R7000 and IPv6

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Goto page 1, 2, 3 ... 35, 36, 37  Next
Author Message
sliken
DD-WRT Novice


Joined: 31 Jan 2014
Posts: 10

PostPosted: Fri Jan 31, 2014 13:28    Post subject: R7000 and IPv6 Reply with quote
I just installed a Netgear R7000 with K3-AC-ARM r23430 connected to an motorola SB6121 cable modem. I have the basics working.

If I connect the SB6121 directly to a linux box I can run dhclient -6 -P -d -v and get a /64 prefix. Then with radvd running on my internal interface I can have machines autoconfigure to pick up an IPv6 address. Said IPv6 connection machines can ping6 www.facebook.com and the like.

If I try the same with wide-dhcpv6-client I can get a /60 prefix, then I can use radvd to provide a /64 per vlan.

However if direct connect the sb6121 to the WAN connection of the R7000 and click on enable IPv6 if I run ifconfig on the router I see only lines like:
inet6 addr: fe80::c604:15ff:fe17:a5dc/64 Scope:Link

I see none with Scope:Global. IPv4 connectivity is working fine.

If I run lsmod I see the ipv6 module loaded.

I read the dd-wrt IPv6 page without finding anything. This new build already has ip6tables,

Do I need to do something else to enable the R7000 to grab a /64?

Is there package or repo for a DHCP client that knows about the IA_PD flag to ask for a /60?
Sponsor
hanskloss
DD-WRT User


Joined: 30 May 2010
Posts: 98

PostPosted: Fri Jan 31, 2014 14:37    Post subject: Reply with quote
IPv6 on DD-WRT is pretty much unexplored territory and most of the time we rely on manual configuration. But it's in better state than couple months ago and moving forward.
Kong just enabled new repository that should be available soon on the new build.
http://www.dd-wrt.com/phpBB2/viewtopic.php?p=876036#876036
http://downloads.openwrt.org/snapshots/trunk/imx6/packages/

Perhaps, one of the v6 clients will grab PD for you.

_________________
Asus RT-AC66R Target:brcm47xx SubTarget:mips74k Packages:mipsel_74kc
Netgear R7000 Target:bcm53xx Packages:arm_cortex-a9




Joined: 01 Jan 1970
Posts:

PostPosted: Fri Jan 31, 2014 15:35    Post subject: Re: R7000 and IPv6 Reply with quote
sliken wrote:
I just installed a Netgear R7000 with K3-AC-ARM r23430 connected to an motorola SB6121 cable modem. I have the basics working.

If I connect the SB6121 directly to a linux box I can run dhclient -6 -P -d -v and get a /64 prefix. Then with radvd running on my internal interface I can have machines autoconfigure to pick up an IPv6 address. Said IPv6 connection machines can ping6 www.facebook.com and the like.

If I try the same with wide-dhcpv6-client I can get a /60 prefix, then I can use radvd to provide a /64 per vlan.

However if direct connect the sb6121 to the WAN connection of the R7000 and click on enable IPv6 if I run ifconfig on the router I see only lines like:
inet6 addr: fe80::c604:15ff:fe17:a5dc/64 Scope:Link

I see none with Scope:Global. IPv4 connectivity is working fine.

If I run lsmod I see the ipv6 module loaded.

I read the dd-wrt IPv6 page without finding anything. This new build already has ip6tables,

Do I need to do something else to enable the R7000 to grab a /64?

Is there package or repo for a DHCP client that knows about the IA_PD flag to ask for a /60?


IPv6 is almost NEVER used. Good luck, not many people need it. IPv4 works perfectly fine.
sliken
DD-WRT Novice


Joined: 31 Jan 2014
Posts: 10

PostPosted: Sat Feb 01, 2014 2:03    Post subject: Reply with quote
hanskloss wrote:
IPv6 on DD-WRT is pretty much unexplored territory and most of the time we rely on manual configuration. But it's in better state than couple months ago and moving forward.
Kong just enabled new repository that should be available soon on the new build.
http://www.dd-wrt.com/phpBB2/viewtopic.php?p=876036#876036
http://downloads.openwrt.org/snapshots/trunk/imx6/packages/

Perhaps, one of the v6 clients will grab PD for you.


