IPv6 updated instructions and scripts for v24

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware
Goto page 1, 2, 3, 4, 5, 6, 7, 8  Next
Author Message
fastest963
DD-WRT Novice


Joined: 02 Mar 2008
Posts: 28

PostPosted: Sun Mar 28, 2010 23:52    Post subject: IPv6 updated instructions and scripts for v24 Reply with quote
Sash: THIS HAS TO BE MOVED TO THE WIKI! I'll unsticky it in a few weeks


Here is a script for Sixxs/hurricane electric (tested on v24 build 14144)

First enable jffs, goto Admin->Commands and save the following as the startup script

Then enable sshd under services and SSH into the router:
Install using ipkg
http://downloads.openwrt.org/kamikaze/7.09/brcm-2.4/packages/kmod-ip6tables_2.4.34-brcm-1_mipsel.ipk
http://downloads.openwrt.org/kamikaze/7.09/brcm-2.4/packages/ip6tables_1.3.7-1_mipsel.ipk

Make sure you do ipkg -d root -force-depends install {package}

Code:

insmod ipv6
#don't load these if you have kernel 2.6, wait on working modules
insmod /jffs/lib/modules/2.4.34/ip6_tables.o
insmod /jffs/lib/modules/2.4.34/ip6table_filter.o
insmod /jffs/lib/modules/2.4.34/ip6t_multiport.o
#if you are using 2.6, comment the above 3 lines and uncomment this
#insmod sit

# The IPv6 prefix (/64) of the tunnel initially assigned to you (including the ::).
TUNNELPREFIX="2001:4830:1600:200::"

# The IPv4 address of the PoP you're using
SIXXS4="66.117.47.200"

# The Routed IPv6 Subnet (/48 or /64)
#TUNNELSUBNET="2001:4830:1600::/48"

# MTU - must match your SixXS tunnel settings and radvd's "AdvLinkMTU" value
MTU=1480

# Which interface are you using? sixxs or he-ipv6? You can keep it to something else but to stay consistent with other scripts, use one of those.
INTERFACE="sixxs"

# Get the tunnel endpoint addresses
MYTUNNELIP="${TUNNELPREFIX}2"
SIXXSTUNNELIP="${TUNNELPREFIX}1"

# Create tunnel, fix MTU and bring up and configure endpoint
ip tunnel add ${INTERFACE} mode sit remote ${SIXXS4} ttl 64
ip link set mtu ${MTU} dev ${INTERFACE}
ip link set ${INTERFACE} up
ip addr add ${MYTUNNELIP}/64 dev ${INTERFACE}

# Configure IPv6 endpoint on br0
if [ ! -z  ${TUNNELSUBNET} ]; then
ip addr add ${TUNNELSUBNET} dev br0

# uncomment if you want to manually start radvd instance and not use web interface
# radvd -C /jffs/radvd.conf &
fi

# Add default routes
ip route add default via ${SIXXSTUNNELIP} dev ${INTERFACE} metric 1
ip route add 2000::/3 via ${SIXXSTUNNELIP} dev ${INTERFACE} metric 1

#Enable IPv6 forwarding
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding

# Set Firewall rules

# make sure to accept proto-41
iptables -I INPUT 2 -p ipv6 -i vlan1 -j ACCEPT
# uncomment if you are using repeater mode
# iptables -I INPUT 2 -p ipv6 -i eth0 -j ACCEPT

#make sure to not NAT proto-41
iptables -t nat -A POSTROUTING --proto ! 41 -o eth0 -j MASQUERADE
# uncomment if you are using repeater mode
# iptables -t nat -A POSTROUTING --proto ! 41 -o vlan1 -j MASQUERADE

# Set firewall directory and correct path
export IP6TABLES_LIB_DIR=/jffs/usr/lib/iptables
PATH="$PATH":/jffs/usr/sbin

#flush tables
ip6tables -F

#drop invalid
ip6tables -A INPUT -m rt --rt-type 0 -j DROP
ip6tables -A FORWARD -m rt --rt-type 0 -j DROP
ip6tables -A OUTPUT -m rt --rt-type 0 -j DROP

#allow common ports
ip6tables -A FORWARD -p tcp -i ${INTERFACE} --syn -m multiport --dports ftp-data,ftp,http,https,ntp,domain -j ACCEPT
ip6tables -A FORWARD -p tcp -i ${INTERFACE} --syn -j DROP
ip6tables -A FORWARD -p udp -i ${INTERFACE} -m multiport --dports ntp,domain -j ACCEPT
ip6tables -A FORWARD -p udp -i ${INTERFACE} -j DROP


Then hit save startup, then go to Management and enable ipv6.

