[Cerowrt-devel] Still trouble with 6in4 tunnel

[Richard Brown <richard.e.brown@dartware.com>]

[-- Attachment #1: Type: text/plain, Size: 1702 bytes --]

Folks,

I have been working off and on to get IPv6 addressing working on multiple interfaces on CeroWrt 3.3.6-2. I can make it work on any single interface, but not two at once. 

I did ask on the openwrt-devel list, but got some unhelpful answers (they said that my demo file had the wrong info because I had obfuscated my userid and password). Furthermore CeroWrt *is* somewhat different in that each of its interfaces has a different subnet, and I suspect this may be related, and thus my question:

Here's my setup: I have a 6in4 tunnel from Hurricane Electric working fine. When I ssh into CeroWrt and ping and traceroute to IPv6 addresses, everything work as expected.

I tested the attached script from a fresh installation of CeroWrt 3.3.6-2. The script assigns two interfaces with IPv6 addresses from the /48 that HE assigns, like this:

uci set network.se00.ip6addr='2001:470:8a63:100::1/64'
uci set network.sw10.ip6addr='2001:470:8a63:200::1/64'

Restarting the router with this configuration allows one to work, but not the other. Specifically, my MacBook gets an IPv6 address on one interface, but after unplugging and switching to the other interface, it does not get an IPv6 address. (It may be related to which interfaces was up/had something connected when the router  when it restarted.)

My questions:

1) Are the commands in the attached script "going in the right direction"?

2) Should I be assigning separate /64s on each of the interfaces?

3) What other information could I provide?

Once I get this working, I'll update my posting on the wiki - http://www.bufferbloat.net/projects/cerowrt/wiki/IPv6_Tunnel Many thanks.

Rich Brown
Hanover, NH USA


[-- Attachment #2: tunnelbroker-pub.sh --]
[-- Type: application/octet-stream, Size: 4262 bytes --]

#!/bin/sh
# Script for setting CeroWrt (and OpenWrt) to create an IPv6 tunnel 
# to Hurricane Electric at http://www.tunnelbroker.net/
# There are two steps:
# 1) Go to the Tunnelbroker.net site to set up your free account
# 2) Run the script below, using the parameters supplied by Tunnelbroker
# This CeroWrt page gives detailed instructions for setting up an IPv6 tunnel: 
#    http://www.bufferbloat.net/projects/cerowrt/wiki/IPv6_Tunnel  
# 
# Once you've created your account and a tunnel, get the "Example
# Configurations" for OpenWRT Backfire, and paste them into this file
# named "tunnel.sh" Finally, ssh into the router and execute this script 
# with these steps:
# 
# ssh root@172.30.42.1
# cd /tmp
# cat > tunnel.sh 
# [paste in the contents of this file, then hit ^D]
# sh tunnel.sh
# [Restart your router. This seems to make a difference.]
#
# Presto! Your tunnel is set up. You should now be able 
#   communicate directly with IPv6 devices. 

# ==============================================
# Download and update all the interesting packages
# Some of these are pre-installed, but there is no 
# harm in updating/installing them a second time.
opkg update
opkg install 6in4

# Set the credentials for the tunnel login
# NB: These lines are automatically generated 
# specifically for *your* tunnel when you set it up
# Copy/paste them from the Example Configurations
# generated for the OpenWRT Backfire 10.03.1 dropdown
#
echo 'Setting up HE.net tunnel'
# ------- PASTE YOUR EXAMPLE CONFIGURATION LINES HERE --------
uci set network.henet=interface
uci set network.henet.proto=6in4
uci set network.henet.peeraddr=209.51.161.14
uci set network.henet.ip6addr='2001:470:1f06:64::2/64'
uci set network.henet.tunnelid=######
uci set network.henet.username=#####
uci set network.henet.password='###############'
# uci commit network

# ------ Set IPv6 subnets on the LAN interfaces...
# Addresses should be from the *routed* /48 address range assigned by HE.net
# Assigning se00 (secure wired LAN) and sw10 (secure wireless 5GHz - CEROwrt5)
echo 'Setting IPv6 addresses on local interfaces'
uci set network.se00.ip6addr='2001:470:8a63:100::1/64'
uci set network.sw10.ip6addr='2001:470:8a63:200::1/64'
#uci set network.sw00.ip6addr='2001:470:1f07:64::1/64'
#uci set network.gw00.ip6addr='2001:470:1f07:64::1/64'
#uci set network.gw01.ip6addr='2001:470:1f07:64::1/64' 
#uci set network.gw10.ip6addr='2001:470:1f07:64::1/64'
#uci set network.gw11.ip6addr='2001:470:1f07:64::1/64'
uci commit network

echo 'Restarting network...'
/etc/init.d/network restart

# CeroWrt puts WAN stuff in zone[0], not zone[1] as suggested by henet
uci set firewall.@zone[0].network='ge00 henet'
uci commit firewall

ifup henet
echo 'Restarting firewall...'
/etc/init.d/firewall restart

echo 'Done. You should restart the router now to make these take effect.'
# ------- END OF EXAMPLE CONFIGURATION LINES --------

# ==============================================
# Re-establishing the Tunnel
#
# NB: As of April 2012 (CeroWrt 3.3.1-4), the automatic re-establishment code 
# of the 6in4 module appears not to be working. You will need to re-establish 
# the tunnel manually when your external IP address changes.
#
# To re-establish the tunnel, say, because your external IP address changed,
# you can also use the following URL with these parameters. Note that the 
# USERNAME and PASSWORD are what you type to log into the Tunnelbroker site.
#
# USERNAME is the Account Name 
# PASSWORD is the current password
# TUNNELID is the Tunnel ID  
# https://USERNAME:PASSWORD@ipv4.tunnelbroker.net/ipv4_end.php?tid=TUNNELID
# 
# You can also use a non-HTTPS URL and parameters to re-establish the link.
# This form relies on hashed representations of the credentials since they're
# not carried on a secure connection. You can get more information about the
# parameters at https://ipv4.tunnelbroker.net/ipv4_end.php
#
# USERID is the "User ID" from the Tunnelbroker site's Main Page
# PWHASH is the MD5 hash of the password
# TUNNELID is the Tunnel ID
# http://ipv4.tunnelbroker.net/ipv4_end.php?ip=AUTO&apikey=USERID&pass=PWHASH&tid=TUNNELID
#
# --- end of script ---