Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OpenWRT 相关教程 #7

Open
bigeagle opened this issue Mar 15, 2016 · 43 comments

Comments

Projects
None yet
@bigeagle
Copy link
Member

commented Mar 15, 2016

如题

@heyeshuang

This comment has been minimized.

Copy link

commented Mar 15, 2016

老楼的话能分到原生ipv6地址,但是只有/64,可以用relay模式:
http://ict.jingyan.info/openwrt-%e7%94%a8odpcpd%e9%85%8d%e7%bd%aerelay-%e6%96%b9%e5%bc%8f-ipv6/

@bigeagle

This comment has been minimized.

Copy link
Member Author

commented Mar 16, 2016

@Blaok 说似乎不太稳定?

@Blaok

This comment has been minimized.

Copy link
Contributor

commented Mar 16, 2016

现在紫荆也有原生IPv6地址了,不过还是NAT66稳定。当年折腾relay的时候用的还是BB,一直有问题,后来就一直NAT了,不知道CC怎么样。

@heyeshuang

This comment has been minimized.

Copy link

commented Mar 16, 2016

学校的ipv6还是很稳定的,路由器本身的地址没问题,就是relay服务(aka:odhcpd)时好时坏。

野路子解决办法法有两个:

ping -6 [路由器v6 IP]

或者

/etc/init.d/odhcpd restart 连打n次

2016年3月16日 16:28,"Blaok" notifications@github.com写道:

现在紫荆也有原生IPv6地址了,不过还是NAT66稳定。当年折腾relay的时候用的还是BB,一直有问题,后来就一直NAT了,不知道CC怎么样。


You are receiving this because you commented.
Reply to this email directly or view it on GitHub
#7 (comment)

@shankerwangmiao

This comment has been minimized.

Copy link
Member

commented Mar 16, 2016

为啥不用 bridge 配 ebtables ?

本邮件具有数字签名,敬请核对。
王邈
清华大学计算机科学与技术系
电话:+86 130-5186-7712
通信地址:北京市海淀区清华大学紫荆公寓2号楼307A 100084

Please check the digital signature attached with the e-mail.
Miao Wang
Department of Computer Science and Technology, Tsinghua University
Tel.: +86 130-5186-7712
Add.: Room 307A, No.2 Zijing Building, Tsinghua University, Peking. P.R.C. 100084

在 2016年3月17日,00:08,贺叶霜 notifications@github.com 写道:

学校的ipv6还是很稳定的,路由器本身的地址没问题,就是relay服务(aka:odhcpd)时好时坏。

野路子解决办法法有两个:

ping -6 [路由器v6 IP] 

或者

/etc/init.d/odhcpd restart 连打n次 

2016年3月16日 16:28,"Blaok" notifications@github.com写道:

现在紫荆也有原生IPv6地址了,不过还是NAT66稳定。当年折腾relay的时候用的还是BB,一直有问题,后来就一直NAT了,不知道CC怎么样。


You are receiving this because you commented.
Reply to this email directly or view it on GitHub
#7 (comment)


You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub #7 (comment)

@bigeagle

This comment has been minimized.

Copy link
Member Author

commented Mar 17, 2016

教程可以提供多种方式嘛。
现在看起来还是这几种方式:

  • odhcp relay
  • NAT66
  • bridge+ebtables
@bigeagle

This comment has been minimized.

Copy link
Member Author

commented Mar 17, 2016

@aixlx 你昨晚的问题解决了么?

@aixlx

This comment has been minimized.

Copy link

commented Mar 17, 2016

@bigeagle 并没有,感觉如 hexchain 所说, odhcp6c 和 odhcpd的锅。

最后PC和OpenWrt能互相ping通ipv6 addr,然而延时动辄达到几十上百ms,还时不时断掉。

以下为详细报道:(略)

@heyeshuang

This comment has been minimized.

Copy link

commented Mar 18, 2016

我是在CC RC1和DD trunk下成功的,设备是newifi mini

DHCP配置

# /etc/config/dhcp:
config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
#       option dhcpv6 'server'
        option ra 'relay'
        option ndp 'relay'

#config dhcp 'wan'
        #option interface 'wan'
        #option ignore '1'

config dhcp 'wan6'
        option ra 'relay'
        option ndp 'relay'
        option master '1'

然后还要把/etc/config/network里面的IPv6 ULA-Prefix删掉

@shankerwangmiao

This comment has been minimized.

Copy link
Member

commented Mar 19, 2016

ebtables-ipv6

#!/bin/sh

#### This is a script for ipv6 bridge and ipv4 routing


EXTIF=eth0
INTIFS=eth1 wifi
BRIDGE=br0


ip link add name $BRIDGE type bridge
ip link set $BRIDGE up
ip link set $EXTIF master $BRIDGE up

for $interface in $INTIF; do
  ip link set interface master $BRIDGE;
done

ebtables -A FORWARD -o $EXTIF -p ! ipv6 -j DROP
ebtables -t broute -A BROUTING -i $EXTIF -p ! ipv6 -j DROP


####

Now, you can apply a inter IP address such as 192.168.0.1 to $BRIDGE, which
is served as gateway address for wifi users

# ip a add 192.168.0.1 dev $BRIDGE

And set up your WAN interface

# dhclient $EXTIF

And enable forward and nat

# echo 1 > /proc/net/ipv4/conf/forward
# iptables .....
@huiyiqun

This comment has been minimized.

Copy link
Member

commented Mar 19, 2016

最后那段能不能改成luci命令什么的 带点参数 搞成一个一键式配置脚本?不然我觉得还是有很多人不会用。。

@scateu

This comment has been minimized.

Copy link
Member

commented Mar 19, 2016

这是我还在2012年的时候写的,可能有点过期了

https://wiki.tuna.tsinghua.edu.cn/OpenWrt/Tplink%20WR-703N#ipv6

On Sat, Mar 19, 2016, at 22:50, huiyiqun wrote:

最后那段能不能改成luci命令什么的 带点参数 搞成一个一键式配置脚本?不然我觉得还是有很多人不会用。。

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub[1]

Links:

  1. #7 (comment)
@2q1w2007

This comment has been minimized.

Copy link

commented Mar 19, 2016

等我今晚试试

@shankerwangmiao

This comment has been minimized.

Copy link
Member

commented Mar 19, 2016

我没用过openwrt呀,我只用过正常的linux

发自我的 iPhone

在 2016年3月19日,22:50,huiyiqun notifications@github.com 写道:

最后那段能不能改成luci命令什么的 带点参数 搞成一个一键式配置脚本?不然我觉得还是有很多人不会用。。


You are receiving this because you commented.
Reply to this email directly or view it on GitHub

@bigeagle

This comment has been minimized.

Copy link
Member Author

commented Mar 20, 2016

@Blaok 你负责下这个 issue 吧,我帮你配 jekyll :)

@heyeshuang

This comment has been minimized.

Copy link

commented Mar 21, 2016

现在IPV6 NAT已经不再需要NAT66了,这里有一个HOWTO

@Blaok

This comment has been minimized.

Copy link
Contributor

commented Mar 21, 2016

世界如此多姿多彩……我只配成功过NAT66并且可预见未来不打算换配置……我的测试环境是CC。假设路由器已经能够连接IPv6,原生或隧道都可以。

0: 确保内核模块和有用的软件包都被包含在固件里,包括但不限于:ip kmod-ipt-nat6 kmod-ip6tables luci-ipv6 iputils-traceroute6

1: OpenWRT默认会分配IPv6私网地址,在Network->Interfaces页面底下有个Global network optionsIPv6 ULA-Prefix这里应该有一个随机的fd开头的/64地址,LAN客户端应该能自动获得这个地址范围内的IPv6地址,DHCPv6和SLAAC默认都开了

2: 客户端有了正确的地址以后,需要在路由器上打开NAT66。OpenWRT默认的防火墙配置不会管IPv6的nat表,我一般是在/etc/firewall.user里面加上

WAN6=eth0
LAN=br-lan
ip6tables -t nat -A POSTROUTING -o $WAN6 -j MASQUERADE
ip6tables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
ip6tables -A FORWARD -i $LAN -j ACCEPT

WAN6和LAN分别改成外网IPv6和内网网卡(interface)的名字,注意不是防火墙区域(zone)的名字,也不是LuCI里面Network->Interfaces里面看到的名字,而是ifconfig看到的名字。

3: 在路由器上ip -6 route看一下自己的默认网关。如果获得的是
default from 2402:f000:x:xxxx::/64 via fe80::xxxx:xxxx:xxxx:xxxx dev eth0 proto static metric 512
这样坑爹的网关,在转发NAT66包的时候会有问题,需要把去掉from 2402:f000:x:xxxx::/64这一部分的以后的默认路由添加到路由表中,我一般是新建一个/etc/hotplug.d/iface/99-ipv6,它的内容是

#!/bin/sh
[ "$ACTION" = ifup ] || exit 0
iface=wan6
[ -z "$iface" -o "$INTERFACE" = "$iface" ] || exit 0
ip -6 route add `ip -6 route show default|sed -e 's/from [^ ]* //'`
logger -t IPv6 "Add IPv6 default route."

