Now I do get an additional FE80:: address for as default gateway on my client (The FE80:: address is br0 from my router). No DNSv6 server, could it be issues with r25697?
My RADVD config:
Quote:
root@DD-WRT4300:~# cat /tmp/radvd.conf
interface br0 {
IgnoreIfMissing on;
AdvSendAdvert on;
MinRtrAdvInterval 3;
MaxRtrAdvInterval 10;
AdvHomeAgentFlag off;
AdvManagedFlag off;
AdvOtherConfigFlag off;
prefix 2001:xxxx:yyyy:zzzz::/64 {
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr off;
};
# not working google dns, win7 client doesn't accept ipv6 dns server
RDNSS 2001:4860:4860::8844 {};
};
_________________ ATH TL-WDR4300 v1.3 41686 std K3.10 - router - JFFS2, DynDNS, DNSMasq (DHCP+DNS)
ATH WRT160NL v1.0 42132 std K3.10 - router
BRCM WRT160N v1.0 26635 vpn K2.4 - router
BRCM WRT320N v1.0 27858 mega K3.10 - access point
Joined: 13 Mar 2014 Posts: 856 Location: Montreal, QC
Posted: Tue Jan 27, 2015 23:56 Post subject:
gbonny wrote:
Now I do get an additional FE80:: address for as default gateway on my client (The FE80:: address is br0 from my router). No DNSv6 server, could it be issues with r25697?
My RADVD config:
Quote:
root@DD-WRT4300:~# cat /tmp/radvd.conf
interface br0 {
IgnoreIfMissing on;
AdvSendAdvert on;
MinRtrAdvInterval 3;
MaxRtrAdvInterval 10;
AdvHomeAgentFlag off;
AdvManagedFlag off;
AdvOtherConfigFlag off;
prefix 2001:xxxx:yyyy:zzzz::/64 {
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr off;
};
# not working google dns, win7 client doesn't accept ipv6 dns server
RDNSS 2001:4860:4860::8844 {};
};
Did you use the default radvd.conf generated by the webif or did you create a custom radvd conf? Enabling dhcp6s should automatically change "AdvOtherConfigFlag on" which means there is non ip config available from a dhcpv6 server.
There should also be a /tmp/dhcp6s.conf file which should contain something like
Joined: 13 Mar 2014 Posts: 856 Location: Montreal, QC
Posted: Wed Jan 28, 2015 0:32 Post subject:
On a side note you may want to look at transitioning to dnsmasq for ipv6 and do away with radvd and dhcp6s. Dnsmasq can do it all and is far easier to use if you want to setup reserved ipv6 addresses as it works with device mac addresses instead of duids. This is what I (and others) use on my home router.
I'm using a script (the 'regular script' discussed here: http://www.dd-wrt.com/phpBB2/viewtopic.php?p=497074) to enable my IPv6 HE tunnel since RADVD doesn't start in my firmware and I've been using this one for a long time now. So.. now I've updated RADVD config in my script (see bold)
# Allow some special ICMPv6 packettypes, do this in an extra chain because we need it everywhere
ip6tables -N AllowICMPs
# Flush first (for edits/apply)
ip6tables -F AllowICMPs
# Destination unreachable
ip6tables -A AllowICMPs -p icmpv6 --icmpv6-type 1 -j ACCEPT
# Packet too big
ip6tables -A AllowICMPs -p icmpv6 --icmpv6-type 2 -j ACCEPT
# Time exceeded
ip6tables -A AllowICMPs -p icmpv6 --icmpv6-type 3 -j ACCEPT
# Parameter problem
ip6tables -A AllowICMPs -p icmpv6 --icmpv6-type 4 -j ACCEPT
# Echo Request (protect against flood)
#ip6tables -A AllowICMPs -p icmpv6 --icmpv6-type 128 -m limit --limit 5/sec --limit-burst 10 -j ACCEPT
ip6tables -A AllowICMPs -p icmpv6 --icmpv6-type 128 -j ACCEPT
# Echo Reply
ip6tables -A AllowICMPs -p icmpv6 --icmpv6-type 129 -j ACCEPT
# Drop the rest
ip6tables -A AllowICMPs -j DROP
# Link in tables INPUT and FORWARD (in Output we allow everything anyway)
ip6tables -I FORWARD 3 -p icmpv6 -j AllowICMPs
# Accept wlan lan to router ipv6 connectivity
ip6tables -I INPUT 4 -i br0 -j ACCEPT
edit: I had one time IPv6 DNS servers on my Win7 client (the ones entered on Setup - IPv6 tab). But then it disappeared edit2: my win8.1 client is working now! Got to restart my win7 client once again..
