

Code: [Sélectionner]

cat /etc/dibbler/radvd.sh
#!/bin/bash

if [ "$SRV_MESSAGE" != "REPLY" ]
then
                exit 1
fi

function fullPrefix () {
  local input=$1
  local o=""
  local z=""
                                   
  input=$(tr 'A-F' 'a-f' <<< $input )
                               
  while [ "$o" != "$input" ]; do
    o="$input"
                                                                 
    input="$( sed  's|:\([0-9a-f]\{3\}\):|:0\1:|g'  <<< "$input" )"
    input="$( sed  's|:\([0-9a-f]\{3\}\)$|:0\1|g'   <<< "$input" )"
    input="$( sed  's|^\([0-9a-f]\{3\}\):|0\1:|g'   <<< "$input" )"
                                                                 
    input="$( sed  's|:\([0-9a-f]\{2\}\):|:00\1:|g' <<< "$input" )"
    input="$( sed  's|:\([0-9a-f]\{2\}\)$|:00\1|g'  <<< "$input" )"
    input="$( sed  's|^\([0-9a-f]\{2\}\):|00\1:|g'  <<< "$input" )"
                                                               
    input="$( sed  's|:\([0-9a-f]\):|:000\1:|g'     <<< "$input" )"
    input="$( sed  's|:\([0-9a-f]\)$|:000\1|g'      <<< "$input" )"
    input="$( sed  's|^\([0-9a-f]\):|000\1:|g'      <<< "$input" )"
  done
                           
  grep -qs "::" <<< "$input"
  if [ "$?" -eq 0 ]; then                             
    GRPS="$( sed  's|[0-9a-f]||g' <<< "$input" | wc -m )"
    ((GRPS--)) # carriage return
    ((MISSING=8-GRPS))           
    for ((i=0;i<$MISSING;i++)); do
      z="$z:0000"
    done
                                                               
    input="$( sed  's|\(.\)::\(.\)|\1'$z':\2|g'          <<< "$input" )"
    input="$( sed  's|\(.\)::$|\1'$z':0000|g'            <<< "$input" )"         
    input="$( sed  's|^::\(.\)|'$z':0000:\1|g;s|^:||g'   <<< "$input" )"
  fi           
  echo "$input"
}

SWITCH0_SUFFIX="01::1"

STATUS_FILE=/run/dibbler.lease

if [ -f "$STATUS_FILE" ];
then
                source $STATUS_FILE
fi

TRIM_SIZE=17
FULLPREFIX=$( fullPrefix $PREFIX1 )
PREFIX1=${FULLPREFIX:0:TRIM_SIZE}

if [ "$PREFIX1" != "$CURRENT_PREFIX1" ]
then
                if [ "$CURRENT_PREFIX1" != "" ]
                then
                               ip addr delete "$CURRENT_PREFIX1$SWITCH0_SUFFIX/64" dev switch0
                fi

                echo "CURRENT_PREFIX1=$PREFIX1" > $STATUS_FILE

                ip addr add "$PREFIX1$SWITCH0_SUFFIX/64" dev switch0
                service radvd restart >/dev/null 2>&1
fi

Code: [Sélectionner]

cat /etc/dibbler/client.conf
# Defaults for dibbler-client.
# installed at /etc/dibbler/client.conf by the maintainer scripts

# 8 (Debug) is most verbose. 7 (Info) is usually the best option
log-level 8

duid-type duid-ll
# To perform stateless (i.e. options only) configuration, uncomment
# this line below and remove any "ia" keywords from interface definitions
# stateless


downlink-prefix-ifaces "none"
script "/etc/dibbler/radvd.sh"

iface eth0.832 {
    pd
    option 16 hex 00:00:04:0e:00:05:73:61:67:65:6d
    option 15 hex 00:2b:46:53:56:44:53:4c:5f:6c:69:76:65:62:6f:78:2e:49:6e:74:65:72:6e:65:74:2e:73:6f:66:74:61:74:68:6f:6d:65:2e:6c:69:76:65:62:6f:78:34
    option 11 hex 00:00:00:00:00:00:00:00:00:00:00:66:74:69:2f:74:63:32:66:67:65:32
    option 11 hex 00:00:00:00:00:00:00:00:00:00:00:66:74:69:2f:74:63:32:66:67:65:32
    option dns-server
}

