Posted: Fri Jan 31, 2014 13:28 Post subject: R7000 and IPv6
I just installed a Netgear R7000 with K3-AC-ARM r23430 connected to an motorola SB6121 cable modem. I have the basics working.
If I connect the SB6121 directly to a linux box I can run dhclient -6 -P -d -v and get a /64 prefix. Then with radvd running on my internal interface I can have machines autoconfigure to pick up an IPv6 address. Said IPv6 connection machines can ping6 www.facebook.com and the like.
If I try the same with wide-dhcpv6-client I can get a /60 prefix, then I can use radvd to provide a /64 per vlan.
However if direct connect the sb6121 to the WAN connection of the R7000 and click on enable IPv6 if I run ifconfig on the router I see only lines like:
inet6 addr: fe80::c604:15ff:fe17:a5dc/64 Scope:Link
I see none with Scope:Global. IPv4 connectivity is working fine.
If I run lsmod I see the ipv6 module loaded.
I read the dd-wrt IPv6 page without finding anything. This new build already has ip6tables,
Do I need to do something else to enable the R7000 to grab a /64?
Is there package or repo for a DHCP client that knows about the IA_PD flag to ask for a /60?
Perhaps, one of the v6 clients will grab PD for you. _________________ Asus RT-AC66R Target:brcm47xx SubTarget:mips74k Packages:mipsel_74kc
Netgear R7000 Target:bcm53xx Packages:arm_cortex-a9
Posted: Fri Jan 31, 2014 15:35 Post subject: Re: R7000 and IPv6
sliken wrote:
I just installed a Netgear R7000 with K3-AC-ARM r23430 connected to an motorola SB6121 cable modem. I have the basics working.
If I connect the SB6121 directly to a linux box I can run dhclient -6 -P -d -v and get a /64 prefix. Then with radvd running on my internal interface I can have machines autoconfigure to pick up an IPv6 address. Said IPv6 connection machines can ping6 www.facebook.com and the like.
If I try the same with wide-dhcpv6-client I can get a /60 prefix, then I can use radvd to provide a /64 per vlan.
However if direct connect the sb6121 to the WAN connection of the R7000 and click on enable IPv6 if I run ifconfig on the router I see only lines like:
inet6 addr: fe80::c604:15ff:fe17:a5dc/64 Scope:Link
I see none with Scope:Global. IPv4 connectivity is working fine.
If I run lsmod I see the ipv6 module loaded.
I read the dd-wrt IPv6 page without finding anything. This new build already has ip6tables,
Do I need to do something else to enable the R7000 to grab a /64?
Is there package or repo for a DHCP client that knows about the IA_PD flag to ask for a /60?
IPv6 is almost NEVER used. Good luck, not many people need it. IPv4 works perfectly fine.
Perhaps, one of the v6 clients will grab PD for you.
Perfect, thanks. That looks very promising. I already have wide-dhcp6 working on my linux desktop. It's at the repo you linked to, looks like it shouldn't be too hard to get going.
Posted: Sat Feb 01, 2014 3:31 Post subject: Re: R7000 and IPv6
NoobWRT wrote:
IPv6 is almost NEVER used. Good luck, not many people need it. IPv4 works perfectly fine.
Heh, I won't argue against IPv4 being popular. However I'd like to point out that stock router firmware is good enough for most. Currently the stock R7000 firmware is doing better then DDWRT with IPv6, at least for me. OpenWRT support looks pretty good. I've not tried it, but they do have the wide-dhcp6 client that is the best I've found for asking for /60 prefix.
IPv6 isn't particularly rare these days. Wiki claims 4% of domains and 16.2% of networks back in Sept 2013. Comcast has over 25% of it's customers running full dual stack IPv6. I was highly amused when a friend with a mac sent me a IPv6 traceroute without actually trying to run IPv6.
The Comcast IPv6 deployment graphs I've seen show impressive growth. Oct 2013 was 8%, Nov 2013 was 16%.
I was hoping DDWRT would be closer to the leading edge than the trailing.
Personally I was hoping that my home network could be more like the rest of the internet. DNSSEC, DNS, allowing incoming network connections, not requiring 3rd party servers to communicate, etc.
Why shouldn't my smart phone be able to open my garage door, even if I'm not home? Or mount a filesystem from home to wherever I am. Or map out complex relationships for network port * network clients port forwards. Is it too much to ask to be able to print something at home when I'm at work?
Sure IPv4 has ugly hacks for this TURN, STUN, Masq/NAT, port forwarding, etc.
Posted: Sat Feb 01, 2014 7:56 Post subject: Re: R7000 and IPv6
sliken wrote:
NoobWRT wrote:
IPv6 is almost NEVER used. Good luck, not many people need it. IPv4 works perfectly fine.
Heh, I won't argue against IPv4 being popular. However I'd like to point out that stock router firmware is good enough for most. Currently the stock R7000 firmware is doing better then DDWRT with IPv6, at least for me. OpenWRT support looks pretty good. I've not tried it, but they do have the wide-dhcp6 client that is the best I've found for asking for /60 prefix.
IPv6 isn't particularly rare these days. Wiki claims 4% of domains and 16.2% of networks back in Sept 2013. Comcast has over 25% of it's customers running full dual stack IPv6. I was highly amused when a friend with a mac sent me a IPv6 traceroute without actually trying to run IPv6.
The Comcast IPv6 deployment graphs I've seen show impressive growth. Oct 2013 was 8%, Nov 2013 was 16%.
I was hoping DDWRT would be closer to the leading edge than the trailing.
Personally I was hoping that my home network could be more like the rest of the internet. DNSSEC, DNS, allowing incoming network connections, not requiring 3rd party servers to communicate, etc.
Why shouldn't my smart phone be able to open my garage door, even if I'm not home? Or mount a filesystem from home to wherever I am. Or map out complex relationships for network port * network clients port forwards. Is it too much to ask to be able to print something at home when I'm at work?
Sure IPv4 has ugly hacks for this TURN, STUN, Masq/NAT, port forwarding, etc.
Personally I find IPv6 well worth it.
Only a few home users benefit from IPV6, only a small percentage of people wants to access every device directly from the internet.
The are more drawbacks for the home user:
-no privacy, with ipv6 you are completely trackable and since lots of providers share info + things like google apis, they know everything you do
-all your devices are directly accessible from the internet which will open the door wide open for hackers to take over control, I don't want my android that doesn't get any updates directly accessable _________________ KONG PB's: http://www.desipro.de/ddwrt/
KONG Info: http://tips.desipro.de/
Posted: Sat Feb 01, 2014 12:26 Post subject: Re: R7000 and IPv6
<Kong> wrote:
-no privacy, with ipv6 you are completely trackable and since lots of providers share info + things like google apis, they know everything you do
3 letter agencies from USA disagree with you. They are very unhappy with IPv6 roll-out and possibilities it offers.
With v4 we get 1 IP address, most of the time static, with /64 block I get, I don't know? quadrillions to chose from?
I can randomize them at my will every minute, choose Privacy Extensions for SLAAC, manual set up or even encrypt my address.
http://www.ietf.org/rfc/rfc3041.txt http://www.ietf.org/rfc/rfc3972.txt
and this is just beginning
Quote:
-all your devices are directly accessible from the internet which will open the door wide open for hackers to take over control, I don't want my android that doesn't get any updates directly accessable
Then turn the IP interface on it off. Even better, filter the device at the firewall based on port, MAC,
IP address, direction...
Who else can come up with more creative ways if not you? _________________ Asus RT-AC66R Target:brcm47xx SubTarget:mips74k Packages:mipsel_74kc
Netgear R7000 Target:bcm53xx Packages:arm_cortex-a9
Posted: Sat Feb 01, 2014 12:32 Post subject: Re: R7000 and IPv6
NoobWRT wrote:
IPv6 is almost NEVER used. Good luck, not many people need it. IPv4 works perfectly fine.
If IPv4 works for you then nothing to worry about. During Phase III your IPv4 traffic will be simply tunneled over v6 network. _________________ Asus RT-AC66R Target:brcm47xx SubTarget:mips74k Packages:mipsel_74kc
Netgear R7000 Target:bcm53xx Packages:arm_cortex-a9
Perfect, thanks. That looks very promising. I already have wide-dhcp6 working on my linux desktop. It's at the repo you linked to, looks like it shouldn't be too hard to get going.
Great. Please post configuration files once you get this working. _________________ Asus RT-AC66R Target:brcm47xx SubTarget:mips74k Packages:mipsel_74kc
Netgear R7000 Target:bcm53xx Packages:arm_cortex-a9
Posted: Sat Feb 01, 2014 13:19 Post subject: Re: R7000 and IPv6
hanskloss wrote:
<Kong> wrote:
-no privacy, with ipv6 you are completely trackable and since lots of providers share info + things like google apis, they know everything you do
3 letter agencies from USA disagree with you. They are very unhappy with IPv6 roll-out and possibilities it offers.
With v4 we get 1 IP address, most of the time static, with /64 block I get, I don't know? quadrillions to chose from?
I can randomize them at my will every minute, choose Privacy Extensions for SLAAC, manual set up or even encrypt my address.
http://www.ietf.org/rfc/rfc3041.txt http://www.ietf.org/rfc/rfc3972.txt
and this is just beginning
Yes the address space would allow it, but not one provider implements IPV6 in a way, that your examples work. And companies have no interest in this, they all profit by deanonymizing users.
Years ago I implemented an "enterprise" tracking system to identify users + track their route through the internet in order to generate profiles that are then used to show them appropriate ads.
And because most people have no clue and logon to social networks/webmail etc with their realnames, you can't just trakc random IPs but you can track users by their name:-)
Quote:
Quote:
-all your devices are directly accessible from the internet which will open the door wide open for hackers to take over control, I don't want my android that doesn't get any updates directly accessable
Then turn the IP interface on it off. Even better, filter the device at the firewall based on port, MAC,
IP address, direction...
Who else can come up with more creative ways if not you?
What do I gain from this, I have extra work doing this which requires even more knowledge then before.
IPV6 is like Windows Vista, a testbed that everyone wants to avoid, once users stand up and criticize it enough we will see the needed changes that are important for the end user
P.S. Although I'm not a fan of IPV6. IPV6 support in dd-wrt will improve once someone has time for it. I checked out IPV6 code from netgear and it is not very complex. Most is done with radvd which we already use. radvd should work in 90% of the use cases and with a bit of reading most users should be able to set it up. Our biggest problem is, that BS and myself are on IPV4 thus, we can't just do a qwuick test and add a few lines and thus costs us more time. _________________ KONG PB's: http://www.desipro.de/ddwrt/
KONG Info: http://tips.desipro.de/
Posted: Sat Feb 01, 2014 14:36 Post subject: Re: R7000 and IPv6
<Kong> wrote:
What do I gain from this, I have extra work doing this which requires even more knowledge then before.
On the surface, not sure about developer side but for me, end user, it was surprise how simple IPv6 is and why on earth I didn't explore this topic before.
Quote:
P.S. Although I'm not a fan of IPV6. IPV6 support in dd-wrt will improve once someone has time for it. I checked out IPV6 code from netgear and it is not very complex. Most is done with radvd which we already use. radvd should work in 90% of the use cases and with a bit of reading most users should be able to set it up.
Thank you for your excellent support and frequent releases. Although radvd works many ISPs (because of Windows users) will implement DHCPv6.
Native client like wide-dhcpv6 would help us tremendously. Another sour spot are iptables still at 1.3.7 Can we have >= 1.4.0 version?
Also when I try login to the router with IPv6 address nothing happens
http://[FE80::BAAD:BAAD:BEEF:1]:80
ssh and telnet work!
Quote:
Our biggest problem is, that BS and myself are on IPV4 thus, we can't just do a qwuick test and add a few lines and thus costs us more time.
https://www.tunnelbroker.net/ and dual-stack for internal network? I'm sure that myself and others will be happy to test each change and feature. _________________ Asus RT-AC66R Target:brcm47xx SubTarget:mips74k Packages:mipsel_74kc
Netgear R7000 Target:bcm53xx Packages:arm_cortex-a9
Last edited by hanskloss on Sun Feb 09, 2014 21:46; edited 1 time in total
Posted: Sun Feb 02, 2014 23:07 Post subject: Re: R7000 and IPv6
<Kong> wrote:
Only a few home users benefit from IPV6
I agree, but I think that's more of a missed opportunity. Something that DDWRT could fix. Home users being second class citizens drives people to use 3rd party services like dropbox, glympse, etc.
If I buy a Schlage lock why should I have to pay for a website to control my lock? Similar for home automation, monitoring power use, monitoring solar panels, home security, listening to music, etc.
If incoming connectivity was easy I suspect there'd be many more apps that would use it.
<Kong> wrote:
, only a small percentage of people wants to access every device directly from the internet.
Sure, although they don't know what they are missing. How many people of accidentally left an important file at home? How many users pay per month to minimize (but not avoid) that problem?
<Kong> wrote:
The are more drawbacks for the home user:
-no privacy, with ipv6 you are completely trackable and since lots of providers share info + things like google apis, they know everything you do
Seems like having a single IPv4 instead of a bunch of IPv6 doesn't change that much. Also say I listen to music, what reveals more about me? Paying some service to play every track? Or sourcing bitstream from my home network to whatever device I'm currently using?
It's very hard to track a user with cookies, ads, session keys, etc when they aren't using one of your services. Sure traffic analysis can be done.
<Kong> wrote:
-all your devices are directly accessible from the internet which will open the door wide open for hackers to take over control, I don't want my android that doesn't get any updates directly accessable
I'm not arguing against firewalls. My normal machines only have ssh open, which requires a key (no passwords accepted). Most tablets and smartphones accept no incoming connections anyways. Sure I wouldn't put a windows box on a public network.
Great. Please post configuration files once you get this working.
I have wide-dhcpv6 and radvd working now on a linux desktop. Radvd is in the current korg build, wide-dhcpv6 seems to be coming soon via the openwrt repo. I believe the next korg build will enable the openwrt repo.
The config files, this one is for wide-dhcpv6, it asks for a /60 prefix and allows up to 16 /64 VLANS.
The device names will be different in DDWRT. Eth0 is the external/WAN network and eth1 is for my internal network.
Posted: Sun Feb 02, 2014 23:38 Post subject: Re: R7000 and IPv6
sliken wrote:
I agree, but I think that's more of a missed opportunity. Something that DDWRT could fix. Home users being second class citizens drives people to use 3rd party services like dropbox, glympse, etc.
If I buy a Schlage lock why should I have to pay for a website to control my lock? Similar for home automation, monitoring power use, monitoring solar panels, home security, listening to music, etc.
If incoming connectivity was easy I suspect there'd be many more apps that would use it.
I don't see a problem, using a dyndns service + port forwarding. You don't even have to type a cryptic IP.
Quote:
It's very hard to track a user with cookies, ads, session keys, etc when they aren't using one of your services. Sure traffic analysis can be done.
See that's the problem, users don't know. Simple example:
You have a google account, once you logon they have your IP + Name. Since 90% of all websites pull in some crap from google, e.g. apis.google.com, google-analytics.com, everytime you visit a site you load some google content and google sees the ip + origin and therefore knows which site you visited.
Why do you think google offers so much things for free, because they are the saver of the earth?
Posted: Sun Feb 02, 2014 23:39 Post subject: Re: R7000 and IPv6
<Kong> wrote:
Yes the address space would allow it, but not one provider implements IPV6 in a way, that your examples work. And companies have no interest in this, they all profit by deanonymizing users.
Letting users run their own services increases user privacy.
<Kong> wrote:
What do I gain from this, I have extra work doing this which requires even more knowledge then before.
If it works just like the stock netgear firmware I think I could get the rest working. I'd be happy to put up a HOWTO for comcast users, and it would apply generally to any native IPv6 user.
<Kong> wrote:
IPV6 is like Windows Vista, a testbed that everyone wants to avoid, once users stand up and criticize it enough we will see the needed changes that are important for the end user
DOCSIS 3.0, comcast, netgear and many others are pushing for IPv6. Google, facebook, and many other large sites are spending time and resources being IPv6 capable. I argue that IPv6 has MUCH more to offer the have nots (home users under control of their ISP) then it does to huge corporation.
<Kong> wrote:
P.S. Although I'm not a fan of IPV6. IPV6 support in dd-wrt will improve once someone has time for it. I checked out IPV6 code from netgear and it is not very complex. Most is done with radvd which we already use. radvd should work in 90% of the use cases and with a bit of reading most users should be able to set it up. Our biggest problem is, that BS and myself are on IPV4 thus, we can't just do a qwuick test and add a few lines and thus costs us more time.
I'm hoping that your current plan for supporting the ARM platform OpenWRT repo will be enough for me to get things working. Then you/whoever can pick and choose what is easy to further integrate into DDWRT.