Posted: Fri May 27, 2011 15:31 Post subject: ipv6 wired, but not wireless
I didn't have any luck with the script, but I was able to get ipv6 running by typing the key bits directly through a telnet console - when I'm connected to a wired port. However, I'm not connecting to the router (ping6s fail) when I'm connected via wireless. I'm trying to decide if I have something configured incorrectly, or if it's a bug in the firmware.
My client is Mac OSX snowleopard.
The router is a WRT-160NL running dd-wrt v24-(pre)sp2 build 14896 standard (latest as far as I can tell)
I'm using a hurricane electric tunnel from a static IPv4 address (which as I said, works on the wired side)
The client is detecting a link-local ipv6 default gateway of the router's eth0 interface (which I understand is the 'inside' interface off the cpu), but I can't ping it, nor the link-local address of the wifi or bridge interface (or anything else). The client auto-generated address correctly matches the routed inside subnet from HE; there must be some level of communication back and forth.
When I do a tcpdump from the client I'm seeing packets going out, and ndp 'who-has' queries coming back, but the devices seem to be talking 'past' each other.
On the router I enable the 'IPv6' and 'dadvd' checkboxes, and entered the following via telnet:
ip tunnel add he-ipv6 mode sit remote 209.51.181.2 local 208.x.x.229 ttl 255
ip link set he-ipv6 up
ip addr add 2001:x:x:x::2/64 dev he-ipv6
ip route add ::/0 dev he-ipv6
ip -f inet6 addr
ip -6 addr add 2001:x:y:x::1/64 dev br0
ip route add 2000::/3 dev he-ipv6
(the client auto-address matches the br0 subnet)
I haven't installed any of the ip6tables kernel mods; I'm not filtering any inbound v6 traffic on the wired side - is that somehow required to get wireless working? I plan on adding that sometime (along with a working version of the script), but thought I'd get the basics working first. At one point I added iptables rules to pass protocol 41 (?) for the tunnel traffic to work; do I need an equivalent rule for the wireless interface?
My dadvd.conf (generated by one of the scripts I've tried; I don't recall which) is:
4: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500
inet6 fe80::x:x:x:304/64 scope link
valid_lft forever preferred_lft forever
5: eth1: <BROADCAST,MULTICAST,UP,10000> mtu 1500
inet6 fe80::x:x:x:305/64 scope link
valid_lft forever preferred_lft forever
9: wifi0: <BROADCAST,MULTICAST,UP,10000> mtu 1500
inet6 fe80::x:x:x:306/64 scope link
valid_lft forever preferred_lft forever
10: br0: <BROADCAST,MULTICAST,PROMISC,UP,10000> mtu 1500
inet6 2001:x:y:x::1/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::x:x:x:304/64 scope link
valid_lft forever preferred_lft forever
13: ath0: <BROADCAST,MULTICAST,UP,10000> mtu 1500
inet6 fe80::x:x:x:306/64 scope link
valid_lft forever preferred_lft forever
16: he-ipv6@NONE: <POINTOPOINT,NOARP,UP,10000> mtu 1480
inet6 2001:x:x:x::2/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::d07b:7e5/128 scope link
valid_lft forever preferred_lft forever
On the client a 'ndp -n -cPR' initially showed a record for the link-local default gateway with a status of 'deleted', then when I restarted IPv6 services in didn't show anything, although I'm still getting the link-local default gateway and correct subnet for the auto assigned address.
I'm unable to ping6 any of the link-local (or the global) addresses shown on the router from the client.
I understand the WRT160NL has a rather odd wireless hardware system (and only recently supported); is this a matter of a bug in the firmware, or do I have a configuration error? Tips and suggestions?
I didn't have the ipv6 module in either pre-SP2 build of firmware for my WRT54GL. Not sure what was going on there, but got it to work with SP1.
The modprobe command in the section headed '# The following commands are straight from HE's website' is extraneous (and doesn't work anyway).
whatismyip.com doesn't seem to work any more, so I wasn't getting a public IP address which stopped the tunnels being created. I substituted it with icanhazip.com instead, however I can't help but think there should surely be a system variable or some way of getting that IP address from the router?
