?

Log in

No account? Create an account

Previous Entry | Next Entry

Using OpenWRT as a IPv6 router

Two days ago I wrote about how I installed the Kamikaze release of the fabulous OpenWRT router software, today I did some research and IPv6 enabled the router (and my home network).

First I installed some software on the router.

IPv6 support for the Linux kernel:

ipkg install kmod-ipv6
IP, used to manipulate IPv6 addresses and routes:

ipkg install ip
And what is needed for a IPv6 firewall:

ipkg install kmod-ip6tables
ipkg install ip6tables

I'm so lucky I got a /60 net routed towards my home over a 6to4 tunnel provided by a local IPv6 fanatic here in Norway, if you are not so lucky you may take a look at some of the public tunnel brokers.

With the tunnel set up on the upstream side I (re)wrote a init script (/etc/init.d/tun6to4) for 6to4 on the Kamikaze OpenWRT:

#!/bin/sh /etc/rc.common
# 6to4 tunnel
START=50

# Modified version of script from http://wiki.openwrt.org/IPv6_howto

# retrieve the public IPv4 address
ipv4=$(ip -4 addr | awk '/^[0-9]+[:] eth0.1[:]/ {l=NR+1} /inet (([0-9]{1,3}\.){3}[0-9]{1,3})\// {if (NR == l) split($2,a,"/")} END {prin
t a[1]}')


# local part of linknet for relay tunnel
linkipv6prefix=<local IPv6 address on the link net - provided by tunnel broker>

# IPv4 address for our relay
relay6to4=<IPv4 address for tunnel termination - provided by tunnel broker>

# local net, configured in radvd.conf
localipv6prefix=<local (lan) IPv6 net - routed by tunnel broker; not needed to get IPv6 up on router>

start() {
    echo "Creating tunnel interface..."
    ip tunnel add tun6to4 mode sit ttl 64 remote any local $ipv4
    echo "Setting tunnel interface up..."
    ip link set dev tun6to4 up
    echo "Assigning ${linkipv6prefix} address to tunnel interface..."
    ip -6 addr add ${linkipv6prefix} dev tun6to4
    echo "Assigning ${localipv6prefix} address to br-lan..."
    ip -6 addr add ${localipv6prefix} dev br-lan
    echo "Adding route to IPv6 internet on tunnel interface via relay..."
    ip -6 route add 2000::/3 via ::${relay6to4} dev tun6to4 metric 1
    echo "Adding route to IPv6 localnet..."
    ip -6 route add ${localipv6prefix} dev br-lan
    echo "Done."
}

stop() {
    echo "Removing br-lan interface IPv6 address..."
    ip -6 addr del ${localipv6prefix} dev br-lan
    echo "Removing routes to 6to4 tunnel interface..."
    ip -6 route flush dev tun6to4
    echo "Setting tunnel interface down..."
    ip link set dev tun6to4 down
    echo "Removing tunnel interface..."
    ip tunnel del tun6to4
    echo "Removing routes to IPv6 localnet..."
    ip -6 route flush dev br-lan
    echo "Done."
}

restart() {
    echo "Stopping..."
    /etc/init.d/tun6to4 stop
    echo "Starting..."
    /etc/init.d/tun6to4 start
    echo "Done."
}
After some testing I ran:

/etc/init.d/tun6to4 enable
reboot

The reboot went very well and with the router back on line I could ping a IPv6 enabled host on the Internet; yummy!:

root@OpenWrt:~# ping6 -c 1 ldap.uninett.no
PING ldap.uninett.no (2001:700:0:513::10): 56 data bytes
64 bytes from 2001:700:0:513::10: icmp6_seq=0 ttl=56 time=271.1 ms

--- ldap.uninett.no ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 271.1/271.1/271.1 ms
But it is not very useful with a IPv6 enabled router unless the computers on the inside may use IPv6 as well!  I therefore installed  The Linux IPv6 Router Advertisement Daemon on my router:

ipkg install radvd
and configured it in /etc/radvd.conf:

interface br-lan
{
        AdvSendAdvert on;
        prefix <local (lan) IPv6 net - as set up in tun6to4 init script and routed to you by tunnel broker>
        {
                AdvOnLink on;
                AdvAutonomous on;
        };
};

All ready to fire it up:

/etc/init.d/radvd enable
/etc/init.d/radvd start

My laptop got a auto configured IPv6 after a few seconds:

wlan0     Link encap:Ethernet  HWaddr 00:13:E8:9E:CC:F7 
          inet addr:192.168.192.50  Bcast:192.168.192.255  Mask:255.255.255.0
          inet6 addr: XXX:YYY:ZZ:e8ff:fe9e:ccf7/64 Scope:Global
          inet6 addr: fe80::213:e8ff:fe9e:ccf7/64 Scope:Link
          [..]

And everything worked;  I could connect to a IPv6 enabled computer on the Internet from my laptop, but hey; I could also connect to my server at home from the Internet - nice, but some descent IPv6 firewall on the OpenWRT router is really needed :-)

See http://wiki.openwrt.org/IPv6_howto for more information about OpenWRT and IPv6.

Comments

( 1 comment — Leave a comment )
samm_on
Sep. 27th, 2010 06:13 pm (UTC)
I never tried to do this manually and I've never been too skilled on this kind of applications. Thanks for sharing everything, I just found a registry cleaner download link, I want to do a computer check-up before I try anything.
( 1 comment — Leave a comment )