User Tools

Site Tools


doc:uci:network6

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
doc:uci:network6 [2014/02/24 18:33]
hnyman Add updatekey for he.net
doc:uci:network6 [2015/04/29 14:27] (current)
steven
Line 14: Line 14:
   * Prefix Handling   * Prefix Handling
     * Management of prefixes, addresses and routes from upstream connections and local ULA-prefixes     * Management of prefixes, addresses and routes from upstream connections and local ULA-prefixes
-    * Management of prefix unreachable-routes,​ prefix deprecation (RFC 6204) and prefix classes+    * Management of prefix unreachable-routes,​ prefix deprecation ([[http://​tools.ietf.org/​html/​rfc7084|RFC 7084]]) and prefix classes
     * Distribution of prefixes onto downstream interfaces (including size, ID  and class hints)     * Distribution of prefixes onto downstream interfaces (including size, ID  and class hints)
-    * Source-based policy routing to correctly handle multiple uplink interfaces, ingress policy filtering (RFC 6204)+    * Source-based policy routing to correctly handle multiple uplink interfaces, ingress policy filtering ([[http://​tools.ietf.org/​html/​rfc7084|RFC 7084]])
  
   * Native IPv6 configuration   * Native IPv6 configuration
Line 27: Line 27:
   * IPv6 transitioning technologies   * IPv6 transitioning technologies
     * Setup and management of IPv6-in-IPv4 tunnels (6rd, 6to4, 6in4)     * Setup and management of IPv6-in-IPv4 tunnels (6rd, 6to4, 6in4)
-    * Setup and management of IPv4-in-IPv6 tunnels (ds-lite) +    * Setup and management of IPv4-in-IPv6 tunnels (ds-lite, lw4o6, map-e
-    * Support for 6rd setup from DHCP and ds-lite setup from DHCPv6 ​(experimental)+    * Setup and management of IPv4-to-IPv6 translation (map-t, 464xlat CLAT) [since Chaos Calmer] 
 +    * Automatic ​setup of tunnels ​from DHCP and DHCPv6 ​[since Chaos Calmer]
  
   * Downstream IPv6 configuration   * Downstream IPv6 configuration
Line 44: Line 45:
  
  
-The following requirements of RFC 67084 are currently known not to be met. +The following requirements of [[http://​tools.ietf.org/​html/​rfc7084|RFC 7084]] ​are currently known not to be met. 
-  *  ​RFC 7084 W-6 (SHOULD-requirement)There is no PCP-Client currently integrated in the stack. +  *  ​[[http://tools.ietf.org/​html/​rfc7084|RFC 7084]] WAA-5 (SHOULD-requirement):​ The NTP-Server is requested and received but currently not processed or used.
-  *  ​RFC 7084 WAA-5 (SHOULD-requirement):​ The NTP-Server is requested and received but currently not processed or used.+
  
  
Line 65: Line 65:
  
 config interface wan6 config interface wan6
-        option ifname ​  @wan+        option ifname ​  eth1 # use same ifname as in wan-section or "@wan"
         option proto    dhcpv6         option proto    dhcpv6
  
Line 74: Line 74:
 </​code>​ </​code>​
  
-:!: The package ''​odhcp6c''​ must be installed to use dhcpv6. See [[doc/​uci/​network#​protocol.dhcpv6]] for advanved ​configuration options.+:!: The package ''​odhcp6c''​ must be installed to use dhcpv6. See [[doc/​uci/​network#​protocol.dhcpv6]] for advanced ​configuration options.
  
  
Line 111: Line 111:
         # configuration options below are only valid for HEnet tunnels. ignore them for other tunnel providers.         # configuration options below are only valid for HEnet tunnels. ignore them for other tunnel providers.
         option tunnelid '​123456'​ # HE.net tunnel id         option tunnelid '​123456'​ # HE.net tunnel id
-        option username 'tb1234567890.12345678' # HE.net username+        option username 'username' # HE.net username, which you use to login into tunnelbroker,​ not the User ID shows after you have login in.
         option password '​password'​ # HE.net password if there is no updatekey for tunnel         option password '​password'​ # HE.net password if there is no updatekey for tunnel
         option updatekey '​updatekey'​ # HE.net updatekey instead of password, default for new tunnels         option updatekey '​updatekey'​ # HE.net updatekey instead of password, default for new tunnels
Line 129: Line 129:
  
 ==== 6rd tunnel (ISP-provided IPv6 transition) ==== ==== 6rd tunnel (ISP-provided IPv6 transition) ====
-6rd is a tunnelmechanism based on 6to4. Unlike other tunneling mechanisms 6rd is usually provided by the ISP itself. +6rd is a tunnelmechanism based on 6to4. Unlike other tunneling mechanisms 6rd is usually provided by the ISP itself. ​The values for the tunnel are usually obtained with the DHCPv4 request for the WAN interface.
-Therefore you need to obtain the correct ​values for peeraddr, ip6prefix, ip6prefixlen and ip4prefixlen from your ISP.+
  
 +:!: In Chaos Calmer and later the configuration is usually auto-detected and manual configuration is not needed, simply installing the 6rd package (and rebooting) is usually enough.
  
 /​etc/​config/​network:​ /​etc/​config/​network:​
 <​code>​ <​code>​
-config ​'interface' ​'wan6+config interface 'wan
-        option 'proto' '6rd+        option ​ifname ​'eth0.2
-        option ​peeraddr ​'192.0.2.1' # The 6rd IPv4-gateway +        option ​proto 'dhcp' 
-        option ​ip6prefix '​2123::' ​  # Your ISP's IPv6-prefix +         
-        option ​ip6prefixlen '​16' ​   # Your ISP's IPv6-prefix length +        ​# The following two lines are only needed in Barrier Breaker 
-        ​option ip4prefixlen '​0' ​    # Your ISP's IPv4 prefix mask+        option ​iface6rd wan_6rd 
 +        option ​zone6rd wan 
 +</​code>​
  
-config '​interface'​ '​lan'​ +To debug 6rd via DHCP, first check if the parameters are sent. Create a /​etc/​udhcpc.user with the following content: 
-        ​option '​proto'​ '​static'​ + 
-        ​option ip6assign 60 +<​code>​ 
-...+#!/bin/sh 
 +env >> /tmp/udhcpc.log
 </​code>​ </​code>​
 +
 +Reboot the router and check the log file for the following line:
 +
 +<​code>​
 +ip6rd=16 40 2001:​0838:​ad00:​0000:​0000:​0000:​0000:​0000 77.174.0.2
 +</​code>​
 +
 +
 +If this line isn't present, you need to obtain the correct values for peeraddr, ip6prefix, ip6prefixlen and ip4prefixlen from your ISP. The above ip6rd or the obtained values can be used to hardcode the 6RD tunnel. Remove or comment out the iface6rd line in the wan section.
 +
 +/​etc/​config/​network:​
 +<​code>​
 +config interface '​wan6'​
 +        option proto '​6rd'​
 +        option peeraddr '​77.174.0.2'​
 +        option ip6prefix '​2001:​838:​ad00::'​
 +        option ip6prefixlen '​40'​
 +        option ip4prefixlen '​16'​
 +</​code>​
 +
 +:!: In Chaos Calmer the default /​etc/​config/​network works after installing the 6rd package. The mentioned dhcpv6 is ignored if it doesn'​t succeed. The above configuration for Barrier Breaker works also in later variants and may be less confusing.
  
 :!: If you choose a name for your tunnel-interface that is different from '​wan6'​ make sure to add that name to the network-option of the firewall-zone '​wan'​ in /​etc/​config/​firewall. :!: If you choose a name for your tunnel-interface that is different from '​wan6'​ make sure to add that name to the network-option of the firewall-zone '​wan'​ in /​etc/​config/​firewall.
  
-:!: The package ''​6rd''​ must be installed to use 6rd-tunnels. See [[doc/​uci/​network#​protocol.6rd.ipv6.rapid.deployment]] for advanved configuration options.+:!: The package ''​6rd''​ must be installed to use 6rd-tunnels. See [[doc/​uci/​network#​protocol_6rd_ipv6_rapid_deployment]] for advanved configuration options
 + 
 +==== 6pe, L2TP tunnel, softwire (ISP-provided IPv6 transition) ==== 
 + 
 +This is another transitional mechanism for IPv6, used by some ISPs.  It relies on a L2TPv2 tunnel.
  
 +Detailed configuration:​ [[doc/​howto/​ipv6.softwire]]
  
 ==== 6to4 tunnel ==== ==== 6to4 tunnel ====
Line 177: Line 206:
 ds-lite is a transitioning-mechanism which is used by ISPs to support legacy IPv4-connectivity over a native IPv6 connection. ds-lite is a transitioning-mechanism which is used by ISPs to support legacy IPv4-connectivity over a native IPv6 connection.
  
-:!: ds-lite ​operation requires that IPv4 NAT is disabled. You should adjust your settings in /​etc/​config/​firewall accordingly. +:!: In Chaos Calmer and later the configuration is usually auto-detected and manual configuration is not needed, simply installing the ds-lite ​package (and rebooting) ​is usually enough.
  
 /​etc/​config/​network:​ /​etc/​config/​network:​
Line 251: Line 279:
 OpenWrt is also able to detect when there is no prefix available from an upstream interface and can switch into relaying mode automatically to extend the upstream interface configuration onto its downstream interfaces. This is useful for putting an OpenWrt behind another IPv6-router which doesn'​t offer prefixes via DHCPv6-PD. OpenWrt is also able to detect when there is no prefix available from an upstream interface and can switch into relaying mode automatically to extend the upstream interface configuration onto its downstream interfaces. This is useful for putting an OpenWrt behind another IPv6-router which doesn'​t offer prefixes via DHCPv6-PD.
  
-Example configuration section (/​etc/​config/​dhcp)+Example configuration section ​for SLAAC + DHCPv6 server mode (/​etc/​config/​dhcp)
 <​code>​ <​code>​
 config dhcp lan config dhcp lan
-    option dhcpv6 ​hybrid +    option dhcpv6 ​server 
-    option ra hybrid +    option ra server 
-    option ndp hybrid+</​code>​ 
 + 
 +Example configuration section for SLAAC alone (/​etc/​config/​dhcp) 
 +<​code>​ 
 +config dhcp lan 
 +    option dhcpv6 disabled 
 +    option ra server 
 +</​code>​ 
 + 
 +Example configuration section for relaying (/​etc/​config/​dhcp) 
 +<​code>​ 
 +config dhcp wan6 
 +    option dhcpv6 relay 
 +    option ra relay 
 +    option ndp relay 
 +    option master 1 
 + 
 +config dhcp lan 
 +    option dhcpv6 relay 
 +    option ra relay 
 +    option ndp relay
 </​code>​ </​code>​
  
Line 314: Line 362:
 Interpretation:​ Interpretation:​
   * On the interface 2 routes are provided: 2001:​db80::/​48 and a default-route via the router fe80::​800:​27ff:​fe00:​0.   * On the interface 2 routes are provided: 2001:​db80::/​48 and a default-route via the router fe80::​800:​27ff:​fe00:​0.
-  * These routes can only be used by locally generated traffic and traffic with a suitable source-address,​ that is either one of the local addresses or an address out of the delgated ​prefix.+  * These routes can only be used by locally generated traffic and traffic with a suitable source-address,​ that is either one of the local addresses or an address out of the delegated ​prefix.
  
-:!: OpenWrt adds IPv6-routes (like default routes) to specific routing-tables and not the main-table thus they may not be seen by default. You cab use the command ''​ip -6 rule''​ to list all current routing policies.+:!: OpenWrt adds IPv6-routes (like default routes) to specific routing-tables and not the main-table thus they may not be seen by default. You can use the command ''​ip -6 rule''​ to list all current routing policies.
  
 ===== Migration from Attitude Adjustment 12.09 and earlier ===== ===== Migration from Attitude Adjustment 12.09 and earlier =====
Line 330: Line 378:
 It is discouraged to use **ip6addr** to set addresses / prefixes on downstream interfaces (e.g. lan) because it can easily lead to conflicts with the local address delegation. It is discouraged to use **ip6addr** to set addresses / prefixes on downstream interfaces (e.g. lan) because it can easily lead to conflicts with the local address delegation.
 Also it might lead to unexpected result or brokenness due to the source-based policy-routing used in the IPv6-stack. Also it might lead to unexpected result or brokenness due to the source-based policy-routing used in the IPv6-stack.
 +
 Please use the new options **ip6assign** and **ip6hint** instead. Please use the new options **ip6assign** and **ip6hint** instead.
  
Line 341: Line 390:
 </​code>​ </​code>​
  
 +If the router can ping6 the internet, but lan machines get "​Destination unreachable:​ Unknown code 5" or "​Source address failed ingress/​egress policy"​ then the **ip6assign** option is missing on your lan interface.
  
 ==== Router Advertisement & DHCPv6 ==== ==== Router Advertisement & DHCPv6 ====
doc/uci/network6.1393263187.txt.bz2 · Last modified: 2014/02/24 18:33 by hnyman