#***************************
#Settings start here
#***************************
#basic connection settings
SERVER_IP4_ADDR="216.x.x.x"
CLIENT_IPV6_ADDR="2001:470:x:x::2"
ROUTED_64_ADDR="2001:470:y:x::1"
# note that you have different subnets for ROUTED_64_ADDR and CLIENT_IPV6_ADDR
#account info to auto update endpoint
USERID="x"
PASSWD="x"
TUNNELID="x"
#####Optional/Advanced Settings######
#logging settings (set to /dev/null for no logging)
STARTUP_SCRIPT_LOG_FILE="/tmp/ipv6.log"
CRON_STATUS_LOG_FILE="/tmp/lastHEUpdate.log"
#***************************
#Settings end here
#***************************
insmod ipv6
sleep 5
#get a hash of the plaintext password
MD5PASSWD=`echo -n $PASSWD | md5sum | sed -e 's/ -//g'`
#cut out the "/64" if user typed it in
ROUTED_64_ADDR=`echo $ROUTED_64_ADDR|cut -f1 -d/`
SERVER_IP4_ADDR=`echo $SERVER_IP4_ADDR|cut -f1 -d/`
CLIENT_IPV6_ADDR=`echo $CLIENT_IPV6_ADDR|cut -f1 -d/`
#update HE endpoint
echo -e wget -q "\042http://ipv4.tunnelbroker.net/ipv4_end.php?ipv4b=AUTO&pass=$MD5PASSWD&user_id=$USERID&tunnel_id=$TUNNELID\042" -O $CRON_STATUS_LOG_FILE >$CRON_JOB_FILE
chmod +x $CRON_JOB_FILE
wget -q "http://ipv4.tunnelbroker.net/ipv4_end.php?ipv4b=AUTO&pass=$MD5PASSWD&user_id=$USERID&tunnel_id=$TUNNELID" -O $STARTUP_SCRIPT_LOG_FILE
#---
#get wan ip for our own use from internal variable
WANIP=$(nvram get wan_ipaddr);
#echo " External IP detected as:" $WANIP >> $STARTUP_SCRIPT_LOG_FILE
#---
echo "External IP:" $WANIP >> $STARTUP_SCRIPT_LOG_FILE
if [ -n $WANIP ]
then
echo "configuring tunnel" >> $STARTUP_SCRIPT_LOG_FILE
# The following commands are straight from HE's website
# modprobe ipv6
#modprobe is replaced by insmod ipv6 so doesn't work/ isn't needed anymore
ip tunnel del he-ipv6
ip tunnel add he-ipv6 mode sit remote $SERVER_IP4_ADDR local $WANIP ttl 255
ip link set he-ipv6 up
ip addr add $CLIENT_IPV6_ADDR/64 dev he-ipv6
ip route add ::/0 dev he-ipv6
ip -f inet6 addr
# no need to print
TEMP_ADDR=`echo $ROUTED_64_ADDR'1'`
# These commands aren't on HE's website, but they're necessary for the tunnel to work
ip -6 addr add $TEMP_ADDR/64 dev br0
ip route add 2000::/3 dev he-ipv6
root@xyz:~# ip -6 route show
2001:470:x:x::/64 via :: dev he-ipv6 metric 256 expires -635sec mtu 1480 advmss 1420 hoplimit 4294967295
2001:470:y:x::/64 dev br0 metric 256 expires -1942sec mtu 1500 advmss 1440 hoplimit 4294967295
2000::/3 dev he-ipv6 metric 1024 expires -634sec mtu 1480 advmss 1420 hoplimit 4294967295
fe80::/64 dev eth0 metric 256 expires -1957sec mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev br0 metric 256 expires -1956sec mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev vlan1 metric 256 expires -642sec mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev eth1 metric 256 expires -642sec mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev vlan2 metric 256 expires -641sec mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 via :: dev he-ipv6 metric 256 expires -634sec mtu 1480 advmss 1420 hoplimit 4294967295
ff00::/8 dev eth0 metric 256 expires -1957sec mtu 1500 advmss 1440 hoplimit 4294967295
ff00::/8 dev br0 metric 256 expires -1956sec mtu 1500 advmss 1440 hoplimit 4294967295
ff00::/8 dev vlan1 metric 256 expires -642sec mtu 1500 advmss 1440 hoplimit 4294967295
ff00::/8 dev eth1 metric 256 expires -642sec mtu 1500 advmss 1440 hoplimit 4294967295
ff00::/8 dev vlan2 metric 256 expires -641sec mtu 1500 advmss 1440 hoplimit 4294967295
ff00::/8 dev he-ipv6 metric 256 expires -634sec mtu 1480 advmss 1420 hoplimit 4294967295
default dev he-ipv6 metric 1024 expires -634sec mtu 1480 advmss 1420 hoplimit 4294967295
unreachable default dev lo proto none metric -1 error -128 hoplimit 255
root@xyz:~# cat /tmp/report.sh
wget -q "http://ipv4.tunnelbroker.net/ipv4_end.php?ipv4b=AUTO&pass=zxc&user_id=zxc&tunnel_id=zxc" -
O /tmp/lastHEUpdate.log
Quote:
root@xyz:~# cat /tmp/ipv6.log
-ERROR: This tunnel is already associated with this IP address. Please try and
limit your updates to IP changes.External IP: 118.x.x.x
configuring tunnel
starting radvd
windows 7
*Ping & tracert & browse ipv6.google.com succesfully
*IPv6 & IPv4 connectivity : Internet (Windows7)
*Edit: Problem solved by myself!!
