IPv6 on Synology

From SixXS Wiki
Jump to: navigation, search

Start

With Firmware 3.0, newer DS are equipped with an IPv6-Stack, so it's possible to use IPv6.


Requirements

It does only work with an AYIYA tunnel. The reason is that the DS is missing the required kernel modules for a 6in4 tunnel needed by heartbeat or static tunnels.

The only other requirement is a newer DS that is bootstrapped.


Installing Aiccu

The Aiccu-Installation is very easy. Just enter 

ipkg install aiccu

in the SSH-Terminal


Enabling Kernel-IPv6-Forwarding

If you want to use IPv6 with other computers, you have to enable IPv6 in the kernel Interface. In this case, you need this command: 

echo "1" > /proc/sys/net/ipv6/conf/all/forwarding

Make sure the tunneling module is loaded

The tunnel device (/dev/net/tun) is not available by default. You can load it using this command: 

insmod /usr/lib/modules/tun.ko


Compiling RADVD

Because RADVD isn't available via IPKG, you have to compile it on the Synology box.

1. Create a Work-Directory 

mkdir radvd && cd radvd

2. Download the RADVD-Package 

wget http://www.litech.org/radvd/dist/radvd-1.6.tar.gz

3. Extract the Package 

gunzip radvd-* && tar xvf radvd-* && cd radvd-*

4. Install required Packages 

ipkg install gcc make bison flex

5. Start configuring Just enter in the SSH Terminal 

./configure --prefix=/usr/local --sysconfdir=/etc --mandir=/usr/share/man

6. Start compiling 

make

7. Installation 

make install

Congratulations, RADVD is installed now.

Compiling RADVD on DSM4

The above did not work for me on DSM4. Here the adjusted instructions to make it on DSM4

1. Create a Work-Directory 

mkdir radvd && cd radvd

2. Download the RADVD-Package 

wget wget http://www.litech.org/radvd/dist/radvd-1.9.7.tar.gz

3. Extract the Package 

gunzip radvd-* && tar xvf radvd-* && cd radvd-*

4. Install required Packages 

ipkg install gcc make bison flex 
ipkg install libdaemon pkgconfig

5. Start configuring Just enter in the SSH Terminal

LDFLAGS="-Wl,-rpath,/opt/lib" CPPFLAGS="-I/opt/include" CPPFLAGS=-DNETLINK_NO_ENOBUFS=5 ./configure --prefix=/usr/local --sysconfdir=/opt/etc --mandir=/usr/share/man

6. Start compiling 

make

7. Installation 

make install


Congratulations, RADVD is installed now.

Configuring IPv6-Router

First of all, fill out your Aiccu-Config (is located at /opt/etc/aiccu.conf)

Then you can open radvd.conf (location: /etc/radvd.conf) The Content of this File is following: 

interface eth0
{
        AdvSendAdvert on;
        AdvLinkMTU 1280;
        MaxRtrAdvInterval 300;
        prefix [PREFIX]::/64
        {
                AdvOnLink on;
                AdvAutonomous on;
        };
};

Please fill in your PREFIX!

Now, start Aiccu 

aiccu start

Your Network-Interface needs an IPv6-IP: 

ip a add [PREFIX]::1/64 dev eth0

Now, you can start RADVD: 

radvd start

Congratulations, IPv6 is now running and you're able to use IPv6 from all other Computers in your Network :)


Configuring IPv6 Firewall

By default, your Synology NAS and any stations connected via your LAN will now be open to inbound connections from the Internet. You might want to consider establishing some firewall rules to ensure that only the services you want to be available can be accessed from the outside world. Since the SixXS tunnel is set up by aiccu and not the Synology software, we need to use ip6tables manually to set up our firewall rules:

First we create rules for any services running on your NAS that you want to access from the Internet. Here I allow SSH from the outside world: 

ip6tables -A INPUT -i [SIXXS] -p tcp --dport 22 -d [NAS-IP] -j ACCEPT

[NAS-IP] is the 'Your IP' value from your SixXS tunnel information page, and [SIXXS] is what you called your tunnel in aiccu.conf

Now we allow icmpv6 so SixXS can ping the tunnel. 

ip6tables -A INPUT -i [SIXXS] -p icmpv6 -j ACCEPT

And now we block everything else 

ip6tables -A INPUT -i [SIXXS] -j DROP

In case errors during the usage of ip6tables, possibly the kernel modules need to be loaded 

insmod /usr/lib/modules/ip6_tables.ko
insmod /usr/lib/modules/ip6table_filter.ko
insmod /usr/lib/modules/nf_conntrack_ipv6.ko
insmod /usr/lib/modules/ip6t_LOG.ko


Automating the whole thing

Aicuu allows us to specify a script that will run after the tunnel has been created. Since aiccu is configured to run whenever your Synology boots, we can use this script to automate some of the tasks we did earlier.

1. Create a file called /opt/bin/aiccu-subnets.sh containing the following: 

#!/bin/bash
# Most likely /bin/bash is not used on your Synology. Use /bin/ash to execute this script.
# Enable IPv6 forwarding
echo "1" > /proc/sys/net/ipv6/conf/all/forwarding

# Set up the LAN prefix and enable SLAAC
ip a add [PREFIX]::1/64 dev eth0
radvd start

# Set up IPv6 firewall rules for the NAS and the LAN
ip6tables -A INPUT -i [SIXXS] -p tcp --dport 22 -d [NAS-IP] -j ACCEPT
ip6tables -A INPUT -i [SIXXS] -p icmpv6 -j ACCEPT
ip6tables -A INPUT -i [SIXXS] -j DROP

2. Make the script executable 

chmod +x /opt/bin/aiccu-subnets.sh

3. Edit your /opt/etc/aiccu.conf file, and make sure your setupscript line is configured like this: 

setupscript /opt/bin/aiccu-subnets.sh


Now your LAN subnet and firewall rules will be set up automatically each time your Synology NAS reboots.

Retrieved from "http://www.sixxs.net/wiki/?title=IPv6_on_Synology&oldid=4358"