Perfect, thanks. That looks very promising. I already have wide-dhcp6 working on my linux desktop. It's at the repo you linked to, looks like it shouldn't be too hard to get going.
sliken
DD-WRT Novice


Joined: 31 Jan 2014
Posts: 10

PostPosted: Sat Feb 01, 2014 3:31    Post subject: Re: R7000 and IPv6 Reply with quote
NoobWRT wrote:

IPv6 is almost NEVER used. Good luck, not many people need it. IPv4 works perfectly fine.


Heh, I won't argue against IPv4 being popular. However I'd like to point out that stock router firmware is good enough for most. Currently the stock R7000 firmware is doing better then DDWRT with IPv6, at least for me. OpenWRT support looks pretty good. I've not tried it, but they do have the wide-dhcp6 client that is the best I've found for asking for /60 prefix.

IPv6 isn't particularly rare these days. Wiki claims 4% of domains and 16.2% of networks back in Sept 2013. Comcast has over 25% of it's customers running full dual stack IPv6. I was highly amused when a friend with a mac sent me a IPv6 traceroute without actually trying to run IPv6.

The Comcast IPv6 deployment graphs I've seen show impressive growth. Oct 2013 was 8%, Nov 2013 was 16%.

I was hoping DDWRT would be closer to the leading edge than the trailing.

Personally I was hoping that my home network could be more like the rest of the internet. DNSSEC, DNS, allowing incoming network connections, not requiring 3rd party servers to communicate, etc.

Why shouldn't my smart phone be able to open my garage door, even if I'm not home? Or mount a filesystem from home to wherever I am. Or map out complex relationships for network port * network clients port forwards. Is it too much to ask to be able to print something at home when I'm at work?

Sure IPv4 has ugly hacks for this TURN, STUN, Masq/NAT, port forwarding, etc.

Personally I find IPv6 well worth it.
<Kong>
DD-WRT Guru


Joined: 15 Dec 2010
Posts: 4339
Location: Germany

PostPosted: Sat Feb 01, 2014 7:56    Post subject: Re: R7000 and IPv6 Reply with quote
sliken wrote:
NoobWRT wrote:

IPv6 is almost NEVER used. Good luck, not many people need it. IPv4 works perfectly fine.


Heh, I won't argue against IPv4 being popular. However I'd like to point out that stock router firmware is good enough for most. Currently the stock R7000 firmware is doing better then DDWRT with IPv6, at least for me. OpenWRT support looks pretty good. I've not tried it, but they do have the wide-dhcp6 client that is the best I've found for asking for /60 prefix.

IPv6 isn't particularly rare these days. Wiki claims 4% of domains and 16.2% of networks back in Sept 2013. Comcast has over 25% of it's customers running full dual stack IPv6. I was highly amused when a friend with a mac sent me a IPv6 traceroute without actually trying to run IPv6.

The Comcast IPv6 deployment graphs I've seen show impressive growth. Oct 2013 was 8%, Nov 2013 was 16%.

I was hoping DDWRT would be closer to the leading edge than the trailing.

Personally I was hoping that my home network could be more like the rest of the internet. DNSSEC, DNS, allowing incoming network connections, not requiring 3rd party servers to communicate, etc.

Why shouldn't my smart phone be able to open my garage door, even if I'm not home? Or mount a filesystem from home to wherever I am. Or map out complex relationships for network port * network clients port forwards. Is it too much to ask to be able to print something at home when I'm at work?

Sure IPv4 has ugly hacks for this TURN, STUN, Masq/NAT, port forwarding, etc.

Personally I find IPv6 well worth it.


Only a few home users benefit from IPV6, only a small percentage of people wants to access every device directly from the internet.
The are more drawbacks for the home user:

-no privacy, with ipv6 you are completely trackable and since lots of providers share info + things like google apis, they know everything you do

-all your devices are directly accessible from the internet which will open the door wide open for hackers to take over control, I don't want my android that doesn't get any updates directly accessable

_________________
KONG PB's: http://www.desipro.de/ddwrt/
KONG Info: http://tips.desipro.de/
hanskloss
DD-WRT User


Joined: 30 May 2010
Posts: 98

PostPosted: Sat Feb 01, 2014 12:26    Post subject: Re: R7000 and IPv6 Reply with quote
<Kong> wrote:

