{"id":158,"date":"2013-12-11T13:14:09","date_gmt":"2013-12-11T13:14:09","guid":{"rendered":"http:\/\/rtechblog.psg.com\/?p=158"},"modified":"2013-12-12T04:45:33","modified_gmt":"2013-12-12T04:45:33","slug":"turning-comcast-ipv6-up-on-a-netgear-3800-with-openwrt","status":"publish","type":"post","link":"https:\/\/rtechblog.rg.net\/?p=158","title":{"rendered":"Turning Comcast IPv6 Up on a NetGear 3800 with OpenWRT"},"content":{"rendered":"

The first problem was a pre-release kernel. I used LuCI, the web interface, to flash openwrt-ar71xx-generic-wndr3800-squashfs-sysupgrade.bin<\/a>, and needed to be patient with 15 minutes of twirly. The flash lost my ssl package, so I also had to <\/p>\n

opkg install uhttpd-mod-tls<\/code><\/p>\n

Thanks for Chris Adams for all clue, and John Brzozowski for diagnostics and support, I loaded the necessary packages<\/p>\n

opkg install ip6tables radvd wide-dhcpv6-client ip<\/code><\/p>\n

Then I hacked \/etc\/config\/dhcp6c<\/p>\n

<\/p>\n

\r\nconfig 'dhcp6c' 'basic'\r\n        option 'enabled' '1'                            # 1 = enabled; 0 = disabled\r\n        option 'interface' 'wan'                        # This is the interface the DHCPv6 client will run on\r\n        option 'dns' 'dnsmasq'                          # Which DNS server you run (only dnsmasq currently supported)\r\n        option 'debug' '0'                              # 1 = enable debugging; 0 = disable debugging\r\n\r\n        # Send options (1 = send; 0 = do not send)\r\n        option 'pd' '1'                                 # Prefix Delegation\r\n        option 'na' '1'                                 # Non-Temporary Address\r\n        option 'rapid_commit' '1'                       # Rapid Commit\r\n\r\n        # Request options (1 = request; 0 = do not request)\r\n        option 'domain_name_servers' '1'\r\n        option 'domain_name' '0'\r\n        option 'ntp_servers' '0'\r\n        option 'sip_server_address' '0'\r\n        option 'sip_server_domain_name' '0'\r\n        option 'nis_server_address' '0'\r\n        option 'nis_domain_name' '0'\r\n        option 'nisp_server_address' '0'\r\n        option 'nisp_domain_name' '0'\r\n        option 'bcmcs_server_address' '0'\r\n        option 'bcmcs_server_domain_name' '0'\r\n\r\n        # Override the used DUID, by default it is derived from the interface MAC\r\n        # The given value must be uppercase and globally unique!\r\n        #option 'duid' '00:03:00:06:D8:5D:4C:A5:03:F2'\r\n\r\n        # Script to run when a reply is received\r\n        option 'script' '\/usr\/bin\/dhcp6c-state'\r\n\r\n# Define one or more interfaces on which prefixes should be assigned\r\nconfig 'interface' 'loopback'\r\n        option 'enabled' '0'                            # 1 = enabled; 0 = disabled\r\n        option 'sla_id' '1'                             # Site level aggregator identifier specified in decimal (subnet)\r\n        option 'sla_len' '0'                            # Site level aggregator length (64 - size of prefix being delegated)\r\n                                                        # e.g. \/60 from ISP -> 64 - 60 = 4\r\nconfig 'interface' 'lan'\r\n        option 'enabled' '1'\r\n        option 'sla_id' '1'\r\n        option 'sla_len' '0'\r\n<\/pre>\n
<\/code><\/p>\n
Then \/etc\/init.d\/dhcp6c start<\/code> and see what you get.  You should have an RA-assigned IP on your wan interface and a PD-assigned \/64 on the LAN.  If you configure radvd (just set it with no prefix listed), dhcp6c will automatically re-configure it to give out addresses from the \/64.<\/p>\n
Now get Router Advertisement working, hack \/etc\/config\/radvd to<\/p>\n
<\/p>\n
config interface\r\n        option interface        lan\r\n        option AdvSendAdvert    1\r\n        option AdvManagedFlag   0\r\n        option AdvOtherConfigFlag 0\r\n        option ignore           0\r\n\r\nconfig prefix\r\n        option interface        lan\r\n        # If not specified, a non-link-local prefix of the interface is used\r\n        list prefix             ''\r\n        option AdvOnLink        1\r\n        option AdvAutonomous    1\r\n        option AdvRouterAddr    0\r\n        option ignore           0\r\n\r\nconfig rdnss\r\n        option interface        lan\r\n        # If not specified, the link-local address of the interface is used\r\n        list addr               ''\r\n        option ignore           0\r\n\r\nconfig dnssl\r\n        option interface        lan\r\n        list suffix             rg.net\r\n        option ignore           0\r\n<\/pre>\n
<\/code><\/p>\n
Then
\n\/etc\/init.d\/radvd start
\n\/etc\/init.d\/dhcp6c start<\/code><\/p>\n
At this point, we had the \/128 on our WAN interface, and the \/64 on the LAN interface.  But, from the OpenWRT, we could not ping an external IPv6 address.  Hours were spent chasing various ghosts, when we found the fix, <\/p>\n
sysctl -w net.ipv6.conf.eth1.accept_ra=2<\/code>
\n
\nFrom a hint in New Zealand<\/a>, accept_ra=1 means “only accept RAs if forwarding is disabled”.  Turns out to be documented in the 3.12.4 kernel source clue pages<\/a>.  Once you have forwarding enabled, you have to have accept_ra=2 to override that.<\/p>\n
:~# ping6 psg.com
\nPING psg.com (2001:418:1::62): 56 data bytes
\n64 bytes from 2001:418:1::62: seq=2 ttl=52 time=70.286 ms
\n64 bytes from 2001:418:1::62: seq=3 ttl=52 time=70.090 ms
\n64 bytes from 2001:418:1::62: seq=4 ttl=52 time=71.169 ms
\n64 bytes from 2001:418:1::62: seq=5 ttl=52 time=77.020 ms
\n<\/code><\/p>\n","protected":false},"excerpt":{"rendered":"
The first problem was a pre-release kernel. I used LuCI, the web interface, to flash openwrt-ar71xx-generic-wndr3800-squashfs-sysupgrade.bin, and needed to be patient with 15 minutes of twirly. The flash lost my ssl package, so I also had to opkg install uhttpd-mod-tls Thanks for Chris Adams for all clue, and John Brzozowski for diagnostics and support, I […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,9],"tags":[],"class_list":["post-158","post","type-post","status-publish","format-standard","hentry","category-ipv6","category-routers"],"_links":{"self":[{"href":"https:\/\/rtechblog.rg.net\/index.php?rest_route=\/wp\/v2\/posts\/158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rtechblog.rg.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rtechblog.rg.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rtechblog.rg.net\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/rtechblog.rg.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=158"}],"version-history":[{"count":10,"href":"https:\/\/rtechblog.rg.net\/index.php?rest_route=\/wp\/v2\/posts\/158\/revisions"}],"predecessor-version":[{"id":168,"href":"https:\/\/rtechblog.rg.net\/index.php?rest_route=\/wp\/v2\/posts\/158\/revisions\/168"}],"wp:attachment":[{"href":"https:\/\/rtechblog.rg.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rtechblog.rg.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rtechblog.rg.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}