Re: [Cerowrt-devel] development snapshot of cerowrt-3.3.8-21 released

Re: [Cerowrt-devel] development snapshot of cerowrt-3.3.8-21 released

[Richard Brown]

[-- Attachment #1: Type: text/plain, Size: 1329 bytes --]

Dave,

Dave Täht wrote:

I spent the last two weeks hunting down memory related
issues and trying to fold in some development work I'd had
going already.

As best as I can tell, the core memory issues are killed dead; whether
this is due to freeing up tons of memory or by the various other stuff
remains to be determined.

Great work and excellent news!

But:

Under *no circumstances* install this release on your default router.

Yeah. A few short comments on 3.3.8-21:

1)  I cannot connect to gw.home.lan via DNS. Dig gives no answers. I can log in just fine on 172.30.42.1, etc. and config the router, etc.

2) More on the Hurricane Electric tunnel. After adding these lines to the config script on the wiki page:

uci set network.henet.adv_subnet=1        # added for 3.3.8-17
uci set network.henet.adv_interface=se00
uci set network.henet.adv_interface=sw10

I still cannot connect/get an IPv6 address on se00, *but* I can get addresses on all four wireless channels. (In retrospect, I believe this was true for 3.3.8-17 as well.)

3) Is it possible that DNS come back earlier in the boot sequence? It seemed that CeroWrt began responding within a minute (or so) to DNS queries, instead of the 2-5 minutes that I've seen with earlier builds.

Thanks again.

Rich Brown
Hanover, NH USA

[-- Attachment #2: Type: text/html, Size: 3144 bytes --]

[Cerowrt-devel] development snapshot of cerowrt-3.3.8-21 released

[Robert Bradley]

On 29 August 2012 11:57, Robert Bradley <robert.bradley1@gmail.com> wrote:
> On 29 August 2012 02:28, Richard Brown <richard.e.brown@dartware.com> wrote:
>> I still cannot connect/get an IPv6 address on se00, *but* I can get
>> addresses on all four wireless channels. (In retrospect, I believe this was
>> true for 3.3.8-17 as well.)
>
> Now I finally have a WNDR3800 to play with, I set up my own tunnel on
> 3.3.8-17 a couple of weeks back.  I'm using www.broker.ipv6.ac.uk
> instead of Hurricane Electric, but the script still worked for me with
> minor changes to IP addresses and the like.

One thing I remembered is that you're presumably using OS X for this,
as opposed to the Windows 7 and Ubuntu clients I'm using.

After seeing https://isc.sans.edu/diary.html?storyid=13978&rss by
chance, I decided to start logging packets.  In CeroWRT's case, we
have the "managed" flag unset, but the "other" flag set.  We also
appear to lack a DHCPv6 server.  Maybe setting "option
AdvOtherConfigFlag '0'" for all the interfaces and restarting radvd
would help?

Alternatively, you might have to set up a DHCPv6 server.  CeroWRT has
dnsmasq-dhcpv6 already, as far as I can tell, but you will probably
need to follow the instructions at
http://wiki.openwrt.org/doc/howto/ipv6#dnsmasq-dhcpv6 to get that
working (including removing dnsmasq and reinstalling dnsmasq-dhcpv6).

-- 
Robert Bradley

[Cerowrt-devel] Fwd: development snapshot of cerowrt-3.3.8-21 released

[Robert Bradley]

Somehow I managed to send both this and my other email directly to
Richard and not the mailing list...


---------- Forwarded message ----------
From: Robert Bradley <robert.bradley1@gmail.com>
Date: 29 August 2012 11:57
Subject: Re: [Cerowrt-devel] development snapshot of cerowrt-3.3.8-21 released
To: Richard Brown <richard.e.brown@dartware.com>


On 29 August 2012 02:28, Richard Brown <richard.e.brown@dartware.com> wrote:
> 2) More on the Hurricane Electric tunnel. After adding these lines to the
> config script on the wiki page:
>
> uci set network.henet.adv_subnet=1        # added for 3.3.8-17
> uci set network.henet.adv_interface=se00
> uci set network.henet.adv_interface=sw10
>
> I still cannot connect/get an IPv6 address on se00, *but* I can get
> addresses on all four wireless channels. (In retrospect, I believe this was
> true for 3.3.8-17 as well.)

Now I finally have a WNDR3800 to play with, I set up my own tunnel on
3.3.8-17 a couple of weeks back.  I'm using www.broker.ipv6.ac.uk
instead of Hurricane Electric, but the script still worked for me with
minor changes to IP addresses and the like.  I entered most of the
details (local IP address etc.) into the online "Create Tunnel" page
based on my existing gogoc client settings on Ubuntu.

