R7000 and IPv6

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Goto page Previous  1, 2, 3, ... 35, 36, 37  Next
Author Message
sliken
DD-WRT Novice


Joined: 31 Jan 2014
Posts: 10

PostPosted: Thu Feb 06, 2014 14:07    Post subject: Re: R7000 and IPv6 Reply with quote
Just a quote note. I tried the newest r23490.

I don't have nice clean startup scripts, but with a few sysctl commands, radvd, and wide-dhcp-client it all works.

ping6 works, and the IPv6 readyness test I ran gve me 10/10.

I'll post details later. Thanks Kong.

The router picks up a /60 then gives br0 a /64.
Sponsor
BasCom
DD-WRT Guru


Joined: 29 Jul 2009
Posts: 1378
Location: Germany

PostPosted: Thu Feb 06, 2014 18:54    Post subject: Reply with quote
i am running native ipv6 on dd-wrt since month ( almost ) perfectly with wide-dhcp6c. but be aware: install some basic ip6tables rules.
_________________
RT-N66U @ Build 25697M K3.10.63
TL-WR842ND v1 @ BS-build 23919 WDS AP
TL-WR841ND @ BS-build 23919 WDS Client
TL-WR841ND @ BS-build 23919 Client Bridge ( Routed )
sliken
DD-WRT Novice


Joined: 31 Jan 2014
Posts: 10

PostPosted: Fri Feb 07, 2014 4:08    Post subject: Reply with quote
BasCom wrote:
i am running native ipv6 on dd-wrt since month ( almost ) perfectly with wide-dhcp6c. but be aware: install some basic ip6tables rules.


Do you statically assign IPs? Using autoconfig locally? Got a script for starting radvd, wide-dhcp, and the various sysctl tweaks?

I think this is what is required from the default config:
sysctl -w net.ipv6.conf.vlan2.accept_ra=2
sysctl -w net.ipv6.conf.all.forwarding=1
sysctl -w net.ipv6.conf.vlan2.forwarding=0
BasCom
DD-WRT Guru


Joined: 29 Jul 2009
Posts: 1378
Location: Germany

PostPosted: Fri Feb 07, 2014 13:56    Post subject: Reply with quote
sysctl is not needed, btw i do not use it.

i do get 56 prefix from german telekom and give it with radvd to local clients.

_________________
RT-N66U @ Build 25697M K3.10.63
TL-WR842ND v1 @ BS-build 23919 WDS AP
TL-WR841ND @ BS-build 23919 WDS Client
TL-WR841ND @ BS-build 23919 Client Bridge ( Routed )
sliken
DD-WRT Novice


Joined: 31 Jan 2014
Posts: 10

PostPosted: Wed Feb 12, 2014 6:08    Post subject: Reply with quote
BasCom wrote:
sysctl is not needed, btw i do not use it.

i do get 56 prefix from german telekom and give it with radvd to local clients.


Odd. I've upgraded and reset my DDWRT install with the current release a few times in the last week or two.

I've got the tweaks down to a minumum:
1) enable ssh, turn off passwords, add certificate
2) enable jffs2
3) enable syslog to my desktop
4) mount -o bind /jffs2/opt /opt
5) ipkg update
6) ipkg install wide-dhcpv6-client
7) copy in a radvd.conf (via web ui or command line)
8 ) copy in dhcpv6.conf
9) launch dhcpv6

Then if I try ping6, facebook:

# sysctl net.ipv6.conf.vlan2.accept_ra
net.ipv6.conf.vlan2.accept_ra = 1
# ping6 www.facebook.com
PING www.facebook.com (2a03:2880:f00d:501:face:b00c:0:1): 56 data bytes
ping6: sendto: Network is unreachable

Then if I use sysctl:
# sysctl -w net.ipv6.conf.vlan2.accept_ra=2
net.ipv6.conf.vlan2.accept_ra = 2
root@DD-WRT:~# ping6 www.facebook.com
PING www.facebook.com (2a03:2880:f00d:201:face:b00c:0:1): 56 data bytes
64 bytes from 2a03:2880:f00d:201:face:b00c:0:1: seq=1 ttl=56 time=20.484 ms

