OpenWRT/LEDE enables NAT-free global IPv6
This article is machine translated which hasn’t been proofreaded by the author. The info it contains may be inaccurate. The author will do his best to get back (when he has time) and revise these articles. 🥰
For Chinese version of this article, see here.
For an IPv6, I don’t know how many nights I have tossed. Today it is finally done. IPv6 should not have any magic tricks such as NAT6 or radvd forwarding, but as an infrastructure, stability is the first element. Because of software implementation bugs, the network is unstable, and it is really for the new technology that the gains outweigh the losses.
But I still have to say that it is best to learn something like IPv6 quickly. After all, the sign was overturned. And getting rid of the entanglement of NAT will provide a lot of convenience for intrusion and penetration in the future, not to mention the world of the Internet of Things in the future, and the world of watchdogs may not necessarily become a reality😊
The turning point is of course the notice from the State Council, and the breakthrough is the bug fix1 by the LEDE branch odhcpd. Of course, there are also black technology repair methods of some players 2. Now it has reached the state where the boot connection is fully available, and there is no need to restart the network or restart odhcpd. Let’s talk about the method below.
Official website address: https://lede-project.org/toh/views/toh_fwdownload
This link contains all devices supported by LEDE. Why LEDE? Not only this branch has IPv6 available, but also because LEDE supports a very useful QoS policy script, sqm-scripts. The delay of the glory of the king is basically unchanged when Xunlei is at full speed. For details about the settings of this component, see官方wiki .
If it is the first time to flash the machine, use it
lede-xxxx-factory.bin, upgrade or transfer from OpenWRT and just flash
lede-xxxx-sysupgrade.bin That’s it. How to brush the machine varies from person to person.
Probably IPv6 is already a standard configuration. Generally, there will be an interface of wan6 in the initial settings. ssh or telnet into the router’s shell. Revise
/etc/config/dhcp, modify the contents of the following three dhcp partitions as follows 2.
config dhcp 'wan' option interface 'wan' option ignore '1' option dhcpv6 'disabled' option ndp 'relay' option ra 'relay' option master '1' config dhcp 'wan6' option dhcpv6 'relay' option ra 'relay' option ndp 'relay' option master '1' config dhcp 'lan' option interface 'lan' option start '100' option limit '150' option leasetime '12h' option dhcpv6 'relay' option ra 'relay' option ndp 'relay'
A few key points of it:
- Several related settings of IPv6 must be copied from the wan6 partition to the wan.
- The lan partition is best placed behind the wan. Because there is a section in the code that looks for the relay mode master, I am not sure about it here~~ I just guessed~~.
- The dhcpv6 of wan6 cannot be set to disabled as in the reference 2. Because the router does not have a v6 address and cannot forward it.
Among them, the start and limit in the lan partition are the minimum address and maximum allocation number of the IPv4 address pool, which can be changed as needed. Execute after modification
/etc/init.d/network restart All related services will be restarted.
In my case, the v4 address is obtained in about half a minute after restarting the network, and the v6 address is obtained in forty or fifty seconds. The v4 address is generally constant, and the v6 address is always changing. The network real name system has a long way to go (laughs). I still don’t understand the routing of v6, but enter it on the router
ip neigh show proxy If the IP of the device behind the router appears in the return list, it means that the forwarding has been successful.** This process takes about a minute **. During the first two settings, I also referred to 3 and manually added a route to ping Liuwei. But after setting up as above, it is completely OK.
$ ping6 www.google.com PING6(56=40+8+8 bytes) 2001:***:aa5d --> 2404:6800:4008:801::2004 16 bytes from 2404:6800:4008:801::2004, icmp_seq=0 hlim=46 time=449.066 ms 16 bytes from 2404:6800:4008:801::2004, icmp_seq=1 hlim=46 time=75.849 ms 16 bytes from 2404:6800:4008:801::2004, icmp_seq=2 hlim=46 time=74.618 ms 16 bytes from 2404:6800:4008:801::2004, icmp_seq=3 hlim=46 time=74.261 ms 16 bytes from 2404:6800:4008:801::2004, icmp_seq=4 hlim=46 time=74.437 ms 16 bytes from 2404:6800:4008:801::2004, icmp_seq=5 hlim=46 time=75.887 ms ^C --- www.google.com ping6 statistics --- 6 packets transmitted, 6 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 74.261/137.353/449.066/139.404 ms
The network is very good~😆
Hehehe, the v6 certification issued by he.net last time.