IPv6 on the WRT54G via OpenWRT

aka: Impressing your friends with a 128 bit IP address

CONTENTS
  1. Preface
  2. Getting Started
  3. Establishing an IPv6 Tunnel
  4. IPv6 on the LAN
Preface

The goal of this document is to setup a working IPv6 connection on a Linksys WRT54G router running OpenWRT (White Russian v0.9)

Internet Protocol version 6 (IPv6) is a network layer protocol for packet-switched internetworks. It is designated as the successor of IPv4, the current version of the Internet Protocol, for general use on the Internet.

The main improvement brought by IPv6 is a much larger address space that allows greater flexibility in assigning addresses. IPv6 is able to support 2128 (about 3.4×1038) addresses, or approximately 5×1028 addresses for each of the roughly 6.5 billion people alive today. It was not the intention of IPv6 designers, however, to give permanent unique addresses to every individual and every computer. Rather, the extended address length eliminates the need to use network address translation to avoid address exhaustion, and also simplifies aspects of address assignment and renumbering when changing providers.

    (excerpt from Wikipedia)
Back to Top
Getting Started
By default, the OpenWRT firmware does not contain the software and kernel modules required for IPv6 support. The following packages will need to be installed with ipkg

ipkg install kmod-ipv6 # IPv6 kernel module
ipkg install radvd # IPv6 routing daemon
ipkg install ip
ipkg install kmod-ip6tables # IPv6 firewall kernel module
ipkg intstall ip6tables # IPv6 firewall

The IPv6 kernel module will be automatically loaded at system boot via /etc/modules.d/20-ipv6
However, the module can also be loaded without rebooting with the following command

insmod ipv6

Once this module has been loaded, the router has IPv6 support. In addition, the firewall modules for IPv6 can be
loaded with the following commands

insmod ip6_tables
insmod ip6table_filter
Back to Top
Establishing an IPv6 Tunnel
IPv6 connectivity will be provided by encapsulating IPv6 connectivity directly inside IPv4 by having the protocol field set to '41' (IPv6) in the IPv4 packet via a network tunnel to Hurricane Electric.

After account creation, I was assigned a /64 and provided with the following details:
Server IPv4 address: 209.51.161.14
Server IPv6 address: 2001:470:1f06:8::1/64
Client IPv4 address: 72.230.223.117 (IP of my router, provided to me by my ISP)
Client IPv6 address: 2001:470:1f06:8::2/64
Assigned /64: 2001:470:1f07:8::/64

To establish the tunnel:

ip tunnel add he0 mode sit remote 209.51.161.14 local 72.230.223.117 ttl 255
ip link set he0 up
ip addr add 2001:470:1f06:8::2/64 dev he0
ip route add ::/0 dev he0
ip -6 addr add 2001:470:1f06:8::1/64 dev br0

After that, you should have a fully functional IPv6 connection to the internet. Connectivity can be verified by using ping6

ping6 -c 5 www.kame.net
PING www.kame.net (2001:200:0:8002:203:47ff:fea5:3085): 56 data bytes
64 bytes from 2001:200:0:8002:203:47ff:fea5:3085: icmp6_seq=0 ttl=39 time=227.2 ms
64 bytes from 2001:200:0:8002:203:47ff:fea5:3085: icmp6_seq=1 ttl=39 time=226.5 ms
64 bytes from 2001:200:0:8002:203:47ff:fea5:3085: icmp6_seq=2 ttl=39 time=227.1 ms
64 bytes from 2001:200:0:8002:203:47ff:fea5:3085: icmp6_seq=3 ttl=39 time=232.6 ms
64 bytes from 2001:200:0:8002:203:47ff:fea5:3085: icmp6_seq=4 ttl=39 time=231.7 ms

--- www.kame.net ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 226.5/229.0/232.6 ms
Back to Top
IPv6 on the LAN
Once you have a tunnel configured and functional through a broker, the next step is to provide IPv6 addresses to clients on the local area network. The routing advertisement daemon (radvd) will be configured to hand out addresses to clients connecting via the wireless interface.

cat /etc/radvd.conf

interface br0  {                                                               
        AdvSendAdvert on;                                                      
                                                                               
        # Send advertisements every 3-10 seconds.
        MinRtrAdvInterval 3;                                                   
        MaxRtrAdvInterval 10;                                                  
                                                                               
        prefix 2001:470:1f07:8::/64  {                                         
                AdvOnLink on;                                                  
                AdvAutonomous on;                                              
                AdvRouterAddr on;                                              
        };                                                                     
                                                                               
};

You will also need to allow the forwarding of IPv6 traffic, which can be achieved by setting /proc/sys/net/ipv6/conf/all/forwarding to 1.

After radvd is started, clients with IPv6 support should autoconfigure and be able to connect to external IPv6 services. You can listen to its advertisments via the radvdump program.
Last edited by Steven Kreuzer (2007.10.24)