R7000 and IPv6

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Goto page Previous  1, 2, 3 ... 15, 16, 17 ... 35, 36, 37  Next
Author Message
<Kong>
DD-WRT Guru


Joined: 15 Dec 2010
Posts: 4339
Location: Germany

PostPosted: Mon Aug 04, 2014 19:08    Post subject: Reply with quote
BasCom wrote:
ask your providers offering native ipv6. it is working fine. cant talk bout kongs latest, cause i dont have it, but it uses the same componets as i do about a year "manually"

since there is no new mipsel build ( KONG and BS ), i cannot help with any debugging.

And BS latest bricks RT-N66U, so i do not believe, next one will do better Razz


I can't build a new one right now, BS has to push new objects for igs/emf to svn otherwise wl will not load.

But JAMESMTL is the master of IPV6 and already gave me the input I needed. Nitrus is already doing a lot of testing and we are progressing fast. As far as I can tell implementing 6to4 6in4 6rd won't take as much time as adding all the stuff I needed for native/native-pd

_________________
KONG PB's: http://www.desipro.de/ddwrt/
KONG Info: http://tips.desipro.de/
Sponsor
twalls
DD-WRT Novice


Joined: 04 May 2014
Posts: 39

PostPosted: Mon Aug 04, 2014 19:50    Post subject: Reply with quote
<Kong> wrote:
But JAMESMTL is the master of IPV6 and already gave me the input I needed. Nitrus is already doing a lot of testing and we are progressing fast. As far as I can tell implementing 6to4 6in4 6rd won't take as much time as adding all the stuff I needed for native/native-pd


If you would like testers for 6to4/6in4 (Tunnelbroker/HE), I'd be happy to assist. I'm very much looking forward to this being doable in the webif. Thanks for all your work on this! Smile
s-f-r-j
DD-WRT User


Joined: 27 Sep 2011
Posts: 236

PostPosted: Mon Aug 04, 2014 19:53    Post subject: Reply with quote
6rd here Smile up and running with James's script.
DaveTheNerd
DD-WRT User


Joined: 15 Jul 2008
Posts: 317

PostPosted: Mon Aug 04, 2014 20:23    Post subject: Reply with quote
JAMESMTL wrote:
Correct the default firewall blocks all icmpv6 forwarding to clients behind the router. Most people feel more secure in having this traffic blocked however rfc4890 and the rfcs mentioned within state that all hosts should permit some of icmpv6 traffic to pass. [...] Somewhere back on page 5 or so I posted a slightly modified rfc4990 reference script which can be used with ddwrt.


Thanks, James! For those interested in the location of the reference script, it's right here.

Quote:
Note ipv6 via ddwrt webif is brand new and kong is working on implementing various ipv6 components.


Indeed... This is awesome work that kong is doing, and also awesome help that you and Nitrus and everyone else here are doing. Thank you SO much!
JAMESMTL
DD-WRT Guru


Joined: 13 Mar 2014
Posts: 856
Location: Montreal, QC

PostPosted: Mon Aug 04, 2014 23:21    Post subject: Reply with quote
twalls wrote:
<Kong> wrote:
But JAMESMTL is the master of IPV6 and already gave me the input I needed. Nitrus is already doing a lot of testing and we are progressing fast. As far as I can tell implementing 6to4 6in4 6rd won't take as much time as adding all the stuff I needed for native/native-pd


If you would like testers for 6to4/6in4 (Tunnelbroker/HE), I'd be happy to assist. I'm very much looking forward to this being doable in the webif. Thanks for all your work on this! Smile


@Kong - lol, well that was good for a laugh. Master of ipv6 not even close, I just played with it way too much (now where have I heard that before). I tell ya I learn new stuff every day.

@twalls - I'm a huge fan of HE's 6in4. I actually prefer it over my ISPs 6rd. Static prefixes, incredibly simple to setup. All of 7 lines of code to setup a /64 on br0, 9 in total for additional /64s on wl0.1 and wl1.1. And best of all access to US netflix. What more can you ask for. I love the /48s they provide.
twalls
DD-WRT Novice


Joined: 04 May 2014
Posts: 39

PostPosted: Tue Aug 05, 2014 0:04    Post subject: Reply with quote
JAMESMTL wrote:
@twalls - I'm a huge fan of HE's 6in4. I actually prefer it over my ISPs 6rd. Static prefixes, incredibly simple to setup. All of 7 lines of code to setup a /64 on br0, 9 in total for additional /64s on wl0.1 and wl1.1. And best of all access to US netflix. What more can you ask for. I love the /48s they provide.


