• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

DD-WRT v24sp2 (build 13972) config

Started by sgoudelis, March 11, 2010, 04:04:38 AM

Previous topic - Next topic

cholzhauer

I think I see my problem.

What version of v24 did you use?  (mini, micro, ect)

sgoudelis


cholzhauer

right, but is it a mega build, a mini build,  normal build, micro build..etc...

sgoudelis


cholzhauer

My problem is that my WRT54G only has 4mb of flash.  The builds that support IPv6 are too large to allow for any free space that I need to create config files, and the builds that are small enough to allow for free space don't support IPv6

:(

jimb

Maybe time to dump the little consumer router and get a little soekris box or something similar, or maybe use an old laptop laying around?  :)

cholzhauer

Yeah, that's what it's looking like...it'd be nice to use the WRT54G though because it's already on anyways.

Oh well.

sgoudelis

Asus Rt-n16 has more of everything and runs DD-WRT nicely

clark40

I would like some feedback on my setup. Currently in my home lan I have a dd-wrt (as described in the subject) and I use this script to bring the ipv6 setup online I'm not even quite sure how to explain this, so I will do my best.  I am also not quite sure what additional info you might need

Clark
ccnp
USA

cholzhauer


ipv6us3r

Maybe someone can help me out with this.

I'm running v24-sp2 build 14311 on a D-Link DIR-825 but have no clue on how to configure IPv6 on it.
Found several guides but they all have different approaches.

One guide tells me to install kmod-ipv6 and the next guide tells me to install ip6tables and other stuff.

And since I'm a n00b when it comes to Linux i don't know what to do or how to check if those aren't already available.

The most important part is how to correctly setup my router to use HE tunnel with /48 subnet.

So was hoping someone could tell me what actions and config i need to use to make IPv6 work on this?

I have IPv6 support enabled but searching the web learns me that doesn't say anything (not loading stuff etc)
Also Radvd is enabled.

And from here it stops.



jimb

#26
You need the kernel module to simply have IPv6, because that's what implements the IPv6 stack in the OS.

iptables and ip6tables, aka "netfilter" is the firewall, which you really need also for security, but you can set things up and get them working without setting up a iptables policy.

I'm not super familiar with how the DD-WRT setup and config files work, but Linux is Linux, and if it has the "iproute2" tools the process of setting up an HE tunnel will be the same as other Linuxes.

You first need to set up the tunnel itself.  You do it something like this:

ip tunnel add he-ipv6 mode sit remote <Server IPv4 address> local <Client IPv4 address>  ttl 255
ip link set he-ipv6 up
ip addr add <Client IPv6 address> dev he-ipv6
ip route add ::/0 dev he-ipv6


You may need to do a "modprobe sit" first if it gives you trouble with the ip tunnel command.  Also, if this router is behind a NAT, and doesn't have a public IPv4 address, you must use the real IP address that's on the interface for the client IPv4 address.  E.g. If your IPv4 address is 192.168.1.1, use that if you're behind a NAT device not the public IPv4 address.  Let the NAT device NAT it for you.

Also, don't mix up the routed /64 and the Server and Client IPv6 addresses.  They look very similar but are different by one character. 

Now you can ping the other side of the tunnel to see if the 6in4 tunnel is working.  

ping6 -n <Server IPv6 Address>

If it works, your 6in4 tunnel works.  Move on.  If not, well, make sure 6in4 can pass your firewall, etc, etc.  You just have to figure out what's stopping it from working.

Now you put an address from your routed /64 or a /64 subnet of your routed /48 on the inside interface of the router:

ip addr add <IPv6 address> dev <inside interface name>

For instance, if HE assigns you a routed /64 of something like "2001:db8:1234:56::/64", you might put the address "2001:db8:1234:56::1/64" on your network interface.  If you want to use your routed /48 on the NIC instead, you can just carve a /64 out of it.   i.e. you're given "2001:db8:1234::/48", you could use "subnet zero" of this, by putting an address like "2001:db8:1234::1/64" on the NIC.

If you're running radvd, it should already set the ipv6 forwarding stuff up.  But to do it by hand you can do something like "sysctl -w net.ipv6.conf.all.forwarding=1".  

You should now be able to ping this address from the outside, and ping outside hosts from this address (use something like ping6 -n -I 2001:db8:1234::1 <server IPv6 address or some other IPv6 address>.

If you're running multiple subnets, you either need to run a routing protocol through your whole routing domain, or add static routes for your subnets to the router.  I.e., you have a LAN using subnet "2001:db8:1234:1::/64" that's on the other side of the router with IPv6 "2001:db8:1234::2", you would add a route like so:  ip route add 2001:db8:1234:1::/64 via 2001:db8:1234::2".

That's about it.  The rest is figuring out how to put this all in the DD-WRT configuration files, just like you would for any other linux distro.  This is presuming this all can't be done in a GUI.

Hope this helps ...

ipv6us3r

@jimb

Thanks for detailed explanation.

I got it working now except it's wide open because of no iptables configured (need to digg in to that)
And for some reason my PC didn't got an IPv6 address by dhcp (manual made it work. need to check dhcp for IPv6)

Thanks again.



jimb

#28
Quote from: ipv6us3r on May 09, 2010, 12:33:00 PM
@jimb

Thanks for detailed explanation.

I got it working now except it's wide open because of no iptables configured (need to digg in to that)
And for some reason my PC didn't got an IPv6 address by dhcp (manual made it work. need to check dhcp for IPv6)

Thanks again.
It'd be ip6tables for ipv6 stuff.  If your router is behind a NAT, or isn't forwarding ipv4 traffic, you'd really only need to set up ipv6tables.  I just have the standard "allow everything out from the inside, allow select ports in, deny everything else inbound" rules.

If you're using radvd then all your windows and linux boxes should automatically get IPv6 addresses and default routes.  But unfortunately not DNS servers.  On my network, I let either static configuration or dhcp take care of that (it just uses IPv4 DNS servers), even though my DNS servers are dual-stacked.

I haven't set up DHCPv6 so I can't really talk about that.  BTW, "traditional" dhcp doesn't support IPv6.  IPv6 has a new version called DHCPv6 which works very differently, although some DHCP software has both versions included.