OpenBSD IPv6 Home Internet Gateway with AT&T Fibre
Setting up an OpenBSD IPv6 home internet gateway with AT&T Fiber offers improved performance, security, and flexibility compared to ISP-provided gateways. The guide covers hardware, installation, configuration steps, including firewall rules, packet forwarding, network interfaces, DHCP, and AT&T BGW320 setup for passthrough mode, along with managing external IPv6 addresses effectively.
Read original articleThis article discusses setting up an OpenBSD IPv6 home internet gateway using AT&T Fiber. It highlights the limitations of ISP-provided home gateways and the benefits of creating a custom setup for better performance, security, and flexibility. The guide covers hardware recommendations, installation steps, configuration details including setting up pf.conf for firewall rules, enabling packet forwarding, configuring network interfaces, setting up DHCP for IPv4 addressing, and configuring the AT&T BGW320 gateway for passthrough mode. It also explains how to handle external IPv6 addresses using dhcpcd and slaacd. The article provides detailed instructions and commands for each step, ensuring a secure and functional home internet gateway setup.
Related
The FreeBSD-native-ish home lab and network
The author details a complex home lab setup with a FreeBSD server on a laptop, utilizing Jails for services like WordPress and emphasizing security measures and network configurations for efficiency and functionality.
Why content providers need IPv6
Content providers are urged to adopt IPv6 for better services, bypassing ISP translation devices. IPv6 improves user experience, reduces latency, and boosts reliability. Major companies like Google and Netflix are already benefiting from IPv6, pushing ISPs to support its adoption.
Running a multi-gig Home Network in 2024
Adrian Todorov optimizes his home network for high-speed performance, leveraging a custom-built router with multi-gig Ethernet ports, VLAN support, and VPN capabilities. His meticulous hardware selection reflects a tailored approach to network efficiency.
https://pon.wiki/guides/masquerade-as-the-att-inc-bgw320-500...
Let me save you all some heartache, and you'll be able to throw the BGW320 in the trash - literally.
Read this documentation:
https://pon.wiki/guides/masquerade-as-the-att-inc-bgw320-500...
https://docs.google.com/document/d/1gcT0sJKLmV816LK0lROCoywk...
Here is the modified SFP (there are cheaper ones out there, but I couldn't wait any longer): https://ecin.ca/custom-xgs-pon-sfp-stick-module-xgspon-ont-w...
Join this Discord for support: https://discord.gg/8311-886329492438671420
One incredibly annoying problem is that even if you're paying for static IPs and expect static IPv6, you can't route IPv6 without DHCPv6 being turned on (the settings are on or off for IPv6, for DHCPv6, and for DHCPv6 Prefix Delegation). You can turn on DHCPv6 on the BGW320, then you can statically configure IPv6 without ever running or using DHCPv6 and it'll work, but you can't turn off DHCPv6 and use static configurations, even though the setting for IPv6 is "On".
While this isn't a big issue because I control the public segment of my network, it's both annoying and unprofessional that this issue exists. It also makes it impossible to use a devices you have less control over with IPv6 without using their DNS hijacking servers and without using their search domain, since you can't configure the BGW320 to provide custom DNS servers, nor set a custom search domain.
A more egregious problem is that all traffic, both IPv4 and IPv6, goes through the state table of the BGW320, even when you're not doing NAT, and even when you turn off all of the "firewall" things (although "Reflexive ACL" has to be on, else IPv6 won't work). This can be seen when you go to "Diagnostics", then "NAT Table" in the BGW320's web interface. That's right - you can see NAT entries for every connection made.
This caused all sorts of problems until I figured out this was why connections were constantly getting dropped on a busy network. 8192 state table entries might be fine for an individual, but for a small business, with lots of clients, and with machines on the static IPs that the BGW320 routes, it was constantly overflowing.
I'd love to see a straightforward way to turn the BGW320 in to a bridge so we don't have all these ridiculous issues. In the meanwhile, anyone who has one of these should definitely take the advice of OP to "put your LAN behind a secure and trustworthy firewall" :)
https://pyther.net/2020/05/03/bypass-att-gateway-openwrt.htm...
Also it's possible to extract the certs from some BGW models to use with wpa_supplicant and bypass the BGW completely.
Related
The FreeBSD-native-ish home lab and network
The author details a complex home lab setup with a FreeBSD server on a laptop, utilizing Jails for services like WordPress and emphasizing security measures and network configurations for efficiency and functionality.
Why content providers need IPv6
Content providers are urged to adopt IPv6 for better services, bypassing ISP translation devices. IPv6 improves user experience, reduces latency, and boosts reliability. Major companies like Google and Netflix are already benefiting from IPv6, pushing ISPs to support its adoption.
Running a multi-gig Home Network in 2024
Adrian Todorov optimizes his home network for high-speed performance, leveraging a custom-built router with multi-gig Ethernet ports, VLAN support, and VPN capabilities. His meticulous hardware selection reflects a tailored approach to network efficiency.