../..

mirtouf · « **Réponse #75 le:** 09 septembre 2018 à 18:53:01 »

Le routeur est configuré de cette façon:

Code: [Sélectionner]

set firewall all-ping enable
set firewall broadcast-ping disable
set firewall ipv6-name WANv6_IN default-action drop
set firewall ipv6-name WANv6_IN description 'WANv6 inbound traffic forwarded to LAN'
set firewall ipv6-name WANv6_IN rule 10 action accept
set firewall ipv6-name WANv6_IN rule 10 description 'Allow established/related'
set firewall ipv6-name WANv6_IN rule 10 state established enable
set firewall ipv6-name WANv6_IN rule 10 state related enable
set firewall ipv6-name WANv6_IN rule 20 action drop
set firewall ipv6-name WANv6_IN rule 20 description 'Drop invalid state'
set firewall ipv6-name WANv6_IN rule 20 state invalid enable
set firewall ipv6-name WANv6_IN rule 30 action accept
set firewall ipv6-name WANv6_IN rule 30 description 'Allow ICMPv6'
set firewall ipv6-name WANv6_IN rule 30 log disable
set firewall ipv6-name WANv6_IN rule 30 protocol icmpv6
set firewall ipv6-name WANv6_LOCAL default-action drop
set firewall ipv6-name WANv6_LOCAL description 'WANv6 inbound traffic to the router'
set firewall ipv6-name WANv6_LOCAL rule 10 action accept
set firewall ipv6-name WANv6_LOCAL rule 10 description 'Allow established/related'
set firewall ipv6-name WANv6_LOCAL rule 10 state established enable
set firewall ipv6-name WANv6_LOCAL rule 10 state related enable
set firewall ipv6-name WANv6_LOCAL rule 20 action drop
set firewall ipv6-name WANv6_LOCAL rule 20 description 'Drop invalid state'
set firewall ipv6-name WANv6_LOCAL rule 20 state invalid enable
set firewall ipv6-name WANv6_LOCAL rule 30 action accept
set firewall ipv6-name WANv6_LOCAL rule 30 description 'Allow ICMPv6'
set firewall ipv6-name WANv6_LOCAL rule 30 log disable
set firewall ipv6-name WANv6_LOCAL rule 30 protocol icmpv6
set firewall ipv6-name WANv6_LOCAL rule 40 action accept
set firewall ipv6-name WANv6_LOCAL rule 40 description 'Allow DHCPv6'
set firewall ipv6-name WANv6_LOCAL rule 40 destination port 546
set firewall ipv6-name WANv6_LOCAL rule 40 protocol udp
set firewall ipv6-name WANv6_LOCAL rule 40 source port 547
set firewall ipv6-name WANv6_OUT default-action accept
set firewall ipv6-name WANv6_OUT description 'WANv6 outbound traffic'
set firewall ipv6-name WANv6_OUT rule 10 action accept
set firewall ipv6-name WANv6_OUT rule 10 description 'Allow established/related'
set firewall ipv6-name WANv6_OUT rule 10 state established enable
set firewall ipv6-name WANv6_OUT rule 10 state related enable
set firewall ipv6-name WANv6_OUT rule 20 action reject
set firewall ipv6-name WANv6_OUT rule 20 description 'Reject invalid state'
set firewall ipv6-name WANv6_OUT rule 20 state invalid enable
set firewall ipv6-receive-redirects disable
set firewall ipv6-src-route disable
set firewall ip-src-route disable
set firewall log-martians enable
set firewall name WAN_IN default-action drop
set firewall name WAN_IN description 'WAN to internal'
set firewall name WAN_IN rule 10 action accept
set firewall name WAN_IN rule 10 description 'Allow established/related'
set firewall name WAN_IN rule 10 log disable
set firewall name WAN_IN rule 10 protocol all
set firewall name WAN_IN rule 10 state established enable
set firewall name WAN_IN rule 10 state invalid disable
set firewall name WAN_IN rule 10 state new disable
set firewall name WAN_IN rule 10 state related enable
set firewall name WAN_IN rule 20 action drop
set firewall name WAN_IN rule 20 description 'Drop invalid state'
set firewall name WAN_IN rule 20 log disable
set firewall name WAN_IN rule 20 protocol all
set firewall name WAN_IN rule 20 state established disable
set firewall name WAN_IN rule 20 state invalid enable
set firewall name WAN_IN rule 20 state new disable
set firewall name WAN_IN rule 20 state related disable
set firewall name WAN_LOCAL default-action drop
set firewall name WAN_LOCAL description 'WAN to router'
