IPv6 (教程)

From DD-WRT Wiki

Revision as of 18:43, 18 March 2018 by Ian5142 (Talk | contribs)
(diff) ←Older revision | Current revision (diff) | Newer revision→ (diff)
Jump to: navigation, search


互联网协议第6版(IPv6)是一个电子设备在报文交换网络上传输数据的网络层IP标准。它是由IPv4发展而来的互联网协议的第二个通用版本。

There are too many devices in the world for 32-bit (232, or 4,294,967,296) IP addresses to be sufficient.

作为下一代TCP/IP协议,IPv6提供了128为的地址空间,即约2128 (≈ 3.4 x 1038)个IP地址;也就是现在世界上65亿人每人约有5×1028个地址,或者地球上每克物质有57亿个地址。

记住在为每一个处理IPv6报文的客户机安装一个防火墙,或者在路由上提供ip6tables来过滤传入链接之前启用IPv6是很危险的。DD-WRT默认不包括ip6tables,也就是说在启用IPv6的同时所有客户都直接暴露在互联网上。

Contents

[edit] 先决条件

  • DD-WRT兼容的路由器
  • 关于Command Line的知识
  • 关于ip command的知识
  • DD-WRT version 22 prefinal 5 minimum with distribution voip or standard only
    • IPv6不是在所有的DD-WRT v24上都能工作。 24v sp1已经正式可以在IPv6下工作。
  • 通过图形界面 IPv6 Administration/Management/Router Management/Ipv6 启用IPv6
  • 启用jffs 将有所帮助 (可选)

[edit] 局域网上的IPv6

[edit] 概述

如果你已经有一个工作的IPv6路由器,或者对讲IPv6通信传出局域网不感兴趣,那么你主要关心的是如何将无线客户数据传给有线客户。

如果你的DD-WRT路由器是你的IPv6路由,查看下面的其他6到4隧道解决方案。

[edit] 开启IPv6支持

Administration>Management 页面,启用 IPv6radvd

[edit] 配置Radvd (如果 DD-WRT 不是你的IPv6路由器)

Radvd与DHCP服务器类似。它将你的IPv6前缀通知给本地网络,以便新的客户机可以生成它自己的IP地址。下面的配置告诉radvd从有线端获取一个IPv6地址,然后适当地播报给LAN (br0).

将下面的代码拷贝到radvd设置框:

interface br0 {
   AdvSendAdvert on;
   prefix 0:0:0:1::/64 {
    AdvOnLink on;
    AdvAutonomous on;
   };
};

[edit] 6to4 Setup

[edit] Overview

6to4 is a mechanism which assigns a large block of IPv6 addresses to every IPv4 address on the Internet. You can use 6to4 with DD-WRT to give every computer on your network a globally-accessible IPv6 address without the need to configure explicit tunneling. This should be the simplest method to add IPv6 to your entire network.

Important Reminders 重要事项:

  • In order to use ipv6, you need the Standard or VoIP version of DD-WRT, as these are currently the only ones which support both IPv6 and radvd. 要使用ipv6,你必须使用StandardVoIP版本的DD-WRT,它们是同时具有IPv6和radvd的版本。
  • The detailled configuration steps are targeted toward users with a basic DHCP connection for the WAN part. So, if using PPPoE will require replacing vlan1 with ppp0 in each instance. Other connection types will vary. 具体的配置步骤是针对某一个WAN接口以及其下的局域网而言的。因此拥有一个以上WAN接口的路由器,需要针对自己使用PPPoE拨号的具体情况来替换脚本中的vlan1参数。
  • When using DD-WRT standard on a router with 4MB Flash, there is no space available for jffs. 如果你的路由器使用standard版的DD-WRT或Flash空间只有4MB,将没有足够的空间分配给jffs。
  • This guide only relies on nvram variables, so that jffs is not needed. 本指南仅依赖于NVRAM,不需要jffs
  • The configuration shown below has been verified to work properly on v24 sp1 stable (standard) 下面的配置在v24 sp1(standard版)已可稳定运行

[edit] Enabling IPv6 Support

On the Administration>Management page, enable IPv6 and radvd.

[edit] Configuring Radvd

Radvd is similar to a DHCP server. It advertises your IPv6 prefix to the local network, so that a new client can generate its own IP address. This config tells radvd to get a 6to4 prefix from the WAN side (vlan1) and announce it to the LAN (br0). Radvd类似于一个DHCP服务器。它公布你的IPv6前缀到本地网络,使新的客户端可以生成自己的IP地址。这个配置告诉radvd获得来自WAN端(VLAN1)6to4前缀,并予以公告到LAN(br0)

Copy the following into your radvd settings box:

interface br0 {
   MinRtrAdvInterval 3;
   MaxRtrAdvInterval 10;
   AdvLinkMTU 1280;
   AdvSendAdvert on;
   prefix 0:0:0:1::/64 {
    AdvOnLink on;
    AdvAutonomous on;
    AdvValidLifetime 86400;
    AdvPreferredLifetime 86400;
    Base6to4Interface vlan1;
    AdvRouterAddr on;
   };
};

[edit] Startup Script

This startup script acquires your current IPv4 address and uses it to calculate a 6to4 IPv6 address. It then creates the tunnel interface, configures a route, and assigns the address. Afterwards, it sends radvd a SIGHUP so that it will become aware that the prefix has changed. 该启动脚本获取当前的IPv4地址,并用它来计算的6to4 IPv6地址。然后它创建的隧道接口,配置路由,并分配地址。接着,它发送一个SIGHUP radvd使其意识到,前缀已改变。

Go to Administration>Diagnostics or Administration>Commands in v24 sp1, copy the following into the big box, and hit "Save Startup".

insmod /lib/modules/`uname -r`/ipv6.o
sleep 5
radvd -C /tmp/radvd.conf start
sleep 5
WANIP=$(ip -4 addr show dev vlan1 | awk '/inet / {print $2}' | cut -d/ -f1)
if [ -n "$WANIP" ]
then
 V6PREFIX=$(printf '2002:%02x%02x:%02x%02x' $(echo $WANIP | tr . ' '))
 ip tunnel add tun6to4 mode sit ttl 255 remote any local $WANIP
 ip link set tun6to4 mtu 1280
 ip link set tun6to4 up
 ip addr add $V6PREFIX:0::1/16 dev tun6to4
 ip addr add $V6PREFIX:1::1/64 dev br0
 ip -6 route add 2000::/3 via ::192.88.99.1 dev tun6to4
 kill -HUP $(cat /var/run/radvd.pid)
fi

[edit] 6to4 on current builds (after v24 sp1)当前版本的6to4(v24 sp1以后的版本)

Pandora-Box got a script that works on current builds of v24. This has been successfully implemented on Eko 13309 big (which does not come with ipv6, so you must use "ipkg install kmod-ipv6" to get it to work). Pandora-Box有个脚本可在v24版本上运行。这个脚本在Eko 13309 big{某路由器的型号}上使用成功(其中ipv6不能启动,因此必须使用"ipkg install kmod-ipv6"让ipv6运行){貌似是Eko 13309 big才会碰到的情况}

The scripts are as follows:

in Administration, under IPv6/RaDVD config:

 interface br0 { 
 MinRtrAdvInterval 3; 
 MaxRtrAdvInterval 10; 
 AdvLinkMTU 1280; 
 AdvSendAdvert on; 
 prefix 0:0:0:1::/64 { 
 AdvOnLink on; 
 AdvAutonomous on; 
 AdvValidLifetime 86400; 
 AdvPreferredLifetime 86400; 
 Base6to4Interface vlan1; 
 }; 
 }; 


in Adminstration > Commands, Startup Script:

 insmod /lib/modules/`uname -r`/ipv6.o
 sleep 5 
 radvd -C /tmp/radvd.conf start 
 sleep 5 
 WANIP=$(ip -4 addr show dev vlan1 | grep 'inet ' | awk '{print $2}' | cut -d/ -f1) 
 if [ -n "$WANIP" ] 
 then 
 V6PREFIX=$(printf '2002:%02x%02x:%02x%02x' $(echo $WANIP | tr . ' ')) 
 ip tunnel add tun6to4 mode sit ttl 255 remote any local $WANIP 
 ip link set tun6to4 mtu 1280 
 ip link set tun6to4 up 
 ip addr add $V6PREFIX:0::1/16 dev tun6to4 
 ip addr add $V6PREFIX:1::1/64 dev br0 
 ip -6 route add 2000::/3 via ::192.88.99.1 dev tun6to4 
 kill -HUP $(cat /var/run/radvd.pid) 
 fi 
 radvd -C /tmp/radvd.conf start

