楽天ひかりのIPoEのRTX1200の設定の仕方。
注意点
- DNSリカーシブサーバを使わない。ヤマハのDNSリカーシブサーバ機能は、TCPによる名前解決をサポートしていないから。(https://note.com/sasakipochi/n/n27467541412c)
dhcp scope option 1 dns=1.1.1.1,8.8.8.8 - パフォーマンス改善
ip routing process fast ipv6 routing process fast - セキュリティ強化
ip filter source-route on ip filter directed-broadcast on
接続方法
- 「ONU - [LAN2:192.168.1.1/24] RTX1200 [LAN1:192.168.0.1/24] - [192.168.0.x/24]PC」の形で接続する。
RTX1200の設定例
- 注意点
- DS-Liteの接続先: dgw.xpass.jp (2001:f60:0:200::1:1)
- 通常の接続先ではない: gw.transix.jp (2404:8e00::feed:100 / 2404:8e01::feed:100)
- ひかり電話を使用していない場合: ra-prefix@lan2
- DS-Liteの接続先: dgw.xpass.jp (2001:f60:0:200::1:1)
接続方法2(ひかり電話を使う)
- 「ONU - [LAN1:192.168.1.1/24] RTX1200 [LAN3:192.168.0.1/24] - HUB - [192.168.0.x/24]PC」の形で接続する。
- この方法の利点は、ひかり電話のためにLAN1の別のポートからモデムへ接続できること。
- モデムのPPPoEの設定を消す必要あり。
RTX1200の設定例
参考
- ひかり電話を使用するには ONU と RTX1200 の間に HUB をいれ、そこから ONU のポートに戻す必要がある。
工場出荷状態に戻す
microSD + USB + DOWNLOAD の3つのボタンを押しながら電源を入れることで、工場出荷時の状態に初期化される。 この方法では、パスワードが分からなくても初期化できる。
RTX1200をconfig.txtで初期化する
USB:/config.txt Download + USB button 3s
ネットボランチDNSを使う
- http://www.rtpro.yamaha.co.jp/RT/FAQ/NetVolanteDNS/netvolante-dns-command.html
netvolante-dns server 54.178.176.150
netvolante-dns hostname host lan1 [ホスト名]
netvolante-dns go lan1
netvolante-dns get hostname list all
VPNの設定込み
ip routing process fast
ip route default gateway tunnel 1 gateway pp 1 filter 100001 100002
ip filter source-route on
ip filter directed-broadcast on
ipv6 routing on
ipv6 route default gateway dhcp lan1
ipv6 prefix 1 dhcp-prefix@lan1::/64
description lan1 WAN
ip lan1 address dhcp
ip lan1 nat descriptor 1
ipv6 lan1 address dhcp
ipv6 lan1 prefix change log on
ipv6 lan1 mtu 1500
ipv6 lan1 secure filter in 1010 1011 1012 2000
ipv6 lan1 secure filter out 3000 dynamic 100 101 102 103 104 105 106
ipv6 lan1 dhcp service client
ngn type lan1 ntt
description lan2 WAN
description lan3 LAN
ip lan3 address 192.168.0.1/24
ip lan3 proxyarp on
ipv6 lan3 address dhcp-prefix@lan1::1/64
ipv6 lan3 rtadv send 1
ipv6 lan3 dhcp service server
pp select 1
pp keepalive interval 30 retry-interval=30 count=12
pp always-on on
pppoe use lan1
pppoe auto disconnect off
pp auth accept pap chap
pp auth myname [ユーザ名] [パスワード]
ppp lcp mru on 1454
ppp ipcp ipaddress on
ppp ipcp msext on
ppp ccp type none
ip pp mtu 1454
ip pp nat descriptor 1
netvolante-dns use pp server=1 auto
netvolante-dns hostname host pp server=1 [ホスト名].aa4.netvolante.jp
pp enable 1
pp select anonymous
pp name VPN
pp bind tunnel2
pp auth request mschap-v2
pp auth username [ユーザ名] [パスワード]
ppp ipcp ipaddress on
ppp ipcp msext on
ip pp remote address pool 192.168.0.180
ip pp mtu 1258
pp enable anonymous
tunnel select 1
description tunnel DS-Lite
tunnel encapsulation ipip
tunnel endpoint address 2001:f60:0:200::1:1
ipsec tunnel 101
l2tp tunnel disconnect time off
l2tp keepalive use on 10 3
l2tp keepalive log on
l2tp syslog on
ip tunnel mtu 1460
ip tunnel tcp mss limit auto
tunnel enable 1
tunnel select 2
tunnel encapsulation l2tp
ipsec tunnel 1
ipsec sa policy 1 1 esp aes-cbc sha-hmac
ipsec ike keepalive log 1 off
ipsec ike keepalive use 1 off
ipsec ike nat-traversal 1 on
ipsec ike pre-shared-key 1 text [カギ]
ipsec ike remote address 1 any
l2tp tunnel auth off
l2tp keepalive use on
ip tunnel tcp mss limit auto
tunnel enable 2
ip filter 100001 pass * * esp
ip filter 100002 pass * * udp 500,4500,1701 *
ip filter 100003 pass * * tcp * 2002
ip filter 100004 pass * * udp * domain
nat descriptor type 1000 masquerade
nat descriptor address outer 1000 ipcp
nat descriptor address inner 1000 auto
nat descriptor masquerade static 1000 1 192.168.0.1 esp
nat descriptor masquerade static 1000 2 192.168.0.1 udp 500
nat descriptor masquerade static 1000 3 192.168.0.1 udp 4500
nat descriptor masquerade static 1000 4 192.168.0.1 udp 1701
ipsec auto refresh on
ipsec transport 1 1 udp 1701
ipsec transport 2 1 udp 1701
ipv6 filter 1010 pass * * icmp6 * *
ipv6 filter 1011 pass * * tcp * ident
ipv6 filter 1012 pass * * udp * 546
ipv6 filter 2000 reject * * * * *
ipv6 filter 3000 pass * * * * *
ipv6 filter dynamic 100 * * ftp
ipv6 filter dynamic 101 * * domain
ipv6 filter dynamic 102 * * www
ipv6 filter dynamic 103 * * smtp
ipv6 filter dynamic 104 * * pop3
ipv6 filter dynamic 105 * * tcp
ipv6 filter dynamic 106 * * udp
telnetd service off
telnetd host none
dhcp service server
dhcp server rfc2131 compliant except remain-silent
dhcp scope 1 192.168.0.10-192.168.0.100/24
dhcp scope option 1 dns=1.1.1.1,8.8.8.8
dns service off
#dns service fallback on
#dns server 1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001
#dns cache max entry 1024
#dns server pp 1
#dns domain .
#dns private address spoof on
#dns notice order dhcp server
schedule at 1 */* 06:00 * ntpdate ntp3.jst.mfeed.ad.jp syslog
l2tp service on
netvolante-dns server 1 54.178.176.150
sshd service on
sshd host lan1 lan2 lan3
sshd host key generate *
statistics cpu off
statistics memory off
statistics traffic off
statistics flow off
statistics route off
statistics nat off
statistics filter off
statistics qos off
ip routing process fast
ipv6 routing process fast