Choose style:

Author Topic: Almond+ IPv6?  (Read 27021 times)

0 Members and 1 Guest are viewing this topic.

Offline Tiger Woods

  • Backer
  • *
  • Posts: 38
  • Thanks: 1
  • Registered : 02/08/2013
    YearsYearsYearsYearsYearsYearsYearsYears
Re: Almond+ IPv6?
« Reply #15 on: July 31, 2014, 07:55:33 pm »
Does anyone know the kernel version the almond+ is running offhand?  I don't have mine in front of me, but I wanted to see if I could verify a theory that connection tracking might be broken in the kernel with ipv6.  Apparently it didn't work until version 2.6.20+ when they switched to xtables.

2.6.36, so don't think that's the issue

Offline summat

  • Backer
  • *
  • Posts: 27
  • Thanks: 0
  • Registered : 26/09/2013
    YearsYearsYearsYearsYearsYearsYearsYears
Re: Almond+ IPv6?
« Reply #16 on: July 31, 2014, 08:45:11 pm »
If you have SSH can you do 'cat /proc/version' to get the kernel?

Offline dalrain

  • Backer
  • *
  • Posts: 28
  • Thanks: 0
  • Registered : 15/07/2014
    YearsYearsYearsYearsYearsYearsYears
Re: Almond+ IPv6?
« Reply #17 on: August 01, 2014, 12:07:46 am »
"uname -a" worked for me:
Code: [Select]
root@AlmondPlus:~# uname -a
Linux AlmondPlus 2.6.36 #932 SMP PREEMPT Fri Jun 6 18:52:46 IST 2014 armv7l GNU/Linux

I agree, that's not the issue.  Anyway, I got it working on Comcast with the following:

Edit: Making this a full set of instructions:

SSH in to set this file:
Code: [Select]
root@AlmondPlus:~# cat /etc/config/dhcp6c
config 'dhcp6c' 'basic'
option 'enabled' '1' # 1 = enabled; 0 = disabled
option 'interface' 'wan' # This is the interface the DHCPv6 client will run on
option 'dns' 'dnsmasq' # Which DNS server you run (only dnsmasq currently supported)
option 'debug' '1' # 1 = enable debugging; 0 = disable debugging

# Send options (1 = send; 0 = do not send)
option 'pd' '1' # Prefix Delegation
option 'na' '1' # Non-Temporary Address
option 'rapid_commit' '1' # Rapid Commit

# Request options (1 = request; 0 = do not request)
option 'domain_name_servers' '1'
option 'domain_name' '0'
option 'ntp_servers' '0'
option 'sip_server_address' '0'
option 'sip_server_domain_name' '0'
option 'nis_server_address' '0'
option 'nis_domain_name' '0'
option 'nisp_server_address' '0'
option 'nisp_domain_name' '0'
option 'bcmcs_server_address' '0'
option 'bcmcs_server_domain_name' '0'

# Script to run when a reply is received
option 'script' '/usr/bin/dhcp6c-state'

# Define one or more interfaces on which prefixes should be assigned
config 'interface' 'loopback'
option 'enabled' '0' # 1 = enabled; 0 = disabled
option 'sla_id' '0' # Site level aggregator identifier specified in decimal (subnet)
option 'sla_len' '0' # Site level aggregator length (64 - size of prefix being delegated)
# e.g. /60 from ISP -> 64 - 60 = 4
config 'interface' 'lan'
option 'enabled' '1'
option 'sla_id' '1'
option 'sla_len' '4'

radvd:
Code: [Select]
root@AlmondPlus:~# cat /etc/config/radvd

config 'interface'
option 'interface' 'lan'
option 'AdvSendAdvert' '1'
option 'ignore' '0'
option 'IgnoreIfMissing' '1'
option 'AdvSourceLLAddress' '1'
option 'AdvDefaultPreference' 'medium'

config 'prefix'
option 'interface' 'lan'
list 'prefix' ''
option 'AdvOnLink' '1'
option 'AdvAutonomous' '1'
option 'AdvRouterAddr' '0'
option 'ignore' '0'

config 'route'
option 'interface' 'lan'
option 'AdvRoutePreference' 'medium'
option 'ignore' '0'

config 'rdnss'
option 'interface' 'lan'
list 'addr' ''
option 'ignore' '0'

config 'dnssl'
option 'interface' 'lan'
option 'ignore' '0'
list 'suffix' 'yoursite.net'

Custom firewall rules (in OpenWRT under firewall)
Code: [Select]
# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.

