IPv6 with OpenWRT and SixXS (Part 2)

SixXS Logo

SixXS Logo

A week later and my account had enough credits to request the subnet. I got a /48 network, or in otherwords, I have a network with 80 bits which I can use! This are more address then the whole IPv4 address space has! ūüėé

When you have the approval for the subnet SixXS did allready a lot of work for you: They sent you the actual address, and they make sure that this subnet is routed to your router address. So you only need to assign the addresses to your devices.

First of all we have to create some firewall rules. Create an UCI interface for the sixxs interface in /etc/config/network to use the OpenWRT built in firewall capabilities:

config 'interface' 'sixxs'
        option 'proto' 'none'
        option 'ifname' 'sixxs'
        option 'send_rs' '0'

Create a zone for that interface and some rules to /etc/config/firewall. To allow pings to my hosts on the inside network I have to allow forwarding globally (this listing contains only the relevant parts):

config 'defaults'
        ...
        option 'forward' 'ACCEPT'

config 'rule'
        option '_name' 'IPv6'
        option 'family' 'ipv6'
        option 'src' 'wan6'
        option 'target' 'ACCEPT'
        option 'proto' 'icmp'
        option 'dest' 'lan'
        option 'icmp_type' 'echo-request'

config 'zone'
        option 'name' 'wan6'
        option 'output' 'ACCEPT'
        option 'network' 'sixxs'
        option 'family' 'ipv6'
        option 'forward' 'REJECT'
        option 'input' 'REJECT'          

config 'forwarding'
        option 'dest' 'wan6'
        option 'src' 'lan'

Then you have to set the IPv6 for your router’s LAN interface by editing¬†/etc/config/network¬†(it’s also possible to do this using the web interface)

config 'interface' 'lan'
...
        option 'ip6addr' '2001:xxxx:xxx::1/64'

Restart the network and firewall

/etc/init.d/network restart
/etc/init.d/firewall restart

Although¬†I’ve a /48 subnet I’m using a /64 subnet here.¬†IPv6 has an autoconfiguration mechanism to set the IP addresses. The clients are able to create an IPv6 address using a prefix and their unique¬†EUI-64¬†(extended unique identifier, which is a 64-bit backward compatible MAC address, or in other words, it’s the 48-bit mac address with some zero’s preceding). The router has to¬†announce¬†its presence and provide a prefix to the clients. This prefix has to be 64-bit, the client then simply combines that prefix with its EUI-64 address to create a unique IPv6 address. Using another prefix length ends in an error message:

netgear daemon.warn radvd[15361]: prefix length should be 64 for br-lan

This prefix announcements are called Router Advertisement (or for short, RA) and are sent periodically. On the other side, the clients can send Router Solicitiations (RS). The router normally answers them with an RA immediately. On Linux systems the daemon radvd can be used doing this:

opkg update
opkg install radvd

Enable the configuration in the file /etc/config/radvd and start the daemon

config 'interface'
        option 'interface' 'lan'
        option 'AdvSendAdvert' '1'
        option 'IgnoreIfMissing' '1'
        option 'AdvSourceLLAddress' '1'
        option 'AdvDefaultPreference' 'medium'
        option 'ignore' '0'

config 'prefix'
        option 'interface' 'lan'
        option 'AdvOnLink' '1'
        option 'AdvAutonomous' '1'
        option 'ignore' '0'
/etc/init.d/radvd enable
/etc/init.d/radvd start

By default, the daemon uses the prefix of the IPv6 address from the interface it is using. We configured that already, so no need to configure a prefix here.

By this time, your clients should get an IPv6 and be able to connect over IPv6!

Some useful IPv6 links:

Update 30.10.2011: I forgot the rule to allow ICMP echo-requests (ping) to my router. Therfor my tunnel wasn’t identified as beeing running and I earned no more credits. Add this rule to allow ICMP echo-requests:
config 'rule'
	option 'target' 'ACCEPT'
	option '_name' 'IPv6'
	option 'src' 'wan6'
	option 'proto' 'icmp'
	option 'family' 'ipv6'
	option 'icmp_type' 'echo-request'

Leave a Comment


NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>