Network/IPv6/OpenWRT

From Hackerspace Brussels
< Network‎ | IPv6
Jump to: navigation, search

This is there for historic reason: The_Gate took the tunnel job since 2010-11-12


First, we install a few packages on the target.

root@OpenWrt:~# opkg update
Downloading http://downloads.openwrt.org/kamikaze/8.09.1/brcm47xx/packages/Packages.gz
Connecting to downloads.openwrt.org (78.24.191.177:80)
Packages.gz          100% |****************************************************************************************************************|   143k --:--:-- ETA
Inflating http://downloads.openwrt.org/kamikaze/8.09.1/brcm47xx/packages/Packages.gz
Updated list of available packages in /var/opkg-lists/snapshots
root@OpenWrt:~# opkg install radvd aiccu
############################################
# I forgot to save the output of opkg !!   #
# opkg installed a lot of needed packages  #
############################################
root@OpenWrt:~#

opkg installs following dependencies:

  • ntpclient.
  • libpthread.
  • kmod-tun.
  • librt.
  • kmod-sit.
  • kmod-ipv6.


aiccu requires an accurate clock, we modify /etc/config/system to add the timezone


config system
        option hostname OpenWrt
        option 'zonename' 'Europe/Brussels'
        option 'timezone' 'CET-1CEST,M3.5.0,M10.5.0/3'

Then fill the file /etc/config/aiccu with your credentials

config aiccu
        option username         '*****SIXXS'
        option password         '********'
#       option protocol         'ayiya'
        option server           ''
        option interface        'sixxs'
        option tunnel_id        'T*****'
        option requiretls       ''
        option defaultroute     '1'
        option nat              '1'
        option heartbeat        '1'

Start aiccu

/etc/init.d/aiccu start

At this point, the tunnel should be up and running, let's check it:

root@OpenWrt:~# ifconfig sixxs
sixxs     Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet6 addr: 2001:6f8:202:425::2/64 Scope:Global
          inet6 addr: fe80::4f8:202:425:2/64 Scope:Link
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1280  Metric:1
          RX packets:132204 errors:0 dropped:0 overruns:0 frame:0
          TX packets:119389 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500
          RX bytes:80971719 (77.2 MiB)  TX bytes:24670262 (23.5 MiB)

root@OpenWrt:~#

Ping an outside host to make sure we have connectivity

root@OpenWrt:~# ping6 www.kame.net
PING www.kame.net (2001:200:0:8002:203:47ff:fea5:3085): 56 data bytes
64 bytes from 2001:200:0:8002:203:47ff:fea5:3085: seq=0 ttl=45 time=351.700 ms
64 bytes from 2001:200:0:8002:203:47ff:fea5:3085: seq=1 ttl=45 time=358.453 ms
64 bytes from 2001:200:0:8002:203:47ff:fea5:3085: seq=2 ttl=45 time=358.417 ms
^C
--- www.kame.net ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 351.700/356.190/358.453 ms
root@OpenWrt:~#

Now the tunnel is working. Activate aiccu to start automatically at boot

root@OpenWrt:~# /etc/init.d/aiccu enable
root@OpenWrt:~#

Let's work on the subnets. SixXS allocated us 2001:6f8:147f::/48 to play with. We have two different networks: one for the space itself, the other is for the WOL mininet in the datenklo. We will set up both. First, we need to give a v6 address to the router interfaces. The file /etc/config/network will contain this:

config 'switch' 'eth0'
        option 'vlan0' '1 2 3 4 5*'
        option 'vlan1' '0 5'       

config 'interface' 'loopback'
        option 'ifname' 'lo'
        option 'proto' 'static'
        option 'ipaddr' '127.0.0.1'
        option 'netmask' '255.0.0.0'

config 'interface' 'lan'
        option 'type' 'bridge'
        option 'ifname' 'eth0.0'
        option 'proto' 'static'
        option 'netmask' '255.255.255.0'
        option 'ipaddr' '172.16.1.1'
        option 'defaultroute' '0'
        option 'peerdns' '0'
        option 'ip6addr' '2001:6f8:147f::1/64'

config 'interface' 'wan'
        option 'ifname' 'eth0.1'
        option 'proto' 'static'
        option 'ipaddr' '192.168.42.13'
        option 'netmask' '255.255.255.0'
        option 'gateway' '192.168.42.1'
        option 'defaultroute' '0'
        option 'peerdns' '0'
        option 'dns' '192.168.42.1'
        option 'ip6addr' '2001:6f8:147f:42::1/64'

Setup radvd: radvd will announce our prefix in the LAN. This will automatically set up all clients. This is the content of /etc/config/radvd

############ WAN ##############             

config interface
        option interface        'wan'
        option AdvSendAdvert    1    
        option AdvManagedFlag   0    
        option AdvOtherConfigFlag 0  
        option ignore           0    

config prefix
        option interface        'wan'
        # If not specified, a non-link-local prefix of the interface is used
        option prefix           '2001:6f8:147f:42::/64'                     
        option AdvOnLink        1                                           
        option AdvAutonomous    1                                           
        option AdvRouterAddr    0                                           
        option ignore           0                                           

config rdnss
        option interface        'wan'
        # If not specified, the link-local address of the interface is used
        option addr             ''                                         
        option ignore           1