I've used them before with scripts I've cobbled together from here in the past. I was happy with them as well. While the new additions to the webif are very welcome, it makes me less inclined to try on my own with the tunnel because I don't want it to conflict with anything being done with the default scripts. I guess I could leave everything "disabled" in the webif and just load modules for IPv6, radvd, ip6tables, etc. on my own?

Edit: Also, I'm curious what extra 2 lines you're using to hand out addresses to your guest networks...
JAMESMTL
DD-WRT Guru


Joined: 13 Mar 2014
Posts: 856
Location: Montreal, QC

PostPosted: Tue Aug 05, 2014 1:28    Post subject: Reply with quote
twalls wrote:
JAMESMTL wrote:
@twalls - I'm a huge fan of HE's 6in4. I actually prefer it over my ISPs 6rd. Static prefixes, incredibly simple to setup. All of 7 lines of code to setup a /64 on br0, 9 in total for additional /64s on wl0.1 and wl1.1. And best of all access to US netflix. What more can you ask for. I love the /48s they provide.


I've used them before with scripts I've cobbled together from here in the past. I was happy with them as well. While the new additions to the webif are very welcome, it makes me less inclined to try on my own with the tunnel because I don't want it to conflict with anything being done with the default scripts. I guess I could leave everything "disabled" in the webif and just load modules for IPv6, radvd, ip6tables, etc. on my own?

Edit: Also, I'm curious what extra 2 lines you're using to hand out addresses to your guest networks...


You just need to enable ipv6 and select native ipv6 with current versions. Oh ya and add the code needed to overwrite default firewall at the end.

Where
Client ipv6 address : 2001:470:AAAA:AAAA::2/64
Routed /48 : 2001:470:BBBB::/48
Server IPv4 Address : 209.51.161.14

Code:

#!/bin/sh
iptables -I INPUT -s 66.220.2.74 -p icmp -j ACCEPT

ip tunnel add he-ipv6 mode sit ttl 64 local $(nvram get wan_ipaddr) remote 209.51.161.14
ip link set he-ipv6 mtu 1480
ip link set he-ipv6 up

ip -6 addr add 2001:470:AAAA:AAAA::2/64 dev he-ipv6
ip -6 addr add 2001:470:BBBB:1::1/64 dev br0
ip -6 addr add 2001:470:BBBB:2::1/64 dev wl0.1
ip -6 addr add 2001:470:BBBB:3::1/64 dev wl1.1

ip -6 route add 2000::/3 dev he-ipv6


You just assign separate /64 prefixes from your /48 to wl0.1 and wl1.1. It's that simple.

Obviously you need to set up radvd to broadcast on each interface. If you don't want to use webif you can just append this to the end of the above.

Code:

for proc in `ps | grep [r]advd  | awk '{ print $1 }'`;do
   kill -9 $proc
done

cat > /tmp/radvd-he.conf << EOF
interface br0 {
   MinRtrAdvInterval 3;
   MaxRtrAdvInterval 10;
   AdvLinkMTU 1480;
   AdvSendAdvert on;
   AdvOtherConfigFlag off;
   AdvManagedFlag off;
   AdvReachableTime 0;
   AdvRetransTimer 0;
   prefix ::/64 {
      AdvOnLink on;
      AdvAutonomous on;
      AdvRouterAddr off;
      AdvValidLifetime 86400;
      AdvPreferredLifetime 86400;
   };
        RDNSS 2001:470:20::2 {};
};

interface wl0.1 {
   MinRtrAdvInterval 3;
   MaxRtrAdvInterval 10;
   AdvLinkMTU 1480;
   AdvSendAdvert on;
   AdvOtherConfigFlag off;
   AdvManagedFlag off;
   AdvReachableTime 0;
   AdvRetransTimer 0;
   prefix ::/64 {
      AdvOnLink on;
      AdvAutonomous on;
      AdvRouterAddr off;
      AdvValidLifetime 86400;
      AdvPreferredLifetime 86400;
   };
        RDNSS 2001:470:20::2 {};
};