*above is my latest configuration
I'm unable to get this working, set up my tunnelbroker acct and copied the necessary info into a script, enabled the required ipv6 and radvd options and copied the script to the router and marked it as a startup script. I get the he-ipv6 interface on my router but I don't have any address assigned to it.
Code:
root@router:/mnt/bin# ifconfig he-ipv6
he-ipv6 Link encap:UNSPEC HWaddr 43-50-56-C7-00-00-00-00-00-00-00-00-00-00-00-00
UP POINTOPOINT RUNNING NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
root@router:/mnt/bin#
If I run the script manually, I get the following (RTLINK/File Exist errors are expected as the script already created the interface)
Code:
root@router:/mnt/bin# sh he.net_ipv6.sh
he.net_ipv6.sh: line 117: modprobe: not found
RTNETLINK answers: File exists
RTNETLINK answers: File exists
1: lo: <LOOPBACK,MULTICAST,UP>
inet6 ::1/128 scope host
3: eth0: <BROADCAST,MULTICAST,PROMISC,UP>
inet6 fe80::213:10ff:fe2d:adc5/64 scope link
4: eth1: <BROADCAST,MULTICAST,PROMISC,UP>
inet6 fe80::213:10ff:fe2d:adc7/64 scope link
5: vlan0: <BROADCAST,MULTICAST,PROMISC,UP>
inet6 fe80::213:10ff:fe2d:adc5/64 scope link
6: vlan1: <BROADCAST,MULTICAST,UP>
inet6 fe80::213:10ff:fe2d:adc6/64 scope link
7: br0: <BROADCAST,MULTICAST,UP>
inet6 fe80::213:10ff:fe2d:adc5/64 scope link
11: he-ipv6: <POINTOPOINT,NOARP,UP>
inet6 2001:470:1f06::1/64 scope global
inet6 fe80::4350:56c7/128 scope link
RTNETLINK answers: File exists
root@router:/mnt/bin#
The script does print an error to stdout after it exist:
Code:
root@router:/mnt/bin# [Jan 01 01:14:23] radvd: syntax error in /tmp/radvd.conf, line 4: 67.80.86.
199
[Jan 01 01:14:23] radvd: error parsing or activating the config file: /tmp/radvd.conf
#account info to auto update endpoint
USERID="##REMOVED##"
PASSWD="##REMOVED##"
TUNNELID="1"
#####Optional/Advanced Settings######
#IPv6 OpenDNS IPv6 Resolver
ENABLE_OPENDNS_IPV6_DNS=0 #I handle my own DNS locally, wasn't sure this would interfere.
#WAN IP Source settings
#Set below to 1 to use internal NVRAM wan address instead of fetching it from a site
USE_NVRAM_WAN_ADDR_INSTEAD=0
WAN_IP_SOURCE_ADDR="http://automation.whatismyip.com/n09230945.asp"
#logging settings (set to /dev/null for no logging)
STARTUP_SCRIPT_LOG_FILE="/tmp/ipv6.log"
CRON_STATUS_LOG_FILE="/tmp/lastHEUpdate.log"
Oh and modprobe doesn't exist in my router's firmware, insmod does though, which makes me think, if ipv6 is enabled by the web config, that loads the ipv6.o module, so why are you loading it again from the script? That's only going to produce more errors.
*EDIT*: Currently, I removed it from the startup script and am running the script manually via a CIFS mountpoint, so I can see exactly what the script does (besides hang for ~10sec). Which is where I saw the modprobe error and the last thing I see is RTNETLINK answers: File exists, not sure if this is important or not (prolly not since the interface already exists I would presume.)
I owe you many thanks. I tried with no avail to get ipv6 working via the wiki. I found this post and followed it, rebooted, and bam! It works! Many thanks. I only wish I had tried this first. But if I did, I would not be as grateful since there would have been little reason to be .
I owe you many thanks. I tried with no avail to get ipv6 working via the wiki. I found this post and followed it, rebooted, and bam! It works! Many thanks. I only wish I had tried this first. But if I did, I would not be as grateful since there would have been little reason to be .