User:Fnord42
From DD-WRT Wiki
| Revision as of 14:12, 12 April 2011 (edit) Fnord42 (Talk | contribs) (start to write my own how to setup aiccu) ← Previous diff |
Revision as of 15:25, 12 April 2011 (edit) (undo) Fnord42 (Talk | contribs) (Finish first draft of the alternative aiccu setup) Next diff → |
||
| Line 26: | Line 26: | ||
| === Install and configure AICCU === | === Install and configure AICCU === | ||
| In most cases you should be able to install aiccu from the OpenWRT repository using ipkg, e.g.: | In most cases you should be able to install aiccu from the OpenWRT repository using ipkg, e.g.: | ||
| - | # ipkg | + | # ipkg -d root install http://downloads.openwrt.org/kamikaze/8.09.2/brcm47xx/packages/aiccu_20070115-2.1_mipsel.ipk |
| - | Afterwards you've to create a basic aiccu.conf | + | Afterwards you've to create a basic aiccu.conf, e.g. ''/jffs/etc/aiccu.conf''. |
| username <myuser> | username <myuser> | ||
| Line 41: | Line 41: | ||
| automatic true | automatic true | ||
| pidfile /var/run/aiccu.pid | pidfile /var/run/aiccu.pid | ||
| + | |||
| + | To actually start aiccu you've to add an ''ipup'' script, e.g. ''/jffs/etc/config/sixxs.ipup''. | ||
| + | |||
| + | #!/bin/sh | ||
| + | export PATH=$PATH:/jffs/usr/sbin | ||
| + | |||
| + | # wait until time is synced | ||
| + | while [ `date +%Y` -eq 1970 ]; do | ||
| + | sleep 5 | ||
| + | done | ||
| + | |||
| + | # check if aiccu is already running | ||
| + | if [ -n "`ps|grep etc/aiccu|grep -v grep`" ]; then | ||
| + | aiccu stop | ||
| + | sleep 1 | ||
| + | killall aiccu | ||
| + | fi | ||
| + | |||
| + | # start aiccu | ||
| + | sleep 3 | ||
| + | aiccu start /jffs/etc/aiccu.conf | ||
| + | |||
| + | |||
| + | === Announce your own subnet with radvd === | ||
| + | ''radvd'' is already part of the IPv6 enabled images so you just have to bring up your own IPv6 address and start radvd with a configuration. You can enter the contents for your ''radvd.conf'' in the webfrontend so that it will end up in ''/tmp/radvd.conf'' but you've start ''radvd'' yourself with a ''startup'' file '''after''' you assigned an IPv6 address from the subnet to one of your interfaces. In practise your ''radvd.conf'' can be as simple as this: | ||
| + | interface br0 | ||
| + | { | ||
| + | AdvSendAdvert on; | ||
| + | prefix 2001:DB8::/64 | ||
| + | { | ||
| + | }; | ||
| + | }; | ||
| + | |||
| + | The ''startup'' file, e.g. ''/jffs/config/ip6.startup'' to go with this configuration will depends a bit on how many addresses/subnets you'll actually use. In the usual cases it will be very similar to the following. | ||
| + | #!/bin/sh | ||
| + | # Assign an IPv6 address and route for br0 | ||
| + | ip -6 addr add 2001:DB8::/64 dev br0 | ||
| + | ip -6 route add 2001:DB8::/64 dev br0 | ||
| + | |||
| + | # route the rest of the /48 to loopback | ||
| + | ip -6 route add 2001:DB8::/48 dev lo | ||
| + | |||
| + | # Execute a script with some ip6tables rules | ||
| + | #/jffs/etc/filters6.sh | ||
| + | |||
| + | # Start radvd | ||
| + | /usr/sbin/radvd -C /tmp/radvd.conf | ||
Revision as of 15:25, 12 April 2011
Contents |
Random encounters with DD-WRT v24-sp2 mega/big r14929
Here are some notes, about issue, where I consider the solution to be a bit hackish and not ready for consumption by everyone. So be aware that you should know what you're doing. FYI I'm running this on an Asus RT-N16.
