Posts Tagged ‘openwrt’

Weekend, WRT54GS, OpenWRT, IPv6 through tunnelbroker.net

Saturday, April 30th, 2011

While we’ve been doing a lot of work recently with IPv6, I decided to see if I could reconfigure an older Linksys WRT54GS to run OpenWRT, so that I could use it to route IPv6 to the machines at the house, rather than using the entire /64 on my macbook. This will also allow me to run IPv6 on other machines at the house.

First I ran into some issues flashing OpenWRT – which were fixed by upgrading the firmware on the machine to the latest version supplied by Cisco/Linksys, then, flashing the OpenWRT build from http://downloads.openwrt.org/snapshots/trunk/brcm47xx/.

Once you’ve done that, telnet to 192.168.1.1, type passwd, enter a new password, log out, ssh root@192.168.1.1 using the new password and you’re set.

Configuring wireless was simple enough, though, I couldn’t get WEP to work, I had to move over to WEP/PSK2. With WEP configured, using multiple different suggested configurations, OpenWRT would always respond with:

Configuration file: /var/run/hostapd-phy0.conf
Could not set WEP encryption.
Interface initialization failed
wlan0: Unable to setup interface.
rmdir[ctrl_interface]: No such file or directory
Failed to start hostapd for phy0

Changing the encryption type to psk2 and setting the key allowed me to type wifi which then recognized the configuration. A warning pops up:

root@OpenWrt:/etc/config# wifi
Configuration file: /var/run/hostapd-phy0.conf
Using interface wlan0 with hwaddr 00:12:17:3a:c6:4a and ssid 'ipv6'
random: Cannot read from /dev/random: Resource temporarily unavailable
random: Only 0/20 bytes of strong random data available from /dev/random
random: Not enough entropy pool available for secure operations
WPA: Not enough entropy in random pool for secure operations - update keys later when the first station connects

I set up a separate network, and am allowing the one router to stay online with my existing config. That way, I am not disrupting the main router and can keep testing on its own Wireless LAN. At this point, I’ve set 192.168.6.0/24 as the IPv4 for the IPv6 Wireless router, connected through it as my preferred Wireless LAN and am now able to surf the internet.

Next, we need to set up our IPv6 configuration from http://www.tunnelbroker.net/, a free service provided by Hurricane Electric.

We need to install the ipv6 kernel models, then, activate IPv6 (or, you can power cycle the router and the ipv6 modules will automatically be installed.

opkg install kmod-ipv6
insmod ipv6
opkg install 6in4

We can verify that ipv6 is working by typing:

root@OpenWrt:/etc# ifconfig br-lan
br-lan    Link encap:Ethernet  HWaddr 00:12:17:3A:C6:48  
          inet addr:192.168.6.1  Bcast:192.168.6.255  Mask:255.255.255.0
          inet6 addr: fe80::212:17ff:fe3a:c648/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:5338 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4690 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:574933 (561.4 KiB)  TX bytes:2397889 (2.2 MiB)

and we can see that the inet6 addr: is set with a default, unrouteable address. For troubleshooting, we’ll install tcptraceroute6.

opkg install tcptraceroute6

From this thread, we take the script listed and name it /etc/init.d/ipv6:

NOTE: I’ve made minor changes altering br0 to br-lan as the original script uses the whiterussian distribution of openWRT and we’re using the kamakaze version.

#!/bin/sh /etc/rc.common

#Information from the "Tunnel Details" page
SERVER_v4=Server IPv4 Address
SERVER_v6=Server IPv6 Address

CLIENT_v4=Client IPv4 Address
CLIENT_v6=Client IPv6 Address

# Uncomment if you have a /48
#ROUTED_48=Your /48 netblock's gateway address, e.g., 2001:a:b::1
ROUTED_64=Your /64 netblock's gateway address, e.g., 2001:a:b:c::1

START=50

start() {
	echo "Starting he.net IPv6 tunnel: "
	ip tunnel add henet mode sit remote $SERVER_v4 local $CLIENT_v4 ttl 255
	ip link set henet up

	ip -6 addr add $CLIENT_v6/64 dev henet
	ip -6 ro add default via $SERVER_v6 dev henet

	ip -6 addr add $ROUTED_64/64 dev br-lan
	# Uncomment if you have a /48
        #ip -6 addr add $ROUTED_48/48 dev br-lan
	ip -f inet6 addr

	echo "Done."
}
stop() {
	echo -n "Stopping he.net IPv6 tunnel: "
	ip link set henet down
	ip tunnel del henet

	ip -6 addr delete $ROUTED_64/64 dev br-lan
	# Uncomment if you have a /48
        #ip -6 addr delete $ROUTED_48/48 dev br-lan

	echo "Done."
}
restart() {
	stop
	start
}

We fill in the information available to us from the tunnelbroker.net admin page which lists your existing tunnel configurations.

/etc/init.d/ipv6 start

root@OpenWrt:/etc/init.d# ping6 -c 5 ipv6.google.com
PING ipv6.google.com (2001:4860:8003::63): 56 data bytes
64 bytes from 2001:4860:8003::63: seq=0 ttl=55 time=89.572 ms
64 bytes from 2001:4860:8003::63: seq=1 ttl=55 time=88.701 ms
64 bytes from 2001:4860:8003::63: seq=2 ttl=55 time=121.524 ms
64 bytes from 2001:4860:8003::63: seq=3 ttl=55 time=87.989 ms
64 bytes from 2001:4860:8003::63: seq=4 ttl=55 time=88.010 ms

--- ipv6.google.com ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 87.989/95.159/121.524 ms
root@OpenWrt:/etc/init.d#

And we have IPv6 routing on the router. After we’re sure things are working, we can do:

/etc/init.d/ipv6 enable

which will configure the router to run our script on startup. A slight configuration change on the laptop, and:

tsavo:~ mcd$ ping6 -c 5 ipv6.google.com
PING6(56=40+8+8 bytes) 2001:470:4:590::cd34 --> 2001:4860:8007::67
16 bytes from 2001:4860:8007::67, icmp_seq=0 hlim=54 time=91.914 ms
16 bytes from 2001:4860:8007::67, icmp_seq=1 hlim=54 time=90.727 ms
16 bytes from 2001:4860:8007::67, icmp_seq=2 hlim=54 time=91.214 ms
16 bytes from 2001:4860:8007::67, icmp_seq=3 hlim=54 time=94.121 ms
16 bytes from 2001:4860:8007::67, icmp_seq=4 hlim=54 time=90.975 ms

--- ipv6.l.google.com ping6 statistics ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 90.727/91.790/94.121/1.231 ms
tsavo:~ mcd$

Compared to the tunnel script on the mac, I’ve shaved off about 51ms from each ping – which seems to indicate that the gif0 interface on the mac is a little resource heavy since I am routing through the WRT54GS through a WRT160Nv2 and still getting better ping times.

At this point, it would be wise to install ipv6tables, shorewall6-lite or one of the other ipv6 capable firewalls. Configuring those is as easy as it would be on a normal machine, with shorewall probably being the easiest of them to configure.

Not bad for about 40 minutes of work – and now I can add other machines on my network and utilize IPv6.

Entries (RSS) and Comments (RSS).
Cluster host: li