Install‎ > ‎OpenWRT‎ > ‎

IPv6

A quick hands-on how to create IPv6 conenctivity at your home.
 
First we have to install additional packages to enable IPv6 on the box. So first: opkg update, then:
  1. Kernel modules for IPv6 support: opkg install kmod-ipv6
  2. Netfilter IPv6 firewalling support (for kernel): opkg install kmod-ip6tables
  3. IPv6 firewall administration tool: opkg install ip6tables
  4. Routing control utility: opkg install ip
Those are basic packages needed for OpenWrt to support IPv6. The typical test if everything went smoothly is using ifconfig command:
BEFORE:
root@OpenWrt:~# ifconfig
br-lan    Link encap:Ethernet  HWaddr 00:23:69:2F:3C:47
          inet addr:192.168.147.9  Bcast:192.168.147.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:128232 errors:0 dropped:0 overruns:0 frame:0
          TX packets:169 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:18876755 (18.0 MiB)  TX bytes:13494 (13.1 KiB)
AFTER:
root@OpenWrt:~# ifconfig
br-lan    Link encap:Ethernet  HWaddr 00:23:69:2F:3C:47
          inet addr:192.168.147.9  Bcast:192.168.147.255  Mask:255.255.255.0
          inet6 addr: fe80::223:69ff:fe2f:3c47/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:128963 errors:0 dropped:0 overruns:0 frame:0
          TX packets:586 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:19210054 (18.3 MiB)  TX bytes:53923 (52.6 KiB)
The address starting with fe80:: says that a "link-scope" address was assigned. You can ignore it. You just have IPv6 on your OpenWRT box. Step one done.
 
SixxS tunnel
Let's make a break. We successfully configured IPv6 connectivity on OpenWRT box. Now it is time to get real IPv6 or even whole subnet. Here I will describe how to do this with SixxS provider. SixxS is so called tunnel broker. They provide you tunnels (IPv6 in IPv4 encapsulation) to give you connectivity. They can also provide you whole IPv6 subnet. So you need to:
  • get tunneling (virtual) interface on OpenWRT
  • configure your tunneling interface as your local end-point for a tunnel.
  • test, if your router had IPv6 connectivity
  • configure your router to broadcast your IPv6 PREFIX and to advertise itself as router
  • test your local network
So first we have to add some kernel modules (Kernel support for the TUN/TAP tunneling device): opkg install kmod-tun. The logread should say something like: "Oct  6 16:02:43 OpenWrt user.info kernel: Universal TUN/TAP device driver 1.5 (C)1999-2002 Maxim Krasnyansky". If yes, you have tun interface.

AICCU configuration
I will demonstrate most difficult condition for end-user: having OpenWRT behind firewall in private IPv6 network that has NAT connectivity to IPv4 Internet via DSL line with dynamic public IPv4 IP address. For such setup, we need special tunnel configuration software. Tunnel brokers provide usually their own implementation. Here is the one provided by SixxS: opkg install aiccu:
root@OpenWrt:/etc/init.d# opkg install aiccu
Installing aiccu (20070115-3) to root...
Downloading
http://downloads.openwrt.org/backfire/10.03/brcm-2.4/packages/aiccu_20070115-3_brcm-2.4.ipk.
Installing libpthread (0.9.30.1-42) to root...
Downloading
http://downloads.openwrt.org/backfire/10.03/brcm-2.4/packages/libpthread_0.9.30.1-42_brcm-2.4.ipk.
Installing librt (0.9.30.1-42) to root...
Downloading
http://downloads.openwrt.org/backfire/10.03/brcm-2.4/packages/librt_0.9.30.1-42_brcm-2.4.ipk.
Installing ntpclient (2007_365-4) to root...
Downloading
http://downloads.openwrt.org/backfire/10.03/brcm-2.4/packages/ntpclient_2007_365-4_brcm-2.4.ipk.
Installing kmod-sit (2.4.37.9-1) to root...
Downloading
http://downloads.openwrt.org/backfire/10.03/brcm-2.4/packages/kmod-sit_2.4.37.9-1_brcm-2.4.ipk.
Configuring librt.
Configuring ntpclient.
Configuring libpthread.
Configuring kmod-sit.
Warning: loading sit will taint the kernel: no license
  See
http://www.tux.org/lkml/#export-tainted for information about tainted modules
Configuring aiccu.

