• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

HOWTO setup an IPv6 tunnel using OpenWrt 10.03 (Backfire)

Started by claas, June 28, 2010, 02:15:41 AM

Previous topic - Next topic



this is how you can enable IPv6 trough tunnelbroker.com service:

1. Sign up at tunnelbroker.com, apply for a tunnel

2. Prerequisites:
opkg install ip ip6tables kmod-sit kmod-iptunnel6 radvd
3. Create a file /etc/hotplug.d/iface/15-ipv6 with the following contents:

. /etc/functions.sh
[ "$ACTION" = "ifup" -a "$INTERFACE" = "wan" -a "$DEVICE" = "ppp0" ] && {
       [ -x $COMMAND ] && {
               # setup tunnel
               logger "HE-IPv6: starting tunnel..."

               IPADDR=$(ip -4 addr show dev $DEVICE | awk '/inet / {print $2}' | cut -d/ -f1)
               username="abcdef1234567890abcdef1234567890" # MD5 of your username
               password="abcdef1234567890abcdef1234567890" # MD5 of your password
               tunnelid="69999" # global tunnel-ID

               # update tunnel to use dynamic ipv4
               wget -q -O /dev/null "http://ipv4.tunnelbroker.net/ipv4_end.php?ipv4b=$IPADDR&pass=$password&user_id=$username&tunnel_id=$tunnelid"

               SERVER_IPv4_ENDPOINT=  # change this IP, this is the Frankfurt POP
               CLIENT_IPv6_ENDPOINT=2001:470:1f0a:9999::2/64 # change this, too

               # setup tunnel
               ip tunnel add he-ipv6 mode sit remote $SERVER_IPv4_ENDPOINT local $IPADDR ttl 255
               ip link set he-ipv6 up
               ip addr add $CLIENT_IPv6_ENDPOINT dev he-ipv6
               ip route add ::/0 dev he-ipv6

               # You got a routed /64
               # Please assign an IP out of this /64 to the bridge manually, f. ex. by calling:
               # uci set network.lan.ip6addr=2001:470:1f0b:9999::1/64; uci commit
               # Since the IP is saved, you only need to run that command once.

               # ... and don't forget your firewall... :-)

               # done
       } &
[ "$ACTION" = "ifdown" -a "$INTERFACE" = "wan" -a "$DEVICE" = "ppp0" ] && {
       [ -x $COMMAND ] && {
               # destroy tunnel
               logger "HE-IPv6: destroying tunnel..."
               ip route del ::/0 dev he-ipv6
               ip tunnel del he-ipv6
               # done
       } &

If you are not using ppp0 for getting your WAN connection, you might want to change the ppp0 to reflect your settings.

4. Add a new rule to your firewall to ACCEPT protocol 41 from wan to the device.

5. configure radvd to advertise your IPv6 network on lan:
edit /etc/config/radvd

config interface
       option interface        'lan'
       option AdvSendAdvert    1
       option AdvManagedFlag   0
       option AdvOtherConfigFlag 0
       option ignore           0

config prefix
       option interface        'lan'
       # If not specified, a non-link-local prefix of the interface is used
       option prefix           '2001:470:1f0b:9999::/64'
       option AdvOnLink        1
       option AdvAutonomous    1
       option AdvRouterAddr    0
       option ignore           0

config rdnss
       option interface        'lan'
       # If not specified, the link-local address of the interface is used
       option addr             '2001:470:1f0b:9999::/64'
       option ignore           1

Please change the :9999: to reflect your routed /64.

Afterwards, run this:

/etc/init.d/radvd enable
/etc/init.d/radvd start

6. That's it, test it:

The IPv6-Tunnel is automatically brought up and down with your wan connection. So get your wan reconnected now (or just reboot the router) and do a test:

ping6 ipv6.google.com

Test from the router first. If that's working, test from clients within your lan.

The /etc/hotplug.d/iface/15-ipv6 script could also be torn apart and be used from /etc/ppp/ip-[up|down].d/, which also works with little modifiations. I chose to use the hotplug style, because then it is only in one file instead of two.
And the configuration (username, password, tunnelid, ...) could also be migrated to use uci.

If you are having trouble, please double check the IPv6-Adresses! The client IPv6 endpoint and your routed /64 differ: 2001:470:1f0a:9999::/64 versus 2001:470:1f0b:9999::/64

You might also want to read http://wiki.openwrt.org/doc/uci/network#dynamic.ipv6-in-ipv4.tunnel.he.net.only for an alternative way.

Happy IPv6-ing!


Hello Sir, I can ping6 ipv6.google.com success in router, but i can't get success in client computer.