Posted: Fri Jun 30, 2006 9:57 Post subject: IPv6 using 6to4 under DD-WRT Howto.
Got my WRT54GL yesterday and have been playing around trying to get it to do IPv6 without having to resort to tunnel brokers. Finally got it working this morning and thought i'd post a howto here. It's not very well written, but perhaps it will be of use to someone.
-------------
This howto describes how to get your network setup to use IPv6 without the use of tunnel brokers.
This howto assumes that your ISP assigns your router a globally reachable, STATIC, IPv4 address. If your ISP assigns you a dynamic IPv4 address then it will be easier for you to follow one of the guides to using a tunnel broker detailed in the DD-WRT Wiki.
Step One: Work out your IPv6 range from your static IPv4 Address
A 6to4 IPv6 address looks like 2002:hhhh:hhhh::1 The hhhh:hhhh is the hexadecimal equivalent of your IPv4 address.
To convert your IPv4 address into a 6to4 address you can run the following on the command line of a Mac or *nix box (if you only have access to Windows machines you can log into your router via SSH or Telnet and run the command there):
Code:
printf "%02x%02x:%02x%02x\n" 192 168 0 1
where 192.168.0.1 is your ISP assigned IP address but replacing the dots with spaces.
Running the above command should give you a line like this:
Code:
c0a8:0001
So the range of IPv6 6to4 addresses for our example IPv4 address is 2002:c0a8:0001::/48
Step Two: Setting up your router to distribute IPv6 addresses to hosts.
Now we know our range of IPv6 addresses we need to setup radvd so that hosts within our network can automatically get an address.
On V23SP1 of the DD-WRT firmware go to Administration/Management. Make sure IPv6 and Radvd are both enabled and add the following to the Radvd config box:
replacing 2002:c0a8:0001:: with your own IPv6 range. The /64 is necessary and just means your hosts will be assigned IPv6 addresses from the 2002:c0a8:0001:0000:: subnet.
Save the settings and let the router reboot.
Now log into your router's web interface and go to Security/Firewall. Make sure that "Block Anonymous Internet Requests" is UNCHECKED. Save the settings.
Step Three: Get your router to listen for 6to4
You can do this via the command line on SSH/Telnet. Run the following commands:
Code:
ip addr add 2002:c0a8:0001::1/64 dev br0
ip -6 route add 2000::/3 via ::192.88.99.1
replacing the 2002:c0a8:0001:: with your own IPv6 range. Note that there is a 1 directly after 2002:c0a8:0001:: this is because you are assigning that specific IP address to the br0 device, it needs to be there. Leave the rest exactly as it is.
That's it, your router is now listening to 6to4 packets from the Internet and providing IPv6 addresses to your local network.
Unfortunately my router doesn't seem to have enough room to store any files on it, so step three has to be run after every reboot. Hopefully a future firmware release will come with 6to4 support built-in and easily accessible from the web-interface.
Step Four: Testing IPv6 connectivity.
So, your router is now running IPv6 successfully but you want to test it? To get an IPv6 address on your client machines simply rerun your network setup on Mac (and *nix i think) or reboot your client machine.
Open your browser and pop over to http://www.kame.net. If you see the Turtle flapping it's legs you are connected via IPv6. Go to http://www.ipv6.org and you will see the IP that you are connecting from.
Firefox on Mac OS X (and possibly other OS') has IPv6 disabled by default. To enable it go to about:config, find the line "network.dns.disableIPv6" and set the value to "false". Restart Firefox and you should be good to go.
Very cool post. I'd been wondering whether 6to4 could be done without installing any extra software, but I haven't had a router to play with for the last couple months.
Have you tried putting the commands from Step 3 into a startup script? I believe you can type them into the Diagnostics page and hit "save startup".
Oh, to anyone who wants to try this: note that 192.88.99.1 is supposed to take you to your nearest 6to4 gateway server, but some ISPs don't have it configured correctly, so do a tracert and see how far away it is. I imagine you'd have poor performance if your gateway is on the other side of an ocean.
The idea behind 6to4 is, every IPv4 address is assigned a 6to4 address starting with 2002:, and when two 6to4 hosts talk to each other, they do so with direct IPv4 packets. But if you want to send a packet from a 6to4 host to/from a "real" 2001: ipv6 address, it needs to go through a gateway server.
What would be really cool is if it could be scripted to automatically form the 6to4 address from the current WAN IP. Because as it is now, if your IP happens to change, you have to manually go in and change the 6to4 settings to match.
And on this page, the "Dynamic IP" example shows that an ip-up.d script receives the current IP address through the $4 argument. Not sure if DD-WRT will let you pull that off with only startup commands though.
http://www.wlug.org.nz/6to4
Edit 2:
It looks like the appropriate place to put the script would be in /jffs/etc/config/something.ipup
Unfortunately, you need the Standard version to get IPv6 support, and therefore you don't have any jffs space to put the script in
I could not get it working with the commands in the third step. I first had to establish the tunnel or adding the route would fail. My startup commands ended up looking like:
Code:
ip tunnel add tun6to4 mode sit remote any local 69.160.90.210
ip link set tun6to4 up
ip -6 route add 2000::/3 via ::192.88.99.1
ip addr add 2002:45a0:5ad2::1/64 dev br0
(obviouly substitute your IPs)
The radvd config posted in step two worked fine, but I simplified it a bit:
With those simple changes I had IPv6 set up in no time. This was so much easier than trying to deal with the tunnel brokers. Hopefully it will be officially implemented in dd-wrt someday.
I've been playing around through SSH on my family's WHR-G54S. I still can't actually test the IPv6 part because it's got the Mini version, and I won't try to reflash the thing remotely.
I realized that the .ipup script doesn't work very well because the router was getting an IP before the startup script had a chance to complete. So I figure a simple sleep at the beginning should make the jffs stuff unnecessary.
Anyway, combining stuff I've learned with MrStaticVoid's advice, here's my current startup script for 6to4 with automatic IP detection:
Code:
sleep 5
WANIP=$(ip addr show dev vlan1 | grep 'inet ' | awk '{print $2}' | cut -d/ -f1)
if [ -n "$WANIP" ]
then
V6IP=$(printf '2002:%02x%02x:%02x%02x::1/64' $(echo $WANIP | tr . ' '))
ip tunnel add tun6to4 mode sit remote any local $WANIP
ip link set tun6to4 up
ip -6 route add 2000::/3 via ::192.88.99.1
ip addr add $V6IP dev br0
fi
I could use some testers, please.
The radvd info mentions that it may be necessary to send a SIGHUP to radvd after changing the IPv6 address. I'm not 100% sure how to do that, or if it's really necessary.
Edit: If the SIGHUP is necessary, and if radvd writes a pid file to /var/run, then I think this should do it:
Code:
kill -1 $(cat /var/run/radvd.pid)
sigh, it sucks not having my own router to try this stuff on.
