AICCU (Automatic IPv6 Connectivity Client Utility) configuration
Prerequesite
Signup for an SIXXS account and an SIXXS Handle
See for further details on http://www.sixxs.net/signup/create/
Check if your router is IPV6 ready.
opkg list kmod-ipv6
opkg list kmod-ip6tables
opkg list ip6tables
opkg list aiccu
opkg list radvd |
Save as test.txt and execute sh test.txt
root@OpenWrt:~# sh test.txt
kmod-ipv6 - 3.0.12-1
kmod-ip6tables - 3.0.12-1
ip6tables - 1.4.10-4
aiccu - 20070115-9
radvd - 1.8.3-2 |
or something similar. If a package is missing install and update accordingly.
The aiccu package is configured through /etc/config/aiccu.
Sections
There is only a section of type aiccu defined which may only appear once.
AICCU
Below is a listing of defined options in the aiccu section.
| Name | Type | Required | Default | Description |
|---|---|---|---|---|
username | string | yes | (none) | Username to authenticate with the tunnel broker |
password | string | yes | (none) | Password to authenticate with the tunnel broker |
protocol | string | yes | tic | Authentication protocol, can be one of tic, tsp or l2tp |
server | ipaddr | no | (none) | Server to use |
interface | string | no | aiccu | Name of the created tunnel interface |
tunnel_id | integer | no | (none) | Tunnel ID to use if there are multiple tunnels registered with the broker |
requiretls | boolean | no | 0 | Force the client to abort if the server does not support TLS |
defaultroute | boolean | no | 1 | Whether to install an IPv6 default route over the established tunnel |
nat | boolean | no | 1 | Notify if behind NAT |
heartbeat | boolean | no | 1 | To enable AYIYA set heartbeat to 1, in case of an heartbeat tunnel 0 |
Tunnels
AYIYA
Example of an AYIYA tunnel configuration with the SixXS tunnel broker.
config 'aiccu'
option 'username' 'test'
option 'password' 'test'
option 'tunnelid' '1234'
option 'protocol' 'tic'
option 'server' 'tic.sixxs.net'
option 'interface' 'sixxs.0' |
In case you are behind a NAT firewall consult the SixX FAQ and check how to enable proto 41.
Heartbeat
Example of an SIXXS 6in4-heartbeat tunnel.
We will configure /etc/config/aiccu, modify /etc/config/network and /etc/config/firewall. This is tested for firewall2 using the related trunks for DIR-600 B1/B2 and RT-N16. And finally on ALIX Board using ../backfire/10.03.1-rc5/x86_generic/.
You have to request an heartbeat tunnel from SIXXS before. Check and review their documentation.
Prior to any change in your running configuration, create backups using your prefered back method.
Change /etc/config/aiccu using your SIXXS username and Tunnel ID.
config aiccu
option username 'ABCD-SIXXS/T1234'
option password 'yourpwasswort'
option protocol 'tic'
option server 'tic.sixxs.net'
option interface 'sixxs.0'
option tunnel_id 'T1234'
option requiretls '0'
option defaultroute '1'
option nat '1'
option heartbeat '1' |
Static 6in4
tbd
Interface and LAN configuration
Configure an ipv6 IP to your lan interface and create an additional wan6 interface in /etc/config/network using the VLAN interface.0 notation.
config 'interface' 'lan'
option 'type' 'bridge'
option 'ifname' 'eth0.0'
option 'proto' 'static'
option 'ipaddr' '192.168.1.1'
option 'netmask' '255.255.255.0'
option 'ip6addr' '2001:xxxx:yyyyy::1/64
config 'interface' 'wan6'
option 'proto' 'static'
option 'ifname' 'sixxs.0'
option 'send_rs' '0'
option 'ip6addr' '2001:your:end:point::2' |
Replace your:end:point with your SIXXS Tunnel individual endpoint address.
Firewall
Add an additional zone wan6 for IPv6 into
/etc/config/firewall:
config 'zone'
option 'name' 'wan6'
option 'network' 'wan6'
option 'input' 'REJECT'
option 'output' 'ACCEPT'
option 'forward' 'REJECT'
option 'masq' 1 |
Add a corresponding forwarding rule for ipv6 in /etc/config/firewall:
config 'forwarding'
option 'dest' 'wan6'
option 'src' 'lan' |
If necessary configure your individual ipv6 rules in /etc/config/firewall:
config 'rule'
option 'name' 'RHO'
option 'family' 'ipv6'
option 'target' 'DROP'
option 'extra' '-m rt –rt-type 0'
option 'proto' 'all'
option 'src' 'wan6'
config 'rule'
option 'name' 'RHO2'
option 'family' 'ipv6'
option 'target' 'DROP'
option 'extra' '-m rt –rt-type 0'
option 'proto' 'all'
option 'src' 'wan6'
option 'dest' 'lan'
config 'rule'
option 'target' 'ACCEPT'
option 'output' 'ACCEPT'
option 'forward' 'REJECT'
option 'name' 'Allow-Ping ipv6'
option 'family' 'ipv6'
option 'proto' 'icmp'
option 'src' 'wan6'
option 'limit' '1000/sec'
list 'icmp_type' 'echo-request'
list 'icmp_type' 'destination-unreachable'
list 'icmp_type' 'packet-too-big'
list 'icmp_type' 'time-exceeded'
list 'icmp_type' 'bad-header'
list 'icmp_type' 'unknown-header-type'
list 'icmp_type' 'router-solicitation'
list 'icmp_type' 'neighbour-solicitation'
list 'icmp_type' 'echo-reply' |
radvd
Populate your LAN with you local IPv6 ip range.
Therfore adopt /etc/config/radvd using your ipv6 subnet prefix:
config 'interface'
option 'interface' 'lan'
option 'AdvSendAdvert' '1'
option 'AdvManagedFlag' '0'
option 'AdvOtherConfigFlag' '0'
list 'client' ' '
option 'ignore' '0'
config 'prefix'
option 'interface' 'lan'
option 'AdvOnLink' '1'
option 'AdvAutonomous' '1'
list 'prefix' '2001:your:end:point::/64'
option 'ignore' '0'
…….. |
Final Check
Prior to a reboot restart the network and firewall
/etc/init.d/network restart
/etc/init.d/firewall restart |
The zone wan6 should appear as shown below.
root@OpenWrt:~# logread | grep firewall
Feb 23 09:32:06 OpenWrt user.info firewall: adding lan (br-lan) to zone lan
Feb 23 09:32:06 OpenWrt user.info firewall: adding wan (eth0) to zone wan
Feb 23 09:32:10 OpenWrt user.info firewall: adding wan6 (sixxs.0) to zone wan6 |
Do a manual restart of aiccu and radvd.
/etc/init.d/aiccu start
/etc/init.d/radvd start |
Inspect your logfile and check if you can ping ipv6 sites.
root@OpenWrt:~# ping6 ipv6.google.com
PING ipv6.google.com (2a00:1450:4001:c01::93): 56 data bytes
64 bytes from 2a00:1450:4001:c01::93: seq=0 ttl=57 time=24.144 ms
64 bytes from 2a00:1450:4001:c01::93: seq=1 ttl=57 time=23.581 ms
64 bytes from 2a00:1450:4001:c01::93: seq=2 ttl=57 time=22.934 ms |
Do a test from a client in your LAN ipv6 enabled).
C:\Dokumente und Einstellungen\Bilbo_Beutlin>ping6 six.heise.de
six.heise.de [2a02:2e0:3fe:100::6] wird angepingt
von 2001:yyyy:xxxx:0:abcd:dead:beef:1234 mit 32 Bytes Daten:
Antwort von 2a02:2e0:3fe:100::6: Bytes=32 Zeit=10ms
Antwort von 2a02:2e0:3fe:100::6: Bytes=32 Zeit=13ms
Antwort von 2a02:2e0:3fe:100::6: Bytes=32 Zeit=8ms
Antwort von 2a02:2e0:3fe:100::6: Bytes=32 Zeit=8ms
Ping-Statistik für 2a02:2e0:3fe:100::6
Pakete: Gesendet = 4, Empfangen = 4, Verloren = 0 (0% Verlust),
Ungefähre Zeitangaben in Millisekunden:
Minimum = 8ms, Maximum = 13ms, Mittelwert = 9ms |
If everything works fine enable aiccu and radvd
/etc/init.d/aiccu enable
/etc/init.d/radvd enable |
and reboot your router.
doc/uci/aiccu.txt · Last modified: 2012/05/12 19:49 by f41thr