2010/04/13

6to4 in DD-WRT v24 sp2 (recent build)

My router got sick this afternoon. I don't know exactly why, but it began to reset connections when trying to configure anything via Web (not allowing me to save the config at all), and not connecting to PPPoE, though the configuration was there. So, time to flash again, this time with a more recent version of DD-WRT.

Since it looked like it had IPv6 support (while previous releases of v24 did not), I gave yet another try to 6to4, which my ISP now supports correctly (it did not support it a few months ago). I had to connect PPPoE directly from computer, because of the router problem, and 6to4 was already configured on Mac, so IPv6 began to work "magically", which pointed me that 6to4 was up.

Most of the instructions below are from DD-WRT website. My own touches are described below.

In Administration -> Management tab, enable IPv6 and radvd. Add the following configuration for radvd:

interface br0 {
MinRtrAdvInterval 3;
MaxRtrAdvInterval 10;
AdvLinkMTU 1280;
AdvSendAdvert on;
prefix 0:0:0:1::/64 {
AdvOnLink on;
AdvAutonomous on;
AdvValidLifetime 86400;
AdvPreferredLifetime 86400;
Base6to4Interface ppp0;
AdvRouterAddr on;
};
};

Note the "ppp0" interface; that's because I use PPPoE. If you get your WAN address by DHCP, the correct interface would be vlan1, or something else if you changed the VLAN configuration.

Now, in Administration -> Command, add

insmod ipv6
WANIP=$(ip -4 addr show dev ppp0 | awk '/inet / {print $2}' | cut -d/ -f1)
killall radvd
ip tunnel del tun6to4
OLDIPV6=$(ip -6 addr show dev br0 | grep 2002 | awk '/inet6 / {print $2}' | cut -d/ -f1)
ip addr del $OLDIPV6/64 dev br0
if [ -n "$WANIP" ]
then
V6PREFIX=$(printf '2002:%02x%02x:%02x%02x' $(echo $WANIP | tr . ' '))
ip tunnel add tun6to4 mode sit ttl 255 remote any local $WANIP
ip link set tun6to4 mtu 1280
ip link set tun6to4 up
ip addr add $V6PREFIX:0::1/16 dev tun6to4
ip addr add $V6PREFIX:1::1/64 dev br0
ip -6 route add 2000::/3 via ::192.88.99.1 dev tun6to4
radvd -C /tmp/radvd.conf
fi

and press the "Save Firewall" button. If you already had some sort of startup script, just prepend it to the above content.

There are some changes in it, compared against DD-WRT recipe. First, I obviously use ppp0. Second, I save this script as a "firewall" script, because it is executed after WAN interface is up. The original recipe prescribed this as a startup script, but ppp0 is not up at that time.

The firewall script is re-run when PPPoE disconnects and reconnects, which is important to us because most ADSL accounts do not have fixed IP, and we need to reconfigure 6to4 with the new IP. I have added commands to remove the old tun6to4 interface as well as the old IPv6 address from br0, otherwise your router will end up having a half dozen IPv6 addresses if your ADSL is not very stable...

Also, note I load the ipv6 module manually, because the ipv6 enabling at web interface seems not to work (hint taken from a random forum post). And the radvd service is not automatically loaded either, so I load it manually at the end of the script.

One "problem" of activating 6to4 is that we another protocol (IPv6) to worry about security. Note that DD-WRT does not come with ip6tables in base firwmare, and implements no firewall for IPv6, so we need to install ip6tables in DD-WRT to plug this hole.
blog comments powered by Disqus