How do you get the prefix given to you by your provider into the radvd.conf? Or is your prefix always static?
BasCom
DD-WRT Guru


Joined: 29 Jul 2009
Posts: 1378
Location: Germany

PostPosted: Wed Feb 12, 2014 12:44    Post subject: Reply with quote
no, it is not static. but that is for RT-N66U device.
should not be different for R7000. do you use pppoe for wan ?

myconifg:

Enable IPV6 and RADVD in DD-WRT
installed wide-dhcp6 client binary manually onto sdcard
every STARTUP it executes script "load-ipv6.sh which contains

Code:

#!/bin/sh

## Erstmal ein Satz Module laden !!

insmod nf_defrag_ipv6
insmod ip6_tables.ko
insmod nf_conntrack_ipv6.ko
insmod ip6table_filter.ko

## Ein paar grundlegende IP Tables Regeln

ip6tables -F INPUT
ip6tables -F FORWARD
ip6tables -F OUTPUT
ip6tables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
ip6tables -A INPUT -p icmpv6 -j ACCEPT
ip6tables -A INPUT  -s fe80::/64 -j ACCEPT
ip6tables -A INPUT -j DROP
ip6tables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
ip6tables -A FORWARD -o ppp0 -j ACCEPT
ip6tables -A FORWARD -j DROP


then, on ever WANUP it executes another script called
ipv6.wanup

Code:

#!/bin/sh

# delete old ipv6 adresses from interfaces first

for ip in `ifconfig br0 | grep Global | awk '{ print $3 }'`; do
ip addr del $ip dev br0
done
for ip in `ifconfig lo | grep Global | awk '{ print $3 }'`; do
ip addr del $ip dev lo
done

for v6 in `ps | grep /opt/usr/sbin/dhcp6c |awk '{ print $1 }'`;do
kill -9 $v6
rm /var/run/dhcp6c.pid
done

# start dhcp6 client
/opt/usr/sbin/dhcp6c -c /opt/etc/dhcp6c.conf ppp0

## set default route for ipv6
ip -6 route add 0::0/0 dev ppp0


radvd config looks like this:
Code:

interface br0
{
AdvSendAdvert on;
         MinRtrAdvInterval 30;
        MaxRtrAdvInterval 100;
        prefix ::/64 {
        AdvValidLifetime 86400;
                AdvPreferredLifetime 86400;
                AdvOnLink on;
                AdvAutonomous on;
        };
 RDNSS 2620:0:ccc::2 2620:0:ccd::2 {
};
};

_________________
RT-N66U @ Build 25697M K3.10.63
TL-WR842ND v1 @ BS-build 23919 WDS AP
TL-WR841ND @ BS-build 23919 WDS Client
TL-WR841ND @ BS-build 23919 Client Bridge ( Routed )
sliken
DD-WRT Novice


Joined: 31 Jan 2014
Posts: 10

PostPosted: Fri Feb 21, 2014 10:24    Post subject: Reply with quote
BasCom wrote:
no, it is not static. but that is for RT-N66U device.
should not be different for R7000. do you use pppoe for wan ?


No I just have ethernet to a cable modem without PPPoE. Many thanks for the details on your IPv6 configuration. I found them very useful.
BasCom
DD-WRT Guru


Joined: 29 Jul 2009
Posts: 1378
Location: Germany

PostPosted: Fri Feb 21, 2014 11:30    Post subject: Reply with quote
but at least, your own works, too
_________________
RT-N66U @ Build 25697M K3.10.63
TL-WR842ND v1 @ BS-build 23919 WDS AP
TL-WR841ND @ BS-build 23919 WDS Client
TL-WR841ND @ BS-build 23919 Client Bridge ( Routed )
NiTrus
DD-WRT User


Joined: 25 Dec 2010
Posts: 295
Location: Twin Cities, MN

PostPosted: Sun Mar 30, 2014 13:16    Post subject: Re: R7000 and IPv6 Reply with quote
sliken wrote:
Just a quote note. I tried the newest r23490.

I don't have nice clean startup scripts, but with a few sysctl commands, radvd, and wide-dhcp-client it all works.

ping6 works, and the IPv6 readyness test I ran gve me 10/10.

I'll post details later. Thanks Kong.

The router picks up a /60 then gives br0 a /64.



hi, can u post a detailed howto for us comcast users on howto get ipv6 working on r7000/Kong build?
thanks!!

_________________
NETGEAR R9000 | RT | 40134
NETGEAR R7800 | AP | 40134

JAMESMTL
DD-WRT Guru


Joined: 13 Mar 2014
Posts: 856
Location: Montreal, QC

PostPosted: Thu Apr 03, 2014 5:46    Post subject: Re: R7000 and IPv6 Reply with quote
NiTrus wrote:
sliken wrote:
Just a quote note. I tried the newest r23490.

I don't have nice clean startup scripts, but with a few sysctl commands, radvd, and wide-dhcp-client it all works.

ping6 works, and the IPv6 readyness test I ran gve me 10/10.

I'll post details later. Thanks Kong.

The router picks up a /60 then gives br0 a /64.



hi, can u post a detailed howto for us comcast users on howto get ipv6 working on r7000/Kong build?
thanks!!


You may want to look into these posts as well as those above

This guy got dhcp-pd working on ddwrt with comcast

http://fibredsum.wordpress.com/2012/08/10/adding-dhcpv6-pd-support-to-dd-wrt/

and this guy got it working on time warner with the r7000. It was based on the above post
http://www.dd-wrt.de/phpBB2/viewtopic.php?t=177443&start=600&sid=ec65fe7bfcc168474127eb83b55642c8

this was prior to Kong's repository so life should be easier now. Add to what you see in the above posts and you should have a working solution.

I'll be doing a dhcp-pd install on another r7000 in about a month but not for comcast but instruction should be identical since I use google dns.

If you get it going don't forget some basic ip6table rules like you see above as your last step. Not before.

Good luck
JAMESMTL
DD-WRT Guru


Joined: 13 Mar 2014
Posts: 856
Location: Montreal, QC

PostPosted: Fri Apr 04, 2014 6:14    Post subject: Reply with quote
Prior to my upcoming dhcp-pd ipv6 install I wanted to take care of a few issues I ran into with my 6rd ipv6 install at home.

Two issues I came across were :

1. radvd does not advertise ipv6 dns servers to windows clients via RDNSS. Linux and ios devices work just fine. Probably macs do too but I don't have one to test with.

2. radvd provides stateless configuration for ipv6 clients therefore you can't provide ipv6 dhcp ip reservations which is what I needed for my servers.

Since I am going to be installing wide-dhcpv6-client for dhcp-pd I decided to go with wide-dhcpv6-server for ipv6 stateful configuration. I also decided to create a static hosts file which will be used to dynamically create a dhcp6s conf file in the /tmp directory

Please note I have a hard drive attached to the r7000 with opt and jffs partitions

Step 1 - If you have not enabled opkg with Kong's repo run the following commands from the CLI

ipkg update
ipkg -force-depends install opkg
opkg update

See http://www.desipro.de/ddwrt/K3-AC-Arm/Changelog for details

Step 2 - run the following command from the CLI to install dhcp6s

opkg install wide-dhcpv6-server --nodeps

Step 3 - created a ipv6hosts.conf file in the /jffs/etc/config directory with my test config options. My test config file contained

----- start
mediaserver AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA :aaaa:bbbb:cccc:0160
mediacenter BB:BB:BB:BB:BB:BB:BB:BB:BB:BB:BB:BB:BB:BB ::0150
printer 00:03:00:01:FF:FF:FF:FF:FF:FF ::0100
--- end

Each line represents a static ipv6 address reservation.

The first value (ex. mediaserver) of each line is the hostname for the static ipv6 reservation

The second value is the DUID (ex. AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA) corresponding to the host. For a windows pc the DUID is available using ipconfig /all. wide-dhcpv6-server also supports DUID-LLs so if you don't have access to the DUID you can use the DUID-LL which the host's MAC address prepended by 00:03:00:01 as shown in the printer entry.

** Note DUID-LLs will only work for hosts that do not send a regular DUID. If you can't locate the duid for a host you can always run dhcp6s from the CLI in the foreground in debug mode "dhcp6s -f -D -c /tmp/dhcp6s.conf". Note you will need to create the conf file first.

The third value is the static IP (ex. aaaa:bbbb:cccc:0160) which will be appended to ipv6 prefix creating the static ip.

Step 4 - created a dhcp6s-br0-server.wanup file in the /jffs/etc/config directory on the r7000. Make sure the file is executable. The file contains

Code:
---- start
#!/bin/sh
# Name this script dhcp6s-br0-server.wanup to have the server listen on br0
# which will service vlan1, eth1, and eth2. If you wish to have additional instances of
# the server listen on other interfaces which are not bridged such as a guest network on wl0.1,
# make a copy of the script and name it dhcp6s-wl0.1-server.wanup
#
# The interface must be assigned a global IP prior to running the scipt.
# Short lease times have been used to refresh prefixes after wan ip changes

GetPrefix () {

   ipv6address=$(echo $1 | awk -F'/' '{print $1}' | sed -e :a -e 's/\b[0-9A-F]\{1,3\}\b/0&/gI;ta')
   ipv6subnet=$(echo $1 | awk -F'/' '{print $2}')
   presegments=$(echo $ipv6address | awk -F'::' '{print $1}'  | awk -F ':' '{print NF}')
   postsegments=$(echo $ipv6address | awk -F'::' '{print $2}'  | awk -F ':' '{print NF}')

   expandedipv6=$(echo $ipv6address | awk -F'::' '{print $1}' | sed 's/://g')
   expandedipv6=$expandedipv6$(for loop in $(seq $((8 - ($presegments + $postsegments))) ); do echo -n '0000'; done)
   expandedipv6=$expandedipv6$(echo $ipv6address | awk -F'::' '{print $2}' | sed 's/://g')

   if [ $((ipv6subnet % 4)) -ne 0 ] ; then
      prefix=$(echo $expandedipv6 | cut -c 0-$((ipv6subnet / 4 + 1)))
   else
      prefix=$(echo $expandedipv6 | cut -c 0-$((ipv6subnet / 4)))
   fi

   if [ $((ipv6subnet % 16)) -ne 0 ] ; then
      prefix=$(echo "$prefix"0000 | cut -c 0-$(((ipv6subnet / 16 + 1) * 16 / 4)))
   fi

   echo $prefix | sed 's/....\B/&:/g' | sed 's/\:0\{1,3\}/:/g'
}

netif=$(basename $0 |  awk -F '-' '{ print $2 }')

for proc in $(ps | grep [d]hcp6s.$netif.conf | awk '{ print $1 }');do
   kill -9 $proc
done

prefix=$(GetPrefix $(ifconfig $netif | grep Global | awk '{ print $3 }'))

cat > /tmp/dhcp6s.$netif.conf << EOF
option domain-name-servers 2001:4860:4860::8888 2001:4860:4860::8844;

interface $netif {
   allow rapid-commit;
   address-pool ipv6dhcp 30 86400;
};

pool ipv6dhcp {
   range $prefix::1000 to $prefix::ffff;
};
EOF

if [ "$netif" == "br0" ]; then
   while read line || [ -n "$line" ] ; do
      echo >> /tmp/dhcp6s.$netif.conf
      echo host $(echo $line | awk '{ print $1 }') { >> /tmp/dhcp6s.$netif.conf
      echo '   'duid $(echo $line | awk '{ print $2 }')';' >> /tmp/dhcp6s.$netif.conf
      echo '   'address $prefix$(echo $line | awk '{ print $3 }') 30';' >> /tmp/dhcp6s.$netif.conf
      echo '};' >> /tmp/dhcp6s.$netif.conf
   done < /jffs/etc/config/ipv6hosts.conf
fi

/opt/usr/sbin/dhcp6s -c /tmp/dhcp6s.$netif.conf $netif

echo "* * * * * root ps | grep -q [d]hcp6s.$netif.conf || /opt/usr/sbin/dhcp6s -c /tmp/dhcp6s.$netif.conf $netif" > /tmp/cron.d/dhcp6s.$netif
---- end


This script will dynamically create a dhcp6s.conf config file containing :
1. ipv6 dns server entries (google dns)
2. ipv6 host reservations based on the previous config file. The IPs created will have the static ip appended to the ipv6 prefix
3. Launch an instance of the wide-dhcpv6-server using the dynamic config file

Step 5 - add the following commands to radvd.conf file

AdvOtherConfigFlag on;
AdvManagedFlag on;

Example of my radvd.conf file

Code:
--- start
interface br0 {
   MinRtrAdvInterval 3;
   MaxRtrAdvInterval 10;
   AdvLinkMTU 1480;
   AdvSendAdvert on;
   AdvOtherConfigFlag on;
   AdvManagedFlag on;
   prefix ::/64 {
      AdvOnLink on;
      AdvAutonomous on;
      AdvValidLifetime 86400;
      AdvPreferredLifetime 86400;
   };
              RDNSS 2001:4860:4860::8888 2001:4860:4860::8844 {};
};
---- end


In the end I decided to go with only stateful addresses even though both stateful and stateless can coexist. In order to have only stateful addresses radvd.conf needs to be modified as follows

prefix ::/64 {
AdvAutonomous off;
};

rebooted the router followed by a reboot of the test servers and all is working. The Windows machines received fixed IPs and the ipv6 dns server was set to google's dns servers. My radvd.conf is created by a script which calculates the prefix as it assigned by my ISP.

Thanks to everyone who posted above me and the posts I reference in my previous post. Made my life a lot easier. I expect a dhcp-pd install should be fairly easy.

Other references
http://wiki.openwrt.org/doc/howto/ipv6

DUID-LL
http://blog.geoff.co.uk/2011/07/08/dhcpv6-surprises/

dhcp6s manpage
http://www.linuxmanpages.com/man5/dhcp6s.conf.5.php


Last edited by JAMESMTL on Sun Jun 22, 2014 8:28; edited 16 times in total
NiTrus
DD-WRT User


Joined: 25 Dec 2010
Posts: 295
Location: Twin Cities, MN

PostPosted: Sat Apr 05, 2014 17:59    Post subject: Reply with quote
**** UPDATED ON PAGE 4 ****

This is what i did to get ipv6 working: Comcast Native-IPv6

1-install wide-dhcpv6-client & install rdisc6 from: http://downloads.openwrt.org/attitude_adjustment/12.09/omap4/generic/packages/

2-go here: http://fibredsum.wordpress.com/2012/08/10/adding-dhcpv6-pd-support-to-dd-wrt/ follow steps 7-14..

3-install ip6tables (there are a few dependant files needed also) from above repository..

4-create a script called load-ipv6.sh with code below..thx to Bascom
put it in /jffs/etc/config

Code:

#!/bin/sh

## Erstmal ein Satz Module laden !!

insmod nf_defrag_ipv6
insmod ip6_tables.ko
insmod nf_conntrack_ipv6.ko
insmod ip6table_filter.ko

## Ein paar grundlegende IP Tables Regeln

ip6tables -F INPUT
ip6tables -F FORWARD
ip6tables -F OUTPUT
ip6tables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
ip6tables -A INPUT -p icmpv6 -j ACCEPT
ip6tables -A INPUT -s fe80::/64 -j ACCEPT
ip6tables -A INPUT -j DROP
ip6tables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
ip6tables -A FORWARD -j ACCEPT
ip6tables -A FORWARD -j DROP


5-make sure to add these to router startup scripts:
/jffs/etc/config/dhcp6c.wanup
/jffs/etc/config/rdisc6.wanup
/jffs/etc/config/load-ipv6.sh

6-reboot

7- goto http://test-ipv6.com

hopefully 10/10 on ipv6 test!!

_________________
NETGEAR R9000 | RT | 40134
NETGEAR R7800 | AP | 40134



Last edited by NiTrus on Sat May 17, 2014 12:52; edited 14 times in total
JAMESMTL
DD-WRT Guru


Joined: 13 Mar 2014
Posts: 856
Location: Montreal, QC

PostPosted: Sat Apr 05, 2014 18:25    Post subject: Reply with quote
NiTrus wrote:
This is what i did to get ipv6 working:

1- install wide-dhcpv6-client & install rdisc6 from: http://downloads.openwrt.org/attitude_adjustment/12.09/omap4/generic/packages/

2- after installing above, goto http://fibredsum.wordpress.com/2012/08/10/adding-dhcpv6-pd-support-to-dd-wrt/

3- follow steps 7-14

4- make sure you put:
/jffs/etc/config/dhcp6c.wanup
/jffs/etc/config/rdisc6.wanup
in router startup scripts..

5- reboot

6- goto http://test-ipv6.com

hopefully 10/10 on ipv6 test!!

now, to get ip6tables working?? hmmm


Awesome news

Did you just install the wide-dhcpv6-client and rdisc6 binaries manually or did you use ipkg pakages installer?
NiTrus
DD-WRT User


Joined: 25 Dec 2010
Posts: 295
Location: Twin Cities, MN

PostPosted: Sat Apr 05, 2014 18:38    Post subject: Reply with quote
JAMESMTL wrote:
NiTrus wrote:
This is what i did to get ipv6 working:

1- install wide-dhcpv6-client & install rdisc6 from: http://downloads.openwrt.org/attitude_adjustment/12.09/omap4/generic/packages/

2- after installing above, goto http://fibredsum.wordpress.com/2012/08/10/adding-dhcpv6-pd-support-to-dd-wrt/

3- follow steps 7-14

4- make sure you put:
/jffs/etc/config/dhcp6c.wanup
/jffs/etc/config/rdisc6.wanup
in router startup scripts..

5- reboot

6- goto http://test-ipv6.com

hopefully 10/10 on ipv6 test!!

now, to get ip6tables working?? hmmm


Awesome news

Did you just install the wide-dhcpv6-client and rdisc6 binaries manually or did you use ipkg pakages installer?


i used ipkg install package

_________________
NETGEAR R9000 | RT | 40134
NETGEAR R7800 | AP | 40134

JAMESMTL
DD-WRT Guru


Joined: 13 Mar 2014
Posts: 856
Location: Montreal, QC

PostPosted: Sat Apr 05, 2014 18:48    Post subject: Reply with quote
NiTrus wrote:

i used ipkg install package


Did you notice during the install if there were dependencies?

Here's what I did to get basic ip6tables working on my 6rd install

Added the following lines to my startup script

insmod nf_defrag_ipv6
insmod ip6_tables
insmod nf_conntrack_ipv6
insmod ip6table_filter

Copied the following lines to the command box on administration->commands. Then Save firewall

ip6tables -F INPUT
ip6tables -F FORWARD
ip6tables -F OUTPUT
ip6tables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
ip6tables -A INPUT -p icmpv6 -j ACCEPT
ip6tables -A INPUT -s fe80::/64 -j ACCEPT
ip6tables -A INPUT -j DROP
ip6tables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
ip6tables -A FORWARD -o tun6rd -j ACCEPT
ip6tables -A FORWARD -j DROP

I basically cut and pasted this from Bascom's post.
Originally I removed the line permitting icmpv6 but this caused other issues

Note I suspect tun6rd would be vlan2 for native ipv6

These rules worked well but I wanted to be able to ssh into my router via ipv6 so I use the following script unblock.wanup which allows access from the ipv6 subnet(s) to the router

---- Start
#!/bin/sh
ifconfig br0 | grep Global | awk '{ print $3 }' | while read prefix; do
ip6tables -I INPUT 4 -s $prefix -j ACCEPT
done
---- End

Edited to reflect changes made over time


Last edited by JAMESMTL on Sun Apr 20, 2014 0:22; edited 1 time in total
Goto page Previous  1, 2, 3, ... 35, 36, 37  Next Display posts from previous:    Page 2 of 37
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum