May 112011
 

I was using an Asus wl-500g Premium router (hardware revision #1) running DD-WRT (I think it was version v24 preSP2 [Beta] Build 14311 mini). I decided to switch over to OpenWrt. The installation was dead simple. I just downloaded the .trx firmware image for the brcm47xx target (linux 2.6) from http://downloads.openwrt.org/backfire/10.03/brcm47xx/openwrt-brcm47xx-squashfs.trx, loaded it via the dd-wrt firmware update web interface and waited for ~ 5 minutes. The box automatically rebooted and when I reconnected the network cable I had an IP from the range 192.168.1.1/24. From there, I just followed the OpenWrt setup similar to my blog post on OpenWrt on the TP-Link TL-WR1043ND router.

IPv6 Static 6in4 tunnel setup via Hurricane Electric (Tunnelbroker.net)

First, install the following IPv6 related packages:

opkg update
opkg install kmod-ipv6 ip kmod-ip6tables ip6tables kmod-sit kmod-iptunnel6 radvd kmod-tun tcptraceroute6  radvd

Setup with an init script

This section describes the setup similar to http://cd34.com/blog/infrastructure/weekend-wrt54gs-openwrt-ipv6-through-tunnelbroker-net/.

Now create the init script for the tunnel. To do so, save the following script as /etc/init.d/ipv6: (As proposed in this and this thread, you might create it as a hotplug script /etc/hotplug.d/iface/15-ipv6 instead.)

#!/bin/sh /etc/rc.common

#Information from the "Tunnel Details" page
SERVER_v4=216.66.80.30
SERVER_v6=2001:470:01fa:1d99::1

CLIENT_v4=141.2.16.250
CLIENT_v6=2001:470:01fa:1d99::2

# Uncomment if you have a /48
#ROUTED_48=Your /48 netblock's gateway address, e.g., 2001:a:b::1
ROUTED_64=2001:470:01fb:1d99::

START=50

start() {
    echo "Starting he.net IPv6 tunnel: "
    ip tunnel add henet mode sit remote $SERVER_v4 local $CLIENT_v4 ttl 255
    ip link set henet up

    ip -6 addr add $CLIENT_v6/64 dev henet
    ip -6 ro add default via $SERVER_v6 dev henet

    ip -6 addr add $ROUTED_64/64 dev br-lan
    # Uncomment if you have a /48
    #ip -6 addr add $ROUTED_48/48 dev br-lan
    ip -f inet6 addr

    echo "Done."
}
stop() {
    echo -n "Stopping he.net IPv6 tunnel: "
    ip link set henet down
    ip tunnel del henet

    ip -6 addr delete $ROUTED_64/64 dev br-lan
    # Uncomment if you have a /48
    #ip -6 addr delete $ROUTED_48/48 dev br-lan

    echo "Done."
}
restart() {
    stop
    start
}

The init script is very similar to 6tunnel.init from the package 6scripts: https://dev.openwrt.org/browser/packages/ipv6/6scripts/files/6tunnel.init.

Make the the script executable using chmod +x /etc/init.d/ipv6 and test if it’s working by executing /etc/init.d/ipv6 start. If it works and you have a working IPv6 (verify using ping6 ipv6.google.com) then enable it as a startup script with /etc/init.d/ipv6 enable.

Update the radvd settings file /etc/config/radvd.

Alternative setup using the OpenWrt UCI as much as possible

This section follows closely the setup described on http://www.sixxs.net/forum/?msg=setup-3135937 and http://wiki.openwrt.org/doc/uci/network#static.ipv6-in-ipv4.tunnel.

So we add the tunnel to the network setup by adding the following configuration section to /etc/config/network:

# For help see <http://wiki.openwrt.org/doc/uci/network#protocol.6in4.ipv6-in-ipv4.tunnel>
config 'interface' 'sixxs'
    option 'proto' '6in4'
    # remote PoP tunnel endpoint IPv4 address:
    option 'peeraddr' '216.66.80.30'
    # your IPv6 tunnel endpoint:
    option 'ip6addr' '2001:470:01fa:1d99::2/64'
    # the router's IPv4 WAN address:
    option 'ipaddr' '62.78.XXX.XXX'

The next step would be, to add the new henet interface to the wan zone of the firewall. Either use Luci (Network/Firewall/Zones) or edit /etc/config/network:

  config 'zone'
    option 'name' 'wan'
    option 'network' 'wan sixxs'

You need an iptables rule for enabling the IPv4 firewall to accept IPv6 connections (protocol 41) from the PoP tunnel endpoint even if they are not related to existing connections. So add the following line to ‘/etc/firewall.user’:

iptables -I INPUT 1 -s [remote_ipv4_pop_endpoint_addr]  -p 41 -j ACCEPT

Or using UCI:

uci add firewall rule
uci set firewall.@rule[-1].src=wan
uci set firewall.@rule[-1].target=ACCEPT
uci set firewall.@rule[-1]._name=HE-IP6
uci set firewall.@rule[-1].proto=41
uci commit firewall

And also make sure that the following line in ‘/etc/sysctl.conf’ is uncommented:

net.ipv6.conf.all.forwarding=1

Resources

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)

Related Posts:

 Leave a Reply

(required)

(required)

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>