i am running native ipv6 on dd-wrt since month ( almost ) perfectly with wide-dhcp6c. but be aware: install some basic ip6tables rules.
Do you statically assign IPs? Using autoconfig locally? Got a script for starting radvd, wide-dhcp, and the various sysctl tweaks?
I think this is what is required from the default config:
sysctl -w net.ipv6.conf.vlan2.accept_ra=2
sysctl -w net.ipv6.conf.all.forwarding=1
sysctl -w net.ipv6.conf.vlan2.forwarding=0
i do get 56 prefix from german telekom and give it with radvd to local clients. _________________ RT-N66U @ Build 25697M K3.10.63
TL-WR842ND v1 @ BS-build 23919 WDS AP
TL-WR841ND @ BS-build 23919 WDS Client
TL-WR841ND @ BS-build 23919 Client Bridge ( Routed )
i do get 56 prefix from german telekom and give it with radvd to local clients.
Odd. I've upgraded and reset my DDWRT install with the current release a few times in the last week or two.
I've got the tweaks down to a minumum:
1) enable ssh, turn off passwords, add certificate
2) enable jffs2
3) enable syslog to my desktop
4) mount -o bind /jffs2/opt /opt
5) ipkg update
6) ipkg install wide-dhcpv6-client
7) copy in a radvd.conf (via web ui or command line)
8 ) copy in dhcpv6.conf
9) launch dhcpv6
Then if I try ping6, facebook:
# sysctl net.ipv6.conf.vlan2.accept_ra
net.ipv6.conf.vlan2.accept_ra = 1
# ping6 www.facebook.com
PING www.facebook.com (2a03:2880:f00d:501:face:b00c:0:1): 56 data bytes
ping6: sendto: Network is unreachable
Then if I use sysctl:
# sysctl -w net.ipv6.conf.vlan2.accept_ra=2
net.ipv6.conf.vlan2.accept_ra = 2
root@DD-WRT:~# ping6 www.facebook.com
PING www.facebook.com (2a03:2880:f00d:201:face:b00c:0:1): 56 data bytes
64 bytes from 2a03:2880:f00d:201:face:b00c:0:1: seq=1 ttl=56 time=20.484 ms
How do you get the prefix given to you by your provider into the radvd.conf? Or is your prefix always static?
ip6tables -F INPUT
ip6tables -F FORWARD
ip6tables -F OUTPUT
ip6tables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
ip6tables -A INPUT -p icmpv6 -j ACCEPT
ip6tables -A INPUT -s fe80::/64 -j ACCEPT
ip6tables -A INPUT -j DROP
ip6tables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
ip6tables -A FORWARD -o ppp0 -j ACCEPT
ip6tables -A FORWARD -j DROP
then, on ever WANUP it executes another script called
ipv6.wanup
Code:
#!/bin/sh
# delete old ipv6 adresses from interfaces first
for ip in `ifconfig br0 | grep Global | awk '{ print $3 }'`; do
ip addr del $ip dev br0
done
for ip in `ifconfig lo | grep Global | awk '{ print $3 }'`; do
ip addr del $ip dev lo
done
for v6 in `ps | grep /opt/usr/sbin/dhcp6c |awk '{ print $1 }'`;do
kill -9 $v6
rm /var/run/dhcp6c.pid
done
Joined: 25 Dec 2010 Posts: 295 Location: Twin Cities, MN
Posted: Sun Mar 30, 2014 13:16 Post subject: Re: R7000 and IPv6
sliken wrote:
Just a quote note. I tried the newest r23490.
I don't have nice clean startup scripts, but with a few sysctl commands, radvd, and wide-dhcp-client it all works.
ping6 works, and the IPv6 readyness test I ran gve me 10/10.
I'll post details later. Thanks Kong.
The router picks up a /60 then gives br0 a /64.
hi, can u post a detailed howto for us comcast users on howto get ipv6 working on r7000/Kong build?
thanks!! _________________ NETGEAR R9000 | RT | 40134 NETGEAR R7800 | AP | 40134
Joined: 13 Mar 2014 Posts: 856 Location: Montreal, QC
Posted: Fri Apr 04, 2014 6:14 Post subject:
Prior to my upcoming dhcp-pd ipv6 install I wanted to take care of a few issues I ran into with my 6rd ipv6 install at home.
Two issues I came across were :
1. radvd does not advertise ipv6 dns servers to windows clients via RDNSS. Linux and ios devices work just fine. Probably macs do too but I don't have one to test with.
2. radvd provides stateless configuration for ipv6 clients therefore you can't provide ipv6 dhcp ip reservations which is what I needed for my servers.
Since I am going to be installing wide-dhcpv6-client for dhcp-pd I decided to go with wide-dhcpv6-server for ipv6 stateful configuration. I also decided to create a static hosts file which will be used to dynamically create a dhcp6s conf file in the /tmp directory
Please note I have a hard drive attached to the r7000 with opt and jffs partitions
Step 1 - If you have not enabled opkg with Kong's repo run the following commands from the CLI
Each line represents a static ipv6 address reservation.
The first value (ex. mediaserver) of each line is the hostname for the static ipv6 reservation
The second value is the DUID (ex. AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA) corresponding to the host. For a windows pc the DUID is available using ipconfig /all. wide-dhcpv6-server also supports DUID-LLs so if you don't have access to the DUID you can use the DUID-LL which the host's MAC address prepended by 00:03:00:01 as shown in the printer entry.
** Note DUID-LLs will only work for hosts that do not send a regular DUID. If you can't locate the duid for a host you can always run dhcp6s from the CLI in the foreground in debug mode "dhcp6s -f -D -c /tmp/dhcp6s.conf". Note you will need to create the conf file first.
The third value is the static IP (ex. aaaa:bbbb:cccc:0160) which will be appended to ipv6 prefix creating the static ip.
Step 4 - created a dhcp6s-br0-server.wanup file in the /jffs/etc/config directory on the r7000. Make sure the file is executable. The file contains
Code:
---- start
#!/bin/sh
# Name this script dhcp6s-br0-server.wanup to have the server listen on br0
# which will service vlan1, eth1, and eth2. If you wish to have additional instances of
# the server listen on other interfaces which are not bridged such as a guest network on wl0.1,
# make a copy of the script and name it dhcp6s-wl0.1-server.wanup
#
# The interface must be assigned a global IP prior to running the scipt.
# Short lease times have been used to refresh prefixes after wan ip changes
This script will dynamically create a dhcp6s.conf config file containing :
1. ipv6 dns server entries (google dns)
2. ipv6 host reservations based on the previous config file. The IPs created will have the static ip appended to the ipv6 prefix
3. Launch an instance of the wide-dhcpv6-server using the dynamic config file
Step 5 - add the following commands to radvd.conf file
In the end I decided to go with only stateful addresses even though both stateful and stateless can coexist. In order to have only stateful addresses radvd.conf needs to be modified as follows
prefix ::/64 {
AdvAutonomous off;
};
rebooted the router followed by a reboot of the test servers and all is working. The Windows machines received fixed IPs and the ipv6 dns server was set to google's dns servers. My radvd.conf is created by a script which calculates the prefix as it assigned by my ISP.
Thanks to everyone who posted above me and the posts I reference in my previous post. Made my life a lot easier. I expect a dhcp-pd install should be fairly easy.
Copied the following lines to the command box on administration->commands. Then Save firewall
ip6tables -F INPUT
ip6tables -F FORWARD
ip6tables -F OUTPUT
ip6tables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
ip6tables -A INPUT -p icmpv6 -j ACCEPT
ip6tables -A INPUT -s fe80::/64 -j ACCEPT
ip6tables -A INPUT -j DROP
ip6tables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
ip6tables -A FORWARD -o tun6rd -j ACCEPT
ip6tables -A FORWARD -j DROP
I basically cut and pasted this from Bascom's post.
Originally I removed the line permitting icmpv6 but this caused other issues
Note I suspect tun6rd would be vlan2 for native ipv6
These rules worked well but I wanted to be able to ssh into my router via ipv6 so I use the following script unblock.wanup which allows access from the ipv6 subnet(s) to the router
---- Start
#!/bin/sh
ifconfig br0 | grep Global | awk '{ print $3 }' | while read prefix; do
ip6tables -I INPUT 4 -s $prefix -j ACCEPT
done
---- End
Edited to reflect changes made over time
Last edited by JAMESMTL on Sun Apr 20, 2014 0:22; edited 1 time in total