{"id":1145,"date":"2011-04-30T18:05:29","date_gmt":"2011-04-30T22:05:29","guid":{"rendered":"http:\/\/cd34.com\/blog\/?p=1145"},"modified":"2011-05-01T02:16:21","modified_gmt":"2011-05-01T06:16:21","slug":"weekend-wrt54gs-openwrt-ipv6-through-tunnelbroker-net","status":"publish","type":"post","link":"https:\/\/cd34.com\/blog\/infrastructure\/weekend-wrt54gs-openwrt-ipv6-through-tunnelbroker-net\/","title":{"rendered":"Weekend, WRT54GS, OpenWRT, IPv6 through tunnelbroker.net"},"content":{"rendered":"

While we’ve been doing a lot of work recently with IPv6, I decided to see if I could reconfigure an older Linksys WRT54GS to run OpenWRT<\/a>, so that I could use it to route IPv6 to the machines at the house, rather than using the entire \/64 on my macbook. This will also allow me to run IPv6 on other machines at the house.<\/p>\n

First I ran into some issues flashing OpenWRT – which were fixed by upgrading the firmware on the machine to the latest version supplied by Cisco\/Linksys, then, flashing the OpenWRT build from http:\/\/downloads.openwrt.org\/snapshots\/trunk\/brcm47xx\/.<\/p>\n

Once you’ve done that, telnet to 192.168.1.1, type passwd, enter a new password, log out, ssh root@192.168.1.1 using the new password and you’re set.<\/p>\n

Configuring wireless was simple enough, though, I couldn’t get WEP to work, I had to move over to WEP\/PSK2. With WEP configured, using multiple different suggested configurations, OpenWRT would always respond with:<\/p>\n