set firewall name WAN_LOCAL rule 100 action accept
set firewall name WAN_LOCAL rule 100 description 'Allow established/related'
set firewall name WAN_LOCAL rule 100 state established enable
set firewall name WAN_LOCAL rule 100 state related enable
set firewall name WAN_LOCAL rule 200 action drop
set firewall name WAN_LOCAL rule 200 description 'Drop invalid state'
set firewall name WAN_LOCAL rule 200 log disable
set firewall name WAN_LOCAL rule 200 state invalid enable
set firewall options
set firewall receive-redirects disable
set firewall send-redirects enable
set firewall source-validation disable
set firewall syn-cookies enable
set interfaces ethernet eth0 address dhcp
set interfaces ethernet eth0 description ISP
set interfaces ethernet eth0 duplex auto
set interfaces ethernet eth0 speed auto
set interfaces ethernet eth0 vif 832 address dhcp
set interfaces ethernet eth0 vif 832 description ISP_DATA_TV
set interfaces ethernet eth0 vif 832 dhcp-options client-option 'send vendor-class-identifier &quot;sagem&quot;;'
set interfaces ethernet eth0 vif 832 dhcp-options client-option 'send user-class &quot;\053FSVDSL_livebox.Internet.softathome.Livebox4&quot;;'
set interfaces ethernet eth0 vif 832 dhcp-options client-option 'send rfc3118-auth 00:00:00:00:00:00:00:00:00:00:00:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx;'
set interfaces ethernet eth0 vif 832 dhcp-options client-option 'request subnet-mask, routers, domain-name-servers, domain-name, broadcast-address, dhcp-lease-time, dhcp-renewal-time, dhcp-rebinding-time, rfc3118-auth;'
set interfaces ethernet eth0 vif 832 dhcp-options default-route update
set interfaces ethernet eth0 vif 832 dhcp-options default-route-distance 210
set interfaces ethernet eth0 vif 832 dhcp-options global-option 'option rfc3118-auth code 90 = string;'
set interfaces ethernet eth0 vif 832 dhcp-options name-server update
set interfaces ethernet eth0 vif 832 firewall in ipv6-name WANv6_IN
set interfaces ethernet eth0 vif 832 firewall in name WAN_IN
set interfaces ethernet eth0 vif 832 firewall local ipv6-name WANv6_LOCAL
set interfaces ethernet eth0 vif 832 firewall local name WAN_LOCAL
set interfaces ethernet eth0 vif 832 ipv6 address autoconf
set interfaces ethernet eth0 vif 832 ipv6 dup-addr-detect-transmits 1
set interfaces ethernet eth0 vif 840 address 192.168.255.254/32
set interfaces ethernet eth0 vif 840 description ISP_TV_VOD
set interfaces ethernet eth1 duplex auto
set interfaces ethernet eth1 speed auto
set interfaces ethernet eth2 duplex auto
set interfaces ethernet eth2 speed auto
set interfaces ethernet eth3 duplex auto
set interfaces ethernet eth3 speed auto
set interfaces ethernet eth4 duplex auto
set interfaces ethernet eth4 speed auto
set interfaces loopback lo
set interfaces switch switch0 address 192.168.2.1/24
set interfaces switch switch0 ipv6 dup-addr-detect-transmits 1
set interfaces switch switch0 ipv6 router-advert cur-hop-limit 64
set interfaces switch switch0 ipv6 router-advert link-mtu 0
set interfaces switch switch0 ipv6 router-advert managed-flag false
set interfaces switch switch0 ipv6 router-advert max-interval 600
set interfaces switch switch0 ipv6 router-advert other-config-flag false
set interfaces switch switch0 ipv6 router-advert prefix '::/64' autonomous-flag true
set interfaces switch switch0 ipv6 router-advert prefix '::/64' on-link-flag true
set interfaces switch switch0 ipv6 router-advert prefix '::/64' preferred-lifetime 14400
set interfaces switch switch0 ipv6 router-advert prefix '::/64' valid-lifetime 18000
set interfaces switch switch0 ipv6 router-advert reachable-time 0
set interfaces switch switch0 ipv6 router-advert retrans-timer 0
set interfaces switch switch0 ipv6 router-advert send-advert true
set interfaces switch switch0 mtu 1500
set interfaces switch switch0 switch-port interface eth1
set interfaces switch switch0 switch-port interface eth2