My tunnel interface configuration looks like:

firewall.@zone[0].network=ge00 ipv6_janet
network.ipv6_janet=interface
network.ipv6_janet.proto=6in4
network.ipv6_janet.peeraddr=152.78.189.60
network.ipv6_janet.ip6addr=<remotely assigned IPv6 address, /128>
network.ipv6_janet.ipaddr=<my local IPv4 address>

My radvd settings look like:

root@OpenWrt:~# uci show radvd
radvd.@interface[0]=interface
radvd.@interface[0].interface=se00
radvd.@interface[0].AdvSendAdvert=1
radvd.@interface[0].AdvRouterAddr=1
radvd.@interface[0].AdvLinkMTU=1480
radvd.@interface[0].ignore=0
radvd.@interface[0].IgnoreIfMissing=1
radvd.@interface[0].AdvSourceLLAddress=1
radvd.@interface[0].AdvDefaultPreference=medium
radvd.@interface[0].AdvOtherConfigFlag=1
radvd.@prefix[0]=prefix
radvd.@prefix[0].interface=se00
radvd.@prefix[0].prefix=
radvd.@prefix[0].AdvOnLink=1
radvd.@prefix[0].AdvAutonomous=1
radvd.@prefix[0].AdvRouterAddr=0
radvd.@prefix[0].ignore=0
radvd.@interface[1]=interface
radvd.@interface[1].interface=sw00
radvd.@interface[1].AdvSendAdvert=1
radvd.@interface[1].AdvRouterAddr=1
radvd.@interface[1].AdvLinkMTU=1480
radvd.@interface[1].ignore=0
radvd.@interface[1].IgnoreIfMissing=1
radvd.@interface[1].AdvSourceLLAddress=1
radvd.@interface[1].AdvDefaultPreference=medium
radvd.@interface[1].AdvOtherConfigFlag=1
radvd.@prefix[1]=prefix
radvd.@prefix[1].interface=sw00
radvd.@prefix[1].prefix=
radvd.@prefix[1].AdvOnLink=1
radvd.@prefix[1].AdvAutonomous=1
radvd.@prefix[1].AdvRouterAddr=0
radvd.@prefix[1].ignore=0
radvd.@interface[2]=interface
radvd.@interface[2].interface=sw10
radvd.@interface[2].AdvSendAdvert=1
radvd.@interface[2].AdvRouterAddr=1
radvd.@interface[2].AdvLinkMTU=1480
radvd.@interface[2].ignore=0
radvd.@interface[2].IgnoreIfMissing=1
radvd.@interface[2].AdvSourceLLAddress=1
radvd.@interface[2].AdvDefaultPreference=medium
radvd.@interface[2].AdvOtherConfigFlag=1
radvd.@prefix[2]=prefix
radvd.@prefix[2].interface=sw10
radvd.@prefix[2].prefix=
radvd.@prefix[2].AdvOnLink=1
radvd.@prefix[2].AdvAutonomous=1
radvd.@prefix[2].AdvRouterAddr=0
radvd.@prefix[2].ignore=0
radvd.@interface[3]=interface
radvd.@interface[3].interface=gw00
radvd.@interface[3].AdvSendAdvert=1
radvd.@interface[3].AdvRouterAddr=1
radvd.@interface[3].AdvLinkMTU=1480
radvd.@interface[3].ignore=0
radvd.@interface[3].IgnoreIfMissing=1
radvd.@interface[3].AdvSourceLLAddress=1
radvd.@interface[3].AdvDefaultPreference=medium
radvd.@interface[3].AdvOtherConfigFlag=1
radvd.@prefix[3]=prefix
radvd.@prefix[3].interface=gw00
radvd.@prefix[3].prefix=
radvd.@prefix[3].AdvOnLink=1
radvd.@prefix[3].AdvAutonomous=1
radvd.@prefix[3].AdvRouterAddr=0
radvd.@prefix[3].ignore=0
radvd.@interface[4]=interface
radvd.@interface[4].interface=gw10
radvd.@interface[4].AdvSendAdvert=1
radvd.@interface[4].AdvRouterAddr=1
radvd.@interface[4].AdvLinkMTU=1480
radvd.@interface[4].ignore=0
radvd.@interface[4].IgnoreIfMissing=1
radvd.@interface[4].AdvSourceLLAddress=1
radvd.@interface[4].AdvDefaultPreference=medium
radvd.@interface[4].AdvOtherConfigFlag=1
radvd.@prefix[4]=prefix
radvd.@prefix[4].interface=gw10
radvd.@prefix[4].prefix=
radvd.@prefix[4].AdvOnLink=1
radvd.@prefix[4].AdvAutonomous=1
radvd.@prefix[4].AdvRouterAddr=0
radvd.@prefix[4].ignore=0
radvd.@rdnss[0]=rdnss
radvd.@rdnss[0].ignore=0
radvd.@rdnss[0].interface=se00
radvd.@dnssl[0]=dnssl
radvd.@dnssl[0].ignore=0
radvd.@dnssl[0].interface=se00
radvd.@dnssl[0].suffix=home.lan
radvd.@rdnss[1]=rdnss
radvd.@rdnss[1].ignore=0
radvd.@rdnss[1].interface=sw00
radvd.@dnssl[1]=dnssl
radvd.@dnssl[1].ignore=0
radvd.@dnssl[1].interface=sw00
radvd.@dnssl[1].suffix=home.lan
radvd.@rdnss[2]=rdnss
radvd.@rdnss[2].ignore=0
radvd.@rdnss[2].interface=sw10
radvd.@dnssl[2]=dnssl
radvd.@dnssl[2].ignore=0
radvd.@dnssl[2].interface=sw10
radvd.@dnssl[2].suffix=home.lan
radvd.@rdnss[3]=rdnss
radvd.@rdnss[3].ignore=0
radvd.@rdnss[3].interface=gw00
radvd.@dnssl[3]=dnssl
radvd.@dnssl[3].ignore=0
radvd.@dnssl[3].interface=gw00
radvd.@dnssl[3].suffix=home.lan
radvd.@rdnss[4]=rdnss
radvd.@rdnss[4].ignore=0
radvd.@rdnss[4].interface=gw10
radvd.@dnssl[4]=dnssl
radvd.@dnssl[4].ignore=0
radvd.@dnssl[4].interface=gw10
radvd.@dnssl[4].suffix=home.lan

