IPv6 through WLAN access point revisited
Wednesday, August 28. 2013
This is a follow-up for my previous article about running IPv6 and WLAN access point. There I said "This was actually very easy to do into DD-WRT" and now I'd like to take that back. 
It seemed to be easy, but ... Here are my settings in detail. Btw. I'm running DD-WRT v24-sp2 big
Release: 07/24/13 (SVN revision: 22118)
1. disable the autoconfiguration from the WLAN access-point and manually define a static IPv6-address
This is the part which I struggled the most. Sure it is easy to remove the manually assigned IPv6-address from an interface, just run:
ip -6 addr delete 2001::-da-IP-here-/64 dev br0
on a shell. It will drop the autoconfigured address and it will stay away. For a while. It surely won't survive a reboot.
To make this stick, go to web GUI Administration --> Commands and add a startup command:
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
echo 0 > /proc/sys/net/ipv6/conf/all/autoconf
echo 0 > /proc/sys/net/ipv6/conf/all/accept_ra
echo 0 > /proc/sys/net/ipv6/conf/all/accept_ra_pinfo
/usr/sbin/ip -6 addr add 2001:-da-IP-here-/64 dev br0
That makes the settings stick. Autoconfiguration will be gone and a static address will be assigned instead. I attempted at least 20 different combinations while looking the sysctl-settings list, but that was the 1st one I found to be actually functional for deactivating the autoconfig.
2. use a static default route from the WLAN access-point and confirm that it has proper IPv6-connectivity
4. make sure, that any incoming traffic from the mobile clients is
properly routed to the real IPv6-router, and confirm that traffic flows
both ways
Yet again, go to web GUI Administration --> Commands and add a startup command:
/usr/sbin/ip -6 route add default via 2001:-da-router-IP-here-::1 metric 1
That creates a static route which will work and fulfill the 2). To achieve 4) make sure to have the metric 1 at the end.
3. run router advertisement daemon (RADVD) to advertise the WLAN access-point as a proper router for any wireless clients
In the DD-WRT IPv6 article it said that RADVD configuration should be like this:
interface br0 {
AdvSendAdvert on;
prefix 0:0:0:1::/64 {
AdvOnLink on;
AdvAutonomous off;
};
};
Don't do that! DON'T! It will royally fuck up your LAN. Nothing in IPv6-land will work if you literally copy/paste that like they suggest. The problem is with the prefix of 0:0:0:1::/64, it will assume that your network has that /64-prefix and assign route and IP-address for any IPv6-host with that prefix. I can bet you $1.000.000 dollars, that it will not be your IPv6-prefix. ... and win.
Just put the exactly same prefix your real IPv6-router has. The WLAN access point's RADVD should be configured pretty much exactly alike. For the configuration directives see radvd.conf manual-page. It literally says:
- AdvSendAdvert: do send advertisements, default is off
- AdvOnLink: use the prefix for link determination (meaning: yes you can get to The Net via this), it is on by default, you really don't need this line at all
- AdvAutonomous: do distribute new the IP-addresses from this RADVD to your wireless (and wired) clients, yet again it is on by default and you really don't need this
With these settings I succeeded a reboot and still had my wireless and wired clients working using either of the two IPv6-routers. On Windows the setup will display two default routes, like this:
PS C:\Windows\system32> netsh interface ipv6 show route
Publish Type Met Prefix Idx Gatewa
------- -------- --- ------------------------ --- ------
No Manual 256 ::/0 18 fe80::
No Manual 256 ::/0 18 fe80::
On Linux:
# ip -6 route show | fgrep default
default via fe80:: dev eth0 metric 1024 expires 0sec mtu 1280 hoplimit 64
default via fe80:: dev eth0 metric 1024 expires 0sec mtu 1280 hoplimit 64
That's ok. IPv6 will support that ok. Just be aware, that your traffic may route either way.
This is a follow-up for my previous article about running IPv6 and WLAN access point. There I said "This was actually very easy to do into DD-WRT" and now I'd like to take that back.
It seemed to be easy, but ... Here are my settings in detail. Btw. I'm running DD-WRT v24-sp2 big
Release: 07/24/13 (SVN revision: 22118)
1. disable the autoconfiguration from the WLAN access-point and manually define a static IPv6-address
This is the part which I struggled the most. Sure it is easy to remove the manually assigned IPv6-address from an interface, just run:
ip -6 addr delete 2001::-da-IP-here-/64 dev br0
on a shell. It will drop the autoconfigured address and it will stay away. For a while. It surely won't survive a reboot.
To make this stick, go to web GUI Administration --> Commands and add a startup command:
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
echo 0 > /proc/sys/net/ipv6/conf/all/autoconf
echo 0 > /proc/sys/net/ipv6/conf/all/accept_ra
echo 0 > /proc/sys/net/ipv6/conf/all/accept_ra_pinfo
/usr/sbin/ip -6 addr add 2001:-da-IP-here-/64 dev br0
That makes the settings stick. Autoconfiguration will be gone and a static address will be assigned instead. I attempted at least 20 different combinations while looking the sysctl-settings list, but that was the 1st one I found to be actually functional for deactivating the autoconfig.
2. use a static default route from the WLAN access-point and confirm that it has proper IPv6-connectivity
4. make sure, that any incoming traffic from the mobile clients is
properly routed to the real IPv6-router, and confirm that traffic flows
both ways
Yet again, go to web GUI Administration --> Commands and add a startup command:
/usr/sbin/ip -6 route add default via 2001:-da-router-IP-here-::1 metric 1
That creates a static route which will work and fulfill the 2). To achieve 4) make sure to have the metric 1 at the end.
3. run router advertisement daemon (RADVD) to advertise the WLAN access-point as a proper router for any wireless clients
In the DD-WRT IPv6 article it said that RADVD configuration should be like this:
interface br0 {
AdvSendAdvert on;
prefix 0:0:0:1::/64 {
AdvOnLink on;
AdvAutonomous off;
};
};
Don't do that! DON'T! It will royally fuck up your LAN. Nothing in IPv6-land will work if you literally copy/paste that like they suggest. The problem is with the prefix of 0:0:0:1::/64, it will assume that your network has that /64-prefix and assign route and IP-address for any IPv6-host with that prefix. I can bet you $1.000.000 dollars, that it will not be your IPv6-prefix. ... and win.
Just put the exactly same prefix your real IPv6-router has. The WLAN access point's RADVD should be configured pretty much exactly alike. For the configuration directives see radvd.conf manual-page. It literally says:
- AdvSendAdvert: do send advertisements, default is off
- AdvOnLink: use the prefix for link determination (meaning: yes you can get to The Net via this), it is on by default, you really don't need this line at all
- AdvAutonomous: do distribute new the IP-addresses from this RADVD to your wireless (and wired) clients, yet again it is on by default and you really don't need this
With these settings I succeeded a reboot and still had my wireless and wired clients working using either of the two IPv6-routers. On Windows the setup will display two default routes, like this:
PS C:\Windows\system32> netsh interface ipv6 show route
Publish Type Met Prefix Idx Gatewa
------- -------- --- ------------------------ --- ------
No Manual 256 ::/0 18 fe80::
No Manual 256 ::/0 18 fe80::
On Linux:
# ip -6 route show | fgrep default
default via fe80:: dev eth0 metric 1024 expires 0sec mtu 1280 hoplimit 64
default via fe80:: dev eth0 metric 1024 expires 0sec mtu 1280 hoplimit 64
That's ok. IPv6 will support that ok. Just be aware, that your traffic may route either way.
