In the past couple of weeks, I became interested in trying to understand what it would take to get rid of both my ISP modem (a Freebox Mini 4K) and my router.

Since I already own a server at home running Ubuntu Server for various services (website, media streaming), I wondered whether it could incidentally replace both my modem and my router, like schematized below:

Regarding the modem, things seem to be already well documented for my ISP (Free – see links below). The main trick here is to tag all incoming and outgoing packets with VLAN 836, which is required by my ISP to communicate. There is also a second trick specifically needed for IPv6 connectivity, since Free does not handle “true” IPv6. Instead, they use a IPv6-in-IPv4 tunnel-like implementation, which they call 6rd.

Once the server can directly access the internet, getting rid of the router should not be too difficult, since most of the task will consist in configuring internal routes within the server, so that IPv4 and IPv6 connectivity on the main interface can be shared to other interfaces, such as a home Wi-Fi network.

In this blog series, we will step-by-step

• Part 1 (this article): replace the Freebox and get an IPv4/IPv6 connectivity with netplan
• Part 2: replace the router and broadcast the connection over Wi-Fi with dnsmasq and hostapd packages
• Part 3: set-up dnscrypt to get a DNS-over-HTTPS domain name resolution

Going through the above and trying to grasp all of the concepts behind gave me a great introduction to the bases of setting up, configuring, and troubleshooting networks with Unix-based systems. Overall, I would say this was a very worthy experience, even though painful at times.

Part 1: replacing the Freebox and getting IPv4/IPv6 connectivity with netplan

Table of contents

The hardware side

Installing netplan

Configuring netplan for IPv4

Configuring netplan for IPv6

Troubleshooting

Useful links

The hardware side

First of all, one should note that the Free ISP provides an optical fiber connection to my home. I used the SFP module originally provided with the Freebox modem with a TP-Link MC220L converter, since the Ubuntu computer I use does not have any SFP input. This way, the TP-Link converter “converts” the optical fiber signal to an RJ-45 (ethernet) signal, which can then be read the machine. If you already have a machine with SFP connectivity, there should be no need for such a converter.

If you plan on buying your own SFP module, I would strongly recommend first checking out whether it is compatible with your ISP provider or not.

Installing netplan

netplan is a recent network package for Ubuntu which allows to configure both the NetworkManager (for machines running regular Ubuntu) and the systemd-networkd (for machines running Ubuntu Server). If you are using an Ubuntu version higher than 18.04, netplan should already be installed and set as the default way to configure network interfaces.

Configuring netplan for IPv4

Edit the netplan .yaml configuration file located in /etc/netplan/. The top should look like the following:

/etc/netplan/00-installer-config.yaml

network:
  version: 2
  renderer: networkd

If for some reason you wish to use the NetworkManager instead of the systemd-networkd renderer, simply change the renderer parameter to NetworkManager.

Now, let’s start writing an actual configuration.

First, you will need to know the name of your main ethernet interface (the one connected to the outside network). To list all enabled (up) network interfaces of the machine, you can run: ifconfig

If the interface you are looking for is down, you can find it back with: ip a and enable it with: ifconfig <INTERFACE_NAME> up

Usually, the name for the main ethernet interface is either eth0 or eno1, though this may change depending on your hardware.

We will write the following configuration:

/etc/netplan/00-installer-config.yaml

network:
  version: 2
  renderer: networkd
  ethernets:
    eno1:
      dhcp4: true
  vlans:
    vlan1:
      id: 836
      link: eno1
      dhcp4: true

The above specifies that we want to use DHCPv4 for our eno1 interface. We do this because DHCP (Dynamic Host Configuration Protocol) is how Free ISP attributes IPv4 addresses. If your ISP instead works with a static IP configuration, you can set dhcp4: false and use the addresses and gateway4 properties. See the Netplan documentation for more details.

The configuration also specifies a VLAN which will be created on the eno1 interface, with ID number 836. Tagging packets this way is mandatory so that the server can communicate with Free. Note that different ISPs will have different VLAN IDs for tagging, so you should do your own research for that matter.

For some reason, you need to also specify dhcp4: true in the VLAN section. Furthermore, the VLAN (and bridges) section should be at the end because of a parsing bug in netplan.

When you’re done editing, save the file and run the following commands to:

• generate a configuration for the chosen renderer (here systemd-networkd)
• apply the configuration to the renderer

sudo netplan generate
sudo netplan apply

Your server should now have access to the internet!