and for safety, I explicitly allowed inbound wan traffic using
protocol 41, since I set up a default-drop rule for IPv4 wan traffic.

>
> 3) Is it possible that DNS come back earlier in the boot sequence? It seemed
> that CeroWrt began responding within a minute (or so) to DNS queries,
> instead of the 2-5 minutes that I've seen with earlier builds.
>

I imagine that the difference is down to using dnsmasq for DNS now
instead of BIND.

--
Robert Bradley


-- 
Robert Bradley

Re: [Cerowrt-devel] development snapshot of cerowrt-3.3.8-21 released

[Robert Bradley]

On 29 August 2012 13:18, Robert Bradley <robert.bradley1@gmail.com> wrote:
> Alternatively, you might have to set up a DHCPv6 server.  CeroWRT has
> dnsmasq-dhcpv6 already, as far as I can tell, but you will probably
> need to follow the instructions at
> http://wiki.openwrt.org/doc/howto/ipv6#dnsmasq-dhcpv6 to get that
> working (including removing dnsmasq and reinstalling dnsmasq-dhcpv6).

The following instructions for CeroWRT worked for me with Windows 7
clients.  I set it so that addresses are assigned via SLAAC with radvd
doing announcements, and DNS servers etc. are announced over DHCPv6.

# opkg update
# opkg remove dnsmasq
# opkg install --force-reinstall dnsmasq-dhcpv6

Insert several lines into /etc/dnsmasq.conf describing the dhcp ranges:

dhcp-range=se00,</64 goes here>, ra-stateless, ra-names
etc.

# /etc/init.d/dnsmasq restart

At this point, you'll probably get the router's local IPv6 addresses
as DNS servers.  This is fine except that named is not configured to
accept IPv6 traffic.   This should not be relevant for 3.3.8-21 since
that uses dnsmasq only, but for 3.3.8-17 and earlier, edit
/etc/chroot/named/etc/bind/conf/acls.local.conf and add in your IPv6
prefix, then "killall -HUP named" to update BIND.

We could replace radvd entirely at this point and use "enable-ra" in
dnsmasq.conf, but I think radvd gives us more options.  For
DHCPv6-only address assignment, you can remove the "ra-stateless,
ra-names" parts in our new dhcp-range lines, and set "AdvManagedFlag
on" in radvd.  I can't imagine OS X requiring that level of attention
though to get an IPv6 address; merely using "AdvOtherConfigFlag off"
in radvd.conf ought to do it.
-- 
Robert Bradley