Hello,
I would like some feedback on my setup. Currently in my home lan I have a dd-wrt (as described in the subject) and I use this script to bring the ipv6 setup online:
#!/bin/sh
MY_TUNNEL_ADDR="2001:470:XXXX:103e::2" # change me
MY_ROUTED_ADDR="2001:470:XXXX:103e::1" # change me
TIP="216.66.80.30"
LOG_OUTPUT_FILE="/mnt/ipv6-startup.debug"
insmod ipv6
insmod sit
sleep 5
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
trap 'echo 0' 1
while [ true ]
do
IPV4=`ifconfig ppp0 | grep "inet addr" | sed -e "s+inet addr:++" -e "s+Bcas.*++" -e "s+ *++" | cut -d ' ' -f 1`
if [ "$IPV4" != "$OLDIP" ]
then
sh /mnt/updateipv4.sh > $LOG_OUTPUT_FILE
echo "Configuring tunnel, remote $TIP local $IPV4" >> $LOG_OUTPUT_FILE
ip tunnel add he-ipv6 mode sit remote $TIP local $IPV4 ttl 255
ip link set he-ipv6 up
ip addr add $MY_TUNNEL_ADDR/64 dev he-ipv6
ip route add ::/0 dev he-ipv6 metric 256
# Not strictly necessary, but sometimes handy
ip addr add $MY_ROUTED_ADDR/64 dev br0
# These commands aren't on HE's website, but they're necessary for the tunnel to work
#ip -6 addr add $MY_ROUTED_ADDR/64 dev he-ipv6
#ip -6 addr add $MY_ROUTED_ADDR/64 dev br0
#ip route add 2000::/3 dev he-ipv6 metric 1
echo "Starting radvd" >> $LOG_OUTPUT_FILE
killall radvd
radvd -C /mnt/radvd.conf &
iptables -I INPUT 2 -p ipv6 -i ppp0 -j ACCEPT
fi
OLDIP="$IPV4"
sleep 60
done
This is merged from several scripts I found online.
My radvd.conf is :
interface br0 {
AdvSendAdvert on;
prefix 2001:470:XXXX:103e::/64
{
AdvOnLink on;
AdvAutonomous on;
};
};
My internal lan boxes get an ipv6 address. But when I try to do a ping on ipv6.google.com I get this :
# ping6 ipv6.google.com
PING6(56=40+8+8 bytes) 2001:470:xxxx:103e:223:32ff:fe91:7931 --> 2a00:1450:8006::69
Request timeout for icmp_seq=0
Request timeout for icmp_seq=1
At the same time, when I ping at 2001:470:XXXX:103e::1 the above ping starts to work! Weird.
Right now nothing works. I dont know what the cause is. Everything was fine yesterday (if you take out the above behavior).
Some extra info on this from the router
root@gw:/mnt# ip -6 addr
1: lo: <LOOPBACK,MULTICAST,UP>
inet6 ::1/128 scope host
3: eth0: <BROADCAST,MULTICAST,PROMISC,UP>
inet6 fe80::21d:60ff:feb6:5c2a/64 scope link
4: eth1: <BROADCAST,MULTICAST,UP>
inet6 fe80::21d:60ff:feb6:5c2b/64 scope link
5: eth2: <BROADCAST,MULTICAST,PROMISC,UP>
inet6 fe80::21d:60ff:feb6:5c2c/64 scope link
8: br0: <BROADCAST,MULTICAST,ALLMULTI,PROMISC,UP>
inet6 2001:470:xxxx:103e::1/64 scope global
inet6 fe80::21d:60ff:feb6:5c2a/64 scope link
11: he-ipv6: <POINTOPOINT,NOARP,UP>
inet6 fe80::5549:5d17/128 scope link
inet6 2001:470:xxxx:103e::2/64 scope global
root@gw:/mnt# ip -6 route
2001:470:xxxx:103e::/64 via :: dev he-ipv6 metric 256 mtu 1472 advmss 1412
2001:470:xxxx:103e::/64 dev br0 metric 256 mtu 1500 advmss 1440
fe80::/64 dev eth0 metric 256 mtu 1500 advmss 1440
fe80::/64 dev eth2 metric 256 mtu 1500 advmss 1440
fe80::/64 dev br0 metric 256 mtu 1500 advmss 1440
fe80::/64 dev eth1 metric 256 mtu 1500 advmss 1440
fe80::/64 via :: dev he-ipv6 metric 256 mtu 1472 advmss 1412
ff00::/8 dev eth0 metric 256 mtu 1500 advmss 1440
ff00::/8 dev eth2 metric 256 mtu 1500 advmss 1440
ff00::/8 dev br0 metric 256 mtu 1500 advmss 1440
ff00::/8 dev eth1 metric 256 mtu 1500 advmss 1440
ff00::/8 dev he-ipv6 metric 256 mtu 1472 advmss 1412
default dev he-ipv6 metric 1 mtu 1472 advmss 1412
Currently I cannot install ping6 and ip6tables in the router and I cannot look into this further.