DHCP6s.conf contains my br0 IPv6 address as entered on Setup - IPv6 tab.
The clients get an FE80:: default gateway and an ipv4 default gateway (both from the br0 dd-wrt router), shouldn't the FE80:: be the br0 routable 2001:: address?
Btw, I'm getting interested in the dnsmasq config which might be easier then RADVD+DHCP6s? _________________ ATH TL-WDR4300 v1.3 41686 std K3.10 - router - JFFS2, DynDNS, DNSMasq (DHCP+DNS)
ATH WRT160NL v1.0 42132 std K3.10 - router
BRCM WRT160N v1.0 26635 vpn K2.4 - router
BRCM WRT320N v1.0 27858 mega K3.10 - access point
Joined: 13 Mar 2014 Posts: 856 Location: Montreal, QC
Posted: Wed Jan 28, 2015 19:21 Post subject:
No the default gateway should be the fe80 address.
I've had a quick look and it appears some people were having issues with radvd. Not sure which versions are affected.
You may want to run radvdump to make sure that what is being sent to clients
If you want to try dnsmasq:
configure tunnel using webif
Add iptables -I INPUT 2 -s 66.220.2.74 -p icmp -j ACCEPT to firewall commands
Disable radvd from ipv6 setup
Disable dhcp6s from ipv6 setup
add the following to services->additional dnsmasq settings
If things go wrong and dnsmasq fails to load, but it shouldn't, assign a static ip to a device and connect to router.
You may need to add an additional interface command. After reboot what does /tmp/dnsmasq.conf show?
What does radvdump show?
The above will assign addresses to clients via dhcpv6 and the will be shortened. This can be changed by modifying above. IPv6 dns address should be router
Check, changed to FE80:: ! Thanks for your expertise and patience After a reboot it seemed normal/better on my win7 client as well.
Gonna see if this works for a few days, gonna try dnsmasq way eventually later. I might drop a few questions then again if you don't mind _________________ ATH TL-WDR4300 v1.3 41686 std K3.10 - router - JFFS2, DynDNS, DNSMasq (DHCP+DNS)
ATH WRT160NL v1.0 42132 std K3.10 - router
BRCM WRT160N v1.0 26635 vpn K2.4 - router
BRCM WRT320N v1.0 27858 mega K3.10 - access point
Personally I would add those two entries where mtu = wan mtu -20 and rDNS = your preferred dns server. Also notice you can just set prefix to ::/64 and it will create the entry based on the prefix(es) assigned to br0
What is the use of the rDNSS setting? I mean I'm using openDNS for DNSv6 which is set in the startup config.
One thing I would like to have is that my DHCP server sents updates to the afraid.org DNS server about hostname+ipv6 address, is that possible? I have a AAAA record and can manually create a hostname for an IPv6 address, but dynamically would be cooler!
And another issue is how to enable a certain port 80/http for instance (dynamically) for an IPv6 host (ubuntu machine) which changes IPv6 address every day?
Btw, I've enabled ICMPv6 type 1-4 and 128 in Win7 and get 19 out of 20! My device with a manually created hostname gets 20 out of 20 _________________ ATH TL-WDR4300 v1.3 41686 std K3.10 - router - JFFS2, DynDNS, DNSMasq (DHCP+DNS)
ATH WRT160NL v1.0 42132 std K3.10 - router
BRCM WRT160N v1.0 26635 vpn K2.4 - router
BRCM WRT320N v1.0 27858 mega K3.10 - access point
Joined: 13 Mar 2014 Posts: 856 Location: Montreal, QC
Posted: Sat Jan 31, 2015 0:44 Post subject:
Quote:
What is the use of the rDNSS setting? I mean I'm using openDNS for DNSv6 which is set in the startup config.
Personally I prefer to add the entry pointing to the same location as my dhcpv6 entry. If dhcpv6 fails to start devices that use the RA rdnss parameter will still receive it.
Quote:
One thing I would like to have is that my DHCP server sents updates to the afraid.org DNS server about hostname+ipv6 address, is that possible? I have a AAAA record and can manually create a hostname for an IPv6 address, but dynamically would be cooler!
That's not really a function of the dhcpc6 server but rather the ddns client, which in ddwrt's case is inadyn. I do not believe there is ipv6 functionality in inadyn unless that has changed recently. If I remember correctly inadyn-mt does have that functionality but is not supported by ddwrt. You can however create a script to update your ddns provider.
Note I use a dnsmasq host file and tags to create dynamic ipv6 ip6tables rules to allow access to certain hosts along with ipv6 ddns.
Quote:
And another issue is how to enable a certain port 80/http for instance (dynamically) for an IPv6 host (ubuntu machine) which changes IPv6 address every day?
Ideally for a host which provids ipv6 services you should either assign it a static ipv6 address directly or through your dhcpv6 server. This can be done with either dhcp6s or using dnsmasq for ipv6.
For dhcp6s this would require using the custom config setting which will require you to know the host duid. Assuming you installed wide-dhcpv6-client on that host the default location for the duid on ubuntu is /var/lib/ducpv6/dhcp6c_duid. Note you will need a hex editor to extract the duid and that file will only be present after installing wide-dhcpv6-client on the host. Alternatively, you can dhcp6s in foreground and in debug mode and grab the duid when the device queries the dhcp6s server.
It's simpler to use dnsmasq for ipv6 services as dnsmasq can use the MAC address instead of the duid. Your dhcpv6 client is still required of course. The other advantage of using dnsmasq if you have a jffs partition installed on an external drive such as usb stick is that you can create a host file instead of using the ddwrt webif for address reservations. Just point to the file in dnsmasq options.
Quote:
Btw, I've enabled ICMPv6 type 1-4 and 128 in Win7 and get 19 out of 20! My device with a manually created hostname gets 20 out of 20
Yes you will get 19/20 as soon as you allow echo request (128). 20 once you have a ptr record. Other than having tested a ptr once, I don't bother setting up ipv6 ptr records.
I've disabled RADVD and DHCP6S on the services tab (DHCP6C as well still).
Removed my RADVD config from the startup script (command tab).
I've still set use dnsmasq for dhcp+dns (basic tab) and enabled dnsmasq, local dns, no dns rebind (services tab).
This host get's the defined IPv4 address, but it gets a different IPv6 address.
Also tcp and udp port 52422 (tranmission/torrent) was not opened in the firewall.
How to fix these two issues? Thanks in advance again
Still got 19 out of 20 on ipv6-test.com _________________ ATH TL-WDR4300 v1.3 41686 std K3.10 - router - JFFS2, DynDNS, DNSMasq (DHCP+DNS)
ATH WRT160NL v1.0 42132 std K3.10 - router
BRCM WRT160N v1.0 26635 vpn K2.4 - router
BRCM WRT320N v1.0 27858 mega K3.10 - access point
I have the feeling that I have to alter the entries with ipv4 address to include the ipv6 addresses as well (or add extra ipv6 entries i.e. ipv6 ptr-record for FE80).. _________________ ATH TL-WDR4300 v1.3 41686 std K3.10 - router - JFFS2, DynDNS, DNSMasq (DHCP+DNS)
ATH WRT160NL v1.0 42132 std K3.10 - router
BRCM WRT160N v1.0 26635 vpn K2.4 - router
BRCM WRT320N v1.0 27858 mega K3.10 - access point
I have the feeling that I have to alter the entries with ipv4 address to include the ipv6 addresses as well (or add extra ipv6 entries i.e. ipv6 ptr-record for FE80)..
I think I've found the problem, now commented out:
Joined: 13 Mar 2014 Posts: 856 Location: Montreal, QC
Posted: Sun Feb 01, 2015 19:06 Post subject:
I'm a little stuck time wise but I'll try and respond later tonight after the superbowl. A quick note about the firewall ports being opened, I use a script to parse a dnsmasq host file looking for specific tags which I then use to open ports. It's not a native function of dnsmasq.
What I would do in your case is add the rules to your script using the static ip you reserved using dnsmasq. If you want to automate the process you will need some additional scripting.
edit2: my win8.1 client is working now! Got to restart my win7 client once again..
After a reboot it seemed normal/better on my win7 client as well.