/usr/sbin/ip6tables -I input_wan 1 -m state --state NEW -m udp -p udp --dport 546 --sport 547 -s fe80::/10 -d fe80::/10 -j ACCEPT
/usr/sbin/ip6tables -I input_wan 1 -p icmpv6 -j ACCEPT
/usr/sbin/ip6tables -I OUTPUT 1 -p icmpv6 -j ACCEPT

Enable DHCPv6 client:
Code: [Select]
/etc/init.d/dhcp6c enable

Start it manually just once to see if we get an address:
Code: [Select]
/etc/init.d/dhcp6c start

Check for an address:
Code: [Select]
ip -6 addr ls
Set accept_ra = 1 in the network config:

Code: [Select]
config 'interface' 'loopback'
option 'ifname' 'lo'
option 'proto' 'static'
option 'ipaddr' '127.0.0.1'
option 'netmask' '255.0.0.0'

config 'interface' 'wan'
option 'ifname' 'eth0'
option 'proto' 'dhcp'
option 'accept_ra' '1'

config 'interface' 'lan'
option 'ifname' 'eth1'
option 'type' 'bridge'
option 'proto' 'static'
option 'ipaddr' '10.10.10.254'
option 'netmask' '255.255.255.0'

To verify it worked:

Code: [Select]
root@AlmondPlus:~# sysctl net.ipv6.conf.eth0.accept_ra
net.ipv6.conf.eth0.accept_ra = 2
(It needs to read "2")

With all this stuff set,
Code: [Select]
reboot
Then reconnect and test ping from the router:
Code: [Select]
ping6 ipv6.google.com
I take no responsibility for the config, or safety of the firewall rules.  Use at your own risk!
« Last Edit: August 05, 2014, 06:46:39 pm by dalrain »

LGNilsson

  • Guest
Re: Almond+ IPv6?
« Reply #18 on: August 01, 2014, 12:15:43 am »
Nice work, I've passed on your fix to the software team, so hopefully they'll get this fixed ASAP.

Offline dalrain

  • Backer
  • *
  • Posts: 28
  • Thanks: 0
  • Registered : 15/07/2014
    YearsYearsYearsYearsYearsYearsYears
Re: Almond+ IPv6?
« Reply #19 on: August 01, 2014, 02:27:14 am »
Cool.  I don't know if it's *the* fix that makes everything perfect, but I suspect the ICMPv6 stuff is necessary to establish the routes.   

Offline Tiger Woods

  • Backer
  • *
  • Posts: 38
  • Thanks: 1
  • Registered : 02/08/2013
    YearsYearsYearsYearsYearsYearsYearsYears
Re: Almond+ IPv6?
« Reply #20 on: August 04, 2014, 09:01:44 am »
Nice.  I'm in the Comcast IPV6 area as well, so I think I'll try this out when I get home this evening.

Edit: I can't seem to get it working with these settings.  I'm going to try some things later tonight (when I'm not interrupting the internet access of family members)
« Last Edit: August 04, 2014, 06:11:28 pm by Tiger Woods »

Offline Tiger Woods

  • Backer
  • *
  • Posts: 38
  • Thanks: 1
  • Registered : 02/08/2013
    YearsYearsYearsYearsYearsYearsYearsYears
Re: Almond+ IPv6?
« Reply #21 on: August 04, 2014, 06:53:09 pm »
Do I need to restart my modem after this to get an ipv6 address on the wan?

Offline dalrain

  • Backer
  • *
  • Posts: 28
  • Thanks: 0
  • Registered : 15/07/2014
    YearsYearsYearsYearsYearsYearsYears
Re: Almond+ IPv6?
« Reply #22 on: August 04, 2014, 11:08:41 pm »
I did not restart my modem, but try running

Code: [Select]
/etc/init.d/dhcp6c start

I don't remember if I had to enable it myself, but that command is

Code: [Select]
/etc/init.d/dhcp6c enable

Offline dalrain

  • Backer
  • *
  • Posts: 28
  • Thanks: 0
  • Registered : 15/07/2014
    YearsYearsYearsYearsYearsYearsYears
Re: Almond+ IPv6?
« Reply #23 on: August 04, 2014, 11:14:08 pm »
Also, for comcast in particular, visit http://www.comcast6.net/ and check the top of the page to make sure you're in an area where it's supported.

Offline dalrain

  • Backer
  • *
  • Posts: 28
  • Thanks: 0
  • Registered : 15/07/2014
    YearsYearsYearsYearsYearsYearsYears
Re: Almond+ IPv6?
« Reply #24 on: August 05, 2014, 12:18:15 am »
Just reconfigured from scratch.  You will also need to turn on accept_ra=1 for the WAN.

See below (in /etc/config/network):
Code: [Select]
config 'interface' 'loopback'
option 'ifname' 'lo'
option 'proto' 'static'
option 'ipaddr' '127.0.0.1'
option 'netmask' '255.0.0.0'

config 'interface' 'wan'
option 'ifname' 'eth0'
option 'proto' 'dhcp'
option 'accept_ra' '1'

config 'interface' 'lan'
option 'ifname' 'eth1'
option 'type' 'bridge'
option 'proto' 'static'
option 'ipaddr' '10.10.10.254'
option 'netmask' '255.255.255.0'

To verify it worked:

Code: [Select]
root@AlmondPlus:~# sysctl net.ipv6.conf.eth0.accept_ra
net.ipv6.conf.eth0.accept_ra = 2

(It needs to read "2")
« Last Edit: August 05, 2014, 01:38:40 am by dalrain »

Offline Tiger Woods

  • Backer
  • *
  • Posts: 38
  • Thanks: 1
  • Registered : 02/08/2013
    YearsYearsYearsYearsYearsYearsYearsYears
Re: Almond+ IPv6?
« Reply #25 on: August 05, 2014, 08:06:41 am »
Also, for comcast in particular, visit http://www.comcast6.net/ and check the top of the page to make sure you're in an area where it's supported.

Yep, already saw this site and verified I'm in the area with the ipv6 checker.  I'll give the other things a shot tonight.  Thanks.

Offline Tiger Woods

  • Backer
  • *
  • Posts: 38
  • Thanks: 1
  • Registered : 02/08/2013
    YearsYearsYearsYearsYearsYearsYearsYears
Re: Almond+ IPv6?
« Reply #26 on: August 05, 2014, 05:30:16 pm »
OK, that worked.  I now have an ipv6 address on the wan and can ping external addresses from the router.  Now to figure out how to get my computer to recognize the connection....

Offline Tiger Woods

  • Backer
  • *
  • Posts: 38
  • Thanks: 1
  • Registered : 02/08/2013
    YearsYearsYearsYearsYearsYearsYearsYears
Re: Almond+ IPv6?
« Reply #27 on: August 05, 2014, 05:48:30 pm »
OK, got everything working now.  Had to make the following additional changes:

Add a new interface to /etc/config/network
Code: [Select]
config 'interface' '6rd'
   option 'proto' '6to4'
   option 'adv_subnet' '1'
   option 'adv_interface' 'lan'

Add a new interface to the wan zone in /etc/config/firewall
Code: [Select]
config 'zone'
option 'name' 'wan'
option 'forward' 'REJECT'
option 'output' 'ACCEPT'
option 'network' 'wan'
option 'input' 'DROP'
option 'masq' '1'
option 'mtu_fix' '1'
option 'network' '6rd wan'

And reboot!

Offline dalrain

  • Backer
  • *
  • Posts: 28
  • Thanks: 0
  • Registered : 15/07/2014
    YearsYearsYearsYearsYearsYearsYears
Re: Almond+ IPv6?
« Reply #28 on: August 05, 2014, 05:52:24 pm »
6to4 probably isn't what you want, that is for routing your IPv6 connections into your IPv4 address.  IPv6 native dual stack is what you're looking for with Comcast, typically.

What does
Code: [Select]
ip -6 addr ls show?

Edit: You can anonymize the addresses, just the first set of 4 characters is probably sufficient to see what's going on.

Edit edit: Also, you can hit http://www.comcast6.net to see if you're connecting via native IPv6 to check your work.
« Last Edit: August 05, 2014, 05:59:29 pm by dalrain »

Offline Tiger Woods

  • Backer
  • *
  • Posts: 38
  • Thanks: 1
  • Registered : 02/08/2013
    YearsYearsYearsYearsYearsYearsYearsYears
Re: Almond+ IPv6?
« Reply #29 on: August 05, 2014, 06:06:49 pm »
This is what I see:

Code: [Select]
root@AlmondPlus-CLC:~# ip -6 addr ls
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
    inet6 2001:X:X:X:X:X:X:X/128 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::X:X:X:X/64 scope link
       valid_lft forever preferred_lft forever
10: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500
    inet6 2002:X:X:1::1/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::X:X:X:X/64 scope link
       valid_lft forever preferred_lft forever
14: wlan00: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500
    inet6 fe80::X:X:X:X/64 scope link
       valid_lft forever preferred_lft forever
15: wlan10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500
    inet6 fe80::X:X:X:X/64 scope link
       valid_lft forever preferred_lft forever
17: 6to4-6rd: <NOARP,UP,LOWER_UP> mtu 1280
    inet6 2002:X:X::1/16 scope global
       valid_lft forever preferred_lft forever
    inet6 ::X.X.X.X/128 scope global
       valid_lft forever preferred_lft forever

 

Page created in 0.051 seconds with 20 queries.