Any comments would be greatly appreciated.
I assume you're using your routed /64 in your RA configuration?
No idea what you just said. Clarify ?
You are assigned two different IPv6 ranges when you get your tunnel.
2001:1d8:xxxx:xxxx:/64 and 2001:1d8:xxxy:xxxx::/64
one is called your routed /64 in which the "y" bit from the second example above will be an odd value. The range that's assigned to your tunnel (where your ::1 and ::2 come from for your endpoints) will have an even value; you should not use that one.
If you would remove the xxxx's from your config, I could tell you more easily.
1f0a is the P-t-P link
1f0b is the Routed /64
Here it is
#!/bin/sh
MY_TUNNEL_ADDR="2001:470:1f0a:103e::2" # change me
MY_ROUTED_ADDR="2001:470:1f0b:103e::1" # change me
TIP="216.66.80.30"
LOG_OUTPUT_FILE="/mnt/ipv6-startup.debug"
insmod ipv6
insmod sit
sleep 5
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
trap 'echo 0' 1
while [ true ]
do
IPV4=`ifconfig ppp0 | grep "inet addr" | sed -e "s+inet addr:++" -e "s+Bcas.*++" -e "s+ *++" | cut -d ' ' -f 1`
if [ "$IPV4" != "$OLDIP" ]
then
sh /mnt/updateipv4.sh > $LOG_OUTPUT_FILE
echo "Configuring tunnel, remote $TIP local $IPV4" >> $LOG_OUTPUT_FILE
ip tunnel add he-ipv6 mode sit remote $TIP local $IPV4 ttl 255
ip link set he-ipv6 up
ip addr add $MY_TUNNEL_ADDR/64 dev he-ipv6
ip route add ::/0 dev he-ipv6 metric 1
# Not strictly necessary, but sometimes handy
ip addr add $MY_ROUTED_ADDR/64 dev br0
# These commands aren't on HE's website, but they're necessary for the tunnel to work
#ip -6 addr add $MY_ROUTED_ADDR/64 dev he-ipv6
#ip -6 addr add $MY_ROUTED_ADDR/64 dev br0
#ip route add 2000::/3 dev he-ipv6 metric 1
echo "Starting radvd" >> $LOG_OUTPUT_FILE
killall radvd
radvd -C /mnt/radvd.conf &
iptables -I INPUT 2 -p ipv6 -i ppp0 -j ACCEPT
fi
OLDIP="$IPV4"
sleep 60
done
I just made the connection. I was using the "a" P-t-P addr for my RA in radvd.conf. Changed now. Checking the rest now.
Did you ever get this to work? I just flashed the v24 firmware to a router and am trying to troubleshoot
Yeap everything works fine. I am trying to make the router use ipv6 only when ipv6 is available right now.
Would you post your configs so I can compare?
root@gw:/mnt# more startipv6.sh
#!/bin/sh
MY_TUNNEL_ADDR="2001:470:1f0a:103e::2" # change me
MY_ROUTED_ADDR="2001:470:1f0b:103e::1" # change me
TIP="216.66.80.30"
LOG_OUTPUT_FILE="/mnt/ipv6-startup.debug"
insmod ipv6
insmod sit
sleep 5
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
trap 'echo 0' 1
while [ true ]
do
IPV4=`ifconfig ppp0 | grep "inet addr" | sed -e "s+inet addr:++" -e "s+Bcas.*++" -e "s+ *++" | cut -d ' ' -f 1`
if [ "$IPV4" != "$OLDIP" ]
then
sh /mnt/updateipv4.sh > $LOG_OUTPUT_FILE
echo "Configuring tunnel, remote $TIP local $IPV4" >> $LOG_OUTPUT_FILE
ip tunnel del he-ipv6
ip tunnel add he-ipv6 mode sit remote $TIP local $IPV4 ttl 255
ip link set he-ipv6 up
ip addr add $MY_TUNNEL_ADDR/64 dev he-ipv6
ip route add ::/0 dev he-ipv6 metric 1
# Not strictly necessary, but sometimes handy
ip addr add $MY_ROUTED_ADDR/64 dev br0
# These commands aren't on HE's website, but they're necessary for the tunnel to work
#ip -6 addr add $MY_ROUTED_ADDR/64 dev he-ipv6
#ip -6 addr add $MY_ROUTED_ADDR/64 dev br0
#ip route add 2000::/3 dev he-ipv6 metric 1
echo "Starting radvd" >> $LOG_OUTPUT_FILE
killall radvd
radvd -C /mnt/radvd.conf &
iptables -I INPUT 2 -p ipv6 -i ppp0 -j ACCEPT
fi
OLDIP="$IPV4"
sleep 60
done
If you need radvd.conf and anything else just tell me.
Oh, and remember that this is an endless loop, so put it in the background with "&". The reason for that is to re-enable the ipv6 tunnel when your dynamic ip changes.
Did you enter that script from the command line (telnet or ssh) or from the webgui?
I'm assuming from the "&" you listed, you used the command line?
In v24 sp2 you can mount a usb stick. I put everything there and created a startup.sh script which is executed on mount. That script starts up everything.
This is what I have for my radvd.conf
interface br0 {
AdvSendAdvert on;
AdvHomeAgentFlag on;
AdvLinkMTU 1280;
MinRtrAdvInterval 3;
MaxRtrAdvInterval 10;
prefix [2001:470:1f11:ed::/64 {
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr on;
};
};
Is this correct ?
prefix [2001:470:1f11:ed::/64 {
There is a '[' there.
And make sure that the subnet is the one the HE given you. Meaning: you are using the Routed /64 subnet.
I think I see my problem.
What version of v24 did you use? (mini, micro, ect)
v24 sp2 build 13968
right, but is it a mega build, a mini build, normal build, micro build..etc...
Sorry, mega..
My problem is that my WRT54G only has 4mb of flash. The builds that support IPv6 are too large to allow for any free space that I need to create config files, and the builds that are small enough to allow for free space don't support IPv6
:(
Maybe time to dump the little consumer router and get a little soekris box or something similar, or maybe use an old laptop laying around? :)
Yeah, that's what it's looking like...it'd be nice to use the WRT54G though because it's already on anyways.
Oh well.
Asus Rt-n16 has more of everything and runs DD-WRT nicely
I would like some feedback on my setup. Currently in my home lan I have a dd-wrt (as described in the subject) and I use this script to bring the ipv6 setup online I'm not even quite sure how to explain this, so I will do my best. I am also not quite sure what additional info you might need
Clark
ccnp (http://www.ccnpquestions.com)
USA
I'm not sure what you're asking?
Maybe someone can help me out with this.
I'm running v24-sp2 build 14311 on a D-Link DIR-825 but have no clue on how to configure IPv6 on it.
Found several guides but they all have different approaches.
One guide tells me to install kmod-ipv6 and the next guide tells me to install ip6tables and other stuff.
And since I'm a n00b when it comes to Linux i don't know what to do or how to check if those aren't already available.
The most important part is how to correctly setup my router to use HE tunnel with /48 subnet.
So was hoping someone could tell me what actions and config i need to use to make IPv6 work on this?
I have IPv6 support enabled but searching the web learns me that doesn't say anything (not loading stuff etc)
Also Radvd is enabled.
And from here it stops.
You need the kernel module to simply have IPv6, because that's what implements the IPv6 stack in the OS.
iptables and ip6tables, aka "netfilter" is the firewall, which you really need also for security, but you can set things up and get them working without setting up a iptables policy.
I'm not super familiar with how the DD-WRT setup and config files work, but Linux is Linux, and if it has the "iproute2" tools the process of setting up an HE tunnel will be the same as other Linuxes.
You first need to set up the tunnel itself. You do it something like this:
ip tunnel add he-ipv6 mode sit remote <Server IPv4 address> local <Client IPv4 address> ttl 255
ip link set he-ipv6 up
ip addr add <Client IPv6 address> dev he-ipv6
ip route add ::/0 dev he-ipv6
You may need to do a "modprobe sit" first if it gives you trouble with the ip tunnel command. Also, if this router is behind a NAT, and doesn't have a public IPv4 address, you must use the real IP address that's on the interface for the client IPv4 address. E.g. If your IPv4 address is 192.168.1.1, use that if you're behind a NAT device not the public IPv4 address. Let the NAT device NAT it for you.
Also, don't mix up the routed /64 and the Server and Client IPv6 addresses. They look very similar but are different by one character.
Now you can ping the other side of the tunnel to see if the 6in4 tunnel is working.
ping6 -n <Server IPv6 Address>
If it works, your 6in4 tunnel works. Move on. If not, well, make sure 6in4 can pass your firewall, etc, etc. You just have to figure out what's stopping it from working.
Now you put an address from your routed /64 or a /64 subnet of your routed /48 on the inside interface of the router:
ip addr add <IPv6 address> dev <inside interface name>
For instance, if HE assigns you a routed /64 of something like "2001:db8:1234:56::/64", you might put the address "2001:db8:1234:56::1/64" on your network interface. If you want to use your routed /48 on the NIC instead, you can just carve a /64 out of it. i.e. you're given "2001:db8:1234::/48", you could use "subnet zero" of this, by putting an address like "2001:db8:1234::1/64" on the NIC.
If you're running radvd, it should already set the ipv6 forwarding stuff up. But to do it by hand you can do something like "sysctl -w net.ipv6.conf.all.forwarding=1".
You should now be able to ping this address from the outside, and ping outside hosts from this address (use something like ping6 -n -I 2001:db8:1234::1 <server IPv6 address or some other IPv6 address>.
If you're running multiple subnets, you either need to run a routing protocol through your whole routing domain, or add static routes for your subnets to the router. I.e., you have a LAN using subnet "2001:db8:1234:1::/64" that's on the other side of the router with IPv6 "2001:db8:1234::2", you would add a route like so: ip route add 2001:db8:1234:1::/64 via 2001:db8:1234::2".
That's about it. The rest is figuring out how to put this all in the DD-WRT configuration files, just like you would for any other linux distro. This is presuming this all can't be done in a GUI.
Hope this helps ...
@jimb
Thanks for detailed explanation.
I got it working now except it's wide open because of no iptables configured (need to digg in to that)
And for some reason my PC didn't got an IPv6 address by dhcp (manual made it work. need to check dhcp for IPv6)
Thanks again.
Quote from: ipv6us3r on May 09, 2010, 12:33:00 PM
@jimb
Thanks for detailed explanation.
I got it working now except it's wide open because of no iptables configured (need to digg in to that)
And for some reason my PC didn't got an IPv6 address by dhcp (manual made it work. need to check dhcp for IPv6)
Thanks again.
It'd be ip6tables for ipv6 stuff. If your router is behind a NAT, or isn't forwarding ipv4 traffic, you'd really only need to set up ipv6tables. I just have the standard "allow everything out from the inside, allow select ports in, deny everything else inbound" rules.
If you're using radvd then all your windows and linux boxes should automatically get IPv6 addresses and default routes. But unfortunately not DNS servers. On my network, I let either static configuration or dhcp take care of that (it just uses IPv4 DNS servers), even though my DNS servers are dual-stacked.
I haven't set up DHCPv6 so I can't really talk about that. BTW, "traditional" dhcp doesn't support IPv6. IPv6 has a new version called DHCPv6 which works very differently, although some DHCP software has both versions included.