Running bittorrent on the router
I'm running bittorrent directly on the router with screen + rtorrent (and libs) picked from OpenWRTs Kamikaze release. Unfortunately DD-WRTs build-in default firewall setup blocks the incoming traffic (INPUT table) in the port range 6881-6999. I consider it to be save to allow incoming traffic in that port range and would be more concerned about security issue with the torrent client and libs. So I've added two rules very much at the top of the INPUT table to allow UDP and TCP traffic on those ports comming in on the ppp0 device:
# Allow bittorrent peers iptables -I INPUT 2 -i ppp0 -p tcp --dport 6881:6999 -j ACCEPT iptables -I INPUT 3 -i ppp0 -p udp --dport 6881:6999 -j ACCEPT
ISAKMP/UDP 500 blocked - or why your VPN endpoint doesn't respond
The build-in default firewall has a special block for UDP traffic on port 500 in the FORWARD table. This port is used for ISAKMP (key exchange for your VPN connection) and required to build up VPN connections with e.g. vpnc. So if your VPN client, in may case vpnc, bitches about an endpoint not responding you should check and maybe remove the blocking rule.
# Remove ISAKMP ban iptables -D FORWARD -o ppp0 -p udp --dport 500 -j DROP
UPDATE: I now found out that the webinterface has an option to allow VPN traffic, so you don't have to deploy such a gross hack. See 'Security' -> 'VPN Passthrough'.
Some aliases I find useful
Be aware that I've installed some additional tools from OpenWRTs kamikaze release and adjusted the /tmp/root/.profile via a /jffs/etc/config/profile.startup script, currently looking like this:
#!/bin/sh echo "alias pkgl='grep Package /jffs/usr/lib/ipkg/status|sort'" >> /tmp/root/.profile echo "alias wget='/jffs/usr/bin/wget'" >> /tmp/root/.profile echo "alias ifstat='ifstat -i br0,ppp0,sixxs'" >> /tmp/root/.profile
Setting up a dynamic IPv6 tunnel with aiccu
The current explanation in IPv6_(tutorial)#Dynamic_Tunnel seems overly complex and mandating a lot handwork which, according to my knowledge, nowdays work out of the box. So here is my own, hopefully simplified take on the matter.
Install and configure AICCU
In most cases you should be able to install aiccu from the OpenWRT repository using ipkg, e.g.:
# ipkg -d root install http://downloads.openwrt.org/kamikaze/8.09.2/brcm47xx/packages/aiccu_20070115-2.1_mipsel.ipk
Afterwards you've to create a basic aiccu.conf, e.g. /jffs/etc/aiccu.conf.
username <myuser> password <secret> protocol tic server tic.sixxs.net tunnel_id T<xxxxx> ipv6_interface sixxs verbose false daemonize true automatic true pidfile /var/run/aiccu.pid
To actually start aiccu you've to add an ipup script, e.g. /jffs/etc/config/sixxs.ipup.
#!/bin/sh
export PATH=$PATH:/jffs/usr/sbin
# wait until time is synced
while [ `date +%Y` -eq 1970 ]; do
sleep 5
done
# check if aiccu is already running
if [ -n "`ps|grep etc/aiccu|grep -v grep`" ]; then
aiccu stop
sleep 1
killall aiccu
fi
# start aiccu
sleep 3
aiccu start /jffs/etc/aiccu.conf
Announce your own subnet with radvd
radvd is already part of the IPv6 enabled images so you just have to bring up your own IPv6 address and start radvd with a configuration. You can enter the contents for your radvd.conf in the webfrontend so that it will end up in /tmp/radvd.conf but you've start radvd yourself with a startup file after you assigned an IPv6 address from the subnet to one of your interfaces. In practise your radvd.conf can be as simple as this:
interface br0
{
AdvSendAdvert on;
prefix 2001:DB8::/64
{
};
};
The startup file, e.g. /jffs/config/ip6.startup to go with this configuration will depends a bit on how many addresses/subnets you'll actually use. In the usual cases it will be very similar to the following.
#!/bin/sh # Assign an IPv6 address and route for br0 ip -6 addr add 2001:DB8::/64 dev br0 ip -6 route add 2001:DB8::/64 dev br0 # route the rest of the /48 to loopback ip -6 route add 2001:DB8::/48 dev lo # Execute a script with some ip6tables rules #/jffs/etc/filters6.sh # Start radvd /usr/sbin/radvd -C /tmp/radvd.conf