Asus RT-N66U - TunnelBroker support built-in

[valkenbw]

For completeness:
Asus stock firmware 3.0.0.4.374.4561 adapted the Merlin IPv6 firewall, including the firewall rules.
Latest stock firmware at date of this post is 3.0.0.4.374.5517, which includes several security fixes.

[PeteFlugstad]

It turns out the router isn't running radvd on account of an error somewhere:

Code Select Expand


wubangle@RT-N66U:/tmp/etc# ls -l radvd.conf
-r--------    1 wubangle root           325 Jan 19 09:27 radvd.conf
wubangle@RT-N66U:/tmp/etc# chmod a-r radvd.conf
wubangle@RT-N66U:/tmp/etc# radvd
[Jan 19 09:38:53] radvd: Exiting, permissions on conf_file invalid.

There appears to be no pleasing radvd.

EDIT: Yes, there is. This problem occurs if you set your username to anything but "admin". So reset your username to "admin" and the problem will solve itself, and IPv6 will work for you!

I just ran into this problem today even with an username of "admin" and on the latest ASUS firmware available (3.0.0.4.376_3861). After a couple of days of poking, I finally figured out what the problem is.  Posting here in the hopes of helping the next poor sap:

Code Select Expand


admin@RT-AC66R:/etc# ls -l radvd.conf
-r--------    1 admin    root           372 Jun 27 12:31 radvd.conf
admin@RT-AC66R:/etc# radvd
[Jun 27 12:38:02] radvd: Exiting, permissions on conf_file invalid.
admin@RT-AC66R:/etc# radvd --debug=5
[Jun 27 12:38:26] radvd: syntax error in /etc/radvd.conf, line 10: 2001:XXX:XXXX:XXXX
[Jun 27 12:38:26] radvd: error parsing or activating the config file: /etc/radvd.conf
[Jun 27 12:38:26] radvd: Exiting, failed to read config file.

admin@RT-AC66R:/etc# cat radvd.conf
... line 10:
prefix 2001:XXX:XXXX:XXXX/64 {
...
admin@RT-AC66R:/etc#


The error message without the --debug=5 is completely misleading. 

The actual error: note the missing trailing "::" on the prefix.  Without that, it's not a valid IPv6 address, so this prevents radvd from parsing it properly.  When I cut/paste the prefix from HE's web site, I missed that.

Once I fixed this by added the trailing "::" via the web interface, radvd starts up and it's fine and my hosts inside the firewall properly get the IPv6 prefix.

Code Select Expand


admin@RT-AC66R:/etc# cat radvd.conf
...
prefix 2001:XXX:XXXX:XXXX::/64 {
...


ASUS' web interface could do a lot better job validating input here.

[effra]

I have an RT-N66U with the now-latest firmware 3.0.0.4.376_3861, which includes the IPv6 firewall and I think an extra setting (it asks for server IPv6 address as well as IPv4 address, which I haven't seen mentioned in other posts).

I have nearly but not quite got it working, and can't figure out what I have wrong.

From the router itself, when telnetted in, I can ping and traceroute to ipv6.google.com, so it looks like the tunnel is fine. radvd is running, and various devices have picked up IPv6 addresses in the correct range. However none of my devices can ping the router (neither on link-local nor global addresses), and the router can't ping them on any of their addresses. That ought to be the easy bit!

The devices seem to be able to resolve IPv6-only domain names to addresses, but I assume they are doing so via IP4 DNS.

My tunnel details look like this:

Code Select Expand

Server IPv4 Address:216.66.88.98
Server IPv6 Address:2001:470:1f1c:222::1/64
Client IPv4 Address:82.14.190.49
Client IPv6 Address:2001:470:1f1c:222::2/64
Routed /64:2001:470:1f1d:222::/64


The IPv6 log on the router says:

Code Select Expand

          IPv6 Connection Type: Tunnel 6in4
              WAN IPv6 Address: 2001:470:1f1c:222::2/64
              WAN IPv6 Gateway: 2001:470:1f1c:222::1
              LAN IPv6 Address: 2001:470:1f1d:222::1/64
   LAN IPv6 Link-Local Address: fe80::62a4:4cff:fe28:1c68/64
               LAN IPv6 Prefix: 2001:470:1f1d:222::/64


Any suggestions gratefully received!

[jonesntn]

Did you have any luck? I have my tunnel Working, but can only tell by using telnet commands on the router.

[u8sf]

***
Asus setting   Tunnelbroker details
Enable the DDNS Client   "Yes"
Server   "WWW.TUNNELBROKER.NET" from the menu
Host Name   Tunnel ID (6-digit decimal number)
User Name or E-mail Address   User ID (long hex value on Main Page, not Username)
Password   Password
***
password, is not log in password. It is in ,advanced page,  Update key.

[PanicPaintbrush]

***
Asus setting   Tunnelbroker details
Enable the DDNS Client   "Yes"
Server   "WWW.TUNNELBROKER.NET" from the menu
Host Name   Tunnel ID (6-digit decimal number)
User Name or E-mail Address   User ID (long hex value on Main Page, not Username)
Password   Password
***
password, is not log in password. It is in ,advanced page,  Update key.

This is correct. I was going to post the same thing.
This works for N56U too.