############# LAN ##############

config interface
        option interface        'lan'
        option AdvSendAdvert    1
        option AdvManagedFlag   0
        option AdvOtherConfigFlag 0
        option ignore           0

config prefix
        option interface        'lan'
        # If not specified, a non-link-local prefix of the interface is used
        option prefix           '2001:6f8:147f::/64'
        option AdvOnLink        1
        option AdvAutonomous    1
        option AdvRouterAddr    0
        option ignore           0

config rdnss
        option interface        'lan'
        # If not specified, the link-local address of the interface is used
        option addr             ''
        option ignore           1

Enable IPv6 packet forwarding: this is disabled by default in openwrt. uncomment the following line in /etc/sysctl.conf:

net.ipv6.conf.all.forwarding=1

Apply the settings:

root@OpenWrt:~# sysctl -p /etc/sysctl.conf
root@OpenWrt:~#


Start radvd: a few seconds after starting radvd, your clients should have a working v6 address.

root@OpenWrt:~# /etc/init.d/radvd start
root@OpenWrt:~#

Check your local host: it should now have a v6 address:

kaapio:~# ifconfig wlan0
wlan0     Link encap:Ethernet HWaddr 00:22:69:07:01:01
          inet adr:192.168.42.60  Bcast:192.168.42.255  Masque:255.255.255.0
          adr inet6: 2001:6f8:147f:42:222:69ff:fe07:0101/64 Scope:Global
          adr inet6: fe80::222:69ff:fe07:0101/64 Scope:Lien
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:50138 errors:0 dropped:0 overruns:0 frame:0
          TX packets:13994 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 lg file transmission:1000
          RX bytes:6126361 (5.8 MiB)  TX bytes:6210004 (5.9 MiB)

kaapio:~#

Ping a machine somewhere on the internet:

kaapio:~# ping6 -n -c 4 www.kame.net
PING www.kame.net(2001:200:0:8002:203:47ff:fea5:3085) 56 data bytes
64 bytes from 2001:200:0:8002:203:47ff:fea5:3085: icmp_seq=1 ttl=44 time=302 ms
64 bytes from 2001:200:0:8002:203:47ff:fea5:3085: icmp_seq=2 ttl=44 time=304 ms
64 bytes from 2001:200:0:8002:203:47ff:fea5:3085: icmp_seq=3 ttl=44 time=307 ms
64 bytes from 2001:200:0:8002:203:47ff:fea5:3085: icmp_seq=4 ttl=44 time=313 ms

--- www.kame.net ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 302.535/306.714/313.126/4.083 ms       
kaapio:~# traceproute6 -n www.kame.net                         
traceproute to www.kame.net (2001:200:0:8002:203:47ff:fea5:3085), 30 hops max, 80 byte packets
 1  2001:6f8:147f:42::1  7.978 ms  9.602 ms  9.877 ms                                        
 2  2001:6f8:202:425::1  67.224 ms  69.910 ms  72.608 ms                                     
 3  2001:6f8:200:1003::1  76.122 ms  80.705 ms  83.300 ms                                    
 4  2001:6f8:200:7::1  85.180 ms  89.166 ms  98.795 ms                                       
 5  2001:6f8:1:2:87:86:71:164  99.592 ms * *                                                 
 6  2001:6f8:1:0:87:86:77:46  108.513 ms * *
 7  2001:6f8:1:0:87:86:77:120  112.265 ms  71.835 ms  69.757 ms
 8  2001:6f8:1:0:87:86:77:111  139.790 ms  140.252 ms  138.524 ms
 9  2001:6f8:1:0:87:86:77:105  138.470 ms  142.582 ms  141.662 ms
10  2001:458:26:2::200  138.105 ms * *
11  2001:48b0:bb00:800e::400e  134.407 ms * *
12  2001:48b0:bb00:8019::4008  210.934 ms  214.531 ms  212.966 ms
13  2001:48b0:bb00:8008::71  309.494 ms  308.187 ms  308.929 ms
14  2001:240:bb00:9001::7d  306.473 ms  307.103 ms  307.216 ms
15  2001:240:bb01:31::15  310.587 ms  310.655 ms  307.933 ms
16  2001:200:0:fe00::9c4:11  310.285 ms  312.830 ms  312.253 ms
17  2001:200:0:1802:20c:dbff:fe1f:7200  310.312 ms  313.358 ms  314.626 ms
18  2001:200:0:11::66  314.509 ms  315.357 ms  315.695 ms
19  2001:200:0:12::74  322.833 ms  321.272 ms  323.973 ms
20  2001:200:0:4803:212:e2ff:fe28:1ca2  314.781 ms * *
21  2001:200:0:8002:203:47ff:fea5:3085  318.935 ms  321.036 ms  314.877 ms
kaapio:~#

You now have working IPv6. Make radvd start at boot:

root@OpenWrt:~# /etc/init.d/radvd enable
root@OpenWrt:~#

Reboot the router and ping6/traceproute6 again to make sure everything works as expected