To make sure it is the case, you can ping Cloudflare: ping 1.1.1.1

Configuring netplan for IPv6

Configuring IPv6 with Free was more complicated than what I expected. IPv6 is the most recent version of the IP protocol, which is intended to replace IPv4.

You may be luckier than I am and have your ISP work with “true” IPv6, making this part much easier.

Free uses a technology called IPv6 rapid deployment or 6rd (a derivative of 6to4, which is itself a protocol that allows to make IPv6 packets transit through IPv4).

This means that the Freebox modem normally establishes a tunnel with a remote Free IP (the same for all Free ISP subscribers). Luckily, there’s a relatively simple way to make this work with netplan:

/etc/netplan/00-installer-config.yaml

network:
  version: 2
  renderer: networkd
  ethernets:
    eno1:
      dhcp4: true
  tunnels:
    tun0:
      mode: sit
      remote: 192.88.99.101
      local: <MY_PUBLIC_IPV4>
      mtu: 1480
      ttl: 64
      routes:
        - to: default
          via: <MY_IPV6_PREFIX>
  vlans:
    vlan1:
      id: 836
      link: eno1
      dhcp4: true
    vlan2:
      id: 836
      link: tun0

In the configuration above, we defined a new tunnel interface called tun0. We need to specify:

• the remote IPv4 address of the Free 6rd tunnel endpoint. This address is always the same for Free subscribers and is 192.88.99.101. I saw people online mentioning the same address but with an .102 ending, so you may try that if this doesn’t work.
• your public IPv4 address, attributed by your ISP. You can get this address once you configured IPv4, using ifconfig, or by connecting to your Freebox account. Free attributes a fixed IP through DHCPv4 for each home.
• your IPv6 prefix, attributed by your ISP. You can find your attributed IPv6 prefix by either connecting to your Freebox account, or by looking at the parameters of your Freebox when it is connected. The prefix should look like: aaaa:bbb:cccc:dddd::/64.

We also tag IPv6 packets with VLAN 836, similarly to what we did for IPv4.

Save the configuration file, run sudo netplan generate and sudo netplan apply once again. If everything went well, you should be able to ping Cloudflare via IPv6: ping6 2606:4700:4700::1111

Congratulations! If you’ve made it this far, the machine you configured now acts as a modem which can connects to the outside internet!

In part 2, we will see how to configure a light DHCP (for IPv4) and SLAAC (for IPv6) server in order to broadcast the internet connection to a home Wi-Fi network, using dnsmasq and hostapd.

In part 3, we will focus more on DNS resolution and how to set-up DNS-over-HTTPS.

Troubleshooting

If anything goes wrong, here are a couple commands you can try in order to get a better understanding of what’s happening.

To list enabled interfaces and their assigned IP (and MAC) addresses:

• ifconfig

To assess the status and look at the last logs of networkd:

• sudo systemctl status systemd-networkd

To ping an IP with a specific interface:

• ping -I <INTERFACE> <IP> (IPv4)
• ping6 -I <INTERFACE> <IP> (IPv6)

To trace the route of packets to a target IP:

• traceroute -i <INTERFACE> <IP> (IPv4)
• traceroute6 -i <INTERFACE> <IP> (IPv6)

To monitor packets (in and out) for a interface:

• sudo tcpdump -i <INTERFACE> ip (IPv4)
• sudo tcpdump -i <INTERFACE> icmp6 (IPv6)

If you have any questions or wish to discuss a personal issue of your own, do not hesitate to contact me.

Useful links

Massive thanks to the people who wrote the different guides in the links below. They helped me a lot.

• Great blog article by Gonzague Dambricourt (in French) on replacing the Freebox by a TP-Link converter to get IPv4 connectivity
• These two Kozodo articles (in French), describing how to play with IPv4 and IPv6 networking, with and without the Freebox.
• This watchmysys blog post on configuring 6rd without a Freebox
• A very clear blog article by Darren Nathanael on configuring netplan for an IPv6-in-IPv4 tunnel
• LaFibre is a French forum focused on networking with the optical fiber. It has great ressources, with topics such as this one (replacing the Freebox with a Mikrotik router) or this one (replacing the Freebox with a Linux server)
• Exhaustive post discussing the configuration of a Linux box with Free ISP, on the French universfreebox forum
• Blog post from Leslamas to configure an EdgeRouter4 with Free