I hook a client up to one of the LAN ports on the back of my WRT54Gv2.  The machine takes an address because of radvd, but the machine can't ping6 the 6in4-henet address.

I'm not using /etc/init.d/firewall, but instead my own iptables script.  I have no ip6tables setup.  Mind you, I can ping6 from within OpenWrt to any IPv6 host in the world.

Check net.ipv6.conf.all.forwarding is 1.

you can enable /proc/sys/net/ipv6/conf/all/forwarding =1 and while for all interfaces while specifically disable it for the wan port

@wswartzendruber, this entry is included in '/etc/sysctl.conf' and simply needs to be un-commented.

A couple more things, your tunnel username is not your login name, but rather the UserID listed at the top of the main tunnelbroker.net page....you have to be logged in of course to see it. It's the same length as an MD5 string.
Your password should be the MD5 result of the following command: echo -n yourplaintextpassword | md5sum

Also, when you get the tunnel up, you might notice that the MTU is set to 1280bytes. Due to this fact, it's a good idea to advertise the MTU out to the LAN clients.
http://www.youtube.com/hurricaneelectri … xHx1fe6Zh4

Relevant section from /etc/config/radvd:

config interface
        option interface        'lan'
        option AdvSendAdvert    1
        option AdvManagedFlag   0
        option AdvOtherConfigFlag 0
        option AdvLinkMTU       1280
        option ignore           0

Also, I'm guessing that your lan is 2001:470:1f05:1698::2/64 ?
I'm not sure if it's required, but I added the ::1 address to my lan config. The "wan_device" option is not needed in the wan section.

#### LAN configuration
config interface lan
    option type     bridge
    option ifname    "eth0.0"
    option proto    static
    option ipaddr    192.168.128.1
    option netmask    255.255.255.0
    option ip6addr    2001:470:1f05:1698::1/64

#### WAN configuration
config interface    wan
    option ifname    "eth0.1"
    option proto    dhcp
    #option proto    static
    #option ipaddr    192.168.1.64
    #option netmask    255.255.255.0
    #option gateway    192.168.1.254
    option dns    8.8.8.8

#### HE.NET configuration
config interface    henet
    option proto    6in4
    option peeraddr    72.52.104.74
    option ip6addr    2001:470:1f04:1698::2/64
    option tunnelid    87336
    option username    UserIDstring
    option password    REMOVED
#    option wan_device    eth0.1

Thanks for the responses, guys, but slight problem:  It's bricked, and I can't get it into failsafe mode.  I've read:

1. Repeatedly press the reset button after plugging it in (don't have to wait for DMZ).
2. Wait until DMZ light appears and then hold it down until it blinks.
3. Wait until DMZ light appears and then hold it down for two seconds.

What's going on here?

Backfire 10.03.1-rc4

(Last edited by wswartzendruber on 24 Dec 2010, 17:08)

Yes, that is probably correct. You are supposed to set your LAN interface's IP address to something within the routed /64 subnet listed on the tunnel's properties page, not an IP address in the public interface's /64 range. You also need to configure radvd to the routed subnet as well.

I made the mistake of configuring the LAN subnet and radvd to advertise the public subnet instead of the routed subnet, which is incorrect. It also led to Internet traffic only working for a brief moment after I pinged the router's public IP address from the client system.