...just wanted to tell you that if you need a 6RD tunnel, my friend mr.emme and I just did it on the last build (DD-WRT v3.0-r29059 std (02/09/16)) without any script!
All you have to do is select the 6in4 tunnel and add these data
- Prefix Length
- DNS
- Assigned / Routed Prefix (containing the IPv4)
- NO Router IPv6 Address
- Tunnel Endpoint IPv4 Address
- NO Tunnel Client IPv6 Address
and it just works.
All the clients get their IPv6 address via Radvd and nothing goes through but the ping!
The prefix you put in the GUI becomes the router's (br0) IPv6 address...
If you put another IPv6 address in the Tunnel Client IPv6 Address, the router works but the clients can not pass through :\
In case of dynamic WAN IP Address, my idea was to adapt a script I'm already using for a EoIP tunnel with a remote site with dynamic IP:
in case the Wan address change, the prefix should change either.
in custom script (anche programmed to run as chrontab, if I put something like this.. could i work?
Requirements:
a ddns (shown in the code as my.ddns.address)
knowing the first 2 bits ot the prefix (shown in the code as aaaa:bbbb
...I'm not a Linux programmer!!! nor a C++... I just tried to adapt the script
Code:
#!/bin/sh
V6TUN=`nvram get ipv6_enable` ;
if [ ${V6TUN} -eq 1 ]; then
NEWWANIPV4=`ping -c1 -w1 my.ddns.address | egrep -o '([0-9]{1,3}\.){3}[0-9]{1,3}' -m 1` ;
NEWV6PREF = printf "aaaa:bbbb:%x%02x:%x%02x::\n" `echo ${NEWWANIPV4} |tr . " "`
V6PREF=`nvram get ipv6_prefix ;`
if [ ${V6PREF} != ${NEWV6PREF} ]; then
nvram set ipv6_prefix=$NEWV6PREF ;
nvram commit
ip link set ip6tun down ;
ip link set ip6tun up ;
fi
fi
Joined: 13 Mar 2014 Posts: 856 Location: Montreal, QC
Posted: Sun Feb 14, 2016 3:50 Post subject:
In theory such a method could work but only where the 6rd provider uses a /32 ISP prefix with 0 bit IPv4 masklen giving the user a single /64. This means it would work for a minority of 6rd providers.
I dont know if I would try setting the prefix via nvram. I suspect you may either end up with multiple global addresses on br0 or the change would only happen after a reboot. The only way to know would be to test it.
Personally I would delete the ipv6 global address from br0 and add the new one whenever there is a wanip change. you may also need to reconfig & restart radvd. if using dnsmasq instead of radvd for RAs it will instantly broadcast the new prefix after the global address change.
i believe radvd would do the switch automatically but only when the prefix is configured as
As an user of Atheros WiSOC based Hardware, I am aware of the fact that I am posting in Broadcom SoC, but hope to find a solution for IPv6 on my BR1 interface.
My situation in short*
I managed to get IPv6 running quite easily by enabling 'DHCPv6 with Prefix Delegation' and 'Radvd', but needed DNS to work as well. Thanks to some replies, I created a working config which shows (besides some DNS server addresses):
Next to that I disabled Dhcp6c custom, Dhcp6s and Radvd in the IPv6 Setup and everything worked as expected on BR0, besides the fact that I get an address that ends with '::8ddd:481d:e5af:b80b', where the prefix set in 'DHCPv6 with Prefix Delegation' is /64 and where ifconfig tells me BR0 has a /59.
The challenge however is, getting it to work on BR1 (my Guest network) as well. I did some experiments on and was able to get IPv6 work within the (W)LAN, but it does not find a way to get on the Internet. I guess there is no gateway or something, but could be totally wrong off course.
Does anyone have a suggestion on how to get my BR1 to work with IPv6? _________________ Netgear WNDR4300v1 DD-WRT v3.0 BS r29837 | Netgear R6400 DD-WRT v3.0 KB r33525M | Tickets: 5429 IPv4 & IPv6-PD | ProFTP & Samba to USB thumb | DNSMasq DHCPv6 | Pi-Hole on RasPi
First off, thanks for the support, Kong, and the direction, JAMESMTL, NiTrus, et al.
I was able to get things working pretty well. My ISP is Cox in case that helps anyone else who's as unfortunate as I am to be their customer. The following is my dhcp6c custom config (pretty straight-forward, just don't ask me to explain it all):
Is there any reason/benefit to have a custom radvd config in addition to the dhcp6c custom config? I am confused if I need both, or just one or the other. In researching, I understand that some clients use radvd while others (such as Windows I believe) don't. Is that correct?
