I was using an Asus wl-500g Premium router (hardware revision #1) running DD-WRT (I think it was version v24 preSP2 [Beta] Build 14311 mini). I decided to switch over to OpenWrt. The installation was dead simple. I just downloaded the .trx firmware image for the brcm47xx target (linux 2.6) from http://downloads.openwrt.org/backfire/10.03/brcm47xx/openwrt-brcm47xx-squashfs.trx, loaded it via the dd-wrt firmware update web interface and waited for ~ 5 minutes. The box automatically rebooted and when I reconnected the network cable I had an IP from the range 192.168.1.1/24. From there, I just followed the OpenWrt setup similar to my blog post on OpenWrt on the TP-Link TL-WR1043ND router.
IPv6 Static 6in4 tunnel setup via Hurricane Electric (Tunnelbroker.net)
First, install the following IPv6 related packages:
opkg update opkg install kmod-ipv6 ip kmod-ip6tables ip6tables kmod-sit kmod-iptunnel6 radvd kmod-tun tcptraceroute6 radvd
Setup with an init script
This section describes the setup similar to http://cd34.com/blog/infrastructure/weekend-wrt54gs-openwrt-ipv6-through-tunnelbroker-net/.
Now create the init script for the tunnel. To do so, save the following script as /etc/init.d/ipv6:
(As proposed in this and this thread, you might create it as a hotplug script /etc/hotplug.d/iface/15-ipv6 instead.)
#!/bin/sh /etc/rc.common
#Information from the "Tunnel Details" page
SERVER_v4=216.66.80.30
SERVER_v6=2001:470:01fa:1d99::1
CLIENT_v4=141.2.16.250
CLIENT_v6=2001:470:01fa:1d99::2
# Uncomment if you have a /48
#ROUTED_48=Your /48 netblock's gateway address, e.g., 2001:a:b::1
ROUTED_64=2001:470:01fb:1d99::
START=50
start() {
echo "Starting he.net IPv6 tunnel: "
ip tunnel add henet mode sit remote $SERVER_v4 local $CLIENT_v4 ttl 255
ip link set henet up
ip -6 addr add $CLIENT_v6/64 dev henet
ip -6 ro add default via $SERVER_v6 dev henet
ip -6 addr add $ROUTED_64/64 dev br-lan
# Uncomment if you have a /48
#ip -6 addr add $ROUTED_48/48 dev br-lan
ip -f inet6 addr
echo "Done."
}
stop() {
echo -n "Stopping he.net IPv6 tunnel: "
ip link set henet down
ip tunnel del henet
ip -6 addr delete $ROUTED_64/64 dev br-lan
# Uncomment if you have a /48
#ip -6 addr delete $ROUTED_48/48 dev br-lan
echo "Done."
}
restart() {
stop
start
}
The init script is very similar to 6tunnel.init from the package 6scripts: https://dev.openwrt.org/browser/packages/ipv6/6scripts/files/6tunnel.init.
Make the the script executable using chmod +x /etc/init.d/ipv6 and test if it's working by executing /etc/init.d/ipv6 start. If it works and you have a working IPv6 (verify using ping6 ipv6.google.com) then enable it as a startup script with /etc/init.d/ipv6 enable.
Update the radvd settings file /etc/config/radvd.
Alternative setup using the OpenWrt UCI as much as possible
This section follows closely the setup described on http://www.sixxs.net/forum/?msg=setup-3135937 and http://wiki.openwrt.org/doc/uci/network#static.ipv6-in-ipv4.tunnel.
So we add the tunnel to the network setup by adding the following configuration section to /etc/config/network:
# For help see <http://wiki.openwrt.org/doc/uci/network#protocol.6in4.ipv6-in-ipv4.tunnel>
config 'interface' 'sixxs'
option 'proto' '6in4'
# remote PoP tunnel endpoint IPv4 address:
option 'peeraddr' '216.66.80.30'
# your IPv6 tunnel endpoint:
option 'ip6addr' '2001:470:01fa:1d99::2/64'
# the router's IPv4 WAN address:
option 'ipaddr' '62.78.XXX.XXX'
The next step would be, to add the new henet interface to the wan zone of the firewall. Either use Luci (Network/Firewall/Zones) or edit /etc/config/network:
config 'zone'
option 'name' 'wan'
option 'network' 'wan sixxs'
You need an iptables rule for enabling the IPv4 firewall to accept IPv6 connections (protocol 41) from the PoP tunnel endpoint even if they are not related to existing connections. So add the following line to '/etc/firewall.user':
iptables -I INPUT 1 -s [remote_ipv4_pop_endpoint_addr] -p 41 -j ACCEPT
Or using UCI:
uci add firewall rule uci set firewall.@rule[-1].src=wan uci set firewall.@rule[-1].target=ACCEPT uci set firewall.@rule[-1]._name=HE-IP6 uci set firewall.@rule[-1].proto=41 uci commit firewall
And also make sure that the following line in '/etc/sysctl.conf' is uncommented:
net.ipv6.conf.all.forwarding=1