这里iface是LuCI里面Network->Interfaces里面看到的名字,一般叫wan6。这个脚本的意思是在wan6起来以后读取默认网关,把带from的内容去掉,再加到系统路由表里。记得
chmod +x /etc/hotplug.d/iface/99-ipv6

以上

@Blaok

This comment has been minimized.

Copy link
Contributor

commented Mar 21, 2016

@heyeshuang 我说的NAT66是相对于NAT44,NAT64和NAT46来说的,和那个我完全没有听说过的NAT66没有任何关系

@heyeshuang

This comment has been minimized.

Copy link

commented Mar 21, 2016

@Blaok 哦(手动滑稽)

@bigeagle

This comment has been minimized.

Copy link
Member Author

commented Mar 21, 2016

@Blaok openwrt 安装软件包的命令是什么?

@scateu

This comment has been minimized.

Copy link
Member

commented Mar 21, 2016

opkg install

bigeagle added a commit that referenced this issue Mar 21, 2016

bigeagle added a commit that referenced this issue Mar 21, 2016

@bigeagle

This comment has been minimized.

Copy link
Member Author

commented Mar 21, 2016

内容已发布在 http://ipv6.tsinghua.edu.cn/openwrt/ 请大家指正。
由于还不够完整,所以首页没加连接。

@bigeagle

This comment has been minimized.

Copy link
Member Author

commented Mar 21, 2016

@Blaok

3: ip -6 route看一下自己的默认网关。我获得的是

这里是指在 openwrt 上看对吧?

@Blaok

This comment has been minimized.

Copy link
Contributor

commented Mar 22, 2016

@bigeagle 对,文中已经说明了

@2q1w2007

This comment has been minimized.

Copy link

commented Mar 23, 2016

经测试@heyeshuang 的方法可以使用,而且可以在luci下操作,但是最新的trunk依然没有搞定odhcpd的锅,必须在启动后手动重启下odhcpd。

@dangfan

This comment has been minimized.

Copy link

commented Jul 16, 2016

@Blaok 的教程里漏了一点,第一步里,要记得在 Interfaces - LAN 下方的 DHCP ServerIPv6 Settings 部分选上 Always announce default router

@Blaok

This comment has been minimized.

Copy link
Contributor

commented Jul 16, 2016

@bigeagle @Terro PR已发

@wang20150419

This comment has been minimized.

Copy link

commented Oct 11, 2016

@Blaok @bigeagle 的脚本修正:

    ip -6 route add `ip -6 route show default|sed -e 's/from [^ ]* //'`

应该替换为:
route -A inet6 add default gw $(ifconfig | grep $(uci -q get network.wan6.ifname) -A5 | grep "inet6 addr" | grep "Global" | awk '{print $3}' | awk -F: '{printf $1":"$2":"$3":"$4"::1"}')

@alick

This comment has been minimized.

Copy link
Contributor

commented Oct 16, 2016

建议:

  • ip route 代替(过时的)route 命令
  • 太长了,换行

On Tue, Oct 11, 2016 at 6:54 AM, wang20150419 notifications@github.com
wrote:

@Blaok https://github.com/Blaok @bigeagle
https://github.com/bigeagle 的脚本修正:

ip -6 route add `ip -6 route show default|sed -e 's/from [^ ]* //'`

应该替换为:
route -A inet6 add default gw $(ifconfig | grep $(uci -q get
network.wan6.ifname) -A5 | grep "inet6 addr" | grep "Global" | awk '{print
$3}' | awk -F: '{printf $1":"$2":"$3":"$4"::1"}')


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
#7 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/AA5AL-LQnjhl_oDQl3zFLtXh5Q7dyYOkks5qy3kGgaJpZM4HxCMU
.

Regards,
Alick

@IMconnor

This comment has been minimized.

Copy link

commented Dec 18, 2016

请问各位巨巨,学校支持DHCPv6-PD吗?如果支持按道理CC15.05.1默认配置就能在学校宿舍用ipv6,而实际上ifstatus br-lan是显示分配不到前缀的。log也会报错
odhcpd: A default route is present but there is no public prefix on br-lan thus we don't announce a default route!
但是在实验室的电脑上貌似又可以?…

Ubuntu:~$ rdisc6 eth0
Soliciting ff02::2 (ff02::2) on eth0...