\r\nConfiguration file: \/var\/run\/hostapd-phy0.conf\r\nCould not set WEP encryption.\r\nInterface initialization failed\r\nwlan0: Unable to setup interface.\r\nrmdir[ctrl_interface]: No such file or directory\r\nFailed to start hostapd for phy0\r\n<\/pre>\n
Changing the encryption type to psk2 and setting the key allowed me to type wifi which then recognized the configuration. A warning pops up:<\/p>\n
\r\nroot@OpenWrt:\/etc\/config# wifi\r\nConfiguration file: \/var\/run\/hostapd-phy0.conf\r\nUsing interface wlan0 with hwaddr 00:12:17:3a:c6:4a and ssid 'ipv6'\r\nrandom: Cannot read from \/dev\/random: Resource temporarily unavailable\r\nrandom: Only 0\/20 bytes of strong random data available from \/dev\/random\r\nrandom: Not enough entropy pool available for secure operations\r\nWPA: Not enough entropy in random pool for secure operations - update keys later when the first station connects\r\n<\/pre>\n
I set up a separate network, and am allowing the one router to stay online with my existing config. That way, I am not disrupting the main router and can keep testing on its own Wireless LAN. At this point, I’ve set 192.168.6.0\/24 as the IPv4 for the IPv6 Wireless router, connected through it as my preferred Wireless LAN and am now able to surf the internet.<\/p>\n
Next, we need to set up our IPv6 configuration from http:\/\/www.tunnelbroker.net\/<\/a>, a free service provided by Hurricane Electric.<\/p>\n
We need to install the ipv6 kernel models, then, activate IPv6 (or, you can power cycle the router and the ipv6 modules will automatically be installed.<\/p>\n
\r\nopkg install kmod-ipv6\r\ninsmod ipv6\r\nopkg install 6in4\r\n<\/pre>\n
We can verify that ipv6 is working by typing:<\/p>\n
\r\nroot@OpenWrt:\/etc# ifconfig br-lan\r\nbr-lan    Link encap:Ethernet  HWaddr 00:12:17:3A:C6:48  \r\n          inet addr:192.168.6.1  Bcast:192.168.6.255  Mask:255.255.255.0\r\n          inet6 addr: fe80::212:17ff:fe3a:c648\/64 Scope:Link\r\n          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1\r\n          RX packets:5338 errors:0 dropped:0 overruns:0 frame:0\r\n          TX packets:4690 errors:0 dropped:0 overruns:0 carrier:0\r\n          collisions:0 txqueuelen:0 \r\n          RX bytes:574933 (561.4 KiB)  TX bytes:2397889 (2.2 MiB)\r\n<\/pre>\n
and we can see that the inet6 addr: is set with a default, unrouteable address. For troubleshooting, we’ll install tcptraceroute6.<\/p>\n
\r\nopkg install tcptraceroute6\r\n<\/pre>\n
From this thread<\/a>, we take the script listed and name it \/etc\/init.d\/ipv6:<\/p>\n
NOTE: I’ve made minor changes altering br0 to br-lan as the original script uses the whiterussian distribution of openWRT and we’re using the kamakaze version.<\/p>\n
\r\n#!\/bin\/sh \/etc\/rc.common\r\n\r\n#Information from the \"Tunnel Details\" page\r\nSERVER_v4=Server IPv4 Address\r\nSERVER_v6=Server IPv6 Address\r\n\r\nCLIENT_v4=Client IPv4 Address\r\nCLIENT_v6=Client IPv6 Address\r\n\r\n# Uncomment if you have a \/48\r\n#ROUTED_48=Your \/48 netblock's gateway address, e.g., 2001:a:b::1\r\nROUTED_64=Your \/64 netblock's gateway address, e.g., 2001:a:b:c::1\r\n\r\nSTART=50\r\n\r\nstart() {\r\n\techo \"Starting he.net IPv6 tunnel: \"\r\n\tip tunnel add henet mode sit remote $SERVER_v4 local $CLIENT_v4 ttl 255\r\n\tip link set henet up\r\n\r\n\tip -6 addr add $CLIENT_v6\/64 dev henet\r\n\tip -6 ro add default via $SERVER_v6 dev henet\r\n\r\n\tip -6 addr add $ROUTED_64\/64 dev br-lan\r\n\t# Uncomment if you have a \/48\r\n        #ip -6 addr add $ROUTED_48\/48 dev br-lan\r\n\tip -f inet6 addr\r\n\r\n\techo \"Done.\"\r\n}\r\nstop() {\r\n\techo -n \"Stopping he.net IPv6 tunnel: \"\r\n\tip link set henet down\r\n\tip tunnel del henet\r\n\r\n\tip -6 addr delete $ROUTED_64\/64 dev br-lan\r\n\t# Uncomment if you have a \/48\r\n        #ip -6 addr delete $ROUTED_48\/48 dev br-lan\r\n\r\n\techo \"Done.\"\r\n}\r\nrestart() {\r\n\tstop\r\n\tstart\r\n}\r\n<\/pre>\n
