Hello,
this is how you can enable IPv6 trough tunnelbroker.com service:
1. Sign up at tunnelbroker.com, apply for a tunnel
2. Prerequisites:
opkg install ip ip6tables kmod-sit kmod-iptunnel6 radvd3. Create a file /etc/hotplug.d/iface/15-ipv6 with the following contents:
. /etc/functions.sh
NAME=ipv6
COMMAND=/usr/sbin/ip
[ "$ACTION" = "ifup" -a "$INTERFACE" = "wan" -a "$DEVICE" = "ppp0" ] && {
[ -x $COMMAND ] && {
# setup tunnel
logger "HE-IPv6: starting tunnel..."
IPADDR=$(ip -4 addr show dev $DEVICE | awk '/inet / {print $2}' | cut -d/ -f1)
username="abcdef1234567890abcdef1234567890" # your USERID as shown at your account details
password="abcdef1234567890abcdef1234567890" # MD5 of your password
tunnelid="69999" # global tunnel-ID
# update tunnel to use dynamic ipv4
wget -q -O /dev/null "http://ipv4.tunnelbroker.net/ipv4_end.php?ipv4b=$IPADDR&pass=$password&user_id=$username&tunnel_id=$tunnelid"
SERVER_IPv4_ENDPOINT=216.66.80.30 # change this IP, this is the Frankfurt POP
CLIENT_IPv6_ENDPOINT=2001:470:1f0a:9999::2/64 # change this, too
# setup tunnel
ip tunnel add he-ipv6 mode sit remote $SERVER_IPv4_ENDPOINT local $IPADDR ttl 255
ip link set he-ipv6 up
ip addr add $CLIENT_IPv6_ENDPOINT dev he-ipv6
ip route add ::/0 dev he-ipv6
# You got a routed /64
# Please assign an IP out of this /64 to the bridge manually, f. ex. by calling:
#
# uci set network.lan.ip6addr=2001:470:1f0b:9999::1/64; uci commit
#
# Since the IP is saved, you only need to run that command once.
# ... and don't forget your firewall... :-)
# done
} &
}
[ "$ACTION" = "ifdown" -a "$INTERFACE" = "wan" -a "$DEVICE" = "ppp0" ] && {
[ -x $COMMAND ] && {
# destroy tunnel
logger "HE-IPv6: destroying tunnel..."
ip route del ::/0 dev he-ipv6
ip tunnel del he-ipv6
# done
} &
}If you are not using ppp0 for getting your WAN connection, you might want to change the ppp0 to reflect your settings.
4. Add a new rule to your firewall to ACCEPT protocol 41 from wan to the device. Use luci or do it on the cli like this:
uci add firewall rule
uci set firewall.@rule[-1].src=wan
uci set firewall.@rule[-1].target=ACCEPT
uci set firewall.@rule[-1]._name=HE-IP6
uci set firewall.@rule[-1].proto=41
uci commit firewallThis allows the IPv6 tunnel to pass your IPv4 firewall.
Important notice: Your IPv6 lan is not protected by the openwrt built-in standard firewall! You should do ip6tables firewalling manually or use shorewall6. But this is not covered in this howto.
5. configure radvd to advertise your IPv6 network on lan:
edit /etc/config/radvd
config interface
option interface 'lan'
option AdvSendAdvert 1
option AdvManagedFlag 0
option AdvOtherConfigFlag 0
option ignore 0
config prefix
option interface 'lan'
# If not specified, a non-link-local prefix of the interface is used
option prefix '2001:470:1f0b:9999::/64'
option AdvOnLink 1
option AdvAutonomous 1
option AdvRouterAddr 0
option ignore 0
config rdnss
option interface 'lan'
# If not specified, the link-local address of the interface is used
option addr '2001:470:1f0b:9999::/64'
option ignore 1Please change the :9999: to reflect your routed /64.
Afterwards, run this:
/etc/init.d/radvd enable
/etc/init.d/radvd start
6. That's it, test it:
The IPv6-Tunnel is automatically brought up and down with your wan connection. So get your wan reconnected now (or just reboot the router) and do a test:
ping6 ipv6.google.com
Test from the router first. If that's working, test from clients within your lan.
7.
The /etc/hotplug.d/iface/15-ipv6 script could also be torn apart and be used from /etc/ppp/ip-[up|down].d/, which also works with little modifiations. I chose to use the hotplug style, because then it is only in one file instead of two.
And the configuration (username, password, tunnelid, ...) could also be migrated to use uci.
If you are having trouble, please double check the IPv6-Adresses! The client IPv6 endpoint and your routed /64 differ: 2001:470:1f0a:9999::/64 versus 2001:470:1f0b:9999::/64
Happy IPv6-ing,
zoo
(Last edited by zoo on 11 Aug 2010, 17:30)