interface wl1.1 {
   MinRtrAdvInterval 3;
   MaxRtrAdvInterval 10;
   AdvLinkMTU 1480;
   AdvSendAdvert on;
   AdvOtherConfigFlag off;
   AdvManagedFlag off;
   AdvReachableTime 0;
   AdvRetransTimer 0;
   prefix ::/64 {
      AdvOnLink on;
      AdvAutonomous on;
      AdvRouterAddr off;
      AdvValidLifetime 86400;
      AdvPreferredLifetime 86400;
   };
        RDNSS 2001:470:20::2 {};
};
EOF

radvd -C /tmp/radvd-he.conf


FYI I use dnsomatic as my ddns provider and they have an option to update your HE tunnel endpoint in addition to any other ddns provider(s) you may use.
DaveTheNerd
DD-WRT User


Joined: 15 Jul 2008
Posts: 317

PostPosted: Tue Aug 05, 2014 12:05    Post subject: IPv6 and QoS? Reply with quote
Just was thinking about this and with its separate firewall, etc, does DD-WRT still apply QoS rules to the IPv6 traffic that passes through it? Or is that bypassed entirely?
JAMESMTL
DD-WRT Guru


Joined: 13 Mar 2014
Posts: 856
Location: Montreal, QC

PostPosted: Tue Aug 05, 2014 15:12    Post subject: Reply with quote
DaveTheNerd wrote:
JAMESMTL wrote:
Correct the default firewall blocks all icmpv6 forwarding to clients behind the router. Most people feel more secure in having this traffic blocked however rfc4890 and the rfcs mentioned within state that all hosts should permit some of icmpv6 traffic to pass. [...] Somewhere back on page 5 or so I posted a slightly modified rfc4990 reference script which can be used with ddwrt.


Thanks, James! For those interested in the location of the reference script, it's right here.

Quote:
Note ipv6 via ddwrt webif is brand new and kong is working on implementing various ipv6 components.


Indeed... This is awesome work that kong is doing, and also awesome help that you and Nitrus and everyone else here are doing. Thank you SO much!


Just a quick warning, the reference script is meant to be run as either a wanup or ipup script via /jffs. DO NOT RUN FROM WEBIF as the timings will not work and the size of the script with all of the comments etc can take up all available nvram.
<Kong>
DD-WRT Guru


Joined: 15 Dec 2010
Posts: 4339
Location: Germany

PostPosted: Tue Aug 05, 2014 15:43    Post subject: Reply with quote
JAMESMTL wrote:
twalls wrote:
JAMESMTL wrote:
@twalls - I'm a huge fan of HE's 6in4. I actually prefer it over my ISPs 6rd. Static prefixes, incredibly simple to setup. All of 7 lines of code to setup a /64 on br0, 9 in total for additional /64s on wl0.1 and wl1.1. And best of all access to US netflix. What more can you ask for. I love the /48s they provide.


I've used them before with scripts I've cobbled together from here in the past. I was happy with them as well. While the new additions to the webif are very welcome, it makes me less inclined to try on my own with the tunnel because I don't want it to conflict with anything being done with the default scripts. I guess I could leave everything "disabled" in the webif and just load modules for IPv6, radvd, ip6tables, etc. on my own?

Edit: Also, I'm curious what extra 2 lines you're using to hand out addresses to your guest networks...


You just need to enable ipv6 and select native ipv6 with current versions. Oh ya and add the code needed to overwrite default firewall at the end.

Where
Client ipv6 address : 2001:470:AAAA:AAAA::2/64
Routed /48 : 2001:470:BBBB::/48
Server IPv4 Address : 209.51.161.14

Code:

#!/bin/sh
iptables -I INPUT -s 66.220.2.74 -p icmp -j ACCEPT

ip tunnel add he-ipv6 mode sit ttl 64 local $(nvram get wan_ipaddr) remote 209.51.161.14
ip link set he-ipv6 mtu 1480
ip link set he-ipv6 up

ip -6 addr add 2001:470:AAAA:AAAA::2/64 dev he-ipv6
ip -6 addr add 2001:470:BBBB:1::1/64 dev br0
ip -6 addr add 2001:470:BBBB:2::1/64 dev wl0.1
ip -6 addr add 2001:470:BBBB:3::1/64 dev wl1.1

ip -6 route add 2000::/3 dev he-ipv6



Told you, your are the master. Just added 6in4 support based on your commands to my latest build, first try with HE tunnel resulted in:

http://test-ipv6.com (10/10)
http://ipv6-test.com (14/20)
http://test-ipv6.netiter.dk (20/20)

This was easy

I have to check again, as I had to lower the mtu, but the router was not directly connected to the internet. The 14/20 probably comes from the fact, that the main router still filters icmpv6:-)

_________________
KONG PB's: http://www.desipro.de/ddwrt/
KONG Info: http://tips.desipro.de/
s-f-r-j
DD-WRT User


Joined: 27 Sep 2011
Posts: 236

PostPosted: Tue Aug 05, 2014 15:58    Post subject: Reply with quote
Wohoo, nice!! good progress guys!!! Smile
twalls
DD-WRT Novice


Joined: 04 May 2014
Posts: 39

PostPosted: Tue Aug 05, 2014 16:10    Post subject: Reply with quote
Does running an OpenVPN server interfere with enabling IPv6 support? I know the stock firmware only let's you do one or the other. It makes sense that once everything is public, VPN-protected access becomes less necessary. However, not everything on my network supports IPv6, nor would I want NAS hosted by the router to be externally accessible.

For the 6in4 support, would it be possible to give options to use either a single /64 or /48, depending on how it is being used? The script above is great, and it is exciting to hear about support already getting added to the webif! Smile
JAMESMTL
DD-WRT Guru


Joined: 13 Mar 2014
Posts: 856
Location: Montreal, QC

PostPosted: Tue Aug 05, 2014 16:13    Post subject: Reply with quote
<Kong> wrote:
I have to check again, as I had to lower the mtu, but the router was not directly connected to the internet. The 14/20 probably comes from the fact, that the main router still filters icmpv6:-)


Now I feel honored. Good to hear it worked first shot.

The encapsulation has a 20 byte overhead and generally needs to be ISP MTU -20. Routers are not permitted to fragment ipv6 traffic so if mtu is too high some odd behavior will be exhibited.i find the http://test-ipv6.netiter.dk/ test is a good one to check basic connectivity.

I really do find HE is the best tunnel provider and is far simpler to setup compared to freenet or sixxs.

Welcome to the ipv6 world

*** Worst case scenario an MTU of 1280 can be used as it's the minimum ipv6 permitted


Last edited by JAMESMTL on Tue Aug 05, 2014 16:25; edited 1 time in total
JAMESMTL
DD-WRT Guru


Joined: 13 Mar 2014
Posts: 856
Location: Montreal, QC

PostPosted: Tue Aug 05, 2014 16:20    Post subject: Reply with quote
twalls wrote:

For the 6in4 support, would it be possible to give options to use either a single /64 or /48, depending on how it is being used? The script above is great, and it is exciting to hear about support already getting added to the webif! Smile


The same script works the same for /64. Just don't assign /64s to wl0.1 or wl1.1 etc

The br0 line would be
ip -6 addr add 2001:470:BBBB:BBBB::1/64 dev br0
<Kong>
DD-WRT Guru


Joined: 15 Dec 2010
Posts: 4339
Location: Germany

PostPosted: Tue Aug 05, 2014 16:26    Post subject: Reply with quote
JAMESMTL wrote:
<Kong> wrote:
I have to check again, as I had to lower the mtu, but the router was not directly connected to the internet. The 14/20 probably comes from the fact, that the main router still filters icmpv6:-)


Now I feel honored. Good to hear it worked first shot.

The encapsulation has a 20 byte overhead and generally needs to be ISP MTU -20. Routers are not permitted to fragment ipv6 traffic so if mtu is too high some odd behavior will be exhibited.i find the http://test-ipv6.netiter.dk/ test is a good one to check basic connectivity.

I really do find HE is the best tunnel provider and is far simpler to setup compared to freenet or sixxs.

Welcome to the ipv6 world


OK, I'm on DSL (1492) thus will try with 1472 later on.

_________________
KONG PB's: http://www.desipro.de/ddwrt/
KONG Info: http://tips.desipro.de/
Goto page Previous  1, 2, 3 ... 15, 16, 17 ... 35, 36, 37  Next Display posts from previous:    Page 16 of 37
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum