{"id":313,"date":"2009-05-25T13:27:58","date_gmt":"2009-05-25T04:27:58","guid":{"rendered":"http:\/\/www.joewein.net\/blog\/?p=313"},"modified":"2009-05-25T21:45:43","modified_gmt":"2009-05-25T12:45:43","slug":"ipv6-with-dd-wrt-router-and-hurricane-electric","status":"publish","type":"post","link":"https:\/\/joewein.net\/blog\/2009\/05\/25\/ipv6-with-dd-wrt-router-and-hurricane-electric\/","title":{"rendered":"IPv6 with DD-WRT router and Hurricane Electric"},"content":{"rendered":"<p>Last weekend I got IPv6 working on my <a href=\"http:\/\/www.newegg.com\/Product\/Product.aspx?Item=N82E16833162134\">US$60 router<\/a>, allowing all my machines here to talk IPv6 to the outside world. That includes an <a href=\"http:\/\/www.joewein.net\/blog\/2008\/10\/13\/ubuntu-on-a-via-mm3500-2-terabyte-nas-raid1-server-for-350\/\">Ubuntu Linux server<\/a>, 4 PCs and one Mac.<\/p>\n<p>The biggest incentive for upgrading to IPv6 is the fact that at the current pace <a href=\"http:\/\/en.wikipedia.org\/wiki\/IPv4_address_exhaustion\">we&#8217;ll run out of (IPv4) IP addresses<\/a> in about two years. These are the unique host addresses (usually written in dotted decimal format like 209.85.171.100) that identify client and server computers on the Internet. The newer IPv6 standard that replaces 32-bit addresses with 128-bit addresses will forever take care of this shortage. It will also do away with the primary need for Network Address Translation (NAT) which has been a big headache for voice over IP (VoIP) and other peer to peer applications.<\/p>\n<p>However, over a decade after the introduction of the newer standard (in 1997), uptake is still slow. Many ISPs still don&#8217;t support IPv6 and neither does a lot of the equipment used at homes and offices. This is gradually starting to change. IPv6 is an integral part of modern operating systems such as Linux, Mac OS X, Windows 7, Windows 2008 Server, Windows Vista, Windows 2003 Server and Windows XP (where it&#8217;s optional). <\/p>\n<p>If your ISP does not support IPv6, you can still use it by employing the services of a tunnel broker, which gives you IPv6 connectivity over an IPv4 tunnel. This lets you test your software with the new APIs, though you won&#8217;t gain native IPv6 performance. If you have a static IP you can use tunnelbroker.net by Hurricane Electric, Inc. Their service is professionally run and free. Another option is SixXS, but I have not tried them.<\/p>\n<p>My router is a <a href=\"http:\/\/www.joewein.net\/blog\/2008\/09\/06\/dd-wrt-on-buffalo-whr-hp-g54\/\">Buffalo WHR-HP-G54<\/a>, which is compatible with the Linux based open source DD-WRT firmware. Recent versions of DD-WRT have IPv6 support. My first attempt with the v24 sp1 std build which is supposed to include IPv6 was unsuccessful, but I had more luck after trying the <a href=\"http:\/\/www.dd-wrt.com\/phpBB2\/viewtopic.php?p=196058#196058\">v24 10070 crushedhat version (dd-wrt.v24-10070_crushedhat_4MB.bin)<\/a>. Here&#8217;s what you do:<\/p>\n<ul>\n<li> The following instructions assume that your WHR-HP-G54 router is running open source DD-WRT firmware. If your router is still running the default firmware, install DD-WRT v24 sp1 mini generic (SVN build 10020, 27-July-2008) on it. See my <a href=\"http:\/\/www.joewein.net\/blog\/2008\/09\/06\/dd-wrt-on-buffalo-whr-hp-g54\/\">blog post on the WHR-HP-G54 with DD-WRT<\/a> for detailed instructions. The WHR-HP-G54DD is a version of this router that comes with DD-WRT preinstalled.\n<\/li>\n<li> Go to <code>Security \/ Firewall<\/code> on your DD-WRT and remove the check mark on <code>Block anonymous WAN requests (ping)<\/code> so that Hurricane Electric can verify your router exists by pinging it.<\/li>\n<li> Go to www.tunnelbroker.net and sign up for an account. Then log in and go to <code>Create a Regular tunnel<\/code>. You&#8217;ll need to enter your static IP, which will be conveniently displayed. You have a choice of tunnel endpoints. Pick one that has a short ping time from where you are. Make a note of all the details of the tunnel that is created. You will need to enter some of these details on your router, in particular these:\n<ul>\n<li> <code>Server IPv4 address<\/code> <\/li>\n<li> <code>Server IPv6 address<\/code> <\/li>\n<li> <code>Routed \/64<\/code> <\/li>\n<\/ul>\n<\/li>\n<li> Read <a href=\"http:\/\/www.dd-wrt.com\/phpBB2\/viewtopic.php?p=196058#196058\">crushedhat&#8217;s description<\/a> of how to configure the router with his firmware, which should work with most Broadcom-based DD-WRT-compatible routers.\n<\/li>\n<li> I&#8217;m assuming you have updated the firmware of your router before and know the usual caveats about &#8220;bricking&#8221; your router if anything goes wrong. I won&#8217;t be responsible for that. \ud83d\ude09 I went from the factory Buffalo firmware to v24 sp1 mini to v24 sp1 std to v24 sp1 mini to v24 crushedhat 10070, with no problems, but your mileage may vary. I downgraded from v24 sp1 std (4 MB) to v24 sp1 mini (2 MB) &#8220;just in case&#8221; before flashing crushedhat&#8217;s std (4 MB) build. I did not opt to reset the NVRAM to factory defaults.\n<\/li>\n<li>Download a copy of the v24 crushedhat 10070 build and save it on your hard disk. Use a computer with a wired connection to the router, not WLAN for the firmware upgrade. Go to <code>Administration \/ Firmware Upgrade<\/code> and select the <code>dd-wrt.v24-10070_crushedhat_4MB.bin<\/code> file. Click the upgrade button. Don&#8217;t touch anything until after the router has reset and is running the new firmware.<\/li>\n<li>Go to <code>Administration \/ Management<\/code> and check <code>Enable<\/code> for <code>IPv6<\/code> and <code>Radvd enabled<\/code>. Then paste the following into the <code>Radvd config<\/code> box:<br \/>\n<blockquote><p>interface br0<br \/>\n{<br \/>\n  AdvSendAdvert on;<br \/>\n  prefix 2001:470:YYYY:YY::\/64<br \/>\n  {<br \/>\n    AdvOnLink on;<br \/>\n    AdvAutonomous on;<br \/>\n  };<br \/>\n};\n<\/p><\/blockquote>\n<p>where <code>2001:470:YYYY:YY::\/64<\/code> matches the value of &#8220;Routed \/64&#8221; in the created tunnel given to you by Tunnelbroker.net:<\/p>\n<blockquote><p>\tServer IPv4 address: \t216.218.226.238<br \/>\n\tServer IPv6 address: \t2001:470:XXXX:XX::1\/64<br \/>\n\tClient IPv4 address: \t219.110.159.121<br \/>\n\tClient IPv6 address: \t2001:470:YYYY:YY::2\/64<br \/>\n\tRouted \/48: \t2001:470:ZZZZ::\/48<br \/>\n\tRouted \/64: \t2001:470:YYYY:YY::\/64\n<\/p><\/blockquote>\n<\/li>\n<li>Go to <code>Administration \/ Commands<\/code> and enter these commands, then click <code>Save Startup<\/code>:<br \/>\n<blockquote><p>ip tunnel add he-ipv6 mode sit remote 216.218.226.238 ttl 64<br \/>\nip link set he-ipv6 up<br \/>\nip addr add 2001:470:XXXX:XX::2\/64 dev he-ipv6<br \/>\nip route add ::\/0 dev he-ipv6<br \/>\nip addr add 2001:470:YYYY:YY:200:00ff:fe00:0000\/64 dev br0\n<\/p><\/blockquote>\n<p>Replace 216.218.226.238 with <code>Server IPv4 address<\/code> from your tunnel settings, 2001:470:XXXX:XX:: with the <code>Server IPv6 address<\/code> value and <code>2001:470:YYYY:YY::<\/code> with the <code>Routed \/64<\/code> value.\n<\/li>\n<li>\n<li>Go to <code>Administration \/ Commands<\/code> and enter these commands, then click <code>Save Firewall<\/code>:<br \/>\n<blockquote><p>insmod ip6t_REJECT<br \/>\nip6tables -F<br \/>\nip6tables -A FORWARD -p tcp -i he-ipv6 &#8211;syn -m multiport &#8211;dports ftp-data,ftp,ssh,smtp,http,https,ntp,domain -j ACCEPT<br \/>\nip6tables -A FORWARD -p tcp -i he-ipv6 &#8211;syn -j REJECT &#8211;reject-with adm-prohibited<br \/>\nip6tables -A FORWARD -p udp -i he-ipv6 -m multiport &#8211;dports ntp,domain -j ACCEPT<br \/>\nip6tables -A FORWARD -p udp -i he-ipv6 -j REJECT &#8211;reject-with adm-prohibited\n<\/p><\/blockquote>\n<\/li>\n<li> Now it&#8217;s time to check if everything works. It may take a few minutes or one reboot for your client to obtain an IPv6 address. Here is what things should look like after that:<br \/>\n<blockquote><p>C:\\&gt;ipconfig<\/p>\n<p>Windows IP Configuration<\/p>\n<p>Ethernet adapter Motherboard Network Connection:<\/p>\n<p>   Connection-specific DNS Suffix  . :<br \/>\n   IP Address. . . . . . . . . . . . : 192.168.100.2<br \/>\n   Subnet Mask . . . . . . . . . . . : 255.255.255.0<br \/>\n   IP Address. . . . . . . . . . . . : 2001:470:YYYY:YY:290:feff:fe66:e237<br \/>\n   IP Address. . . . . . . . . . . . : fe80::290:feff:fe66:e237%6<br \/>\n   Default Gateway . . . . . . . . . : 192.168.100.1<br \/>\n                                       fe80::21d:73ff:fe3a:3b8c%6<\/p>\n<p>Tunnel adapter Teredo Tunneling Pseudo-Interface:<\/p>\n<p>   Connection-specific DNS Suffix  . :<br \/>\n   IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%5<br \/>\n   Default Gateway . . . . . . . . . :<\/p>\n<p>Tunnel adapter Automatic Tunneling Pseudo-Interface:<\/p>\n<p>   Connection-specific DNS Suffix  . :<br \/>\n   IP Address. . . . . . . . . . . . : fe80::5efe:192.168.42.2%2<br \/>\n   Default Gateway . . . . . . . . . :\n<\/p><\/blockquote>\n<p>You can ping Google&#8217;s IPv6 servers:<\/p>\n<blockquote><p>C:\\&gt;ping ipv6.google.com<\/p>\n<p>Pinging ipv6.l.google.com [2001:4860:c004::68] from 2001:470:YYYY:YY:290:feff:fe66:e237 with 32 bytes of data:<\/p>\n<p>Reply from 2001:4860:c004::68: time=307ms<br \/>\nReply from 2001:4860:c004::68: time=307ms<br \/>\nReply from 2001:4860:c004::68: time=331ms<br \/>\nReply from 2001:4860:c004::68: time=318ms<\/p>\n<p>Ping statistics for 2001:4860:c004::68:<br \/>\n    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),<br \/>\nApproximate round trip times in milli-seconds:<br \/>\n    Minimum = 307ms, Maximum = 331ms, Average = 315ms\n<\/p><\/blockquote>\n<p>Fire up FireFox 3 or the browser of your choice and go to <a href=\"http:\/\/www.kame.net\/\">http:\/\/www.kame.net\/<\/a> &#8211; if the image of the turtle is dancing then you have IPv6 working. Go to <a href=\"http:\/\/whatismyv6.com\/\">http:\/\/whatismyv6.com\/<\/a> to see your IPv6 address.\n<\/li>\n<\/ul>\n<p>Good luck! \ud83d\ude42<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Last weekend I got IPv6 working on my US$60 router, allowing all my machines here to talk IPv6 to the outside world. That includes an Ubuntu Linux server, 4 PCs and one Mac. The biggest incentive for upgrading to IPv6 &hellip; <a href=\"https:\/\/joewein.net\/blog\/2009\/05\/25\/ipv6-with-dd-wrt-router-and-hurricane-electric\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5,7,16,14,27,24,23],"tags":[],"class_list":["post-313","post","type-post","status-publish","format-standard","hentry","category-computers","category-electronics","category-linux","category-software","category-windows-7","category-windows-vista","category-windows-xp"],"_links":{"self":[{"href":"https:\/\/joewein.net\/blog\/wp-json\/wp\/v2\/posts\/313","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/joewein.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/joewein.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/joewein.net\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/joewein.net\/blog\/wp-json\/wp\/v2\/comments?post=313"}],"version-history":[{"count":25,"href":"https:\/\/joewein.net\/blog\/wp-json\/wp\/v2\/posts\/313\/revisions"}],"predecessor-version":[{"id":339,"href":"https:\/\/joewein.net\/blog\/wp-json\/wp\/v2\/posts\/313\/revisions\/339"}],"wp:attachment":[{"href":"https:\/\/joewein.net\/blog\/wp-json\/wp\/v2\/media?parent=313"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/joewein.net\/blog\/wp-json\/wp\/v2\/categories?post=313"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/joewein.net\/blog\/wp-json\/wp\/v2\/tags?post=313"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}