IPv6 tunnel on OpenWRT using tunnelbroker.net

Matt

I’m far from an IPv6 expert so this is more a detail of my experiences, rather than a detailed setup guide.TP-LINK TL-WR1043ND

My ISP does not provide native IPv6 yet to their ADSL customers but I wanted to set up IPv6 on my local network, and be able to access the Internet using IPv6. To do this I’m using a free tunnel from tunnelbroker.net. The way this works is that your IPv6 packets are wrapped up in IPv4 and sent to tunnelbroker. There they are unwrapped and sent on their way, as IPv6 packets. Once set up this is transparent to you and you just treat it as a normal IPv6 network.

When you sign up for a free tunnel with tunnelbroker you will receive several pieces of information that you will need to set up your tunnel.

Here are my settings –

Server IPv4 Address – 216.66.84.46. This is where your router will sent your ‘wrapped up’ IPv6 packets for onward delivery.

Client IPv6 Address – 2001:470:1d14:154::2/64. This is the IPv6 address of the WAN side of your router

Routed /64 – 2001:470:1d15:154::/64. This is the IPv6 subnet that you will use on your LAN

Once you have these settings you can click on the Example Configurations page in tunnelbroker and, at least for OpenWRT, it tells you what commands to run on your router to install IPv6 and enable it for the tunnelbroker tunnel.

I wanted my router, a TP-LINK TL-WR1043ND, to hand out IPv6 IP addresses to my LAN clients so I also needed to install the following packages –

opkg update
opkg install 6in4
opkg install 6to4
opkg install ip6tables
opkg install kmod-ip6tables
opkg install kmod-ipv6
opkg install luci-proto-6x4
opkg install radvd
opkg install wide-dhcpv6-server

Detailed instructions for setting up IPv6 on OpenWRT can be found here – http://wiki.openwrt.org/doc/howto/ipv6

To test the tunnel is working you can ping ipv6.google.com from the router

To test the LAN/DHCP is working you can ping ipv6.google.com from your PC

I struggled a little to get the LAN/DHCP side working. Here are my relevant config files –

/etc/config/dhcp6s

config 'dhcp6s' 'basic'
option 'enabled' '1'
option 'interface' 'lan'
option 'config_file' '/etc/dhcp6s.conf'

 /etc/dhcp6s.conf

option domain-name-servers 2001:4860:4860::8888;

interface br-lan {
address-pool pool1 86400;
};

pool pool1 {
range 2001:470:1d15:154:0:0:0:1001 to 2001:470:1d15:154:0:0:0:2000 ;
};

/etc/config/radvd

config interface
option interface 'lan'
option AdvSendAdvert 1
option AdvManagedFlag 1
option AdvOtherConfigFlag 1
list client ''
option ignore 0

config prefix
option interface 'lan'
list prefix ''
option AdvOnLink 1
option AdvAutonomous 1
option AdvRouterAddr 0
option ignore 0

config route
option interface 'lan'
list prefix ''
option ignore 0

config rdnss
option interface 'lan'
list addr ''
option ignore 0

config dnssl
option interface 'lan'
list suffix ''
option ignore 1

/var/etc/radvd.conf

interface br-lan
{
AdvSendAdvert on;
AdvManagedFlag on;
AdvOtherConfigFlag on;

prefix 2001:470:1d15:154::1/64
{
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr off;
};

RDNSS fe80::b248:7aff:fede:267e
{
};
};

Once everything is set up and working you should run the IPv6 portscan from the tunnelbroker web site. This will port scan a machine on your local network. This is very important as your machine is now directly connected to the internet, with no NAT happening on the IPv6 connection.

You should run a port scan to ensure that your firewall is blocking inbound connections over IPv6

Last updated by at .

1 Comment. Leave new

Thanks for this useful information. I’ve linked to it from a comment on Quentin’s blog:

http://www.statusq.org/archives/2012/07/16/4269/

I’m a big fan of OpenWRT and TP-Link

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>