This is under the assumption you are already bypassed on the edgerouter and have a connection from the edgerouter straight to the ONT.
This has been up for me for the last few days and I have restarted the router a couple times and it grabs back the IPV6 connection in a few minutes after boot.
I generated the DUID from [link]https://github.com/aus/pfatt/blob/master/bin/gen-duid.sh and then grabbed the last octets after the 31:36:33:31:35:30 and pasted that in.
Edit: From DLS suggestions, to get rid of /128 and then added to the loopback.
Interfaces
Xinterfaces { ethernet eth0 { duplex auto firewall { in { ipv6-name WANv6_IN name WAN_IN } local { ipv6-name WANv6_LOCAL name WAN_LOCAL } out { } } mac [MAC ADDRESS] speed auto vif 0 { address dhcp description Internet dhcpv6-pd { duid 00:02:00:00:0d:e9:30:30:31:45:34:36:2d:[SN converted into ASCII] pd 1 { interface eth1 { host-address ::1 no-dns prefix-id :2 service slaac } interface eth2 { host-address ::1 no-dns prefix-id :0 service slaac } interface eth2.40 { host-address ::1 no-dns prefix-id :1 service slaac } interface lo { host-address ::1 no-dns prefix-id :9 service slaac } prefix-length 60 } prefix-only rapid-commit enable } firewall { in { ipv6-name WANv6_IN name WAN_IN } local { ipv6-name WANv6_LOCAL name WAN_LOCAL } out { } } mac [MAC ADDRESS] } } ethernet eth1 { address 192.168.10.1/24 description Local duplex auto speed auto } ethernet eth2 { address 192.168.20.1/24 description LAN duplex auto ipv6 { dup-addr-detect-transmits 1 router-advert { cur-hop-limit 64 link-mtu 0 managed-flag false max-interval 600 other-config-flag false prefix ::/64 { autonomous-flag true on-link-flag true valid-lifetime 2592000 } reachable-time 0 retrans-timer 0 send-advert true } } speed auto vif 40 { address 192.168.40.1/24 description WLAN mtu 1500 } } ethernet eth3 { duplex auto speed auto } ethernet eth4 { duplex auto speed auto } ethernet eth5 { duplex auto speed auto } ethernet eth6 { duplex auto speed auto } ethernet eth7 { duplex auto speed auto } loopback lo { }}
Firewall
Xfirewall { all-ping enable broadcast-ping disable ipv6-name WANv6_IN { default-action drop description "WAN inbound traffic forwarded to LAN" enable-default-log rule 10 { action accept description "Allow established/related sessions" state { established enable related enable } } rule 20 { action drop description "Drop invalid state" state { invalid enable } } rule 30 { action accept description "Allow ICMPv6" protocol icmpv6 } } ipv6-name WANv6_LOCAL { default-action drop description "WAN inbound traffic to the router" enable-default-log rule 10 { action accept description "Allow established/related sessions" state { established enable related enable } } rule 20 { action drop description "Drop invalid state" state { invalid enable } } rule 30 { action accept description "Allow IPv6 icmp" protocol ipv6-icmp } rule 40 { action accept description "allow dhcpv6" destination { port dhcpv6-client } protocol tcp_udp } } ipv6-receive-redirects disable ipv6-src-route disable ip-src-route disable log-martians enable name WAN_LOCAL { default-action drop description "WAN to router" rule 10 { action accept description "Allow established/related" state { established enable related enable } } rule 20 { action drop description "Drop invalid state" state { invalid enable } } rule 40 { action accept description ike destination { port 500 } log disable protocol udp } rule 50 { action accept description esp log disable protocol esp } rule 60 { action accept description nat-t destination { port 4500 } log disable protocol udp } rule 70 { action accept description l2tp destination { port 1701 } ipsec { match-ipsec } log disable protocol udp } } name WAN_OUT { default-action drop description "" rule 10 { action accept description "Allow established/related" log disable protocol all state { established enable invalid disable new disable related enable } } } receive-redirects disable send-redirects enable source-validation disable syn-cookies enable}
↧