ask your providers offering native ipv6. it is working fine. cant talk bout kongs latest, cause i dont have it, but it uses the same componets as i do about a year "manually"
since there is no new mipsel build ( KONG and BS ), i cannot help with any debugging.
And BS latest bricks RT-N66U, so i do not believe, next one will do better
I can't build a new one right now, BS has to push new objects for igs/emf to svn otherwise wl will not load.
But JAMESMTL is the master of IPV6 and already gave me the input I needed. Nitrus is already doing a lot of testing and we are progressing fast. As far as I can tell implementing 6to4 6in4 6rd won't take as much time as adding all the stuff I needed for native/native-pd _________________ KONG PB's: http://www.desipro.de/ddwrt/
KONG Info: http://tips.desipro.de/
But JAMESMTL is the master of IPV6 and already gave me the input I needed. Nitrus is already doing a lot of testing and we are progressing fast. As far as I can tell implementing 6to4 6in4 6rd won't take as much time as adding all the stuff I needed for native/native-pd
If you would like testers for 6to4/6in4 (Tunnelbroker/HE), I'd be happy to assist. I'm very much looking forward to this being doable in the webif. Thanks for all your work on this!
Correct the default firewall blocks all icmpv6 forwarding to clients behind the router. Most people feel more secure in having this traffic blocked however rfc4890 and the rfcs mentioned within state that all hosts should permit some of icmpv6 traffic to pass. [...] Somewhere back on page 5 or so I posted a slightly modified rfc4990 reference script which can be used with ddwrt.
Thanks, James! For those interested in the location of the reference script, it's right here.
Quote:
Note ipv6 via ddwrt webif is brand new and kong is working on implementing various ipv6 components.
Indeed... This is awesome work that kong is doing, and also awesome help that you and Nitrus and everyone else here are doing. Thank you SO much!
Joined: 13 Mar 2014 Posts: 856 Location: Montreal, QC
Posted: Mon Aug 04, 2014 23:21 Post subject:
twalls wrote:
<Kong> wrote:
But JAMESMTL is the master of IPV6 and already gave me the input I needed. Nitrus is already doing a lot of testing and we are progressing fast. As far as I can tell implementing 6to4 6in4 6rd won't take as much time as adding all the stuff I needed for native/native-pd
If you would like testers for 6to4/6in4 (Tunnelbroker/HE), I'd be happy to assist. I'm very much looking forward to this being doable in the webif. Thanks for all your work on this!
@Kong - lol, well that was good for a laugh. Master of ipv6 not even close, I just played with it way too much (now where have I heard that before). I tell ya I learn new stuff every day.
@twalls - I'm a huge fan of HE's 6in4. I actually prefer it over my ISPs 6rd. Static prefixes, incredibly simple to setup. All of 7 lines of code to setup a /64 on br0, 9 in total for additional /64s on wl0.1 and wl1.1. And best of all access to US netflix. What more can you ask for. I love the /48s they provide.
@twalls - I'm a huge fan of HE's 6in4. I actually prefer it over my ISPs 6rd. Static prefixes, incredibly simple to setup. All of 7 lines of code to setup a /64 on br0, 9 in total for additional /64s on wl0.1 and wl1.1. And best of all access to US netflix. What more can you ask for. I love the /48s they provide.
I've used them before with scripts I've cobbled together from here in the past. I was happy with them as well. While the new additions to the webif are very welcome, it makes me less inclined to try on my own with the tunnel because I don't want it to conflict with anything being done with the default scripts. I guess I could leave everything "disabled" in the webif and just load modules for IPv6, radvd, ip6tables, etc. on my own?
Edit: Also, I'm curious what extra 2 lines you're using to hand out addresses to your guest networks...
Joined: 13 Mar 2014 Posts: 856 Location: Montreal, QC
Posted: Tue Aug 05, 2014 1:28 Post subject:
twalls wrote:
JAMESMTL wrote:
@twalls - I'm a huge fan of HE's 6in4. I actually prefer it over my ISPs 6rd. Static prefixes, incredibly simple to setup. All of 7 lines of code to setup a /64 on br0, 9 in total for additional /64s on wl0.1 and wl1.1. And best of all access to US netflix. What more can you ask for. I love the /48s they provide.
I've used them before with scripts I've cobbled together from here in the past. I was happy with them as well. While the new additions to the webif are very welcome, it makes me less inclined to try on my own with the tunnel because I don't want it to conflict with anything being done with the default scripts. I guess I could leave everything "disabled" in the webif and just load modules for IPv6, radvd, ip6tables, etc. on my own?
Edit: Also, I'm curious what extra 2 lines you're using to hand out addresses to your guest networks...
You just need to enable ipv6 and select native ipv6 with current versions. Oh ya and add the code needed to overwrite default firewall at the end.
Where
Client ipv6 address : 2001:470:AAAA:AAAA::2/64
Routed /48 : 2001:470:BBBB::/48
Server IPv4 Address : 209.51.161.14
ip tunnel add he-ipv6 mode sit ttl 64 local $(nvram get wan_ipaddr) remote 209.51.161.14
ip link set he-ipv6 mtu 1480
ip link set he-ipv6 up
ip -6 addr add 2001:470:AAAA:AAAA::2/64 dev he-ipv6
ip -6 addr add 2001:470:BBBB:1::1/64 dev br0
ip -6 addr add 2001:470:BBBB:2::1/64 dev wl0.1
ip -6 addr add 2001:470:BBBB:3::1/64 dev wl1.1
ip -6 route add 2000::/3 dev he-ipv6
You just assign separate /64 prefixes from your /48 to wl0.1 and wl1.1. It's that simple.
Obviously you need to set up radvd to broadcast on each interface. If you don't want to use webif you can just append this to the end of the above.
Code:
for proc in `ps | grep [r]advd | awk '{ print $1 }'`;do
kill -9 $proc
done
FYI I use dnsomatic as my ddns provider and they have an option to update your HE tunnel endpoint in addition to any other ddns provider(s) you may use.
Posted: Tue Aug 05, 2014 12:05 Post subject: IPv6 and QoS?
Just was thinking about this and with its separate firewall, etc, does DD-WRT still apply QoS rules to the IPv6 traffic that passes through it? Or is that bypassed entirely?
Joined: 13 Mar 2014 Posts: 856 Location: Montreal, QC
Posted: Tue Aug 05, 2014 15:12 Post subject:
DaveTheNerd wrote:
JAMESMTL wrote:
Correct the default firewall blocks all icmpv6 forwarding to clients behind the router. Most people feel more secure in having this traffic blocked however rfc4890 and the rfcs mentioned within state that all hosts should permit some of icmpv6 traffic to pass. [...] Somewhere back on page 5 or so I posted a slightly modified rfc4990 reference script which can be used with ddwrt.
Thanks, James! For those interested in the location of the reference script, it's right here.
Quote:
Note ipv6 via ddwrt webif is brand new and kong is working on implementing various ipv6 components.
Indeed... This is awesome work that kong is doing, and also awesome help that you and Nitrus and everyone else here are doing. Thank you SO much!
Just a quick warning, the reference script is meant to be run as either a wanup or ipup script via /jffs. DO NOT RUN FROM WEBIF as the timings will not work and the size of the script with all of the comments etc can take up all available nvram.
@twalls - I'm a huge fan of HE's 6in4. I actually prefer it over my ISPs 6rd. Static prefixes, incredibly simple to setup. All of 7 lines of code to setup a /64 on br0, 9 in total for additional /64s on wl0.1 and wl1.1. And best of all access to US netflix. What more can you ask for. I love the /48s they provide.
I've used them before with scripts I've cobbled together from here in the past. I was happy with them as well. While the new additions to the webif are very welcome, it makes me less inclined to try on my own with the tunnel because I don't want it to conflict with anything being done with the default scripts. I guess I could leave everything "disabled" in the webif and just load modules for IPv6, radvd, ip6tables, etc. on my own?
Edit: Also, I'm curious what extra 2 lines you're using to hand out addresses to your guest networks...
You just need to enable ipv6 and select native ipv6 with current versions. Oh ya and add the code needed to overwrite default firewall at the end.
Where
Client ipv6 address : 2001:470:AAAA:AAAA::2/64
Routed /48 : 2001:470:BBBB::/48
Server IPv4 Address : 209.51.161.14
ip tunnel add he-ipv6 mode sit ttl 64 local $(nvram get wan_ipaddr) remote 209.51.161.14
ip link set he-ipv6 mtu 1480
ip link set he-ipv6 up
ip -6 addr add 2001:470:AAAA:AAAA::2/64 dev he-ipv6
ip -6 addr add 2001:470:BBBB:1::1/64 dev br0
ip -6 addr add 2001:470:BBBB:2::1/64 dev wl0.1
ip -6 addr add 2001:470:BBBB:3::1/64 dev wl1.1
ip -6 route add 2000::/3 dev he-ipv6
Told you, your are the master. Just added 6in4 support based on your commands to my latest build, first try with HE tunnel resulted in:
I have to check again, as I had to lower the mtu, but the router was not directly connected to the internet. The 14/20 probably comes from the fact, that the main router still filters icmpv6:-) _________________ KONG PB's: http://www.desipro.de/ddwrt/
KONG Info: http://tips.desipro.de/
Does running an OpenVPN server interfere with enabling IPv6 support? I know the stock firmware only let's you do one or the other. It makes sense that once everything is public, VPN-protected access becomes less necessary. However, not everything on my network supports IPv6, nor would I want NAS hosted by the router to be externally accessible.
For the 6in4 support, would it be possible to give options to use either a single /64 or /48, depending on how it is being used? The script above is great, and it is exciting to hear about support already getting added to the webif!
Joined: 13 Mar 2014 Posts: 856 Location: Montreal, QC
Posted: Tue Aug 05, 2014 16:13 Post subject:
<Kong> wrote:
I have to check again, as I had to lower the mtu, but the router was not directly connected to the internet. The 14/20 probably comes from the fact, that the main router still filters icmpv6:-)
Now I feel honored. Good to hear it worked first shot.
The encapsulation has a 20 byte overhead and generally needs to be ISP MTU -20. Routers are not permitted to fragment ipv6 traffic so if mtu is too high some odd behavior will be exhibited.i find the http://test-ipv6.netiter.dk/ test is a good one to check basic connectivity.
I really do find HE is the best tunnel provider and is far simpler to setup compared to freenet or sixxs.
Welcome to the ipv6 world
*** Worst case scenario an MTU of 1280 can be used as it's the minimum ipv6 permitted
Last edited by JAMESMTL on Tue Aug 05, 2014 16:25; edited 1 time in total
Joined: 13 Mar 2014 Posts: 856 Location: Montreal, QC
Posted: Tue Aug 05, 2014 16:20 Post subject:
twalls wrote:
For the 6in4 support, would it be possible to give options to use either a single /64 or /48, depending on how it is being used? The script above is great, and it is exciting to hear about support already getting added to the webif!
The same script works the same for /64. Just don't assign /64s to wl0.1 or wl1.1 etc
The br0 line would be
ip -6 addr add 2001:470:BBBB:BBBB::1/64 dev br0
I have to check again, as I had to lower the mtu, but the router was not directly connected to the internet. The 14/20 probably comes from the fact, that the main router still filters icmpv6:-)
Now I feel honored. Good to hear it worked first shot.
The encapsulation has a 20 byte overhead and generally needs to be ISP MTU -20. Routers are not permitted to fragment ipv6 traffic so if mtu is too high some odd behavior will be exhibited.i find the http://test-ipv6.netiter.dk/ test is a good one to check basic connectivity.
I really do find HE is the best tunnel provider and is far simpler to setup compared to freenet or sixxs.