R7000 and IPv6

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Goto page Previous  1, 2, 3 ... 30, 31, 32 ... 35, 36, 37  Next
Author Message
MacInTheNet
DD-WRT Novice


Joined: 18 Nov 2014
Posts: 38

PostPosted: Wed Feb 10, 2016 8:13    Post subject: Reply with quote
Hi guys!

I don't know whether someone already did it...

...just wanted to tell you that if you need a 6RD tunnel, my friend mr.emme and I just did it on the last build (DD-WRT v3.0-r29059 std (02/09/16)) without any script!

All you have to do is select the 6in4 tunnel and add these data

- Prefix Length

- DNS

- Assigned / Routed Prefix (containing the IPv4)

- NO Router IPv6 Address

- Tunnel Endpoint IPv4 Address

- NO Tunnel Client IPv6 Address

and it just works.

All the clients get their IPv6 address via Radvd and nothing goes through but the ping!

The prefix you put in the GUI becomes the router's (br0) IPv6 address...

If you put another IPv6 address in the Tunnel Client IPv6 Address, the router works but the clients can not pass through :\

At least that's the way it works for us : )

No IPv6 assigned to ip6tun but it works anyway!

Bye!
Sponsor
JAMESMTL
DD-WRT Guru


Joined: 13 Mar 2014
Posts: 856
Location: Montreal, QC

PostPosted: Wed Feb 10, 2016 20:40    Post subject: Reply with quote
6rd is generally just a 6in4 tunnel where the assigned prefix is derived from the isp prefix + ipv4 address (less leading masklen bits if applicable).

if you have the full prefix you can just do as you did and it will work as long as the ipv4 address doesn't change.
mr.emme
DD-WRT Novice


Joined: 12 Dec 2014
Posts: 9

PostPosted: Thu Feb 11, 2016 9:25    Post subject: Reply with quote
Hi James,

In case of dynamic WAN IP Address, my idea was to adapt a script I'm already using for a EoIP tunnel with a remote site with dynamic IP:

in case the Wan address change, the prefix should change either.
in custom script (anche programmed to run as chrontab, if I put something like this.. could i work?

Requirements:
a ddns (shown in the code as my.ddns.address)
knowing the first 2 bits ot the prefix (shown in the code as aaaa:bbbb

...I'm not a Linux programmer!!! nor a C++... I just tried to adapt the script Razz Razz


Code:
#!/bin/sh
V6TUN=`nvram get ipv6_enable` ;
if [ ${V6TUN} -eq 1 ]; then
    NEWWANIPV4=`ping -c1 -w1 my.ddns.address | egrep -o '([0-9]{1,3}\.){3}[0-9]{1,3}' -m 1` ;
    NEWV6PREF = printf "aaaa:bbbb:%x%02x:%x%02x::\n" `echo ${NEWWANIPV4} |tr . " "`
    V6PREF=`nvram get ipv6_prefix ;`

    if [ ${V6PREF} != ${NEWV6PREF} ]; then
        nvram set ipv6_prefix=$NEWV6PREF ;
        nvram commit
        ip link set ip6tun down ;   
        ip link set ip6tun up ;
    fi
fi


thanks
ciao
M
JAMESMTL
DD-WRT Guru


Joined: 13 Mar 2014
Posts: 856
Location: Montreal, QC

PostPosted: Sun Feb 14, 2016 3:50    Post subject: Reply with quote
In theory such a method could work but only where the 6rd provider uses a /32 ISP prefix with 0 bit IPv4 masklen giving the user a single /64. This means it would work for a minority of 6rd providers.

I dont know if I would try setting the prefix via nvram. I suspect you may either end up with multiple global addresses on br0 or the change would only happen after a reboot. The only way to know would be to test it.

Personally I would delete the ipv6 global address from br0 and add the new one whenever there is a wanip change. you may also need to reconfig & restart radvd. if using dnsmasq instead of radvd for RAs it will instantly broadcast the new prefix after the global address change.

i believe radvd would do the switch automatically but only when the prefix is configured as

Code:

prefix ::/64 {
...
}


and not prefix aaaa:bbbb:cccc:dddd::/64
Acumen
DD-WRT User


Joined: 15 Nov 2014
Posts: 221

PostPosted: Tue Mar 01, 2016 8:02    Post subject: Reply with quote
As an user of Atheros WiSOC based Hardware, I am aware of the fact that I am posting in Broadcom SoC, but hope to find a solution for IPv6 on my BR1 interface.

My situation in short*

I managed to get IPv6 running quite easily by enabling 'DHCPv6 with Prefix Delegation' and 'Radvd', but needed DNS to work as well. Thanks to some replies, I created a working config which shows (besides some DNS server addresses):
Code:

enable-ra
dhcp-option=option6:dns-server,[::]
dhcp-option=vendor:MSFT,2,1i
dhcp-range=br0,::1000, ::7FFF, constructor:br0, ra-stateless, ra-names, 4h

Next to that I disabled Dhcp6c custom, Dhcp6s and Radvd in the IPv6 Setup and everything worked as expected on BR0, besides the fact that I get an address that ends with '::8ddd:481d:e5af:b80b', where the prefix set in 'DHCPv6 with Prefix Delegation' is /64 and where ifconfig tells me BR0 has a /59.

The challenge however is, getting it to work on BR1 (my Guest network) as well. I did some experiments on and was able to get IPv6 work within the (W)LAN, but it does not find a way to get on the Internet. I guess there is no gateway or something, but could be totally wrong off course.

* A less short description can be found here: https://www.dd-wrt.com/phpBB2/viewtopic.php?t=290486

Does anyone have a suggestion on how to get my BR1 to work with IPv6?

_________________
Netgear WNDR4300v1 DD-WRT v3.0 BS r29837 | Netgear R6400 DD-WRT v3.0 KB r33525M | Tickets: 5429
IPv4 & IPv6-PD | ProFTP & Samba to USB thumb | DNSMasq DHCPv6 | Pi-Hole on RasPi

Found a bug, report it so the it can be fixed: http://svn.dd-wrt.com/
Acumen
DD-WRT User


Joined: 15 Nov 2014
Posts: 221

PostPosted: Sun Mar 06, 2016 8:36    Post subject: Reply with quote
Bump, Anyone ?
_________________
Netgear WNDR4300v1 DD-WRT v3.0 BS r29837 | Netgear R6400 DD-WRT v3.0 KB r33525M | Tickets: 5429
IPv4 & IPv6-PD | ProFTP & Samba to USB thumb | DNSMasq DHCPv6 | Pi-Hole on RasPi

Found a bug, report it so the it can be fixed: http://svn.dd-wrt.com/
Acumen
DD-WRT User


Joined: 15 Nov 2014
Posts: 221

PostPosted: Sun Mar 20, 2016 21:15    Post subject: Reply with quote
Last Bump, does anyone know if it is possible to serve IPv6 on a second bridge interface with its own IP range?

IPv4 works fine, IPv6 not (yet).

_________________
Netgear WNDR4300v1 DD-WRT v3.0 BS r29837 | Netgear R6400 DD-WRT v3.0 KB r33525M | Tickets: 5429
IPv4 & IPv6-PD | ProFTP & Samba to USB thumb | DNSMasq DHCPv6 | Pi-Hole on RasPi

Found a bug, report it so the it can be fixed: http://svn.dd-wrt.com/
JAMESMTL
DD-WRT Guru


Joined: 13 Mar 2014
Posts: 856
Location: Montreal, QC

PostPosted: Mon Apr 04, 2016 5:29    Post subject: Reply with quote
Sorry didn't see your post as I don't have time to read every thread. Replied in your original thread.
HalfBit
DD-WRT Guru


Joined: 04 Sep 2009
Posts: 776
Location: AR, USA

PostPosted: Wed Oct 12, 2016 4:27    Post subject: Reply with quote
First off, thanks for the support, Kong, and the direction, JAMESMTL, NiTrus, et al.

