Thank you @DerEnderKeks. Thank you @himurae.
IPv6 is finally working from my LAN interface. Previously, IPv4 would come up on all interfaces, but IPv6 would only sometimes appear on the pppoe0 interface, which allowed ping6 from the vyos CLI.
Now everything appears to be working.
The next steps are to begin hardening this installation.
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface IP Address S/L Description
--------- ---------- --- -----------
eth0 <ipv4>.40.1/24 u/u LAN
<4>:<4>:<4>:<4>::1/64
eth1 - u/u WAN_PPPoE
eth1.xxxx - u/u
eth1.xxxx - u/u
eth1.xxxx - u/u
eth1.xxxx - u/u
lo 127.0.0.1/8 u/u
::1/128
pppoe0 <IPv4>/32 u/u PPPoE
<4>:<4>:<4>:<4>:<4>:<4>:<4>:<4>/64
Here are the changes I made:
- I modified the pppoe0 interface’s dhcpv6-options.
- I removed
default-route-distance 210. - I added four VLANs to the configuration, which I collected from the DIY GPON guides I found. One of these I set as dhcpv6.
- I added
adjust-mss clamp-mss-to-pmtuto both pppoe0’s ip and ipv6 settigns. - I added the ipv6 dns information (google + cloudflare).
interfaces {
ethernet eth0 {
address xxx.xxx.40.1/24
description LAN
hw-id xx:xx:xx:xx:xx:68
}
ethernet eth1 {
description WAN_PPPoE
hw-id xx:xx:xx:xx:xx:18
vif xxxx {
address dhcp
}
vif xxxx {
address dhcp
}
vif xxxx {
address dhcp
}
vif xxxx {
address dhcpv6
}
}
loopback lo {
}
pppoe pppoe0 {
authentication {
password xxxxxx
username xxxxxx
}
description PPPoE
dhcpv6-options {
pd 0 {
interface eth0 {
address 1
sla-id 0
}
}
}
ip {
adjust-mss clamp-mss-to-pmtu
}
ipv6 {
address {
autoconf
}
adjust-mss clamp-mss-to-pmtu
}
no-peer-dns
source-interface eth1
}
}
nat {
source {
rule 100 {
outbound-interface pppoe0
source {
address xxx.xxx.40.0/24
}
translation {
address masquerade
}
}
}
}
service {
dhcp-server {
shared-network-name xxxxxx {
subnet xxx.xxx.40.0/24 {
default-router xxx.xxx.40.1
name-server xxx.xxx.40.1
range 0 {
start xxx.xxx.40.50
stop xxx.xxx.40.125
}
range 1 {
start xxx.xxx.40.200
stop xxx.xxx.40.250
}
}
}
}
dns {
forwarding {
allow-from xxx.xxx.40.0/24
cache-size 0
listen-address xxx.xxx.40.1
name-server xxx.xxx.0.1 {
}
name-server xxx.xxx.1.1 {
}
name-server xxx.xxx.4.4 {
}
name-server xxx.xxx.8.8 {
}
name-server xxxx:xxxx:4860::8844 {
}
name-server xxxx:xxxx:4860::8888 {
}
name-server xxxx:xxxx:4700::1001 {
}
name-server xxxx:xxxx:4700::1111 {
}
}
}
ntp {
allow-client xxxxxx
address xxx.xxx.0.0/0
address ::/0
}
server xxxxx.tld {
}
server xxxxx.tld {
}
server xxxxx.tld {
}
}
router-advert {
interface eth0 {
name-server xxxx:xxxx:4860::8888
name-server xxxx:xxxx:4860::8844
prefix ::/64 {
valid-lifetime 172800
}
}
}
ssh {
port 22
}
}
system {
config-management {
commit-revisions 100
}
conntrack {
modules {
ftp
h323
nfs
pptp
sip
sqlnet
tftp
}
}
console {
device ttyS0 {
speed 115200
}
}
host-name xxxxxx
login {
user xxxxxx {
authentication {
encrypted-password xxxxxx
plaintext-password xxxxxx
}
}
}
name-server xxx.xxx.40.1
syslog {
global {
facility all {
level info
}
facility local7 {
level debug
}
}
}
}