|
Initial Problem Solved, now need help with DD-WRT for addresses
![[us]](/s/countries/us.gif) Shadow Hawkins on Wednesday, 12 May 2010 14:50:52
Hi guys,
I figured out what I did wrong last night and I was able to get the tunnel working properly, and was able to successfully visit some IPv6 websites.
Now I'm having trouble figuring out the correct settings to have my subnet applied to my DD-WRT. Here are the config settings below. Forgive my ignorance but I am learning this on my own and some of the instructions aren't as clear to me. Thanks!
## Config Data starts here ##
radvd config:
interface br0 {
AdvSendAdvert on;
prefix 2001:4830:162e::/64 (This is my subnet /48)
{
AdvOnLink on;
AdvAutonomous on;
};
};
Startup Script:
insmod ipv6
insmod sit
insmod /jffs/lib/modules/2.4.34/ip6_tables.0
insmod /jffs/lib/modules/2.4.34/ip6table_filter.o
insmod /jffs/lib/modules/2.4.34/ip6t_multiport.o
sleep 5
WANIP=$(ip -4 addr show dev vlan1 | awk '/inet / {print $2}' | cut -d/ -f1)
WANIP=$(ip -4 addr show dev vlan1 | awk '/inet / {print $2}' | cut -d/ -f1)
MY_TUNNEL_ADDR="2001:470:1f06:7fb::2/64"
TUNNEL_POP="2001:470:1f06:7fb::1"
TUNNEL_REMOTE_IP="209.51.164.14"
echo "External IP:" $WANIP > /jffs/startup.debug
if [ -n $WANIP ]
then
echo "configuring tunnel" >> /jffs/startup.debug
fi
ip -6 tunnel add sixxs mode sit remote $TUNNEL_REMOTE_IP local $WANIP ttl 255
ip -6 link set sixxs up
# AICCU doesn't set up the tunnel properly but it will maintain the heartbeat for you
/usr/sbin/ntpclient -s -h us.pool.ntp.org
aiccu start /jffs/etc/config/aiccu
# Do all the things that AICCU was supposed to do and didn't
ip -6 addr add $MY_TUNNEL_ADDR/64 dev sixxs
ip -6 route add ::/0 dev sixxs
ip -6 addr add $TUNNEL_POP dev sixxs
ip -6 addr add $TUNNEL_POP dev br0
ip route add 2000::/3 dev sixxs
# For each subnet you are routing, add one of these lines:
ip -6 addr add 2001:4830:162e::1/64 dev br0
# Start IPv6 forwarding on the router
/bin/echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
Firewall:
iptables -I INPUT 2 -p ipv6 -i vlan1 -j ACCEPT
iptables -t nat -D POSTROUTING -o vlan1 -j MASQUERADE
iptables -t nat -I POSTROUTING -p ! ipv6 -o vlan1 -j MASQUERADE
## CONFIG DATA ENDS HERE ##
Initial Problem Solved, now need help with DD-WRT for addresses
MY_TUNNEL_ADDR="2001:470:1f06:7fb::2/64" TUNNEL_POP="2001:470:1f06:7fb::1"
That definitely is not SixXS address space.
TUNNEL_REMOTE_IP="209.51.164.14"
And that is not a SixXS PoP.
ip -6 tunnel add sixxs mode sit remote $TUNNEL_REMOTE_IP local $WANIP ttl 255
You can avoid the 'local' part, unless you have multiple default outbound routes or multiple addresses on that interface.
Anyway, AICCU will do this for you. Most likely as you try to setup the tunnel wrongly yourself AICCU cannot override the settings. It is not a tool that can magically guess what is intended and resolve problems.
# Do all the things that AICCU was supposed to do and didn't
AICCU definitely will add these, except for the 2000::/3, you might want to check the error messages why it does not do that.
Also note that WRT's have really bad time keeping, thus you will want to check your time from time to time or actually force update it.
Further, the 'script' is nice to see, but after you have resolved all kinds of issues mentioned above, you might actually want to also show the actual running configuration (ip -6 ro sho, ip tunnel sho, etc as per the contact page). I can only guess what an amount of wrong information persists.
Initial Problem Solved, now need help with DD-WRT for addresses
Shadow Hawkins on Wednesday, 12 May 2010 15:26:47
Thanks for the information. I didn't mean to offend. I copied the information from various websites and made changes. Obviously I made some mistakes here and there.
Again, I am learning - this is brand new to me, and I hope to completely understand what it is that I am doing some day. In the mean time it will be trial and error and help from folks in the forum who know more than I do.
Initial Problem Solved, now need help with DD-WRT for addresses
No offense taken in any way, but that mixture of things will not work ;)
Ask away, is what I would say....