I was able to get things working pretty well. My ISP is Cox in case that helps anyone else who's as unfortunate as I am to be their customer. The following is my dhcp6c custom config (pretty straight-forward, just don't ask me to explain it all):
Code:
interface vlan2 {
     send ia-pd 1;
     send ia-na 0;
     script "/sbin/dhcp6c-state";
};
id-assoc pd 1 {
     prefix ::/56 infinity;
     prefix-interface br0 {
          sla-id 0;
         sla-len 8;
     };
     prefix-interface br1 {
          sla-id 1;   
         sla-len 8;
     }; 
};
id-assoc na 0 { };

Is there any reason/benefit to have a custom radvd config in addition to the dhcp6c custom config? I am confused if I need both, or just one or the other. In researching, I understand that some clients use radvd while others (such as Windows I believe) don't. Is that correct?

I was able to piece the following together:
Code:
interface br0 {
   MinRtrAdvInterval 3;
   MaxRtrAdvInterval 10;
   AdvLinkMTU 1500;
   AdvSendAdvert on;
   AdvOtherConfigFlag off;
   AdvManagedFlag off;
   prefix ::/64 {
      AdvOnLink on;
      AdvAutonomous on;
      AdvRouterAddr off;
   };
        RDNSS 2620:0:ccc::2 2620:0:ccd::2 {};
};

interface br1 {
   MinRtrAdvInterval 3;
   MaxRtrAdvInterval 10;
   AdvLinkMTU 1500;
   AdvSendAdvert on;
   AdvOtherConfigFlag off;
   AdvManagedFlag off;
   prefix ::/64 {
      AdvOnLink on;
      AdvAutonomous on;
      AdvRouterAddr off;
   };
        RDNSS 2620:0:ccc::2 2620:0:ccd::2 {};
};

Now on to dnsmasq. It was mentioned that one could use dnsmasq for everything, including router announcement (RA). Acumen posted the following at https://www.dd-wrt.com/phpBB2/viewtopic.php?p=1025911#1025911:
Code:
enable-ra
dhcp-option=option6:dns-server,[::]
dhcp-option=vendor:MSFT,2,1i
# dhcp-range=br0,::1, constructor:br0, ra-stateless, ra-names, 4h
dhcp-range=br0,::1000, ::3000, constructor:br0, ra-stateless, ra-names, 4h
dhcp-range=br1,::1000, ::3000, constructor:br1, ra-stateless, ra-names, 4h

If dnsmasq is used for RA, can radvd be disabled on the Setup>IPV6 tab(s)? The dhcp6c config still needed to properly "hint" to the ISP that I want a /56 or /60 address allocation, from which I then assign the /64s to br0, br1, (future bridge, vlan etc. here), correct? Then will dnsmasq handle the ipv6 address leases on both br0 and br1?

I've got more questions around DNSCrypt and ipv6, but I will figure out this basic stuff first. Thanks in advance for your replies/comments/direction/help.

_________________
R7000 Nighthawk - DD-WRT v3.0-r50308
R7000 Nighthawk - DD-WRT v3.0-r50308
~~~~~~~~~~Dismantled for learning opportunities~~~~~~~~~~
WRT54Gv2
WRT54Gv8.2
~~~~~~~~~~Other Settings~~~~~~~~~
https://nextdns.io/?from=2d3sq39x
https://pi-hole.net/
https://github.com/DNSCrypt/dnscrypt-proxy
JAMESMTL
DD-WRT Guru


Joined: 13 Mar 2014
Posts: 856
Location: Montreal, QC

PostPosted: Wed Oct 12, 2016 6:19    Post subject: Reply with quote
ok lets look at the individual parts. in order to have functioning ipv6 you need to:
1. get a prefix assignment from isp and assign prefixes to router interfaces (dhcp6c)
2. send router advertisements (RA) providing default gateway, announce stateless configuration (if applicable), rdnss info (if applicable), and if dhcpv6 is available. (radvd or dnsmasq)
3. provide dhcpv6 (if desired) which includes stateful addressing and other info such as ipv6 dns server info (dhcp6s or dnsmasq)

this means dhcp6c is needed in all cases where isp uses dhcpv6-pd. A custom config is only needed if you are requesting a prefix greater than a /64 which is your case.