set interfaces switch switch0 switch-port interface eth3
set interfaces switch switch0 switch-port interface eth4
set interfaces switch switch0 switch-port vlan-aware disable
set protocols igmp-proxy disable-quickleave
set protocols igmp-proxy interface eth0 role disabled
set protocols igmp-proxy interface eth0 threshold 1
set protocols igmp-proxy interface eth0.832 role disabled
set protocols igmp-proxy interface eth0.832 threshold 1
set protocols igmp-proxy interface eth0.840 alt-subnet 0.0.0.0/0
set protocols igmp-proxy interface eth0.840 role upstream
set protocols igmp-proxy interface eth0.840 threshold 1
set protocols igmp-proxy interface switch0 alt-subnet 0.0.0.0/0
set protocols igmp-proxy interface switch0 role downstream
set protocols igmp-proxy interface switch0 threshold 1
set service dhcp-server disabled false
set service dhcp-server hostfile-update disable
set service dhcp-server shared-network-name LAN_SW0_DHCP authoritative enable
set service dhcp-server shared-network-name LAN_SW0_DHCP subnet 192.168.2.0/24 default-router 192.168.2.1
set service dhcp-server shared-network-name LAN_SW0_DHCP subnet 192.168.2.0/24 dns-server 192.168.2.1
set service dhcp-server shared-network-name LAN_SW0_DHCP subnet 192.168.2.0/24 lease 86400
set service dhcp-server shared-network-name LAN_SW0_DHCP subnet 192.168.2.0/24 ntp-server 192.168.2.1
set service dhcp-server shared-network-name LAN_SW0_DHCP subnet 192.168.2.0/24 start 192.168.2.100 stop 192.168.2.200
set service dhcp-server static-arp disable
set service dhcp-server use-dnsmasq disable
set service dns forwarding cache-size 1024
set service dns forwarding listen-on lo
set service dns forwarding listen-on eth0
set service dns forwarding listen-on switch0
set service dns forwarding name-server 80.67.169.12
set service dns forwarding name-server 80.67.169.40
set service gui http-port 80
set service gui https-port 443
set service gui listen-address 192.168.2.1
set service gui older-ciphers disable
set service nat rule 5001 description MASQ_WAN
set service nat rule 5001 log disable
set service nat rule 5001 outbound-interface eth0.832
set service nat rule 5001 protocol all
set service nat rule 5001 type masquerade
set service nat rule 5002 description MASQ_ORANGE
set service nat rule 5002 log disable
set service nat rule 5002 outbound-interface eth0.840
set service nat rule 5002 protocol all
set service nat rule 5002 type masquerade
set service ssh listen-address 192.168.2.1
set service ssh port 22
set service ssh protocol-version v2
set service upnp2 listen-on switch0
set service upnp2 nat-pmp enable
set service upnp2 port 34651
set service upnp2 secure-mode enable
set service upnp2 wan eth0.832
set system config-management commit-revisions 5
set system conntrack expect-table-size 4096
set system conntrack hash-size 4096
set system conntrack table-size 32768
set system conntrack tcp half-open-connections 512
set system conntrack tcp loose disable
set system conntrack tcp max-retrans 3
set system host-name ubnt
set system login user ubnt authentication encrypted-password '$burp.'
set system login user ubnt level admin
set system name-server 127.0.0.1
set system ntp server 0.ubnt.pool.ntp.org
set system ntp server 1.ubnt.pool.ntp.org
set system ntp server 2.ubnt.pool.ntp.org
set system ntp server 3.ubnt.pool.ntp.org
set system offload hwnat enable
set system offload ipsec enable
set system package repository wheezy components 'main contrib non-free'
set system package repository wheezy distribution wheezy
set system package repository wheezy password ''
set system package repository wheezy url 'http://ftp.fr.debian.org/debian'
set system package repository wheezy username ''
set system syslog global facility all level notice
set system syslog global facility protocols level warning
set system time-zone Europe/Paris
set system traffic-analysis dpi disable
set system traffic-analysis export disable