Then enable radvd (only if you have a routed subnet!) and in the config put:
!! make sure to change the prefix to a /64 subnet assigned to you !!
The AdvLinkMTU should match the max MTU on the device and not just the one above. (From Jeroen Massar at Sixxs)

Code:

interface br0{
MinRtrAdvInterval 3;
MaxRtrAdvInterval 10;
AdvSendAdvert on;
AdvLinkMTU 1500;
MinRtrAdvInterval 3;
MaxRtrAdvInterval 10;
prefix 2001:4830:1600:100::/64{
AdvOnLink on;
AdvAutonomous on;
AdvValidLifetime 86400;
AdvPreferredLifetime 86400;
};
};

I have modified some of the code above from http://www.dd-wrt.com/wiki/index.php/IPv6#IPv6_on_current_builds

Then hit Run Commands. Done!


If you have kernel 2.4 (most people have this!):
If you want to install ping6 and traceroute6:
http://db0noe.dyndns.org/openwrt/7.09/packages/iputils-traceroute6_20071127-1_mipsel.ipk
http://db0noe.dyndns.org/openwrt/7.09/packages/iputils-ping6_20071127-1_mipsel.ipk
Note: you cannot traceroute6 to a domain because gethostbyaddr2 cannot be found. I don't know of a workaround so just use the exact IPv6 address instead of using the hostname.
To install tcpdump:
http://downloads.openwrt.org/kamikaze/7.06/brcm-2.4/packages/libpcap_0.9.4-1_mipsel.ipk
http://downloads.openwrt.org/kamikaze/7.06/brcm-2.4/packages/tcpdump_3.9.4-1_mipsel.ipk

if the above 2.4 don't work, try:
http://downloads.openwrt.org/backfire/10.03-beta/brcm-2.4/packages/iputils-ping6_20071127-1_brcm-2.4.ipk
http://downloads.openwrt.org/backfire/10.03-beta/brcm-2.4/packages/iputils-traceroute6_20071127-1_brcm-2.4.ipk
and
http://downloads.openwrt.org/backfire/10.03-beta/brcm-2.4/packages/libpcap_1.0.0-1_brcm-2.4.ipk
http://downloads.openwrt.org/backfire/10.03-beta/brcm-2.4/packages/tcpdump_4.0.0-2_brcm-2.4.ipk

if you have kernel 2.6:
http://downloads.openwrt.org/backfire/10.03-rc3/ar71xx/packages/iputils-ping6_20071127-1_ar71xx.ipk
http://downloads.openwrt.org/backfire/10.03-rc3/ar71xx/packages/iputils-traceroute6_20071127-1_ar71xx.ipk
and
http://downloads.openwrt.org/backfire/10.03-rc3/ar71xx/packages/libpcap_1.0.0-2_ar71xx.ipk
http://downloads.openwrt.org/backfire/10.03-rc3/ar71xx/packages/tcpdump_4.0.0-2_ar71xx.ipk

and if those don't work for 2.6 then try just the beta's:
If you see floating point errors in dmesg or apps hang
http://downloads.openwrt.org/backfire/10.03-beta/ar71xx/packages/iputils-ping6_20071127-1_ar71xx.ipk
http://downloads.openwrt.org/backfire/10.03-beta/ar71xx/packages/iputils-traceroute6_20071127-1_ar71xx.ipk
and
http://downloads.openwrt.org/backfire/10.03-beta/ar71xx/packages/libpcap_1.0.0-2_ar71xx.ipk
http://downloads.openwrt.org/backfire/10.03-beta/ar71xx/packages/tcpdump_4.0.0-2_ar71xx.ipk

MAKE SURE YOU DO NOT RUN tcpdump WITHOUT AN INTERFACE! Run tcpdump -i sixxs or tcpdump -i he-ipv6 otherwise your router will crash. Also, if you are dumping to a file, it doesn't save the file till tcpdump quits so you have to Ctrl-C to push output to file

If you are having trouble running tcpdump, ping6, or traceroute6, see: http://www.dd-wrt.com/wiki/index.php/Ipkg#Setting_LD_LIBRARY_PATH

Enjoy IPv6!


