Hurricane Electric's IPv6 Tunnel Broker Forums

Please login or register.

Login with username, password and session length
Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Author Topic: HOWTO setup an IPv6 tunnel using OpenWrt 10.03 (Backfire)  (Read 13164 times)

claas

  • Newbie
  • *
  • Posts: 12
    • View Profile
HOWTO setup an IPv6 tunnel using OpenWrt 10.03 (Backfire)
« on: June 28, 2010, 02:15:41 AM »

Hello,

this is how you can enable IPv6 trough tunnelbroker.com service:

1. Sign up at tunnelbroker.com, apply for a tunnel

2. Prerequisites:
Code: [Select]
opkg install ip ip6tables kmod-sit kmod-iptunnel6 radvd3. Create a file /etc/hotplug.d/iface/15-ipv6 with the following contents:

Code: [Select]
. /etc/functions.sh
NAME=ipv6
COMMAND=/usr/sbin/ip
[ "$ACTION" = "ifup" -a "$INTERFACE" = "wan" -a "$DEVICE" = "ppp0" ] && {
        [ -x $COMMAND ] && {
                # setup tunnel
                logger "HE-IPv6: starting tunnel..."

                IPADDR=$(ip -4 addr show dev $DEVICE | awk '/inet / {print $2}' | cut -d/ -f1)
                username="abcdef1234567890abcdef1234567890" # MD5 of your username
                password="abcdef1234567890abcdef1234567890" # MD5 of your password
                tunnelid="69999" # global tunnel-ID

                # update tunnel to use dynamic ipv4
                wget -q -O /dev/null "http://ipv4.tunnelbroker.net/ipv4_end.php?ipv4b=$IPADDR&pass=$password&user_id=$username&tunnel_id=$tunnelid"

                SERVER_IPv4_ENDPOINT=216.66.80.30  # change this IP, this is the Frankfurt POP
                CLIENT_IPv6_ENDPOINT=2001:470:1f0a:9999::2/64 # change this, too


                # setup tunnel
                ip tunnel add he-ipv6 mode sit remote $SERVER_IPv4_ENDPOINT local $IPADDR ttl 255
                ip link set he-ipv6 up
                ip addr add $CLIENT_IPv6_ENDPOINT dev he-ipv6
                ip route add ::/0 dev he-ipv6

                # You got a routed /64
                # Please assign an IP out of this /64 to the bridge manually, f. ex. by calling:
                #
                # uci set network.lan.ip6addr=2001:470:1f0b:9999::1/64; uci commit
                #
                # Since the IP is saved, you only need to run that command once.

                # ... and don't forget your firewall... :-)

                # done
        } &
}
[ "$ACTION" = "ifdown" -a "$INTERFACE" = "wan" -a "$DEVICE" = "ppp0" ] && {
        [ -x $COMMAND ] && {
                # destroy tunnel
                logger "HE-IPv6: destroying tunnel..."
                ip route del ::/0 dev he-ipv6
                ip tunnel del he-ipv6
                # done
        } &
}
If you are not using ppp0 for getting your WAN connection, you might want to change the ppp0 to reflect your settings.

4. Add a new rule to your firewall to ACCEPT protocol 41 from wan to the device.

5. configure radvd to advertise your IPv6 network on lan:
edit /etc/config/radvd

Code: [Select]
config interface
        option interface        'lan'
        option AdvSendAdvert    1
        option AdvManagedFlag   0
        option AdvOtherConfigFlag 0
        option ignore           0

config prefix
        option interface        'lan'
        # If not specified, a non-link-local prefix of the interface is used
        option prefix           '2001:470:1f0b:9999::/64'
        option AdvOnLink        1
        option AdvAutonomous    1
        option AdvRouterAddr    0
        option ignore           0

config rdnss
        option interface        'lan'
        # If not specified, the link-local address of the interface is used
        option addr             '2001:470:1f0b:9999::/64'
        option ignore           1
Please change the :9999: to reflect your routed /64.

Afterwards, run this:

/etc/init.d/radvd enable
/etc/init.d/radvd start

6. That's it, test it:

The IPv6-Tunnel is automatically brought up and down with your wan connection. So get your wan reconnected now (or just reboot the router) and do a test:

ping6 ipv6.google.com

Test from the router first. If that's working, test from clients within your lan.


7.
The /etc/hotplug.d/iface/15-ipv6 script could also be torn apart and be used from /etc/ppp/ip-[up|down].d/, which also works with little modifiations. I chose to use the hotplug style, because then it is only in one file instead of two.
And the configuration (username, password, tunnelid, ...) could also be migrated to use uci.

If you are having trouble, please double check the IPv6-Adresses! The client IPv6 endpoint and your routed /64 differ: 2001:470:1f0a:9999::/64 versus 2001:470:1f0b:9999::/64


You might also want to read http://wiki.openwrt.org/doc/uci/network#dynamic.ipv6-in-ipv4.tunnel.he.net.only for an alternative way.


Happy IPv6-ing!
« Last Edit: June 28, 2010, 01:45:56 PM by claas »
Logged

Neo ZHANG

  • Newbie
  • *
  • Posts: 1
    • View Profile
Re: HOWTO setup an IPv6 tunnel using OpenWrt 10.03 (Backfire)
« Reply #1 on: December 18, 2013, 01:16:40 AM »

Hello Sir, I can ping6 ipv6.google.com success in router, but i can't get success in client computer.
Logged