If dnsmasq is used for RA, can radvd be disabled on the Setup>IPV6 tab(s)? The dhcp6c config still needed to properly "hint" to the ISP that I want a /56 or /60 address allocation, from which I then assign the /64s to br0, br1, (future bridge, vlan etc. here), correct? Then will dnsmasq handle the ipv6 address leases on both br0 and br1?
I've got more questions around DNSCrypt and ipv6, but I will figure out this basic stuff first. Thanks in advance for your replies/comments/direction/help. _________________ R7000 Nighthawk - DD-WRT v3.0-r50308
R7000 Nighthawk - DD-WRT v3.0-r50308
~~~~~~~~~~Dismantled for learning opportunities~~~~~~~~~~
WRT54Gv2
WRT54Gv8.2
~~~~~~~~~~Other Settings~~~~~~~~~
https://nextdns.io/?from=2d3sq39x https://pi-hole.net/ https://github.com/DNSCrypt/dnscrypt-proxy
Joined: 13 Mar 2014 Posts: 856 Location: Montreal, QC
Posted: Wed Oct 12, 2016 6:19 Post subject:
ok lets look at the individual parts. in order to have functioning ipv6 you need to:
1. get a prefix assignment from isp and assign prefixes to router interfaces (dhcp6c)
2. send router advertisements (RA) providing default gateway, announce stateless configuration (if applicable), rdnss info (if applicable), and if dhcpv6 is available. (radvd or dnsmasq)
3. provide dhcpv6 (if desired) which includes stateful addressing and other info such as ipv6 dns server info (dhcp6s or dnsmasq)
this means dhcp6c is needed in all cases where isp uses dhcpv6-pd. A custom config is only needed if you are requesting a prefix greater than a /64 which is your case.
unless you are manually configuring clients then RAs are mandatory on each router interface that is offering ipv6 ex br0, br1, etc. Now you have a choice of using either radvd or dnsmasq. if using radvd and have ipv6 on interfaces other thaan br0 (your case) then a custom radvd is needed. personally i prefer to use dnsmasq as i use dhcpv6
RAs can include rdnss info but windows will ignore it so it is advisable to either enable dhcp6s or use dnsmasq. fyi radvd + dhcp6s = dnsmasq
also note if using android you must use stateless config as android does not support dhcpv6 unless you root the device. both stateful (dhcpv6) and stateless (RA autoconfig, SLAAC) can coexist at the same time.
if you go the dnsmasq route, disable radvd and dhcp6s. as for config I would suggest
the ra-param will send unsolicited RAs every 60s and stateless addresses, default gateway, and rdnss will be valid for 30m. omitting this line will cause dnsmasq to not send unsolicited RAs. stateless addresses, gateway, and rdnss will remain at the default 1800s
in comparison, radvd will send unsolicited RAs every 10s
the quiet lines will stop dnsmasq from flooding syslog with dhcp solicits,advertsements etc.
The two dhcp-options you listed are not needed. by default dnsmasq will send ipv6 dns address pointing to itself (router). this is only needed when using a default dns daemon other than dnsmasq (ex running dnsmasq dns on a port other than 53 or disabling dnsmasq dns)
ra-names is pretty much useless since privacy extensions are common practice. stateless addressing using eui-64 which is how ra-names works is basically only found on linux devices configured to use eui-64. ex ddwrt ipv6 addresses set using dhcp6c uses eui-64
if you only want to use stateful (dhcpv6) you can omit ra-stateless
*** NOTE *** Since windows 10 anniversary update there is an unresolved dhcpv6 bug that has yet to be addressed. MS has acknowledged the bug report on technet so i expect it to be resolved at some point. a work around exists if you are affected by if
That was extremely helpful, JAMESMTL, thank you. As an update, I decided to use DNSMasq instead of the radvd/dhcp6s route. I've configured DNSMasq with the following in the additional options on the Services>Services tab(s):
I configured ::1 as the DNS servers in the Setup>IPv6 tab(s). It was a little chaotic when I first enabled DNSCrypt (separate script) on IPv6 and IPv4, and saved the additional options options with DNSMasq for the IPv6 and IPv4 loopback addresses. The routers load for the last 5 minutes shot up to 4.00-6.00, and router wasn't successfully doing anything (understandably).
So I did some troubleshooting and testing. I removed everything I added, and replaced it little by little to find the culprit. When I reversed the order of the server=::1#5353 and server=127.0.0.53#5353 in the DNSMasq options, the routers load dropped back down to 0.10-0.20.