Incidentally I have an old DD-WRT somewhere and that uses something like:
root@sheol:/jffs/etc/config# cat aiccu.startup
#!/bin/sh
POP=192.0.2.1
SUBNET=2001:db8:1000:
REMOTE=2001:db8:1::1
export TZ=UTC
while [ `date +%Y` -eq 1970 ]; do
sleep 1
ntpclient -s -h eu.pool.ntp.org
done
iptables -I INPUT 1 -s ${POP} -j ACCEPT
iptables -t nat -D POSTROUTING -o vlan1 -j MASQUERADE
iptables -t nat -I POSTROUTING -p ! ipv6 -o vlan1 -j MASQUERADE
ntpclient -s -h eu.pool.ntp.org
/jffs/usr/sbin/aiccu start /jffs/etc/aiccu.conf
ip -6 addr add ${SUBNET}::1/64 dev br0
ip -6 addr add 2000::/3 via ${REMOTE}
ip -6 ro add ${SUBNET}::/48 dev lo
echo 1 >/proc/sys/net/ipv6/conf/all/forwarding
echo 1 >/proc/sys/net/ipv6/conf/default/forwarding
/sbin/radvd
Initial Problem Solved, now need help with DD-WRT for addresses
Shadow Hawkins on Wednesday, 12 May 2010 23:32:30
I tried that and a couple of other things and still no luck.
As requested here are the outputs:
If I missed anything it's only because I have no idea what I'm doing and I'm trying to come up to speed as quickly as possible. Thanks again for your help and input.
## Begin Output ##
ip -6 ro sho
2001:4830:1600:29a::/64 via :: dev sixxs metric 256 mtu 1480 advmss 1420
2001:4830:1600:29a::/64 dev br0 metric 256 mtu 1500 advmss 1440
2001:4830:162e::/64 dev br0 metric 256 mtu 1500 advmss 1440
2000::/3 dev sixxs metric 1024 mtu 1480 advmss 1420
fe80::/64 dev eth0 metric 256 mtu 1500 advmss 1440
fe80::/64 dev eth1 metric 256 mtu 1500 advmss 1440
fe80::/64 dev vlan0 metric 256 mtu 1500 advmss 1440
fe80::/64 dev br0 metric 256 mtu 1500 advmss 1440
fe80::/64 via :: dev sixxs metric 256 mtu 1480 advmss 1420
ff00::/8 dev eth0 metric 256 mtu 1500 advmss 1440
ff00::/8 dev eth1 metric 256 mtu 1500 advmss 1440
ff00::/8 dev vlan0 metric 256 mtu 1500 advmss 1440
ff00::/8 dev br0 metric 256 mtu 1500 advmss 1440
ff00::/8 dev sixxs metric 256 mtu 1480 advmss 1420
default dev sixxs metric 1024 mtu 1480 advmss 1420
ip tunnel sho
sit0: ipv6/ip remote any local any ttl 64 nopmtudisc
sixxs: ipv6/ip remote 66.117.47.228 local any ttl inherit
Corrected settings:
radvd config
interface br0 {
AdvSendAdvert on;
prefix 2001:4830:162e::/64
{
AdvOnLink on;
AdvAutonomous on;
};
};
## Startup Script: ##
insmod ipv6
insmod sit
insmod /jffs/lib/modules/2.4.34/ip6_tables.0
insmod /jffs/lib/modules/2.4.34/ip6table_filter.o
insmod /jffs/lib/modules/2.4.34/ip6t_multiport.o
sleep 5
WANIP=$(ip -4 addr show dev vlan1 | awk '/inet / {print $2}' | cut -d/ -f1)
WANIP=$(ip -4 addr show dev vlan1 | awk '/inet / {print $2}' | cut -d/ -f1)
MY_TUNNEL_ADDR="2001:4830:1600:29a::2/64"
TUNNEL_POP="2001:4830:1600:29a::1/64"
TUNNEL_REMOTE_IP="66.117.47.228"
echo "External IP:" $WANIP > /jffs/startup.debug
if [ -n $WANIP ]
then
echo "configuring tunnel" >> /jffs/startup.debug
fi
ip -6 tunnel add sixxs mode sit remote $TUNNEL_REMOTE_IP
ip -6 link set sixxs up
# AICCU doesn't set up the tunnel properly but it will maintain the heartbeat for you
/usr/sbin/ntpclient -s -h us.pool.ntp.org
aiccu start /jffs/etc/config/aiccu
# Do all the things that AICCU was supposed to do and didn't
ip -6 addr add $MY_TUNNEL_ADDR/64 dev sixxs
ip -6 route add ::/0 dev sixxs
ip -6 addr add $TUNNEL_POP dev sixxs
ip -6 addr add $TUNNEL_POP dev br0
ip route add 2000::/3 dev sixxs
# For each subnet you are routing, add one of these lines:
ip -6 addr add 2001:4830:162e::1/64 dev br0
# Start IPv6 forwarding on the router
/bin/echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
Firewall
iptables -I INPUT 2 -p ipv6 -i vlan1 -j ACCEPT
iptables -t nat -D POSTROUTING -o vlan1 -j MASQUERADE
iptables -t nat -I POSTROUTING -p ! ipv6 -o vlan1 -j MASQUERADE
Initial Problem Solved, now need help with DD-WRT for addresses
2001:4830:1600:29a::/64 via :: dev sixxs metric 256 mtu 1480 advmss 1420 2001:4830:1600:29a::/64 dev br0 metric 256 mtu 1500 advmss 1440
You have assigned the tunnel prefix to both your tunnel and to your br0, remove the latter with "ip -6 ro del 2001:4830:1600:29a::/64 dev br0". You might want to check with "ip -6 addr sho" though, as you might have added an address on the wrong interface, in that case, use "ip -6 addr del <address> dev <dev>" to remove it.
