OpenWrt Forum Archive

Topic: IPv6 issues, doesn't get routed right?

The content of this topic has been archived on 23 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
puppet
11 Aug 2007, 12:37

When I ping any ipv6 host  f.ex.

root@sthlmgw:/opt/var# ping6 www.kame.net
PING www.kame.net (2001:200:0:8002:203:47ff:fea5:3085): 56 data bytes
--- www.kame.net ping statistics ---
35 packets transmitted, 0 packets received, 100% packet loss

tcpdump -i henet showes
13:29:58.962722 IP6 2001:470:1f03:8c::2 > 2001:200:0:8002:203:47ff:fea5:3085: ICMP6, echo request, seq 27, length 64
13:29:59.962729 IP6 2001:470:1f03:8c::2 > 2001:200:0:8002:203:47ff:fea5:3085: ICMP6, echo request, seq 28, length 64
13:30:00.962715 IP6 2001:470:1f03:8c::2 > 2001:200:0:8002:203:47ff:fea5:3085: ICMP6, echo request, seq 29, length 64
13:30:01.962729 IP6 2001:470:1f03:8c::2 > 2001:200:0:8002:203:47ff:fea5:3085: ICMP6, echo request, seq 30, length 64
13:30:02.962732 IP6 2001:470:1f03:8c::2 > 2001:200:0:8002:203:47ff:fea5:3085: ICMP6, echo request, seq 31, length 64
13:30:03.962733 IP6 2001:470:1f03:8c::2 > 2001:200:0:8002:203:47ff:fea5:3085: ICMP6, echo request, seq 32, length 64
13:30:04.962719 IP6 2001:470:1f03:8c::2 > 2001:200:0:8002:203:47ff:fea5:3085: ICMP6, echo request, seq 33, length 64
13:30:05.962732 IP6 2001:470:1f03:8c::2 > 2001:200:0:8002:203:47ff:fea5:3085: ICMP6, echo request, seq 34, length 64

mean while so it goes threw henet interface

root@sthlmgw:/opt/var# ip link
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:1a:70:df:90:60 brd ff:ff:ff:ff:ff:ff
3: eth0.0: <BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc noqueue
    link/ether 00:1a:70:df:90:60 brd ff:ff:ff:ff:ff:ff
4: eth0.1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue
    link/ether 00:1a:70:df:90:60 brd ff:ff:ff:ff:ff:ff
5: br-lan: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue
    link/ether 00:1a:70:df:90:60 brd ff:ff:ff:ff:ff:ff
6: wl0: <BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:1a:70:df:90:62 brd ff:ff:ff:ff:ff:ff
7: tun0: <POINTOPOINT,MULTICAST,NOARP,UP> mtu 1500 qdisc pfifo_fast qlen 100
    link/[65534]
8: wl0.1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:1a:70:df:90:62 brd ff:ff:ff:ff:ff:ff
9: sit0@NONE: <NOARP> mtu 1480 qdisc noqueue
    link/sit 0.0.0.0 brd 0.0.0.0
12: henet@NONE: <POINTOPOINT,NOARP,PROMISC,UP> mtu 1480 qdisc noqueue
    link/sit 83.251.23.XX peer 64.71.128.83
root@sthlmgw:/opt/var# ip -6 route show
2001:470:1f01:140::/64 dev br-lan  metric 256  mtu 1500 advmss 1440
2001:470:1f03:8c::/64 via :: dev henet  metric 256  mtu 1480 advmss 1420
fe80::/64 dev eth0  metric 256  mtu 1500 advmss 1440
fe80::/64 dev eth0.0  metric 256  mtu 1500 advmss 1440
fe80::/64 dev br-lan  metric 256  mtu 1500 advmss 1440
fe80::/64 dev wl0  metric 256  mtu 1500 advmss 1440
fe80::/64 dev eth0.1  metric 256  mtu 1500 advmss 1440
fe80::/64 via :: dev henet  metric 256  mtu 1480 advmss 1420
ff00::/8 dev eth0  metric 256  mtu 1500 advmss 1440
ff00::/8 dev eth0.0  metric 256  mtu 1500 advmss 1440
ff00::/8 dev br-lan  metric 256  mtu 1500 advmss 1440
ff00::/8 dev wl0  metric 256  mtu 1500 advmss 1440
ff00::/8 dev eth0.1  metric 256  mtu 1500 advmss 1440
ff00::/8 dev henet  metric 256  mtu 1480 advmss 1420
default dev henet  metric 1024  mtu 1480 advmss 1420

In /etc/init.d/custom-user-startup

ip tunnel add henet mode sit remote 64.71.128.83 local $ipv4 ttl 255
ip link set henet up
ip addr add 2001:470:1F03:8c::2/64 dev henet
ip route add ::/0 dev henet
ip -f inet6 addr
ip -6 addr add 2001:470:1F01:140::/64 dev br-lan

in /etc/firewall.user

#!/bin/sh
# Copyright (C) 2006 OpenWrt.org

iptables -F input_rule
iptables -F output_rule
iptables -F forwarding_rule
iptables -t nat -F prerouting_rule
iptables -t nat -F postrouting_rule

# The following chains are for traffic directed at the IP of the
# WAN interface

iptables -F input_wan
iptables -F forwarding_wan
iptables -t nat -F prerouting_wan

iptables -t nat -D POSTROUTING -o $WAN -j MASQUERADE
iptables -t nat -A POSTROUTING --protocol ! 41 -o $WAN -j MASQUERADE

/etc/radvd.conf

# For more examples, see the radvd documentation.

interface br-lan
{
        AdvSendAdvert on;

#
# Disable Mobile IPv6 support
#
        AdvHomeAgentFlag off;
  #
    # These settings cause advertisements to be sent every 3-10 seconds.  This
      # range is good for 6to4 with a dynamic IPv4 address, but can be greatly
        # increased when not using 6to4 prefixes.
          #

                    MinRtrAdvInterval 3;
                              MaxRtrAdvInterval 10;

#
# example of a standard prefix
#
        prefix 2001:470:1F01:140::/64
        {
                AdvOnLink on;
                AdvAutonomous on;
                AdvRouterAddr on;
        };

};
Post #2
cereal
12 Aug 2007, 12:15

which kernel did you use? in 2.4. ipv6 was/is broken.

use ip6tables, not iptables, for firewall configuration

Post #3
puppet
12 Aug 2007, 12:25

2.4 only i can use

Post #4
cereal
12 Aug 2007, 12:36

i had the same problem. i finaly gave up and bought new hardware (2.6-compatible). sry, maybe someone else solved the problem

Post #5
bsdice
12 Aug 2007, 17:54

I have IPv6 working on 2.4. I have no complaints except there is no stateful firewalling like in 2.6.

I have added this to /etc/firewall.user:

ip6tables -F INPUT
ip6tables -P INPUT DROP
ip6tables -A INPUT -p tcp --dport 22 -j ACCEPT
ip6tables -A INPUT -p icmpv6 -j ACCEPT

ip6tables -F FORWARD
ip6tables -A FORWARD -j ACCEPT

New file /etc/init.d/network-ipv6:

#!/bin/sh /etc/rc.common
# Copyright (C) 2006 OpenWrt.org

START=46

start() {
        /usr/sbin/ip -6 addr add 2001:123:1234::1/48 dev br-lan
}

I use AICCU though which may do additional initialisation work I am not aware of.

@cereal what hardware did you buy?

Post #6
puppet
12 Aug 2007, 17:58

2001:123:1234::1/48 thats the internal IP right?

hwo do you give out IPs on the internal network?

Post #7
bsdice
12 Aug 2007, 18:15

I have been assigned a /48 prefix which is 65536 /64 IPv6 networks all in all. I.e. I have about 2^80 IP addresses at my disposal. I just use one /64 network and in there picked .....::1 as IP for router. radvd is then announcing the route.

Post #8
cereal
13 Aug 2007, 01:35

i bought an netgear wgt634u, but i will try ipv6 on the linksys wrt54gl again tomorrow. i hope bsdice was correct and it is working now (my atempts were 2 or 3 month ago).

to be more precise what worked and what not worked:

worked:
- etablishe tunnel to broker (sixxs via aiccu)
- "normal unroutet traffic (icmp)

not worked:
- routing packets from the subnet ( /64) via the tunnel into the internet
  - no icmp to "broker-tunnel-endpoint" and/or kame

Post #9
bsdice
13 Aug 2007, 01:40

Looks like a radvd config problem. Here is my radvd config:

interface br-lan
{
        AdvSendAdvert on;
        AdvLinkMTU 1280;
        MinRtrAdvInterval 5;
        MaxRtrAdvInterval 10;
        prefix 2001:dead:babe::/64
        {
                AdvOnLink on;
                AdvAutonomous on;
                AdvRouterAddr on;
        };
};

Notice the /64 even though sixxs gave you a /48 (64k worth of /64 which you can use!).

Aiccu options I am using are: username, password, protocol tic, server tic.sixxs.net, ipv6_interface sixxs, rest is left at defaults. Worked for me right away.

Post #10
lucindrea
19 Jan 2008, 09:20

FYI

        option ip6addr  2001:470:1F01:140::/64

is valid in the /etc/config/network file  ( one less line in your start up script )

i'm running 2.4 on an asus wl-500gp , tunnel into he.net with no issues and i even have xp machines on my lan getting addresses assigned to them ( radvd ) , AND xp machines can ping the outside world.
oh , and i get a dancing turtle on www.kame.net

The discussion might have continued from here.