sofutobanku

Setup utility for a certain Hikari provider in Japan

Linux server setup

This explains a setup that uses the NetworkManager stack to connect to the Internet. Distributions like Fedora Linux use this software to control the network stack.

• External interface
  • Dibbler is the only DHCPv6 client suitable for our use. Make sure to put the Auth Server, Shared Secret, and Password in /etc/sysconfig/sofutobanku. Use the following config file with <Internet interface> substituted for the right values for your configuration.

/etc/dibbler/client.conf:

# Dibbler client config for SoftBank Hikari
duid-type duid-ll
inactive-mode
skip-confirm
log-mode short
log-level 7
script "/etc/softubanku/dibbler.sh"
t1 0
t2 0
reconfigure-accept 1

# You can specify downlink interfaces:
#downlink-prefix-ifaces "eth1", "eth2", "wifi0"
# Or set it off to manually configure them elsewhere:
#downlink-prefix-ifaces "none"

iface "<Internet interface>" {
  pd
  option dns-server
  option domain
  option ntp-server
  option vendor-spec
}

Normal setup flow

This section discusses the flow needed to fully set up the Internet connection and have all the information necessary to bring up the SIP connection if desired.

1. ICMPv6 Router Solicitation
   1. Receive MTU information from router (i.e., 1500 bytes; see section 2.4.2.1.5 of FLETS)
2. IPv4 DHCP exchange (NTT SIP network)
   1. Local address for use with SIP
   2. SIP server address
   3. Static route for SIP network
3. IPv6 DHCP exchange (Internet)
   • Request:
     1. Client ID must be of the DUID-LL (Link Layer) type (see section 2.4.2.1.4 of FLETS)
        • Format is 00:03:00:01:<6-byte MAC address>
     2. Request should include Prefix Delegation (PD) (see section 2.4.2.1.2 of FLETS)
   • Response:
     1. Vendor-specific information (NTT):
        1. MAC address (option 201)
        2. Hikari denwa telephone number (option 202)
        3. SIP domain (option 204)
        4. Route information (option 210; not needed?)
     2. Identity Assocation for Prefix Delegation (IA-PD)
        • Sends a /56 network
        • Internal LAN address should be set to PD prefix in this format: xxxx:xxxx:xxxx:xx00:1111:1111:1111:1111/64 (not on the interface it received the delegation from)
4. IPv6 RADIUS exchange (IPv4-in-IPv6 setup)
   • Access-Request (1) packet:
     1. RADIUS Shared Secret and Password is needed
     2. Contains IA-PD prefix as username
        • Format is xxxx:xxxx:xxxx:xx00:1111:1111:1111:1111
     3. Must contain Vendor Specific Attributes (VSA)
        • MAC Address (1)
        • Client manufacturer (2)
        • Client software version (3)
        • Client hardware revision (4)
     4. CHAP authentication
        • Uses CHAP-Challenge (60) attribute
        • Password is shared among all clients
   • Access-Accept (2) packet:
     1. Contains Vendor Specific Attributes (VSA)
        • IPv4-in-IPv6 tunnel local IPv4 address (204)
        • IPv4-in-IPv6 tunnel endpoint IPv6 address (207)
     2. Other attributes don't appear to be useful
5. IPv6-in-IPv4 tunnel setup
   1. Use IPv4-in-IPv6 parameters discovered in IPv6 RADIUS exchange
   2. Must NOT have Tunnel Encapsulation Limit Option
      • Requires NetworkManager 1.12 or newer (link to bug)