Your script does not make sense, AICCU will set all that configuration (except for the 2000::/3 route). I guess that because you make the interface before AICCU does it messes things up.
# AICCU doesn't set up the tunnel properly but it will maintain the heartbeat for you
AICCU does this perfectly well, maybe your path is wrong. You might want to actually set the daemonize flag to false and debug to true and show the output...
ip -6 addr add $TUNNEL_POP dev br0
That is the line that you are doing wrong btw, which causes the above mentioned double route.
Initial Problem Solved, now need help with DD-WRT for addresses
Shadow Hawkins on Thursday, 13 May 2010 20:52:40
Ok,
Here is where I am confused. Am I supposed to run aiccu in addition to the config on the DD-WRT? I can make the changes you recommend, but I'm not sure if both should be running or just aiccu. Bear in mind that the information that I have included here is on the DD-WRT. If I should be configuring or using any of this information on aiccu, then please let me know, as the instructions are not quite clear to me (being a novice at this)
Thanks again!
Initial Problem Solved, now need help with DD-WRT for addresses
Here is where I am confused. Am I supposed to run aiccu in addition to the config on the DD-WRT?
I am not aware of DD-WRT having a UI option or so for AICCU.
As such, afaik, the process for DD_WRT is: install iproute and the aiccu package, edit the configuration file, start it, if you have a subnet install radvd and then configure it and start it.
If you want your life to be easier and that things work, I suggest going the OpenWRT route which is a true Open Source system and actually being updated.
DD-WRT is a mess IMHO and not properly maintained.
Initial Problem Solved, now need help with DD-WRT for addresses
![[pl]](/s/countries/pl.gif) Carmen Sandiego on Sunday, 10 October 2010 20:06:39
Actually AICCU doesn't do anything. For a few minutes it's working (I mean heartbeat) but then it stops. And No AICCU doesn't create any tunnel at all!!! I've written a script which should do what AICCU should but I don't know what I'm doing wrong -> the POP is not responding throug the tunnel.
#! /bin/sh
serverv6="$1"
serverv4="$2"
clientv6="$3"
clientv4="$4"
password="$5"
sleep="$6"
while [ 1 ]
do
d=`date +%s`
let d-=7200
hb_base="HEARTBEAT TUNNEL $clientv6 $clientv4 $d"
#echo "$hb_base" >> /jffs/beat.log
packet="$hb_base `echo -n "$hb_base $password" | md5sum | cut -d ' ' -f 1`"
echo -n -e "$packet\0" | netcat -c -w 1 -u "$serverv4" 3740
#echo -e "$packet\0" >> packet.log
ping6 -s 8 -c 1 -q $serverv6 > /dev/null 2>&1 &
sleep $sleep
done
Initial Problem Solved, now need help with DD-WRT for addresses
Actually AICCU doesn't do anything. For a few minutes it's working (I mean heartbeat) but then it stops. And No AICCU doesn't create any tunnel at all!!!
Where is the output? Set in the configuration the daemonize option to false and verbosity to true and paste output here.
I've written a script which should do what AICCU should but I don't know what I'm doing wrong
AICCU does TIC, AYIYA and heartbeat next to configuring the tunnel and other things, clearly your script can't do that.
|
![[ch]](/s/countries/ch.gif)
on Wednesday, 12 May 2010 15:11:40
Posting is only allowed when you are