 
Now we should edit vi /etc/config/aiccu. Just fill the blanks (SixxS handle and password, tunel ID, etc.). For reference, please use aiccu.conf from your windows directory. You probably have this, as I assume, you played first with setting IPv6 on your local Windows machine. When ready, please enable aiccu, by typing: /etc/init.d/aiccu enable. Then restart to ensure that your tunnel is up and running after reboot. Testing is easy. We should be able to do following test:
root@OpenWrt:~# ping6 sixxs.net
PING sixxs.net (2001:1af8:1:f006::6): 56 data bytes
64 bytes from 2001:1af8:1:f006::6: seq=0 ttl=59 time=74.476 ms

Here is working example of my home OpenWRT box:
config aiccu
        option username         'ABCD-SIXXS'
        option password         '********'
        option protocol         'tic'
        option server           'tic.sixxs.net'
        option interface        'sixxs'
        option tunnel_id        'T123456'
        option requiretls       '0'
        option defaultroute     '1'
        option nat              '1'
        option heartbeat        '1'

RADVd
Final step... Now we want that our OpenWRT box would advertise our subnet prefix on local network. This is done by installing and configuring Radvd daemon. So, we invoke opkg install radvd. Then we enable it:
cd /etc/init.d/
./radvd enable
Now edit file vi /etc/config/radvd to enable radv advertisement (change all 1 to 0 in lines that states option ignore). Also please specify your IPv6 prefix. Here is what I did for example (this is only part of the file):
config prefix
        option interface        'lan'
        # If not specified, a non-link-local prefix of the interface is used
        option prefix           '4000::/64'
        option AdvOnLink        1
        option AdvAutonomous    1
        option AdvRouterAddr    0
        option ignore           0
After starting radvd with  /etc/init.d/radvd start or restarting router, we get in client machine (please note that connection to IPv6 router goes via local scope link):
If you can get similar effect, you are set with RADVd. Please note that on IPv6 (I'm not very strict about that...) there are no "private address space" like 192.168.146.x, so do not experiment on live connected system.

Last but not least. Using radv is enough to auto-configure hosts in your local network. However router won't configure itself. So you have to manually add IP address to your router box. Just edit vi /etc/config/network. Just add option ip6addr  '2001:1234:5678::1/64' under 'lan'. The postfix of ::1 is ideal for router. Please note that adding ::1 to interface that connects to our lan has only one purpose - to allow create correct routing table on OpenWRT box. In fact this address is necessary, that following bold line appear:

root@OpenWrt:~# ip -f inet6 route
2001:1234:5678::/64 dev br-lan  metric 256  mtu 1500 advmss 1440
2001:6a0:200:1f1::/64 dev sixxs  metric 256  mtu 1280 advmss 1220
fe80::/64 dev eth0  metric 256  mtu 1500 advmss 1440
fe80::/64 dev eth0.0  metric 256  mtu 1500 advmss 1440
fe80::/64 dev br-lan  metric 256  mtu 1500 advmss 1440
fe80::/64 dev eth0.1  metric 256  mtu 1500 advmss 1440
fe80::/64 dev wl0  metric 256  mtu 1500 advmss 1440
fe80::/64 dev sixxs  metric 256  mtu 1280 advmss 1220
ff00::/8 dev eth0  metric 256  mtu 1500 advmss 1440
ff00::/8 dev eth0.0  metric 256  mtu 1500 advmss 1440
ff00::/8 dev br-lan  metric 256  mtu 1500 advmss 1440
ff00::/8 dev eth0.1  metric 256  mtu 1500 advmss 1440
ff00::/8 dev wl0  metric 256  mtu 1500 advmss 1440
ff00::/8 dev sixxs  metric 256  mtu 1280 advmss 1220
default via 2001:5678:90:1f1::1 dev sixxs  metric 1024  mtu 1280 advmss 1220

That all folks ;)

Remark... If you experience the problem with frequent disconnecting of sixxs tunel, please try add the following to your firewall:
iptables -t raw -A PREROUTING --proto 41 -j NOTRACK

If it will not work, here is my solution for SixxS disconnection problem: http://bartprokop.blogspot.com/2010/11/sixxs-keep-alive.html
Comments