hj67 · « **Réponse #76 le:** 10 septembre 2018 à 08:41:40 »

Citation de: mirtouf le 09 septembre 2018 à 10:06:54

C'est celui-ci:
Code: [Sélectionner]
--- a/Port-linux/lowlevel-linux.c +++ b/Port-linux/lowlevel-linux.c @@ -492,6 +492,9 @@ int sock_add(char * ifacename,int ifacei sprintf(Message, "socket creation failed. Is IPv6 protocol supported by kernel?"); return LOWLEVEL_ERROR_UNSPEC; } + + int val=6; + setsockopt(Insock, SOL_SOCKET, SO_PRIORITY, &val, sizeof(val)); /* Set the options to receivce ipv6 traffic */ if (setsockopt(Insock, IPPROTO_IPV6, IPV6_RECVPKTINFO, &on, sizeof(on)) < 0) { --- a/Port-linux/libnetlink.c +++ b/Port-linux/libnetlink.c @@ -45,6 +45,9 @@ int rtnl_open_byproto(struct rtnl_handle return -1; } + int val=6; + setsockopt(rth->fd, SOL_SOCKET, SO_PRIORITY, &val, sizeof(val)); + if (setsockopt(rth->fd,SOL_SOCKET,SO_SNDBUF,&sndbuf,sizeof(sndbuf)) < 0) { perror("SO_SNDBUF"); return -1; --- a/Port-linux/lowlevel-linux-link-state.c +++ b/Port-linux/lowlevel-linux-link-state.c @@ -218,6 +218,9 @@ int report_link_state(const char* iface) return -1; } + int val=6; + setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &val, sizeof(val)); + /* here just to make it more convenient for testing:if we define DEBUG,so a plugin-out and plugin-in event * will be detected if we do "ifconfig interface-name down" and ifconfig interface-name up".Otherwise, * if we do not define DEBUG, a plugin-in and plugin-out event can only be detected when the local link

Merci.
Mais, c'est bien censé envoyer les requêtes dhcp6 avec une COS de 6 sans autre modif sur le système ?
Car sans modifier la priorité avant (avec vconfig set_egress_map), ça ne fonctionne pas (pas de réponse).

zoc · « **Réponse #77 le:** 10 septembre 2018 à 09:28:22 »

Non, ce n'est pas sensé faire de la CoS sans changer la configuration egress du VLAN. Le patch prépare le terrain pour que le kernel puisse appliquer la CoS, c'est tout.

nanostra · « **Réponse #78 le:** 27 septembre 2018 à 12:59:01 »

Bonjour à tous,

N'ayant pas plus de temps à consacrer aux changements et évolutions Orange pour faire fonctionner tout cela sous ubiquiti, j'ai rebranché ma Livebox V4 en direct suite à la perte d'IP Externe constatée hier suite à Reboot (solution message Zoc ci-dessus). Ma ligne étant également à usage professionnel, je n'ai malheureusement pas la possibilité de passer des heures à chercher des solutions et il est donc plus sage pour moi de rester avec une Livebox V4 en direct qui ne limite plus à ce jour l'usage que j'en fait.

En conséquence, si vous souhaitez que ce TUTO reste à jour, je vous invite à me communqiuer les modifications précisent à effectuer, remplacer la ligne xxxx par yyy (pas des pistes de solutions, mais bien la solution...).

Je pense que ce Tuto a rendu service à pas mal de gens étant donné le nombre de lectures mais le réseau n'est pas ma spécialité (loin de là) et je n'ai ni l'envie, ni le temps d'y consacrer plus de temps... je pense avoir passé plus d'une centaine d'heure à compiler toutes les infos, et soyons honnête, l'investissement est trop lourd pour arriver au niveau de gens comme Zoc ou KGersen et j'en passe. Encore merci à eux.

Merci à tous et n'hésitez pas à me communiquer les modifications à apporter afin que ce tuto survive.

mirtouf · « **Réponse #79 le:** 27 septembre 2018 à 13:27:52 »

L'option 11 doit être modifiée (tout comme l'option 90 en IPv4) pour obtenir ceci:
00:00:00:00:00:00:00:00:00:00:00:1a:09:00:00:05:58:01:03:41:01:0d:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx
Rien ne garantit la pérennité de cette solution.

Topics qui en parlent:
https://lafibre.info/remplacer-livebox/cacking-nouveau-systeme-de-generation-de-loption-90-dhcp/
https://lafibre.info/remplacer-livebox/renew-dhcp-daujourdhui-gt-plus-dip/

nicox11 · « **Réponse #80 le:** 24 octobre 2018 à 11:55:48 »

Question sûrement bête, est obligatoire dibbler pour l'ipv6 ? Les dernières versions de edgerouter ne permettent pas de s'en passer ?

zoc · « **Réponse #81 le:** 24 octobre 2018 à 12:24:25 »

Rien n'a changé concernant IPv6 et il n'est pas prévu que ça change pour la version 2.0.0.

nicox11 · « **Réponse #82 le:** 24 octobre 2018 à 20:23:15 »

Je pense avoir à peu près compris que dibbler servait en tant que client DHCP. Par contre, à quoi sert le script "radvd.sh", j'essaye de déchiffrer mais je comprends pas vraiment ce qu'il fait

Ensuite, supposons que j'ai plusieurs vlan pour mon "LAN", comment je transmet le prefixe sur ces vlans ?

Dans le script on a :
ETH7_SUFFIX="01::1"

Cela veut dire quoi ? 1 pour le premier réseau ? Si j'en veut un deuxième je peux créer un 02::1 ?

Dans le client.conf, il y a deux fois l'option 11, faut-il mettre deux fois la même chose ?

Le tuto est plutôt sympa pour une mise en place rapide mais il manque d'explication.

nicox11 · « **Réponse #83 le:** 27 octobre 2018 à 14:02:03 »

J'ai essayé d'adapter la configuration pour mon réseau. Mais j'ai des problèmes, ça ne fonctionne pas :

- Le service dibbler-client tourne bien
- L'interface WAN du routeur a bien une ipv6 en link local
- Je ping bien la passerelle WAN en link local
- Mon interface LAN n'a pas d'IPv6 global unicast
- Le fichier /run/dibbler.lease contient bien le prefixe global unicast (17 premiers caractères).

Du coup, je sais pas trop où ça coince, dans le sens où je récupère bien le préfixe mais il ne s'assigne pas à l'interface LAN. Du plus comment ça se passe pour la route par defaut ? Est-elle ajoutée automatiquement ? Faut-il la définir manuellement ?

Merci