-no privacy, with ipv6 you are completely trackable and since lots of providers share info + things like google apis, they know everything you do


3 letter agencies from USA disagree with you. They are very unhappy with IPv6 roll-out and possibilities it offers.
With v4 we get 1 IP address, most of the time static, with /64 block I get, I don't know? quadrillions to chose from?
I can randomize them at my will every minute, choose Privacy Extensions for SLAAC, manual set up or even encrypt my address.
http://www.ietf.org/rfc/rfc3041.txt
http://www.ietf.org/rfc/rfc3972.txt
and this is just beginning


Quote:
-all your devices are directly accessible from the internet which will open the door wide open for hackers to take over control, I don't want my android that doesn't get any updates directly accessable


Then turn the IP interface on it off. Even better, filter the device at the firewall based on port, MAC,
IP address, direction...
Who else can come up with more creative ways if not you?

_________________
Asus RT-AC66R Target:brcm47xx SubTarget:mips74k Packages:mipsel_74kc
Netgear R7000 Target:bcm53xx Packages:arm_cortex-a9
hanskloss
DD-WRT User


Joined: 30 May 2010
Posts: 98

PostPosted: Sat Feb 01, 2014 12:32    Post subject: Re: R7000 and IPv6 Reply with quote
NoobWRT wrote:

IPv6 is almost NEVER used. Good luck, not many people need it. IPv4 works perfectly fine.


If IPv4 works for you then nothing to worry about. During Phase III your IPv4 traffic will be simply tunneled over v6 network.

_________________
Asus RT-AC66R Target:brcm47xx SubTarget:mips74k Packages:mipsel_74kc
Netgear R7000 Target:bcm53xx Packages:arm_cortex-a9
hanskloss
DD-WRT User


Joined: 30 May 2010
Posts: 98

PostPosted: Sat Feb 01, 2014 12:34    Post subject: Reply with quote
sliken wrote:


Perfect, thanks. That looks very promising. I already have wide-dhcp6 working on my linux desktop. It's at the repo you linked to, looks like it shouldn't be too hard to get going.


Great. Please post configuration files once you get this working.

_________________
Asus RT-AC66R Target:brcm47xx SubTarget:mips74k Packages:mipsel_74kc
Netgear R7000 Target:bcm53xx Packages:arm_cortex-a9
<Kong>
DD-WRT Guru


Joined: 15 Dec 2010
Posts: 4339
Location: Germany

PostPosted: Sat Feb 01, 2014 13:19    Post subject: Re: R7000 and IPv6 Reply with quote
hanskloss wrote:
<Kong> wrote:

-no privacy, with ipv6 you are completely trackable and since lots of providers share info + things like google apis, they know everything you do


3 letter agencies from USA disagree with you. They are very unhappy with IPv6 roll-out and possibilities it offers.
With v4 we get 1 IP address, most of the time static, with /64 block I get, I don't know? quadrillions to chose from?
I can randomize them at my will every minute, choose Privacy Extensions for SLAAC, manual set up or even encrypt my address.
http://www.ietf.org/rfc/rfc3041.txt
http://www.ietf.org/rfc/rfc3972.txt
and this is just beginning


Yes the address space would allow it, but not one provider implements IPV6 in a way, that your examples work. And companies have no interest in this, they all profit by deanonymizing users.

Years ago I implemented an "enterprise" tracking system to identify users + track their route through the internet in order to generate profiles that are then used to show them appropriate ads.

And because most people have no clue and logon to social networks/webmail etc with their realnames, you can't just trakc random IPs but you can track users by their name:-)

Quote:

Quote:
-all your devices are directly accessible from the internet which will open the door wide open for hackers to take over control, I don't want my android that doesn't get any updates directly accessable


Then turn the IP interface on it off. Even better, filter the device at the firewall based on port, MAC,
IP address, direction...
Who else can come up with more creative ways if not you?


What do I gain from this, I have extra work doing this which requires even more knowledge then before.

IPV6 is like Windows Vista, a testbed that everyone wants to avoid, once users stand up and criticize it enough we will see the needed changes that are important for the end user


P.S. Although I'm not a fan of IPV6. IPV6 support in dd-wrt will improve once someone has time for it. I checked out IPV6 code from netgear and it is not very complex. Most is done with radvd which we already use. radvd should work in 90% of the use cases and with a bit of reading most users should be able to set it up. Our biggest problem is, that BS and myself are on IPV4 thus, we can't just do a qwuick test and add a few lines and thus costs us more time.

_________________
KONG PB's: http://www.desipro.de/ddwrt/
KONG Info: http://tips.desipro.de/
hanskloss
DD-WRT User


Joined: 30 May 2010
Posts: 98

PostPosted: Sat Feb 01, 2014 14:36    Post subject: Re: R7000 and IPv6 Reply with quote
<Kong> wrote:

What do I gain from this, I have extra work doing this which requires even more knowledge then before.

On the surface, not sure about developer side but for me, end user, it was surprise how simple IPv6 is and why on earth I didn't explore this topic before.

Quote:

P.S. Although I'm not a fan of IPV6. IPV6 support in dd-wrt will improve once someone has time for it. I checked out IPV6 code from netgear and it is not very complex. Most is done with radvd which we already use. radvd should work in 90% of the use cases and with a bit of reading most users should be able to set it up.

Thank you for your excellent support and frequent releases. Although radvd works many ISPs (because of Windows users) will implement DHCPv6.
Native client like wide-dhcpv6 would help us tremendously. Another sour spot are iptables still at 1.3.7 Can we have >= 1.4.0 version?
Also when I try login to the router with IPv6 address nothing happens Sad
http://[FE80::BAAD:BAAD:BEEF:1]:80

ssh and telnet work!

Quote:
Our biggest problem is, that BS and myself are on IPV4 thus, we can't just do a qwuick test and add a few lines and thus costs us more time.


https://www.tunnelbroker.net/ and dual-stack for internal network? I'm sure that myself and others will be happy to test each change and feature.

_________________
Asus RT-AC66R Target:brcm47xx SubTarget:mips74k Packages:mipsel_74kc
Netgear R7000 Target:bcm53xx Packages:arm_cortex-a9


Last edited by hanskloss on Sun Feb 09, 2014 21:46; edited 1 time in total
sliken
DD-WRT Novice


Joined: 31 Jan 2014
Posts: 10

PostPosted: Sun Feb 02, 2014 23:07    Post subject: Re: R7000 and IPv6 Reply with quote
<Kong> wrote:

Only a few home users benefit from IPV6


I agree, but I think that's more of a missed opportunity. Something that DDWRT could fix. Home users being second class citizens drives people to use 3rd party services like dropbox, glympse, etc.

If I buy a Schlage lock why should I have to pay for a website to control my lock? Similar for home automation, monitoring power use, monitoring solar panels, home security, listening to music, etc.

If incoming connectivity was easy I suspect there'd be many more apps that would use it.

<Kong> wrote:

, only a small percentage of people wants to access every device directly from the internet.


Sure, although they don't know what they are missing. How many people of accidentally left an important file at home? How many users pay per month to minimize (but not avoid) that problem?


<Kong> wrote:

The are more drawbacks for the home user:

-no privacy, with ipv6 you are completely trackable and since lots of providers share info + things like google apis, they know everything you do


Seems like having a single IPv4 instead of a bunch of IPv6 doesn't change that much. Also say I listen to music, what reveals more about me? Paying some service to play every track? Or sourcing bitstream from my home network to whatever device I'm currently using?

It's very hard to track a user with cookies, ads, session keys, etc when they aren't using one of your services. Sure traffic analysis can be done.

<Kong> wrote:

-all your devices are directly accessible from the internet which will open the door wide open for hackers to take over control, I don't want my android that doesn't get any updates directly accessable


I'm not arguing against firewalls. My normal machines only have ssh open, which requires a key (no passwords accepted). Most tablets and smartphones accept no incoming connections anyways. Sure I wouldn't put a windows box on a public network.
sliken
DD-WRT Novice


Joined: 31 Jan 2014
Posts: 10

PostPosted: Sun Feb 02, 2014 23:19    Post subject: Reply with quote
hanskloss wrote:

Great. Please post configuration files once you get this working.


I have wide-dhcpv6 and radvd working now on a linux desktop. Radvd is in the current korg build, wide-dhcpv6 seems to be coming soon via the openwrt repo. I believe the next korg build will enable the openwrt repo.

The config files, this one is for wide-dhcpv6, it asks for a /60 prefix and allows up to 16 /64 VLANS.