[edit] 6to4 on k2.6 builds

The above scripts can be modified to use with 2.6 kernel builds, as follows:

Radvd config:

interface br0 { 
MinRtrAdvInterval 3; 
MaxRtrAdvInterval 10; 
AdvLinkMTU 1480; 
AdvSendAdvert on; 
prefix 0:0:0:1::/64 { 
AdvOnLink on; 
AdvAutonomous on; 
AdvValidLifetime 86400; 
AdvPreferredLifetime 86400; 
Base6to4Interface vlan1; 
}; 
}; 

Startup script:

insmod /lib/modules/`uname -r`/kernel/net/ipv6/sit.ko 
sleep 5 
radvd -C /tmp/radvd.conf start 
sleep 5 
WANIP=$(ip -4 addr show dev vlan1 | grep 'inet ' | awk '{print $2}' | cut -d/ -f1) 
if [ -n "$WANIP" ] 
then 
V6PREFIX=$(printf '2002:%02x%02x:%02x%02x' $(echo $WANIP | tr . ' ')) 
ip tunnel add tun6to4 mode sit ttl 255 remote any local $WANIP 
ip link set tun6to4 mtu 1480 
ip link set tun6to4 up 
ip addr add $V6PREFIX:0::1/16 dev tun6to4 
ip addr add $V6PREFIX:1::1/64 dev br0 
ip -6 route add 2000::/3 via ::192.88.99.1 dev tun6to4 
kill -HUP $(cat /var/run/radvd.pid) 
fi 
sleep 10 
radvd -C /tmp/radvd.conf start 

Note that this script is specifically for the WRT610N v1, where vlan2 is the WAN. On other routers, you may have to substitute vlan1. 如果你使用的路由器是WRT610N v1,它的WAN接口是vlan2,需要将上方两处的vlan1替换为vlan2

[edit] Performance Concerns 性能问题

When you send a packet from a 6to4 address to a native IPv6 address, it has to pass through a 6to4 gateway. RFC3068 established the special anycast address 192.88.99.1 which is supposed to lead you to the nearest gateway. However, some ISPs don't handle this properly, so you may find that all of your packets are crossing an ocean or two. 当你发送一个数据包从一个6to4地址到原生IPv6地址,它必须通过6to4的网关。 RFC3068设立的特别选播地址192.88.99.1,这是为了带你到最近的网关。然而,一些互联网服务供应商不处理这个特性,所以你可能会发现,你的所有数据包都会去国外兜几个圈子。

If this affects you, then you may need to do some detective work to locate a closer gateway. One possible approach is to use IPv4 Looking Glass tools to traceroute to 192.88.99.1 from various locations on the Internet and see where you end up. 如果这会影响你,那你可能需要做一些侦探工作,找到一个更近的网关。一种可能的方法是使用IPv4路由跟踪工具,IPv4 Looking Glass在互联网上从不同地点由192.88.99.1查询最终到你。

Or you could bug your ISP about it, but they'll probably be like "IPvWHAT?" 当然你也可以对此问题质询您的互联网服务供应商,但他们很可能会反问你“IPv那东西是啥?“

[edit] 6to4 IPv6 as default protocol

As per RFC3484 §2.1 default policy table, having a 6to4 enabled LAN (using a 6to4 anycast tunel on a DD-WRT enabled box, say) will mean that 6to4 IPv6 will only be used to communicate to a server if the server is having a 6to4 adress too (ie: 2002: prefix on its address) or if there is no IPv4 address assigned to the server name (ie: no A but an AAAA).

In short the following makes IPv4 default on IPv6 enabled Windows boxes using 6to4 prefixes.

1. Start -> Run -> "cmd" -> "netsh" -> "interface" -> "ipv6"

2. To enable IPv6 preference on Microsoft Windows...

set prefix ::1/128 50 0
set prefix ::/0 40 1
set prefix 2002::/16 30 1
set prefix ::/96 20 3
set prefix ::ffff:0/96 10 4
set prefix 2001::/32 5 5

Only the 2002::/16 line (6to4 prefix policy) is changed.

3. To make things goes back to original mode (IPv4 preference)...

set prefix ::1/128 50 0
set prefix ::/0 40 1
set prefix 2002::/16 30 2
set prefix ::/96 20 3
set prefix ::ffff:0/96 10 4
set prefix 2001::/32 5 5

And Voilà ;-)

Notes: ::1/128 == localhost, ::/0 == default, 2002::/16 == 6to4, ::/96 + ::ffff::0/96 == IPv4 compatibility, 2001::/32 == Teredo, 2000::/3 would be All IPv6 Global Unicast address space

[edit] SixXS Tunnel Broker SixXS隧道代理

[edit] Requesting a Tunnel/Subnet

1. Sign up with a RIPE/ARIN/etc handle or by using the direct signup
2. After your login at the SixXS Home you can request a tunnel and later a subnet.

Note that providing a link to a XING or LinkedIn profile or providing links to projects you work on can provide extra credits!

[edit] Static Tunnel

There are instructions at Remoteroot.net with example scripts.

This wiki also offers an example IPv6 startup script

Notice that radvd doesn't work with mini version but requires the full version of DD-WRT. Also if you have problems with pinging and SixXS, notice their FAQ message related to this. By default DD-WRT seems to try to masquerade also the IPv6 packets so the following addition to the firewall rule worked for me:

 iptables -t nat -D POSTROUTING -o vlan2 -j MASQUERADE
 iptables -t nat -I POSTROUTING -p ! ipv6 -o vlan2 -j MASQUERADE

EDIT: You need to allow tunneled packets to be accepted on the interface! -deriamis

 iptables -I INPUT 2 -p ipv6 -i vlan2 -j ACCEPT

[edit] Dynamic Tunnel

[edit] Install AICCU

1. Install AICCU using ipkg.

 # ipkg -force-depends install http://downloads.openwrt.org/kamikaze/8.09.2/brcm47xx/packages/aiccu_20070115-2.1_mipsel.ipk

2. Configure AICCU.

 # vi /jffs/etc/aiccu.conf
 # AICCU Configuration
 
 # Login information
 username <your nichandle/username>
 password <your password>
 
 # Protocol and server listed on your tunnel
 protocol tic
 server tic.sixxs.net
 
 # Interface names to use
 ipv6_interface sixxs
 
 # The tunnel_id to use
 # (only required when there are multiple tunnels in the list)
 tunnel_id <your tunnel id>
 
 # Be verbose?
 verbose false
 
 # Daemonize?
 daemonize true
 
 # Require TLS?
 requiretls true
 
 # Set default route?
 defaultroute true

Note that if you can't write to /jffs/etc/, you can always store the script in another directory (that of course is persistent otherwise you loose it :) and use eg 'aiccu start /tmp/aiccu.conf' to pick a different configuration file location.

EDIT: A few other things are now necessary to make tunnels now... -deriamis

3. Install other required packages

 ipkg -force-depends install http://downloads.openwrt.org/kamikaze/8.09.2/brcm47xx/packages/kmod-ip6tables_2.6.25.20-brcm47xx-1_mipsel.ipk
 ipkg -force-depends install http://downloads.openwrt.org/kamikaze/8.09.2/brcm47xx/packages/ip6tables_1.4.0-1_mipsel.ipk

[edit] Automatically start your Tunnel

1. Put these lines into your startup script

insmod ipv6
insmod sit
insmod /jffs/lib/modules/2.6.25.20/ip6_tables.o 
insmod /jffs/lib/modules/2.6.25.20/ip6table_filter.o 
insmod /jffs/lib/modules/2.6.25.20/ip6t_multiport.o
sleep 5

WANIP=$(ip -4 addr show dev vlan2 | awk '/inet / {print $2}' | cut -d/ -f1) 
MY_TUNNEL_ADDR="<'Your IPv6' in tunnel info>"
TUNNEL_POP="<'PoP IPv6' in tunnel info>"
TUNNEL_REMOTE_IP="<'PoP IPv4' in tunnel info>"
echo "External IP:" $WANIP > /jffs/startup.debug
if [ -n $WANIP ]
then
echo "configuring tunnel" >> /jffs/startup.debug
fi

ip -6 tunnel add sixxs mode sit remote $TUNNEL_REMOTE_IP local $WANIP ttl 255
ip -6 link set sixxs up

# AICCU doesn't set up the tunnel properly but it will maintain the heartbeat for you
/usr/sbin/ntpclient -s -h us.pool.ntp.org
aiccu start /jffs/etc/config/aiccu

# Do all the things that AICCU was supposed to do and didn't
ip -6 addr add $MY_TUNNEL_ADDR/64 dev sixxs
ip -6 route add ::/0 dev sixxs

# WRONG ip -6 addr add $TUNNEL_POP dev sixxs
# WRONG  ip -6 addr add $TUNNEL_POP dev br0
ip route add 2000::/3 dev sixxs

# For each subnet you are routing, add one of these lines:
ip -6 addr add <Subnet Prefix without '::/48'>::1/64 dev br0

# Start IPv6 forwarding on the router
/bin/echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
radvd -C /tmp/radvd.conf


2. Announce your Subnet with radvd

Enable radvd at the webinterface of your router (Administration->Management->IPv6 Support), then insert your radvd.conf into the form and save your settings.(You must use the /64 prefix even if you got a /48 subnet)

interface br0 { 
    AdvSendAdvert on; 
    AdvHomeAgentFlag on; 
    AdvLinkMTU 1480; 
    MinRtrAdvInterval 3; 
    MaxRtrAdvInterval 10; 
    prefix <Subnet Prefix without '::/48'>::/64 { 
        AdvOnLink on; 
        AdvAutonomous on; 
        AdvRouterAddr on; 
    }; 
};

3. Reboot the router!

When the router comes back up, you should be able to use IPv6. Congratulations!

[edit] Hurricane Electric's Tunnelbroker.net

[edit] Registration

1) Sign up for an account with our web based registration at Tunnelbroker.net

2) After creating your account, provide your IPv4 endpoint, and pick the closest tunnel-server to your location:

  • Fremont, CA
  • New York City, NY
  • Chicago, IL
  • Dallas, TX
  • London, UK
  • Frankfurt, DE
  • Paris, FR
  • Amsterdam, NL
  • Hong Kong, HK

[edit] Features

By default you already get a /64 allocation routed to your side of the tunnel.

If you need more than a single /64, with the click of a button you can allocate a single /48 routed to your side of the tunnel.

A large variety of configuration examples are provided for various platforms covering: Linux, *BSD, Windows as well as router platforms.

Tunnelbroker.net is operated and maintained by a business and not individuals, and provided FREE to anyone interested in learning more about IPv6.

[edit] Startup Script

This works for me on v24 SP2:

insmod ipv6
sleep 5
WANIP=$(ip -4 addr show dev vlan1 | awk '/inet / {print $2}' | cut -d/ -f1)
MY_TUNNEL_ADDR="2001:470:1f0e:5cd::2" # change me
MY_ROUTED_ADDR="2001:470:1f0f:5cd::1" # change me
echo "External IP:" $WANIP > /jffs/startup.debug
if [ -n $WANIP ]
then
echo "configuring tunnel" >> /jffs/startup.debug

# The following commands are straight from HE's website
ip tunnel add he-ipv6 mode sit remote 216.218.224.42 local $WANIP ttl 255
ip link set he-ipv6 up
ip addr add $MY_TUNNEL_ADDR/64 dev he-ipv6
ip route add ::/0 dev he-ipv6

# These commands aren't on HE's website, but they're necessary for the tunnel to work
ip -6 addr add $MY_ROUTED_ADDR/64 dev he-ipv6
ip -6 addr add $MY_ROUTED_ADDR/64 dev br0
ip route add 2000::/3 dev he-ipv6

echo "starting radvd" >> /jffs/startup.debug
radvd -C /jffs/radvd.conf &
fi
  • The tunnel address and routed address are on your Tunnel Details page on HE's website. For MY_TUNNEL_ADDR, use the value for "Client IPv6 Address", and for MY_ROUTER_ADDR, use the value for "Routed /64".
  • Many people have working configurations using only the tunnel address for everything, but you need to use the routed address for your network if you want certain things like reverse DNS to work.
  • You have to have your radvd config saved in /jffs/radvd.conf. Running radvd from the web interface has never worked for me; if it works for you, you can drop the radvd line from the script.
  • This script doesn't handle when your IP address changes; you'll need to manually update it on HE's website, or use the endpoint updater script below.
  • I occasionally have issues with the tunnel dying randomly. Pinging the router's IPv6 address fixes it for some reason, I have no idea why. :( -- update 2009.12.14 by calraith: Try adding metric 1 as an argument to the ip route add directives. ip route add ::/0 dev he-ipv6 metric 1
  • When you put your radvd config into the webgui (on administration tab) it is available at /tmp/radvd.conf. You can use this instead of creating a /jffs/radvd.conf file (I have issues with my jffs on my WRT350N). I have my startup.debug file in /tmp/startup.debug as well. ~methaneb

[edit] Endpoint updater

If your router gets a dynamic ip, you need to update your endpoint in your tunnelbroker account. This can be done on DDWRT with this busybox-only script: Tunnelbroker.net enpoint address updater

Download it into tmp or jffs, edit the file to set up your credentials or just run it from commandline:

updateipv4.sh username password tunnelid

A successful update means either your current endpoint IP is the same as your previous one, or it has been updated to your current one.

[edit] Additional Links

Tunnelbroker.net's user forums

IPv6 Setup with SAMBA

IPv6 Setup using NVRAM

[edit] Notes

[edit] Anonymous IPv6 at Microsoft Windows

By default on WinXP, Win2003 or WinVista, IPv6 addresses built from IPv6 prefix (stateless configuration for instance) are using the EUI-64 (cf MAC address) of your network card as a suffix. This can lead to some privacy issues, hence another IPv6 address is dynamically computed and used by default. Such an anonymous address changes (according to a computation algorithm) each time the IPv6 stack starts. This can cause some trouble under certain conditions where the server needs a unique and static IPv6 (containing the EUI-64). The solution is to deactivate the creation of those "privacy addresses". But be carefull, this will then lead to leaking the EUI-64 and also enables people to track you (logs, google, etc). So, it's a tradeoff.

If you want to disable temporary IPv6 addresses, try the command :

netsh interface ipv6 set privacy state=disable

or

ipv6 -p gpu UseTemporaryAddresses no

[edit] ping6 at dd-wrt v23

Try to install busybox from OpenWRT: http://downloads.openwrt.org/people/florian/bin/packages/

 ~ # ipkg install http://downloads.openwrt.org/people/florian/bin/packages/busybox_1.1.3-1_mipsel.ipk


Okay now you have to install uclibc (with -force-depends): http://downloads.openwrt.org/people/florian/bin/packages/

 ~ # ipkg -force-depends install http://downloads.openwrt.org/people/florian/bin/packages/uclibc_0.9.28-8_mipsel.ipk

After installing these packages you have to change the priority of the /lib path in your shell environment:

 ~ # export LD_LIBRARY_PATH=/usr/lib:/jffs/lib:/jffs/usr/lib:/jffs/usr/local/lib:/lib

For the last step you have to change the ping6 symlink:

 ~ # rm /jffs/bin/ping6
 ~ # cd /jffs/bin
 ~ # ln -s /jffs/bin/busybox ping6

Now ping6 should work for the current xterm session.

[edit] Troubleshooting

So you've tried to set up IPv6, but it didn't work! Don't panic, it's probably still fixable.

[edit] Tunnel issues

The first question to ask is, can you ping the router from the internet? Head over to [1] and use the ping test with your external IPv6 IP. (For HE and SixXS tunnels, this will be your client tunnel IP; for 6to4, it'll be generated from your public IPv4 address.) If the ping goes through, congratulations! Your tunnel isn't the problem.

[edit] 6to4-specific issues

6to4 uses a special IP address (192.88.99.1) to configure the tunnel. Try pinging this IP; if it doesn't work, then 6to4 probably won't work for you. You could bother your ISP about it, but as likely as not they'll just ignore you completely.

6to4 also requires that protocol 41 (different from port 41!) be accessible. It's rare for ISPs to block this, but if they really feel like jerks it's not impossible. proto41 blocking is difficult to detect, unfortunately.

[edit] Hurricane Electric specific issues

Make sure your IPv4 address is set properly on the HE website. If not, your tunnel won't work. Similarly, make sure the IPv6 tunnel addresses you use are correct.

[edit] Radvd issues

If you're using radvd and it's not working somehow, then your router will have a working IPv6 connection, but it won't be passed on to your other computers. If your computers aren't receiving IPv6 addresses, then this is the problem.

The best tool for checking this is the radvdump program. Run it as root, and it'll show you any router advertisements your computer sends or receives. If you don't see any after a while, radvd probably isn't running. Try running "ps | grep radvd" on your router to see if it is. If it's not running, you can save your config file to jffs, and then run radvd manually:

radvd -C /jffs/radvd.conf

Beyond making sure IPv6 support is enabled on your client computers, you shouldn't have to configure anything else when using radvd.

[edit] Working configuration

For comparison, here's the output of a few commands on my router (which has a working HE.net tunnel):

root@DD-WRT:~# ip -6 addr show
1: lo: <LOOPBACK,MULTICAST,UP> 
    inet6 ::1/128 scope host 
3: eth0: <BROADCAST,MULTICAST,PROMISC,UP> 
    inet6 fe80::21c:10ff:fe5b:7978/64 scope link 
4: eth1: <BROADCAST,MULTICAST,PROMISC,UP> 
    inet6 fe80::21c:10ff:fe5b:797a/64 scope link 
5: vlan0: <BROADCAST,MULTICAST,PROMISC,UP> 
    inet6 fe80::21c:10ff:fe5b:7978/64 scope link 
6: vlan1: <BROADCAST,MULTICAST,UP> 
    inet6 fe80::21c:10ff:fe5b:7979/64 scope link 
7: br0: <BROADCAST,MULTICAST,UP> 
    inet6 2001:470:1f0f:5cd::1/64 scope global 
    inet6 fe80::21c:10ff:fe5b:7978/64 scope link 
10: he-ipv6: <POINTOPOINT,NOARP,UP> 
    inet6 2001:470:1f0f:5cd::1/64 scope global 
    inet6 2001:470:1f0e:5cd::2/64 scope global 
    inet6 fe80::48b3:3572/128 scope link
root@DD-WRT:~# ip -6 route show
2001:470:1f0e:5cd::/64 via :: dev he-ipv6  metric 256  mtu 1480 advmss 1420
2001:470:1f0f:5cd::/64 via :: dev he-ipv6  metric 256  mtu 1480 advmss 1420
2001:470:1f0f:5cd::/64 dev br0  metric 256  mtu 1500 advmss 1440
2000::/3 dev he-ipv6  metric 1024  mtu 1480 advmss 1420
fe80::/64 dev eth0  metric 256  mtu 1500 advmss 1440
fe80::/64 dev eth1  metric 256  mtu 1500 advmss 1440
fe80::/64 dev vlan0  metric 256  mtu 1500 advmss 1440
fe80::/64 dev vlan1  metric 256  mtu 1500 advmss 1440
fe80::/64 dev br0  metric 256  mtu 1500 advmss 1440
fe80::/64 via :: dev he-ipv6  metric 256  mtu 1480 advmss 1420
ff00::/8 dev eth0  metric 256  mtu 1500 advmss 1440
ff00::/8 dev eth1  metric 256  mtu 1500 advmss 1440
ff00::/8 dev vlan0  metric 256  mtu 1500 advmss 1440
ff00::/8 dev vlan1  metric 256  mtu 1500 advmss 1440
ff00::/8 dev br0  metric 256  mtu 1500 advmss 1440
ff00::/8 dev he-ipv6  metric 256  mtu 1480 advmss 1420
default dev he-ipv6  metric 1024  mtu 1480 advmss 1420

[edit] 外部连接