I still haven't fully validated that 1) DNSCrypt is working on IPv6 and allowing successful DNS resolutions, or 2) that IPv6 addresses are handed out on the guest bridge (br1). More to come... any glaring mistakes or misconfigs, let me know. _________________ R7000 Nighthawk - DD-WRT v3.0-r50308
R7000 Nighthawk - DD-WRT v3.0-r50308
~~~~~~~~~~Dismantled for learning opportunities~~~~~~~~~~
WRT54Gv2
WRT54Gv8.2
~~~~~~~~~~Other Settings~~~~~~~~~
https://nextdns.io/?from=2d3sq39x https://pi-hole.net/ https://github.com/DNSCrypt/dnscrypt-proxy
you can drop the ::1 line as it is redundant and only the resolver needs ipv6. are you even sure dnscrypt was listening on ::1?
run the following from cli
netstat -ln
Yes. Dnscrypt is running for both ipv4, and a separate instance for ipv6. The reason I have the entry for ::1 is because of the non-standard port, 5353, for dnscrypt. That is how it works for ipv4. I still can't confirm that ipv6 is working, but I think that is because most things are dual-stacked:
On another note, as I am learning and understanding the configuration for IPv6 more I have a question. Shouldn't the /128 that is assigned to the vlan2 interface as the router's internet (WAN) IP be the IPv6 WAN address displayed on the top right corner of the GUI?
Also, any time I make changes in most places in the GUI, the IPv6 address is lost until I go back to the Setup>IPv6 page and re-apply the settings. I assume this is just some tweaking in the services that get started/stop in the GUI, correct?
All in all, IPv6 setup has been pretty painless, so thanks to those who helped test, provide information, and implement.
Edit:
Updated DNSMasq config to reflect changes made for upgrade to K4 build 30700M and 30840M, and fix grammatical errors. _________________ R7000 Nighthawk - DD-WRT v3.0-r50308
R7000 Nighthawk - DD-WRT v3.0-r50308
~~~~~~~~~~Dismantled for learning opportunities~~~~~~~~~~
WRT54Gv2
WRT54Gv8.2
~~~~~~~~~~Other Settings~~~~~~~~~
https://nextdns.io/?from=2d3sq39x https://pi-hole.net/ https://github.com/DNSCrypt/dnscrypt-proxy
Last edited by HalfBit on Tue Nov 08, 2016 20:21; edited 2 times in total
Joined: 13 Mar 2014 Posts: 856 Location: Montreal, QC
Posted: Thu Oct 27, 2016 4:46 Post subject:
Sorry missed your post.
The WAN address that is shown is pretty much cosmetic. Any global address assigned to any router interface is reachable globally. Ex you should be able to ping the global address on vlan2 and br0 (or even br1 or vlan3 if applicable) from the internet.
Are you saying the interface addresses are lost or just what is shown in the GUI. If the latter then it's just cosmetic. If the interfaces are losing their addresses when ever a GUI change is made then something internally is causing it within ddwrt. If that's the case then it may be worthwhile to add a watchdog to HUP dhcp6c if it is enabled and looses it's addresses.
Are you saying the interface addresses are lost or just what is shown in the GUI. If the latter then it's just cosmetic. If the interfaces are losing their addresses when ever a GUI change is made then something internally is causing it within ddwrt. If that's the case then it may be worthwhile to add a watchdog to HUP dhcp6c if it is enabled and looses it's addresses.
I just noticed that if I make changes to the DNSMasq configuration (so Services>Services tab(s)), and apply the changes, the IPv6 info in the corner on the GUI is lost. However, that was on build 29300M-3 and -6. I just upgraded to 30840M, and the IPv6 info stays visible.
No big deal, just cosmetic like you said as I didn't ever check to see if the IPv6 config was actually lost. Before I knew too much about IPv6, I would just Apply Settings on the Setup>IPv6 tab to get the info back in the corner on the GUI. I probably just assumed at that time that if it wasn't displaying, it wasn't working/configured. Then later on I was in the habit of just getting it back that I never check to see if it was still working or not even though the IPv6 WAN address was not displaying on the GUI. _________________ R7000 Nighthawk - DD-WRT v3.0-r50308
R7000 Nighthawk - DD-WRT v3.0-r50308
~~~~~~~~~~Dismantled for learning opportunities~~~~~~~~~~
WRT54Gv2
WRT54Gv8.2
~~~~~~~~~~Other Settings~~~~~~~~~
https://nextdns.io/?from=2d3sq39x https://pi-hole.net/ https://github.com/DNSCrypt/dnscrypt-proxy