We fill in the information available to us from the tunnelbroker.net admin page which lists your existing tunnel configurations.<\/p>\n
\r\n\/etc\/init.d\/ipv6 start\r\n\r\nroot@OpenWrt:\/etc\/init.d# ping6 -c 5 ipv6.google.com\r\nPING ipv6.google.com (2001:4860:8003::63): 56 data bytes\r\n64 bytes from 2001:4860:8003::63: seq=0 ttl=55 time=89.572 ms\r\n64 bytes from 2001:4860:8003::63: seq=1 ttl=55 time=88.701 ms\r\n64 bytes from 2001:4860:8003::63: seq=2 ttl=55 time=121.524 ms\r\n64 bytes from 2001:4860:8003::63: seq=3 ttl=55 time=87.989 ms\r\n64 bytes from 2001:4860:8003::63: seq=4 ttl=55 time=88.010 ms\r\n\r\n--- ipv6.google.com ping statistics ---\r\n5 packets transmitted, 5 packets received, 0% packet loss\r\nround-trip min\/avg\/max = 87.989\/95.159\/121.524 ms\r\nroot@OpenWrt:\/etc\/init.d#\r\n<\/pre>\n
And we have IPv6 routing on the router. After we’re sure things are working, we can do:<\/p>\n
\r\n\/etc\/init.d\/ipv6 enable\r\n<\/pre>\n
which will configure the router to run our script on startup. A slight configuration change on the laptop, and:<\/p>\n
\r\ntsavo:~ mcd$ ping6 -c 5 ipv6.google.com\r\nPING6(56=40+8+8 bytes) 2001:470:4:590::cd34 --> 2001:4860:8007::67\r\n16 bytes from 2001:4860:8007::67, icmp_seq=0 hlim=54 time=91.914 ms\r\n16 bytes from 2001:4860:8007::67, icmp_seq=1 hlim=54 time=90.727 ms\r\n16 bytes from 2001:4860:8007::67, icmp_seq=2 hlim=54 time=91.214 ms\r\n16 bytes from 2001:4860:8007::67, icmp_seq=3 hlim=54 time=94.121 ms\r\n16 bytes from 2001:4860:8007::67, icmp_seq=4 hlim=54 time=90.975 ms\r\n\r\n--- ipv6.l.google.com ping6 statistics ---\r\n5 packets transmitted, 5 packets received, 0.0% packet loss\r\nround-trip min\/avg\/max\/std-dev = 90.727\/91.790\/94.121\/1.231 ms\r\ntsavo:~ mcd$\r\n<\/pre>\n
Compared to the tunnel script on the mac, I’ve shaved off about 51ms from each ping – which seems to indicate that the gif0 interface on the mac is a little resource heavy since I am routing through the WRT54GS through a WRT160Nv2 and still getting better ping times.<\/p>\n
At this point, it would be wise to install ipv6tables, shorewall6-lite or one of the other ipv6 capable firewalls. Configuring those is as easy as it would be on a normal machine, with shorewall probably being the easiest of them to configure.<\/p>\n
Not bad for about 40 minutes of work – and now I can add other machines on my network and utilize IPv6.<\/p>\n
\n
<\/div>\n<\/fb:like>\n<\/div>
<\/div>","protected":false},"excerpt":{"rendered":"
While we’ve been doing a lot of work recently with IPv6, I decided to see if I could reconfigure an older Linksys WRT54GS to run OpenWRT, so that I could use it to route IPv6 to the machines at the house, rather than using the entire \/64 on my macbook. This will also allow me […]<\/p>\n
\n
<\/div>\n<\/fb:like>\n<\/div>
<\/div>","protected":false},"author":15,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[167,174,175,173],"class_list":["post-1145","post","type-post","status-publish","format-standard","hentry","category-infrastructure","tag-ipv6","tag-openwrt","tag-tunnelbroker","tag-wrt54gs"],"_links":{"self":[{"href":"https:\/\/cd34.com\/blog\/wp-json\/wp\/v2\/posts\/1145","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cd34.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cd34.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cd34.com\/blog\/wp-json\/wp\/v2\/users\/15"}],"replies":[{"embeddable":true,"href":"https:\/\/cd34.com\/blog\/wp-json\/wp\/v2\/comments?post=1145"}],"version-history":[{"count":5,"href":"https:\/\/cd34.com\/blog\/wp-json\/wp\/v2\/posts\/1145\/revisions"}],"predecessor-version":[{"id":1150,"href":"https:\/\/cd34.com\/blog\/wp-json\/wp\/v2\/posts\/1145\/revisions\/1150"}],"wp:attachment":[{"href":"https:\/\/cd34.com\/blog\/wp-json\/wp\/v2\/media?parent=1145"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cd34.com\/blog\/wp-json\/wp\/v2\/categories?post=1145"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cd34.com\/blog\/wp-json\/wp\/v2\/tags?post=1145"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}