• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

HowTo: WRT54G + OpenWRT/Linux + radvd

Started by dougbfreebsdorg, May 26, 2008, 02:59:27 PM

Previous topic - Next topic

dougbfreebsdorg

I spent a pretty good day yesterday cobbling together a setup for using my Linksys WRT54G as my tunnel endpoint and then using radvd to announce to my home network, so I thought I'd pass along what I learned. These instructions will probably work with other devices that can run OpenWRt http://openwrt.org/ as well.

First you need to get Linux on your toaster.  :) Visit the OpenWrt website and figure out what is the right branch for you. This page has a good summary: http://wiki.openwrt.org/OpenWrtOverview. After trying the bare bones OpenWRT interface, I elected to use the X-Wrt code, which is OpenWrt plus a web interface with a lot more features. http://x-wrt.org/. I chose the 0.9/whiterussian code since it is the last stable release, and I don't need the bleeding edge features in the kamikaze code base. http://downloads.x-wrt.org/xwrt/firmware_images/whiterussian/0.9/milestone-3-rc2/default/openwrt-wrt54g-squashfs.bin
Follow the instructions on the web site(s) to get your device flashed to your desired version.

Now you need to install the IPv6 packages for OpenWrt. Follow the instructions on the web site(s) to ssh into your device. At minimum you will need the following:

ipkg install kmod-ipv6
ipkg install radvd
ipkg install ip


If you want the IPv6 firewall, you also need:

ipkg install kmod-ip6tables
ipkg install ip6tables


and I recommend the traceroute package as well for debugging purposes:

ipkg install tcptraceroute6

The IPv6 module will be loaded for you at boot time, to load it now without rebooting you can do:

insmod ipv6

You can also load the ip6_tables and ip6table_filter modules at this time. I added those two to /etc/modules.d/20-ipv6 so they will always load at boot. To insure that your firewall will pass protocol 41, add the following to /etc/config/firewall
accept:proto=41


Once you've got your device updated, you'll want to start configuring your tunnel. If you have not already, create an account and get your tunnel set up on the HE side. We'll be using the information from the "Tunnel Details" page to get you set up.

I created the following script and added it as /etc/init.d/S45ipv6:

#!/bin/sh /etc/rc.common

#Information from the "Tunnel Details" page
SERVER_v4=Server IPv4 Address
SERVER_v6=Server IPv6 Address

CLIENT_v4=Client IPv4 Address
CLIENT_v6=Client IPv6 Address

# Uncomment if you have a /48
#ROUTED_48=Your /48 netblock's gateway address, e.g., 2001:a:b::1
ROUTED_64=Your /64 netblock's gateway address, e.g., 2001:a:b:c::1

START=50

start() {
echo "Starting he.net IPv6 tunnel: "
ip tunnel add henet mode sit remote $SERVER_v4 local $CLIENT_v4 ttl 255
ip link set henet up

ip -6 addr add $CLIENT_v6/64 dev henet
ip -6 ro add default via $SERVER_v6 dev henet

ip -6 addr add $ROUTED_64/64 dev br0
# Uncomment if you have a /48
        #ip -6 addr add $ROUTED_48/48 dev br0
ip -f inet6 addr

echo "Done."
}
stop() {
echo -n "Stopping he.net IPv6 tunnel: "
ip link set henet down
ip tunnel del henet

ip -6 addr delete $ROUTED_64/64 dev br0
# Uncomment if you have a /48
        #ip -6 addr delete $ROUTED_48/48 dev br0

echo "Done."
}
restart() {
stop
start
}


Note that the command to set the default route is different than HE's example configuration. AFAIK either command should work, but this one works for me so I don't really want to mess with it. If someone more knowledgeable about Linux routing wants to chime in, I'm all ears.

Make the file executable, then you can test it with ./S45ipv6 start. You should now be able to ping6 a host with an IPv6 address, like tunnelbroker.net. Once that is working, it's time to configure radvd.

The good news is that configuring radvd is very simple. Installing the package should have placed a sample conf file at /etc/radvd.conf. A simple config that should work for the majority of users is:


interface br0
{
AdvSendAdvert on;

# Disable Mobile IPv6 support
AdvHomeAgentFlag off;

prefix 2001:a:b:c::/64
{
AdvOnLink on;
AdvAutonomous on;

# Disable Mobile IPv6 support
AdvRouterAddr off;
};
};


The package also installs a radvd startup script in /etc/init.d which I renamed to S55radvd. You start it the same way as the ipv6 script, ./S55radvd start. You can then do ps -ax to confirm that it's running.

If you have a /48 assigned you will likely want to do some subnetting, etc. That is left as an exercise for the reader. You can easily get radvd to work with your /48 by specifying the first /64 block in the radvd conf, e.g., prefix 2001:a:b::/64.

Once radvd is running you can configure your client to accept the advertisements. That is also left as an exercise for the reader.  8)  If you have any problems with your clients seeing the announcements you can use the radvdump command on your device to see what's happening.

That's all there is to it! Of course you can do a lot fancier configurations like splitting your wired and wireless clients onto different VLANs, etc. But this should get you up and running to start with.

FYI, although they are both a bit out of date, I cribbed extensively from the following two pages:

http://wiki.openwrt.org/IPv6_howto and
http://www.757.org/~joat/wiki/index.php/IPv6_on_the_WRT54G_via_OpenWRT

The former has a lot of good debugging hints and shows what a successful configuration should look like in Section 6.

Enjoy,

Doug

kornholijo

Seems the only thing left for me to mod it for SD storage or get a slug to route everything thru it  :-\

Good tutorial  :D

guardianx

#2
nice tut.



I have a newbie question in your script the line... that say
ip -6 addr add $CLIENT_v6/64 dev henet     

my  Client IPv6 address:     2001:470:1f06:74d::2/64
do i use

option 1
ip -6 addr add 2001:470:1f06:74d::2  dev henet   

or option 2
ip -6 addr add 64 is 2001:470:1f06:74d::2/64 dev henet   


when editing the script with my own info

kornholijo

ip -6 addr add 64 is 2001:470:1f06:74d::2/64 dev henet

sterkejerke

#4
My wrt54g is not direclty connected to the internet, but with a natted adres connected.


So I entered:
ip tunnel add henet mode sit remote $SERVER_v4 local 192.168.1.2 ttl 255

All works ok for me now..


Stupid additional question: Do I need to turn on firewalling on my other clients? Or are the protected by iptables in the WRT54G?



kriteknetworks

iptables covers ipv4 only, ip6tables is used for ipv6.