Hop limit                 :           64 (      0x40)
Stateful address conf.    :           No
Stateful other conf.      :           No
Router preference         :       medium
Router lifetime           :         1800 (0x00000708) seconds
Reachable time            :  unspecified (0x00000000)
Retransmit time           :  unspecified (0x00000000)
 Source link-layer address: 3C:8A:B0:86:EB:45
 Prefix                   : 2402:f000:1:5a01::/64
  Valid time              :      2592000 (0x00278d00) seconds
  Pref. time              :       604800 (0x00093a80) seconds
 from fe80::3e8a:b0ff:fe86:eb45

之前一直在用relay的配置方法,无奈不是太稳定,看到nat6很心动,但是我路由器已经装不下任何软件了。如果确认紫荆不支持DHCPv6-PD。那么自己配置前缀代理是不是得从'ip6prefix' (wan口) ->'ip6assign' (lan口)->路由这样的顺序来折腾?

@shankerwangmiao

This comment has been minimized.

Copy link
Member

commented Dec 18, 2016

@IMconnor

This comment has been minimized.

Copy link

commented Dec 24, 2016

@runapp 不是我配置的问题吧。
@shankerwangmiao 如说,学校确实不支持DHCPv6-PD,所以CC的默认配置下,br-lan当然没有前缀。既然这样要么NDP proxy,要么nat6,要么bridge。我现在还是用的第一种,最近倒是没出啥问题。

@2q1w2007

This comment has been minimized.

Copy link

commented Apr 26, 2017

LEDE 17.01.1 更新后用上面的配置就连不上了

@pengchongfu

This comment has been minimized.

Copy link

commented Apr 26, 2017

@2q1w2007 我的 LEDE 17.01.0 能用啊,NAT66

@IMconnor

This comment has been minimized.

Copy link

commented Apr 27, 2017

@2q1w2007 可以关注一下LEDE 17.01.1 changelog #396,这一版本修复了odhcpd在没有dhcpv6-pd情况下用relay模式时不稳定的问题。亲测有效,非常稳定(紫荆和主楼,老楼网络环境据说比较诡异没机会尝试)。毕竟还是比nat66方便很多的,性能也好一些。
https://lede-project.org/releases/17.01/changelog-17.01.1

@2q1w2007

This comment has been minimized.

Copy link

commented May 14, 2017

@IMconnor 更新了之后里面的机器能取到地址但是ping不通外面,但是路由本身是能ping通外面的

@mrhso

This comment has been minimized.

Copy link

commented Jun 29, 2018

@Blaok

ip6tables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
ip6tables -A FORWARD -i $LAN -j ACCEPT

窃以为这两步没有必要。实际上配置

ip6tables -t nat -A POSTROUTING -o $WAN6 -j MASQUERADE

就可以访问了。
(版本:OpenWrt 18.06.0-rc1)

@huiyiqun

This comment has been minimized.

Copy link
Member

commented Jun 29, 2018

@ideal

This comment has been minimized.

Copy link
Contributor

commented Oct 7, 2018

OpenWrt2015年及之后的版本内核已经带了IPv6的支持,不需要(也没有)安装kmod-ipv6了。

https://openwrt.org/docs/guide-user/network/ipv6/start

@alick

This comment has been minimized.

Copy link
Contributor

commented Oct 7, 2018

@ideal 发个PR?

@ideal

This comment has been minimized.

Copy link
Contributor

commented Oct 8, 2018

@ideal 发个PR?

好的。

@ekaradon-Alexander

This comment has been minimized.

Copy link

commented Dec 9, 2018

路由器获取了 2402:f000 开头的地址,按照 NAT 的配置,电脑获取了 IPv6 ULA-Prefix 设定的地址。但还是无法访问 IPv6。在电脑上可以 ping 通路由器的 2402:f000 地址。

  1. 教程里最后修改路由表的那段,"Add IPv6 default route." 写进 log 里了,但 ip -6 route 似乎没啥变化?
  2. 学校新的 IPv6 认证 (auth6.tsinghua.edu.cn) 会影响吗?
  3. 是不是 /128 的 IPv6 地址无法 relay 啊?

LEDE "Reboot" 17.01.5
TP-LINK TL-WR720N v4

@shankerwangmiao

This comment has been minimized.

Copy link
Member

commented Dec 9, 2018

/128 的 IPv6 地址的确无法作 relay,如果你是需要 ipv6 的认证,那么学校是通过 dhcpv6 给你分配的 /128 的地址,你需要用 ipv6 的NAT。

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.