unless you are manually configuring clients then RAs are mandatory on each router interface that is offering ipv6 ex br0, br1, etc. Now you have a choice of using either radvd or dnsmasq. if using radvd and have ipv6 on interfaces other thaan br0 (your case) then a custom radvd is needed. personally i prefer to use dnsmasq as i use dhcpv6

RAs can include rdnss info but windows will ignore it so it is advisable to either enable dhcp6s or use dnsmasq. fyi radvd + dhcp6s = dnsmasq

also note if using android you must use stateless config as android does not support dhcpv6 unless you root the device. both stateful (dhcpv6) and stateless (RA autoconfig, SLAAC) can coexist at the same time.

if you go the dnsmasq route, disable radvd and dhcp6s. as for config I would suggest
Code:

dhcp-range=br0,::1000, ::3000, constructor:br0, ra-stateless, 4h
dhcp-range=br1,::1000, ::3000, constructor:br1, ra-stateless, 4h
ra-param=*,60,1800
enable-ra
quiet-ra
quiet-dhcp
quiet-dhcp6


the ra-param will send unsolicited RAs every 60s and stateless addresses, default gateway, and rdnss will be valid for 30m. omitting this line will cause dnsmasq to not send unsolicited RAs. stateless addresses, gateway, and rdnss will remain at the default 1800s

in comparison, radvd will send unsolicited RAs every 10s

the quiet lines will stop dnsmasq from flooding syslog with dhcp solicits,advertsements etc.

The two dhcp-options you listed are not needed. by default dnsmasq will send ipv6 dns address pointing to itself (router). this is only needed when using a default dns daemon other than dnsmasq (ex running dnsmasq dns on a port other than 53 or disabling dnsmasq dns)

ra-names is pretty much useless since privacy extensions are common practice. stateless addressing using eui-64 which is how ra-names works is basically only found on linux devices configured to use eui-64. ex ddwrt ipv6 addresses set using dhcp6c uses eui-64

if you only want to use stateful (dhcpv6) you can omit ra-stateless


*** NOTE *** Since windows 10 anniversary update there is an unresolved dhcpv6 bug that has yet to be addressed. MS has acknowledged the bug report on technet so i expect it to be resolved at some point. a work around exists if you are affected by if
HalfBit
DD-WRT Guru


Joined: 04 Sep 2009
Posts: 776
Location: AR, USA

PostPosted: Sun Oct 16, 2016 23:51    Post subject: Reply with quote
That was extremely helpful, JAMESMTL, thank you. As an update, I decided to use DNSMasq instead of the radvd/dhcp6s route. I've configured DNSMasq with the following in the additional options on the Services>Services tab(s):
Code:
# DNSCrypt configuration
server=::1#5353
server=127.0.0.53#5353
# Always resolve *ntp.org even without DNSCrypt running
server=/ntp.org/208.67.222.222
# Additional options
addn-hosts=/opt/hosts
bogus-priv
domain-needed
no-negcache
# IPv6 and RA configuration changes
dhcp-range=br0,::1000, ::3000, constructor:br0, ra-stateless, 4h
dhcp-range=br1,::1000, ::3000, constructor:br1, ra-stateless, 4h
ra-param=*,60,1800
enable-ra
quiet-ra
quiet-dhcp
quiet-dhcp6


I configured ::1 as the DNS servers in the Setup>IPv6 tab(s). It was a little chaotic when I first enabled DNSCrypt (separate script) on IPv6 and IPv4, and saved the additional options options with DNSMasq for the IPv6 and IPv4 loopback addresses. The routers load for the last 5 minutes shot up to 4.00-6.00, and router wasn't successfully doing anything (understandably).

So I did some troubleshooting and testing. I removed everything I added, and replaced it little by little to find the culprit. When I reversed the order of the server=::1#5353 and server=127.0.0.53#5353 in the DNSMasq options, the routers load dropped back down to 0.10-0.20.

I still haven't fully validated that 1) DNSCrypt is working on IPv6 and allowing successful DNS resolutions, or 2) that IPv6 addresses are handed out on the guest bridge (br1). More to come... any glaring mistakes or misconfigs, let me know.

_________________
R7000 Nighthawk - DD-WRT v3.0-r50308
R7000 Nighthawk - DD-WRT v3.0-r50308
~~~~~~~~~~Dismantled for learning opportunities~~~~~~~~~~
WRT54Gv2
WRT54Gv8.2
~~~~~~~~~~Other Settings~~~~~~~~~
https://nextdns.io/?from=2d3sq39x
https://pi-hole.net/
https://github.com/DNSCrypt/dnscrypt-proxy
JAMESMTL
DD-WRT Guru


Joined: 13 Mar 2014
Posts: 856
Location: Montreal, QC

PostPosted: Mon Oct 17, 2016 21:09    Post subject: Reply with quote
you can drop the ::1 line as it is redundant and only the resolver needs ipv6. are you even sure dnscrypt was listening on ::1?

run the following from cli
netstat -ln

also curious if other servers are being are defined. what is the content of /tmp/reolv.dnsmasq

does you /tmp/dnsmasq.conf contain the following line?
resolv-file=/tmp/resolv.dnsmasq
HalfBit
DD-WRT Guru


Joined: 04 Sep 2009
Posts: 776
Location: AR, USA

PostPosted: Tue Oct 18, 2016 2:54    Post subject: Reply with quote
JAMESMTL wrote:
you can drop the ::1 line as it is redundant and only the resolver needs ipv6. are you even sure dnscrypt was listening on ::1?

run the following from cli
netstat -ln

Yes. Dnscrypt is running for both ipv4, and a separate instance for ipv6. The reason I have the entry for ::1 is because of the non-standard port, 5353, for dnscrypt. That is how it works for ipv4. I still can't confirm that ipv6 is working, but I think that is because most things are dual-stacked:
Code:
root@R7000:~# ps | grep dnsc
 6928 root      1148 S    grep dnsc
25955 root      1112 S    dnscrypt-proxy -a 127.0.0.53:5353 -L /opt/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv -R cisco -d
25957 root      1112 S    dnscrypt-proxy -a [::1]:5353 -L /opt/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv -R cisco-ipv6 -d
root@R7000:~# netstat -an | grep 53
tcp        0      0 127.0.0.53:5353         0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.53:5353         127.0.0.1:54346         TIME_WAIT
tcp        0      0 127.0.0.53:5353         127.0.0.1:53620         TIME_WAIT
tcp        0      0 ::1:5353                :::*                    LISTEN
tcp        0      0 :::53                   :::*                    LISTEN
udp        0      0 0.0.0.0:53              0.0.0.0:*
udp        0      0 127.0.0.53:5353         0.0.0.0:*
udp        0      0 :::53                   :::*
udp        0      0 ::1:5353                :::*

JAMESMTL wrote:
also curious if other servers are being are defined. what is the content of /tmp/reolv.dnsmasq

This contains my ipv4 DNS servers:
Code:
root@R7000:~# cat /tmp/resolv.dnsmasq
nameserver 127.0.0.53
nameserver 208.67.222.222
nameserver 208.67.220.220

JAMESMTL wrote:
does you /tmp/dnsmasq.conf contain the following line?
resolv-file=/tmp/resolv.dnsmasq

Yes it does:
Code:
root@R7000:~# cat /tmp/dnsmasq.conf
interface=br0,br1
resolv-file=/tmp/resolv.dnsmasq
all-servers
strict-order
dhcp-leasefile=/tmp/dnsmasq.leases
dhcp-lease-max=29
dhcp-option=br0,3,192.168.1.1
dhcp-option=br1,3,192.168.20.1
dhcp-authoritative
dhcp-range=br0,192.168.1.150,192.168.1.159,255.255.255.0,60m
dhcp-range=br1,192.168.20.2,192.168.20.6,255.255.255.248,30m
<REDACTED LEASE INFORMATION>
stop-dns-rebind
# DNSCrypt configuration
server=::1#5353
server=127.0.0.53#5353
# Always resolve ntp.org even without DNSCrypt running
server=/ntp.org/208.67.222.222
# Additional options
addn-hosts=/opt/hosts
#bogus-priv
#domain-needed
#no-negcache
# IPv6 and RA configuration changes
dhcp-range=br0,::1000, ::3000, constructor:br0, ra-stateless, 4h
dhcp-range=br1,::1000, ::3000, constructor:br1, ra-stateless, 4h
ra-param=*,60,1800
enable-ra
quiet-ra
quiet-dhcp
quiet-dhcp6


On another note, as I am learning and understanding the configuration for IPv6 more I have a question. Shouldn't the /128 that is assigned to the vlan2 interface as the router's internet (WAN) IP be the IPv6 WAN address displayed on the top right corner of the GUI?

Also, any time I make changes in most places in the GUI, the IPv6 address is lost until I go back to the Setup>IPv6 page and re-apply the settings. I assume this is just some tweaking in the services that get started/stop in the GUI, correct?

All in all, IPv6 setup has been pretty painless, so thanks to those who helped test, provide information, and implement.

Edit:
Updated DNSMasq config to reflect changes made for upgrade to K4 build 30700M and 30840M, and fix grammatical errors.

_________________
R7000 Nighthawk - DD-WRT v3.0-r50308
R7000 Nighthawk - DD-WRT v3.0-r50308
~~~~~~~~~~Dismantled for learning opportunities~~~~~~~~~~
WRT54Gv2
WRT54Gv8.2
~~~~~~~~~~Other Settings~~~~~~~~~
https://nextdns.io/?from=2d3sq39x
https://pi-hole.net/
https://github.com/DNSCrypt/dnscrypt-proxy


Last edited by HalfBit on Tue Nov 08, 2016 20:21; edited 2 times in total
JAMESMTL
DD-WRT Guru


Joined: 13 Mar 2014
Posts: 856
Location: Montreal, QC

PostPosted: Thu Oct 27, 2016 4:46    Post subject: Reply with quote
Sorry missed your post.

The WAN address that is shown is pretty much cosmetic. Any global address assigned to any router interface is reachable globally. Ex you should be able to ping the global address on vlan2 and br0 (or even br1 or vlan3 if applicable) from the internet.

Are you saying the interface addresses are lost or just what is shown in the GUI. If the latter then it's just cosmetic. If the interfaces are losing their addresses when ever a GUI change is made then something internally is causing it within ddwrt. If that's the case then it may be worthwhile to add a watchdog to HUP dhcp6c if it is enabled and looses it's addresses.
HalfBit
DD-WRT Guru


Joined: 04 Sep 2009
Posts: 776
Location: AR, USA

PostPosted: Sun Nov 06, 2016 4:29    Post subject: Reply with quote
JAMESMTL wrote:
Are you saying the interface addresses are lost or just what is shown in the GUI. If the latter then it's just cosmetic. If the interfaces are losing their addresses when ever a GUI change is made then something internally is causing it within ddwrt. If that's the case then it may be worthwhile to add a watchdog to HUP dhcp6c if it is enabled and looses it's addresses.


I just noticed that if I make changes to the DNSMasq configuration (so Services>Services tab(s)), and apply the changes, the IPv6 info in the corner on the GUI is lost. However, that was on build 29300M-3 and -6. I just upgraded to 30840M, and the IPv6 info stays visible.

No big deal, just cosmetic like you said as I didn't ever check to see if the IPv6 config was actually lost. Before I knew too much about IPv6, I would just Apply Settings on the Setup>IPv6 tab to get the info back in the corner on the GUI. I probably just assumed at that time that if it wasn't displaying, it wasn't working/configured. Then later on I was in the habit of just getting it back that I never check to see if it was still working or not even though the IPv6 WAN address was not displaying on the GUI.

_________________
R7000 Nighthawk - DD-WRT v3.0-r50308
R7000 Nighthawk - DD-WRT v3.0-r50308
~~~~~~~~~~Dismantled for learning opportunities~~~~~~~~~~
WRT54Gv2
WRT54Gv8.2
~~~~~~~~~~Other Settings~~~~~~~~~
https://nextdns.io/?from=2d3sq39x
https://pi-hole.net/
https://github.com/DNSCrypt/dnscrypt-proxy
Goto page Previous  1, 2, 3 ... 30, 31, 32 ... 35, 36, 37  Next Display posts from previous:    Page 31 of 37
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum