Differences

This shows you the differences between two versions of the page.

doc:howto:ipv6 [2012/12/08 22:58]
shred00
doc:howto:ipv6 [2014/09/18 23:53] (current)
glphvgacs ip6prefix required, password !required
Line 1: Line 1:
-====== IPv6 HowTo on Backfire and later ====== +====== IPv6 HowTo for Backfire and Attitude Adjustment until 12.09 ====== 
-| {{:meta:icons:tango:48px-construction.svg.png?nolink}} | This guide is not yet complete, don't hesitate to ask for help on the IRC channel #openwrt. |+| {{:meta:icons:tango:48px-construction.svg.png?nolink}} | This guide DOES not apply to Attitude Adjustment AFTER 12.09, Barrier Breaker or any other upcoming releases. See [[doc/uci/network6|OpenWrt native IPv6-stack]] for new documentation. |
-Please see ->[[doc:howto:ipv6.theory]] for a load of links to IPv6 related documentation.+| {{:meta:icons:tango:dialog-warning.png?nolink}} | Please make sure that ip6tables is installed and enabled before setting up ipv6 interfaces! <code> opkg update && opkg install ip6tables kmod-ip6tables && fw restart </code> |
-===== Obtain IPv6 support ===== +Please also see ->[[doc:howto:ipv6.theory]] for a load of links to IPv6 related documentation.
-Follow [[doc:howto:ipv6.essentials]] to obtain full IPv6 support. Then come back and read about the configuration here: +
- +
-There are two big, different steps: +
-  - Set up a working IPv6 connection on the OpenWrt router, either by tunneling (SixXs, TSP, 6to4), or natively. +
-  - Propagate the IPv6 subnet to the LAN with [[#RADVD]] or [[#DHCPv6]].+
==== Native IPv6 access ==== ==== Native IPv6 access ====
Line 42: Line 37:
**option mtu 1452** **option mtu 1452**
''| ''|
- 
==== 6in4 tunneling ==== ==== 6in4 tunneling ====
[[http://en.wikipedia.org/wiki/6in4|6in4]] is a method to encapsulate IPv6 traffic into an IPv4 tunnel. It is mostly used by tunnel brokers and requires manual configuration. [[http://en.wikipedia.org/wiki/6in4|6in4]] is a method to encapsulate IPv6 traffic into an IPv4 tunnel. It is mostly used by tunnel brokers and requires manual configuration.
Line 81: Line 75:
option proto 6in4 option proto 6in4
option peeraddr  '216.66.80.30' option peeraddr  '216.66.80.30'
- option ip6addr  '2001:0db8:1f0a:1359::2/64'+ option ip6addr  '2001:0db8:1f0**__a__**:1359::2/64' 
 +        # see notes below for why ip6prefix is required 
 + option ip6prefix '2001:0db8:1f0**__b__**:1359::2/64'
option tunnelid  '12345' option tunnelid  '12345'
- option username  '14c4b06b824ec593239362517f538b29+ option username  'username
- option password  '5f4dcc3b5aa765d61d8327deb882cf99'+       # you no longer need to use your portal password (see notes below) 
 + # option password  'password' 
 + # use updatekey for security 
 +        option updatekey 'updatekey'
''| ''|
Line 91: Line 90:
  * **216.66.80.30**  is the remote IPv4 address (the other side of the tunnel)   * **216.66.80.30**  is the remote IPv4 address (the other side of the tunnel)
  * **2001:0db8:1f0a:1359::2/64** is the local IPv6 tunnel endpoint (labeled "Client IPv6 Address" on the Tunnel Details page in your HE account).   * **2001:0db8:1f0a:1359::2/64** is the local IPv6 tunnel endpoint (labeled "Client IPv6 Address" on the Tunnel Details page in your HE account).
-  * **tunnelid**, **username**, and **password** are provided by the tunnel broker. \\ \\ :!: For Hurricane Electric tunnels, the username is NOT the username for tunnelbroker.net. The username is the user id listed on the main page of your tunnelbroker.net account (called the "API Key" elsewhere). The password is the md5 hash of the tunnelbroker.net password. For details, see [[https://ipv4.tunnelbroker.net/ipv4_end.php|https://ipv4.tunnelbroker.net/ipv4_end.php]]+as of change set 41358 
 +  * **tunnelid** is provided by the tunnel broker.  
 +  * **username**, **password** and **updatekey** are the **//plain text//**  entries from your HE Tunnel Broker account. 
 +and the following no longer applies
-With Attitude Adjustment, once you have added the above interface definition you have to run /etc/init.d/network restart in order to have it effected.+<del>:!: For Hurricane Electric tunnels, the username is NOT the username for tunnelbroker.net. The username is the user id listed on the main page of your tunnelbroker.net account (called the "API Key" elsewhere). The password is the md5 hash of the tunnelbroker.net password. For details, see [[http://ipv4.tunnelbroker.net/ipv4_end.php|http://ipv4.tunnelbroker.net/ipv4_end.php]]</del>
-:!: Note that Hurricane Electric has changed their dynamic negotiation protocol, and the 6in4 package is not yet (August 2011) updated accordingly. See [[https://dev.openwrt.org/ticket/10019|discussion in ticket 10019]]. Based on the discussion HE users need to install the wget package to get HTTPS support in wget and possibly also modify the URL in 6in4 script.+:!: (from notes here [[doc/uci/network#protocol.dhcpv6]]) HE.net has introduced updatekey as default for new tunnels in February 2014. 
 + 
 +:!: (from notes here [[doc/uci/network#protocol.dhcpv6]]) although ip6prefix isn't required, sourcerouting, enabled by default, will prevent forwarding of packets unless ip6prefix is specified. 
 + 
 + 
 +With Attitude Adjustment, once you have added the above interface definition you have to run /etc/init.d/network restart in order to have it effected.
This tunnel, like a VPN, creates a third network interface, called **henet** in this example. A default IPv6 route using this interface is automatically created when this interface connects successfully. This tunnel, like a VPN, creates a third network interface, called **henet** in this example. A default IPv6 route using this interface is automatically created when this interface connects successfully.
Line 172: Line 179:
==== 6to4, 6rd ==== ==== 6to4, 6rd ====
 +(Note: This section lack the 6rd example, so this is for 6to4)
 +
[[wp>6to4]] is a translation mechanism to transform ipv6 packets into IPv4, and back, using specific relay servers.\\ [[wp>6to4]] is a translation mechanism to transform ipv6 packets into IPv4, and back, using specific relay servers.\\
Line 246: Line 255:
(note: option 'target' 'DROP'  stealthed the tunnel; did this along along with dropping UDP and ICMP on the UCI firewall configuration) (note: option 'target' 'DROP'  stealthed the tunnel; did this along along with dropping UDP and ICMP on the UCI firewall configuration)
 +
 +//rem: In my configuration, lan interface did not obtain global ipv6 address automatically, while computers in lan did. Because of this ipv6 sites were available when accessing from router, but were inaccessible from lan. Manually adding global ipv6 address to lan interface solved this issue. For example: //
 +<code> ifconfig lan-br 2002:a5a6:2131:1::1/64 </code> // for 2002:a5a6:2131::1/16 6rd address //
 +
 +//hejnm1am: You need to install package 'ip' to fix this. See https://dev.openwrt.org/ticket/14420.
 +Either install 'ip' package or change line 163 in /lib/netifd/proto/6to4.sh to use ifconfig.
 +//
 +
==== TSP Tunneling ==== ==== TSP Tunneling ====
Line 282: Line 299:
**option prefixlen 64** **option prefixlen 64**
option ifprefix br-lan option ifprefix br-lan
 +
 +:!: prefixlen 64 did not work for me; prefixlen 56 works !
#DNS server list to which the reverse prefix #DNS server list to which the reverse prefix
Line 345: Line 364:
:!: to be completed - please help ? :!: to be completed - please help ?
 +
 +==== IPv6 on softwire ====
 +
 +Some ISPs use so-called '''softwires''' to provide IPv6 connectivity (e.g. SFR in France). It's basically L2TP + PPP on top of IPv4, see [[doc:howto:ipv6.softwire]].
===== Propagate IPv6 subnet to LAN ===== ===== Propagate IPv6 subnet to LAN =====
-Once IPv6 works on the router, it is necessary to spread it on the internal network. Multiple methods are possible, from static routing to auto-configuration. For the later, two options described below exist. Note that when using static WAN connection, you need to add lines+Once IPv6 works on the router, it is necessary to spread it on the internal network. Multiple methods are possible, from static routing to auto-configuration. For the latter, two options described below exist. Note that when using static WAN connection, you need to add lines
option accept_ra 1 option accept_ra 1
Line 374: Line 397:
config prefix config prefix
option interface 'lan' option interface 'lan'
- # If not specified, a non-link-local prefix of the interface is used + # Optional: only necessary if the lan interface has multiple 
- **option prefix '2001:123:456:789::/64'** # Optional - only necessary if the lan interface has multiple global IP addresses assigned to it+ # global IP addresses assigned to it; or the subnet is larger than /64 
 + **option prefix '2001:123:456:789::/64'** # Optional
**option ignore 0** # Or delete the line altogether **option ignore 0** # Or delete the line altogether
               
Line 393: Line 417:
/etc/init.d/radvd start /etc/init.d/radvd start
</code> </code>
 +
 +use logread to check for start up messages
==== wide-dhcpv6-server ==== ==== wide-dhcpv6-server ====

Back to top

doc/howto/ipv6.1355003910.txt.bz2 · Last modified: 2012/12/08 22:58 by shred00