The device names will be different in DDWRT. Eth0 is the external/WAN network and eth1 is for my internal network.

Code:

interface eth0 {
    send ia-na 1;
    send ia-pd 1;
    send rapid-commit;
    request domain-name-servers;
    request domain-name;
    script "/etc/wide-dhcpv6/dhcp6c-script";
};

id-assoc pd 1 {
    prefix ::/60 infinity;

    prefix-interface eth1 {
        sla-len 4;
        sla-id 8;
    };
};

id-assoc na 1 {
};


Then to advertise those networks internally:
Code:

interface eth1 {
   AdvManagedFlag off;
   AdvOtherConfigFlag off;
   AdvSendAdvert on;
   AdvDefaultPreference high;
   AdvLinkMTU 1280;
   # google DNS, edit accordingly
   RDNSS 2001:4860:4860::8888 2001:4860:4860::8844 {};
   prefix 2402:d0:2b10:a4a::/64
   {
     AdvOnLink on;
     AdvAutonomous on;
   };
};   
<Kong>
DD-WRT Guru


Joined: 15 Dec 2010
Posts: 4339
Location: Germany

PostPosted: Sun Feb 02, 2014 23:38    Post subject: Re: R7000 and IPv6 Reply with quote
sliken wrote:


I agree, but I think that's more of a missed opportunity. Something that DDWRT could fix. Home users being second class citizens drives people to use 3rd party services like dropbox, glympse, etc.

If I buy a Schlage lock why should I have to pay for a website to control my lock? Similar for home automation, monitoring power use, monitoring solar panels, home security, listening to music, etc.

If incoming connectivity was easy I suspect there'd be many more apps that would use it.


I don't see a problem, using a dyndns service + port forwarding. You don't even have to type a cryptic IP.


Quote:

It's very hard to track a user with cookies, ads, session keys, etc when they aren't using one of your services. Sure traffic analysis can be done.


See that's the problem, users don't know. Simple example:

You have a google account, once you logon they have your IP + Name. Since 90% of all websites pull in some crap from google, e.g. apis.google.com, google-analytics.com, everytime you visit a site you load some google content and google sees the ip + origin and therefore knows which site you visited.

Why do you think google offers so much things for free, because they are the saver of the earth?

This is just a tiny base for info there are lots more:-)

_________________
KONG PB's: http://www.desipro.de/ddwrt/
KONG Info: http://tips.desipro.de/
sliken
DD-WRT Novice


Joined: 31 Jan 2014
Posts: 10

PostPosted: Sun Feb 02, 2014 23:39    Post subject: Re: R7000 and IPv6 Reply with quote
<Kong> wrote:

Yes the address space would allow it, but not one provider implements IPV6 in a way, that your examples work. And companies have no interest in this, they all profit by deanonymizing users.


Letting users run their own services increases user privacy.

<Kong> wrote:

What do I gain from this, I have extra work doing this which requires even more knowledge then before.


If it works just like the stock netgear firmware I think I could get the rest working. I'd be happy to put up a HOWTO for comcast users, and it would apply generally to any native IPv6 user.

<Kong> wrote:

IPV6 is like Windows Vista, a testbed that everyone wants to avoid, once users stand up and criticize it enough we will see the needed changes that are important for the end user


DOCSIS 3.0, comcast, netgear and many others are pushing for IPv6. Google, facebook, and many other large sites are spending time and resources being IPv6 capable. I argue that IPv6 has MUCH more to offer the have nots (home users under control of their ISP) then it does to huge corporation.

<Kong> wrote:

P.S. Although I'm not a fan of IPV6. IPV6 support in dd-wrt will improve once someone has time for it. I checked out IPV6 code from netgear and it is not very complex. Most is done with radvd which we already use. radvd should work in 90% of the use cases and with a bit of reading most users should be able to set it up. Our biggest problem is, that BS and myself are on IPV4 thus, we can't just do a qwuick test and add a few lines and thus costs us more time.


I'm hoping that your current plan for supporting the ARM platform OpenWRT repo will be enough for me to get things working. Then you/whoever can pick and choose what is easy to further integrate into DDWRT.
Goto page 1, 2, 3 ... 35, 36, 37  Next Display posts from previous:    Page 1 of 37
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum