Now SLAAC is disabled and my dhcp reservation for ipv6 works for Win7/8.1
I wonder how IPv6 ptr-records work, can you give an example? I've also been looking into what part I need from your script, I took this and added it to the startup script:
Joined: 13 Mar 2014 Posts: 856 Location: Montreal, QC
Posted: Tue Feb 03, 2015 1:23 Post subject:
Quote:
The first time I still had a FE80:: address as default gateway, but my DNS server was again a 2001:470 address
The default gateway should always be the fe80 local link address. Your 6in4 tunnel uses a fixed prefix but other implementations such as 6rd or dhcpv6-pd are dynamic in nature so there can be no guarantee that the same prefix will be assigned.
As for the dns entry pointing to 2001:470... dnsmasq is a caching dns forwarder and will by default hand out its own address as the ipv6 dns server. As long as you set the nameservers you wish to use, dnsmasq will query them the first time you lookup an address and will re-query when the record it receives expires.
Quote:
I wonder how IPv6 ptr-records work, can you give an example? I've also been looking into what part I need from your script, I took this and added it to the startup script
dns ptr records must come from the provider, if dnsmasq were to set a ptr it would only apply to your lan. The tunnelbroker service allows rdns delegations. its is located your tunnel configuration page. easiest way is to enable HE dns service and delegate to those servers and confirure your ptr record there.
Quote:
Edit; by default ubuntu doesn't support dnsmasq dhcpv6? Thats why we need to install "wide-dhcpv6-client"?
correct by default ubuntu will pick up RAs but not dhcpv6. just install wide-dhcpv6-client and set /etc/wide-dhcpv6/dhcp6c.conf with something like
Code:
# Default dhpc6c configuration: it assumes the address is autoconfigured using
# router advertisements.
Edit2: Hmm my Samsung S4 doesn't get an IPv6 address either anymore..
can't help you with that one. if the ssamsung doesnt support dhcpv6 consider enabling both stateful (dhcpv6) and stateless (slaac) configuration. ipv6 functions normally with both enabled. devices will respond to all ipv6 addresses and it is fairly common to have multiple addresses (dhcpv6, regular slaac eui-64, and slaac using privacy extensions). just ensure that external facing devices at least use dhcpv6 to allow for a static address for firewall and potentially ddns.
Quote:
I took this and added it to the startup script:
looks like you missing the definition of the var br0_prefix which requires the makeprefix function. i suspect the entries in /tmp/ip6tables.ports are incomplete
i think that covers most of your questions. let me know if i missed anything
Joined: 13 Mar 2014 Posts: 856 Location: Montreal, QC
Posted: Tue Feb 03, 2015 8:31 Post subject:
FWIW another user had ipv6 issues on android and was able to update his rom to resolve it. I don't use android so I can't help more than that. The only thing I can add is I can't see android intentionally ignoring dhcpv6, it's got be a bug. Might be worth checking their forums.
Also it doesn't cost anything to play around with HE's dns and you don't need your own domain for ptr records, just add a new reverse zone
FWIW another user had ipv6 issues on android and was able to update his rom to resolve it. I don't use android so I can't help more than that. The only thing I can add is I can't see android intentionally ignoring dhcpv6, it's got be a bug. Might be worth checking their forums.
Also it doesn't cost anything to play around with HE's dns and you don't need your own domain for ptr records, just add a new reverse zone
so i don't need makeprefix() either. And it works! I've tried it with makeprefix and br0_prefix but that gave me wrong ipv6 address (it doubled 2001:470:xxxx:yyyy: like: 2001:470:xxxx:yyyy:2001:470:xxxx:yyyy:aaaa:bbbb:cccc).
Quote:
# open IPv6 ports based on dnsmasq settings set:
expandip () {
ipv6address=$(echo $1 | sed -e :a -e 's/\b[0-9A-F]\{1,3\}\b/0&/gI;ta')
postsegments=$(echo $ipv6address | awk -F'::' '{print $2}' | awk -F ':' '{print NF}')
Joined: 13 Mar 2014 Posts: 856 Location: Montreal, QC
Posted: Tue Feb 03, 2015 17:48 Post subject:
Quote:
so i don't need makeprefix() either. And it works! I've tried it with makeprefix and br0_prefix but that gave me wrong ipv6 address (it doubled 2001:470:xxxx:yyyy: like: 2001:470:xxxx:yyyy:2001:470:xxxx:yyyy:aaaa:bbbb:cccc).
Are you using full ipv6 address for you host entry (prefix + host) or just host and allowing dnsmasq to construe the address?
so i don't need makeprefix() either. And it works! I've tried it with makeprefix and br0_prefix but that gave me wrong ipv6 address (it doubled 2001:470:xxxx:yyyy: like: 2001:470:xxxx:yyyy:2001:470:xxxx:yyyy:aaaa:bbbb:cccc).
Are you using full ipv6 address for you host entry (prefix + host) or just host and allowing dnsmasq to construe the address?
Ah of course, thats the thing, I've got a fully written IPv6 address
Forgot to mention that to add the appropriate mtu for dnsmasq RAs you will need to add a line to your script. This is important
echo 1480 > /proc/sys/net/ipv6/conf/br0/mtu
Where value of 1480 should be wan mtu - 20
Confirm by running radvdump from CLI after a fresh boot
Ctrl-c to stop radvdump from running
Thanks, will implement this tonight. One question, what does it mean when I ping6 with a size of 72> to ipv6.google.com the "truncated" message in the ping reply, does google respond with "just" a 72 byte packet?
When I do a ping with size of 1433=> it gives the "mtu too large" msg. _________________ ATH TL-WDR4300 v1.3 41686 std K3.10 - router - JFFS2, DynDNS, DNSMasq (DHCP+DNS)
ATH WRT160NL v1.0 42132 std K3.10 - router
BRCM WRT160N v1.0 26635 vpn K2.4 - router
BRCM WRT320N v1.0 27858 mega K3.10 - access point
Joined: 13 Mar 2014 Posts: 856 Location: Montreal, QC
Posted: Thu Feb 05, 2015 18:43 Post subject:
It means the reply packet size is less than what was sent. I have never experienced that with ipv6.google.com. curiosity got the better of me so I googled it and it would appear some google servers limit reply size. Try pinging 2607:f8b0:4006:809::1002 which is what ipv6.google.com resolves to for me
It means the reply packet size is less than what was sent. I have never experienced that with ipv6.google.com. curiosity got the better of me so I googled it and it would appear some google servers limit reply size. Try pinging 2607:f8b0:4006:809::1002 which is what ipv6.google.com resolves to for me
Ha! That works for me up to packet size 1432
Thanks, gonna see how my current settings perform the upcoming days! Thanks again!
edit: packet size instead MTU size _________________ ATH TL-WDR4300 v1.3 41686 std K3.10 - router - JFFS2, DynDNS, DNSMasq (DHCP+DNS)
ATH WRT160NL v1.0 42132 std K3.10 - router
BRCM WRT160N v1.0 26635 vpn K2.4 - router
BRCM WRT320N v1.0 27858 mega K3.10 - access point
Last edited by gbonny on Thu Feb 05, 2015 19:52; edited 1 time in total
Posted: Fri Feb 06, 2015 8:27 Post subject: R7000?
Just wondering,
Is the script on the first post still accurate/usable?
I'd like to try it on a R7000. I saw that there was a huge forum for the R7000 (http://www.dd-wrt.com/phpBB2/viewtopic.php?t=257493) but that looked like it was more for people who got native ipv6 from their ISP. (I don't, so I'd have to settle for HE for ipv6 for now.)
I'll try the script anyway, as I can't really "break" anything with it, but was just wondering if anyone else had used it recently and on a R7000 or if there was another forum anyone would suggest that would be "better" for me to use.
These two posts will get you up and running in less than 5 minutes
**** edit
Personally not a fan of the script on page 1. Read the whole thread.
Thanks James! I will try this out, and report its success once I get home later. Just one more quick question, do you know if there is any issue with me placing all of the firewall commands into a shell script and having that script run from the router's startup section of the webif? Or are firewall commands executed earlier than startup commands? Just wondering, because I have a startup.sh I execute to start other custom services and do a lot of other tasks on boot, and by just having a single entry to call that file in the startup, keeps things neater. I have no issues putting a few lines in the firewall command section though if needed. Just wondering if I could integrate them into my startup.
Thanks again for the info! I had tried ipv6 in the past, but it was using a script (quite possibly the one you said you were not a fan of...) and had issues and left it alone, but thought I'd revisit it now.
Edit: Progress, so far so good will report more later.... _________________ Netgear R7000 w/r31780M <KONG> build
Netgear R6700 (Un-opened with stock. My backup/emergency router if the R7000 takes a dump...)
2x Buffalo WHR-HP-GN 28493 (Used for 2.4 Ghz bridge when needed.)
Asus WL-500g Premium (1x v1 & 1x v2) (Still have, but retired for now.)
1x Linksys WRT54G v8 >>DD-WRT v24SP1 (The other routers needed something to point at and make fun of.)