Last edited by fastest963 on Sun Apr 04, 2010 12:51; edited 12 times in total
Sponsor
socal87
DD-WRT Guru


Joined: 30 Jun 2009
Posts: 943
Location: Here

PostPosted: Mon Mar 29, 2010 0:38    Post subject: Reply with quote
Cool stuff, note that this has already been noted in the wiki. What's new about what you've brought to the table here?
_________________
Click here for Eko beta
Click here for Brainslayer beta

>>>PEACOCK THREAD!<<<

Personal assistance is available but only if you give me money. And beer. Lots and lots of beer.

fastest963
DD-WRT Novice


Joined: 02 Mar 2008
Posts: 28

PostPosted: Mon Mar 29, 2010 0:47    Post subject: Reply with quote
I finally found and posted the ipk packages for the IPv6 tools, I added a few new firewall rules to drop packets that are not going to the correct subnet, or are invalid packets. Also, added firewall rule to make sure that the pronto-41 packets are not stored in the state table.

Added support for routers in repeater mode.

Made it a little easier by putting everything in a startup script instead of splitting everything up and thus you only have to change 1 set of variables (excluding radvd).

Thanks,
James Hartig
socal87
DD-WRT Guru


Joined: 30 Jun 2009
Posts: 943
Location: Here

PostPosted: Mon Mar 29, 2010 1:59    Post subject: Reply with quote
I don't see a huge difference...this has been covered before. Check out this and this (the wiki article was updated by yours truly). Maybe we should make a sticky or something.
_________________
Click here for Eko beta
Click here for Brainslayer beta

>>>PEACOCK THREAD!<<<

Personal assistance is available but only if you give me money. And beer. Lots and lots of beer.

fastest963
DD-WRT Novice


Joined: 02 Mar 2008
Posts: 28

PostPosted: Mon Mar 29, 2010 21:13    Post subject: Reply with quote
Good point and I'm sorry if some of it is duplicated, I was asked by a few friends for a quick and easy script to just throw into the startup script column. I would have emailed it but I thought I should just post it on here so other people could see/comment on it. It has the variables and the firewall config all in one area so people can just change the variables at the top and not have to worry about what else is going on.
socal87
DD-WRT Guru


Joined: 30 Jun 2009
Posts: 943
Location: Here

PostPosted: Sat Apr 03, 2010 1:03    Post subject: Reply with quote
Here are Pandora's instructions for LOCAL 6to4, no tunneling needed. You CAN copy and paste these, they are not specific meaning anyone can use them on their rig. Just pay attention to the WAN VLAN bit.

FOR K24:
Pandora-Box wrote:
Hi,
this is for those interested.
I have IPv6 working on WRT610N.
There were some changes since IPv6 Wiki was written.
So here it is how I managed.
BTW, I use only 6to4 (no SixXS, no AICCU).
Note: since sometime radvd.conf has to be started from /tmp location (I experienced IPv6 issues, thus two entries in startup command, what resolved my issues).
Also, on WRT610N I have noticed that I get external IP from vlan2 (not from vlan1), what had to be adjusted accordingly in both radvd.conf and startup cmd.
Here they are:

radvd.conf

interface br0 {
MinRtrAdvInterval 3;
MaxRtrAdvInterval 10;
AdvLinkMTU 1280;
AdvSendAdvert on;
prefix 0:0:0:1::/64 {
AdvOnLink on;
AdvAutonomous on;
AdvValidLifetime 86400;
AdvPreferredLifetime 86400;
Base6to4Interface vlan2;
};
};

startup cmd:

insmod /lib/modules/2.4.37/ipv6.o
sleep 5
radvd -C /tmp/radvd.conf start
sleep 5
WANIP=$(ip -4 addr show dev vlan2 | grep 'inet ' | awk '{print $2}' | cut -d/ -f1)
if [ -n "$WANIP" ]
then
V6PREFIX=$(printf '2002:%02x%02x:%02x%02x' $(echo $WANIP | tr . ' '))
ip tunnel add tun6to4 mode sit ttl 255 remote any local $WANIP
ip link set tun6to4 mtu 1280
ip link set tun6to4 up
ip addr add $V6PREFIX:0::1/16 dev tun6to4
ip addr add $V6PREFIX:1::1/64 dev br0
ip -6 route add 2000::/3 via ::192.88.99.1 dev tun6to4
kill -HUP $(cat /var/run/radvd.pid)
fi
radvd -C /tmp/radvd.conf start


FOR K26 (on WRT610nv1):
Pandora-Box wrote:

IPv6 Enable
Radvd Enable
Radvd config

interface br0 {
MinRtrAdvInterval 3;
MaxRtrAdvInterval 10;
AdvLinkMTU 1480;
AdvSendAdvert on;
prefix 0:0:0:1::/64 {
AdvOnLink on;
AdvAutonomous on;
AdvValidLifetime 86400;
AdvPreferredLifetime 86400;
Base6to4Interface vlan2;
};
};

Check which vlan is your router's WAN interface on (on wrt610n this is vlan2)

in Startup Script under Commands
insert:
insmod /lib/modules/2.6.24.111/kernel/net/ipv6/sit.ko
sit module is not loaded automatically, but ipv6 module seems to load automatically

just check that both of these modules are loaded (lsmod)
and after router is back up check if you have tun6to4 interface up

Command startup script I have and it is working on wrt610n is:

insmod /lib/modules/2.6.24.111/kernel/net/ipv6/sit.ko
sleep 5
radvd -C /tmp/radvd.conf start
sleep 5
WANIP=$(ip -4 addr show dev vlan2 | grep 'inet ' | awk '{print $2}' | cut -d/ -f1)
if [ -n "$WANIP" ]
then
V6PREFIX=$(printf '2002:%02x%02x:%02x%02x' $(echo $WANIP | tr . ' '))
ip tunnel add tun6to4 mode sit ttl 255 remote any local $WANIP
ip link set tun6to4 mtu 1480
ip link set tun6to4 up
ip addr add $V6PREFIX:0::1/16 dev tun6to4
ip addr add $V6PREFIX:1::1/64 dev br0
ip -6 route add 2000::/3 via ::192.88.99.1 dev tun6to4
kill -HUP $(cat /var/run/radvd.pid)
fi
sleep 10
radvd -C /tmp/radvd.conf start

_________________
Click here for Eko beta
Click here for Brainslayer beta

>>>PEACOCK THREAD!<<<

Personal assistance is available but only if you give me money. And beer. Lots and lots of beer.



Last edited by socal87 on Sat Apr 03, 2010 3:39; edited 1 time in total
Dark_Shadow
DD-WRT Guru


Joined: 31 Aug 2009
Posts: 2430
Location: Third Rock from the Sun

PostPosted: Sat Apr 03, 2010 2:14    Post subject: Reply with quote
Can 6to4 be used without having to sign up or register any where?
_________________
Peacock Thread-FAQ -- Firmware Recommendations -- dd-wrt Wiki

Testing Multiple Routers -- Bootloader Collection Project -- My Wiki
socal87
DD-WRT Guru


Joined: 30 Jun 2009
Posts: 943
Location: Here

PostPosted: Sat Apr 03, 2010 3:38    Post subject: Reply with quote
Dark_Shadow wrote:
Can 6to4 be used without having to sign up or register any where?


Read it again, dude...the above scripts from Pandora-box are for local 6to4 only, no tunnel, no signing up. I have a Hurricane Electric account but I've only utilized the tunnel a few times, I found local 6to4 much simpler and easier.

_________________
Click here for Eko beta
Click here for Brainslayer beta

>>>PEACOCK THREAD!<<<

Personal assistance is available but only if you give me money. And beer. Lots and lots of beer.

Dark_Shadow
DD-WRT Guru


Joined: 31 Aug 2009
Posts: 2430
Location: Third Rock from the Sun

PostPosted: Sat Apr 03, 2010 5:07    Post subject: Reply with quote
socal87 wrote:
Dark_Shadow wrote:
Can 6to4 be used without having to sign up or register any where?


Read it again, dude...the above scripts from Pandora-box are for local 6to4 only, no tunnel, no signing up. I have a Hurricane Electric account but I've only utilized the tunnel a few times, I found local 6to4 much simpler and easier.
Sorry for my lack of understanding. That is why I ask questions. What are you meaning local? Like your LAN?

EDIT: I guess I don't understand how it works. Does it allow you to browse the IPv6 internet? Is it just for routing the IPv6 internet to IPv4 servers?

I am still very new when it comes to Linux, scripting and IPv6. I know enough about IPv4 to make me dangerous, but I want to learn.

EDIT2: Found it on Wikipedia, gonna read up. Any and all insight would be helpful as sometimes Wiki articles tend to get way too technical.

_________________
Peacock Thread-FAQ -- Firmware Recommendations -- dd-wrt Wiki

Testing Multiple Routers -- Bootloader Collection Project -- My Wiki
socal87
DD-WRT Guru


Joined: 30 Jun 2009
Posts: 943
Location: Here

PostPosted: Sat Apr 03, 2010 7:02    Post subject: Reply with quote
See the odd looking IP address stated in the script (192.88.99.1)? It's the anycast address that basically tells the destination network that the packets are intended for the ipv6 network.

By local, I mean two things: 1, the radvd configuration enables the router to assign ipv6 addresses based on your computer's ipv4 address (so your internal network can essentially be in a sense native ipv6), and 2, the encapsulation of ipv6 packets within ipv4 packets takes place at the router itself, instead of ipv4 traffic being sent through a tunnel to somewhere like Hurricane Electric, who translates it to ipv6.

And yes, once you get it set up and your computer gets an ipv6 address, you can browse the ipv6 Internet. Try pointing a browser at ipv6.google.com once you've got the script running and have reset your network adapter.

_________________
Click here for Eko beta
Click here for Brainslayer beta

>>>PEACOCK THREAD!<<<

Personal assistance is available but only if you give me money. And beer. Lots and lots of beer.

Diosbejgli
DD-WRT Novice


Joined: 23 Aug 2008
Posts: 30

PostPosted: Sat Apr 03, 2010 12:21    Post subject: Reply with quote
with the latest eko builds, the insmod kmod-ip6tables will not work because the new builds are running kernel version 2.4.37 and the ip6tables module is compiled for kernel 2.4.34.
see here: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=61183
socal87
DD-WRT Guru


Joined: 30 Jun 2009
Posts: 943
Location: Here

PostPosted: Sat Apr 03, 2010 17:38    Post subject: Reply with quote
Yes, it should...I had 6to4 working on 2.4.37.

Edit: Then again, maybe not...I remember having issues with getting it working in the later builds before k2.6...

_________________
Click here for Eko beta
Click here for Brainslayer beta

>>>PEACOCK THREAD!<<<

Personal assistance is available but only if you give me money. And beer. Lots and lots of beer.

fastest963
DD-WRT Novice


Joined: 02 Mar 2008
Posts: 28

PostPosted: Sun Apr 04, 2010 12:08    Post subject: Reply with quote
Updates: I have added working K 2.6 installation packages to the instructions.

Note:
There are no working 2.6.24.111 ip6tables modules from what I can tell. I have the application ip6tables working but I cannot load any 2.6.x module and I cannot find the kernel 2.6.24.111.

I will post once I get an update on ip6tables.
Dark_Shadow
DD-WRT Guru


Joined: 31 Aug 2009
Posts: 2430
Location: Third Rock from the Sun

PostPosted: Sun Apr 04, 2010 13:44    Post subject: Reply with quote
Where can the moduals that Pandora-Box uses be gotten?
_________________
Peacock Thread-FAQ -- Firmware Recommendations -- dd-wrt Wiki

Testing Multiple Routers -- Bootloader Collection Project -- My Wiki
fastest963
DD-WRT Novice


Joined: 02 Mar 2008
Posts: 28

PostPosted: Sun Apr 04, 2010 14:16    Post subject: Reply with quote
Dark_Shadow wrote:
Where can the moduals that Pandora-Box uses be gotten?


You should be able to use the same ones.
Goto page 1, 2, 3, 4, 5, 6, 7, 8  Next Display posts from previous:    Page 1 of 8
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum