User:Fnord42

From DD-WRT Wiki

(Difference between revisions)

Revision as of 14:12, 12 April 2011

1 Random encounters with DD-WRT v24-sp2 mega/big r14929
2 Setting up a dynamic IPv6 tunnel with aiccu
- 2.1 Install and configure AICCU

Random encounters with DD-WRT v24-sp2 mega/big r14929

Here are some notes, about issue, where I consider the solution to be a bit hackish and not ready for consumption by everyone. So be aware that you should know what you're doing. FYI I'm running this on an Asus RT-N16.

Running bittorrent on the router

I'm running bittorrent directly on the router with screen + rtorrent (and libs) picked from OpenWRTs Kamikaze release. Unfortunately DD-WRTs build-in default firewall setup blocks the incoming traffic (INPUT table) in the port range 6881-6999. I consider it to be save to allow incoming traffic in that port range and would be more concerned about security issue with the torrent client and libs. So I've added two rules very much at the top of the INPUT table to allow UDP and TCP traffic on those ports comming in on the ppp0 device:

 # Allow bittorrent peers
 iptables -I INPUT 2 -i ppp0 -p tcp --dport 6881:6999 -j ACCEPT
 iptables -I INPUT 3 -i ppp0 -p udp --dport 6881:6999 -j ACCEPT

ISAKMP/UDP 500 blocked - or why your VPN endpoint doesn't respond

The build-in default firewall has a special block for UDP traffic on port 500 in the FORWARD table. This port is used for ISAKMP (key exchange for your VPN connection) and required to build up VPN connections with e.g. vpnc. So if your VPN client, in may case vpnc, bitches about an endpoint not responding you should check and maybe remove the blocking rule.

 # Remove ISAKMP ban
 iptables -D FORWARD -o ppp0 -p udp --dport 500 -j DROP

UPDATE: I now found out that the webinterface has an option to allow VPN traffic, so you don't have to deploy such a gross hack. See 'Security' -> 'VPN Passthrough'.

Some aliases I find useful

Be aware that I've installed some additional tools from OpenWRTs kamikaze release and adjusted the /tmp/root/.profile via a /jffs/etc/config/profile.startup script, currently looking like this:

 #!/bin/sh
 echo "alias pkgl='grep Package /jffs/usr/lib/ipkg/status|sort'" >> /tmp/root/.profile
 echo "alias wget='/jffs/usr/bin/wget'" >> /tmp/root/.profile
 echo "alias ifstat='ifstat -i br0,ppp0,sixxs'" >> /tmp/root/.profile

Setting up a dynamic IPv6 tunnel with aiccu

The current explanation in IPv6_(tutorial)#Dynamic_Tunnel seems overly complex and mandating a lot handwork which, according to my knowledge, nowdays work out of the box. So here is my own, hopefully simplified take on the matter.

Install and configure AICCU

In most cases you should be able to install aiccu from the OpenWRT repository using ipkg, e.g.:

# ipkg  install http://downloads.openwrt.org/kamikaze/8.09.2/brcm47xx/packages/aiccu_20070115-2.1_mipsel.ipk

Afterwards you've to create a basic aiccu.conf in e.g. '/jffs/etc/aiccu.conf'.

 username <myuser>
 password <secret>
 protocol tic
 server tic.sixxs.net
 tunnel_id T<xxxxx>
 
 ipv6_interface sixxs
 verbose false 
 daemonize true 
 automatic true
 pidfile /var/run/aiccu.pid

Retrieved from "http://wiki.dd-wrt.com/wiki/index.php/User:Fnord42"