Saturday, May 25, 2013

IPv6 with Charter Communications

This post describes how I enabled IPv6 on my home network.  After completing the six steps below:
  • All computers on my network now have a public IPv6 address (though a firewall limits external access to only some of them, see step 6).
  • My locally hosted websites are now accessible over IPv6.
  • My web browser can now reach IPv6-only web sites.
  • My web browser now scores 10 out of 10 on IPv6 connectivity tests.
As I write this IPv6 usage is around 1.5% but the supply of IPv4 address is almost exhausted.  The North American Regional Internet Register will distribute its last address blocks in about 10 months.  Why not help with the transition by converting your small corner of the net, and learning about IPv6 in the process.

Step 1: Install OpenWrt

Charter doesn't yet offer native IPv6. They do however offer a free IPv6 border relay: Charter IPv6 6rd Page. Through the relay you get your own /64 of publicly routeable IPv6 addresses-- that's 2^64 = 18 quintillion IP address, an old internet squared, just for you.

My router is a Netgear wndr3700v1.  The default firmware does not support 6rd.  I replaced my router firmware with OpenWrt.   I installed the latest version,  "Attitude Adjustment Release 12.09".  OpenWrt builds do not include a web interface by default (only command line), but it is easy to add one.  After installing OpenWrt, I logged into my router (ssh -l root 192.168.1.1) and installed the LuCI web interface.  Five easy LuCI installation commands here. There are also images with LuCI pre-installed.

At this point you should have a functional IPv4 network again, provided by OpenWrt.  Take time to configure the root password on your router, configure the wireless network SSID, security, etc-- all the normal stuff you do with a new router.

Note: I first tried using dd-wrt, which is another popular open source router firmware alternative.  Although I was able to get the 6rd tunnel working with dd-wrt, there hasn't been a new build in two years, consequently the underlying Linux kernel is much older. I had trouble getting ip6tables to work.  OpenWrt development seems much more active, the latest release was last month.

Step 2: Install OpenWrt packages for IPv6 and 6rd

To utilize 6rd from OpenWrt one must install a few additional packages.  Package installation in OpenWrt is very easy.  Secure shell into the router as root and use the opkg command.

opkg install <package-name>
-or-
opkg install <package-url>

For some of the below packages/commands I used
REPO_URL=
http://downloads.openwrt.org/attitude_adjustment/12.09/ar71xx/generic/packages/

Where "ar71xx" is the architecture of my router.  The correct value for any router can be found in OpenWrt's table of hardware.

# Install 6rd packages
opkg install 6rd
    kmod-ipv6
    kmod-iptunnel4
    kmod-sit

# Install radvd
opkg install radvd
    libdaemon

# Enable configuration of 6rd interfaces via luci
opkg install ${REPO_URL}/luci-proto-6x4_0.11.1-1_ar71xx.ipk
    6in4
    6to4

# Install luci interface for radvd
opkg install ${REPO_URL}/luci-app-radvd_0.11.1-1_ar71xx.ipk

# Install packages for ip6tables
opkg install ${REPO_URL}/kmod-ip6tables_3.3.8-1_ar71xx.ipk
opkg install ${REPO_URL}/libip6tc_1.4.10-4_ar71xx.ipk
opkg install ${REPO_URL}/ip6tables_1.4.10-4_ar71xx.ipk

The indented names above are package dependencies that are automatically installed.  Use: opkg list-installed to list installed packages. After installing the above packages enable radvd at boot /etc/init.d/radvd enable them reboot your router.

Step 3: Configure Radvd

Setup radvd so that your router will distribute IPv6 addresses to attached devices. Edit /etc/config/radvd.  Here is my version of that file:

config interface
option interface 'lan'
option AdvSendAdvert '1'
list client ''
option ignore '0'
option IgnoreIfMissing '1'
option AdvSourceLLAddress '1'
option AdvDefaultPreference 'medium'
option AdvManagedFlag '1'
option AdvLinkMTU '1280'

config prefix

option interface 'lan'
option AdvOnLink '1'
option AdvAutonomous '1'
option ignore '0'
list prefix '2602:100:18cf:84ef::/64'

config rdnss

option interface 'lan'
option ignore '0'
list addr '2607:f428:1::5353:1'
list addr '2607:f428:2::5353:1'

config dnssl

option interface 'lan'
list suffix ''
option ignore '1'

The two addresses in the rdnss section are the primary and secondary DNS addresses, they come directly from Charter's IPv6 page.  The single address in the prefix section is your IPv6 /64 prefix.  It is derived as follows from Chater's 6rd prefix, plus your current WAN IP (google "what is my IP").  Here is a bash script you can use to generate the combined value:

#!/bin/bash
WAN_IP="24.207.132.239"
V6_PREFIX=$(printf ' 2602:100:%02x%02x:%02x%02x' $(echo $WAN_IP | tr . ' '));
printf "RESULT: $V6_PREFIX \n";

If you installed the package luci-app-radvd there is a web-UI tab available for configuring radvd. The UI even contains an option indicating that the IPv6 prefix should be automatically derived from the IPv4 address of the interface you specify (wan).  I couldn't get radvd to work via the UI-- so I just edited the above file directly.

Step 4: Create an interface for the 6rd tunnel

In LuCI navigate to Network -> Iterfaces and select "Add new interface..."
  • Name of the new interface: WAN6
  • Select "IPv6-over-IPv4 (6rd)" as the protocol.
  • Enter value's from chater's IPv6 page for the remaining fields:
    • Remote IPv4 address:  68.114.165.1
    • IPv6 prefix: 2602:100::
    • IPv6 prefix length: 32
    • On the "Firewall" tab select "wan" to place this new interface in the same zone as wan.


Step 5: Enable IPv6 on your existing LAN inteface

  • Network -> Iterfaces -> LAN -> "Accept router advertisements".  Check this.
  • Reboot your router.

This is what should now see in LuCI, on the Network->Interface page:


At this point all capable IPv6 devices on your network should have an IPv6 address and should be able to access the IPv6 net.

Step 6: IPv6 Firewall

In LuCI navigate to Status -> Firewall.  You should see that there are now two tabs; one for an IPv4 firewall and one for an IPv6 firewall.  The IPv6 firewall should have rules allowing all outbound traffic, and blocking all inbound (except for ICMP, pings).

Here is an example rule allowing inbound IPv6 requests to one machine on your network.  Add the following to /etc/config/firewall:


config rule
option target 'ACCEPT'
option name 'IPv6-HTTP-to-dev-server'
option family 'ipv6'
option proto 'tcp'
option src 'wan'
option dest 'lan'
option dest_ip '2602:100:18cf:84ef:beae:c5ff:fee1:3c77'
option dest_port '80'


The 'name' is just a name for this rule, and can be anything you like.  The 'dest_ip' and 'dest_port' fields are of course the IPv6 address of your, in this example, web server.

Relevant links

Let me know

Let me know if this guide was helpful.  Similarly if you find an omission or error let me know, and I'll make updates for the benefit of everyone. 



3 comments:

  1. Thanks for the info. Any word on if Charter has native IPv6 service yet?

    ReplyDelete
  2. VIRUS REMOVAL
    Is Your Computer Sluggish or Plagued With a Virus? – If So you Need Online Tech Repairs
    As a leader in online computer repair, Online Tech Repairs Inc has the experience to deliver professional system optimization and virus removal.Headquartered in Great Neck, New York our certified technicians have been providing online computer repair and virus removal for customers around the world since 2004.
    Our three step system is easy to use; and provides you a safe, unobtrusive, and cost effective alternative to your computer service needs. By using state-of-the-art technology our computer experts can diagnose, and repair your computer system through the internet, no matter where you are.
    Our technician will guide you through the installation of Online Tech Repair Inc secure software. This software allows your dedicated computer expert to see and operate your computer just as if he was in the room with you. That means you don't have to unplug everything and bring it to our shop, or have a stranger tramping through your home.
    From our remote location the Online Tech Repairs.com expert can handle any computer issue you want addressed, like:
    • - System Optimization
    • - How it works Software Installations or Upgrades
    • - How it works Virus Removal
    • - How it works Home Network Set-ups
    Just to name a few.
    If you are unsure of what the problem may be, that is okay. We can run a complete diagnostic on your system and fix the problems we encounter. When we are done our software is removed; leaving you with a safe, secure and properly functioning system. The whole process usually takes less than an hour. You probably couldn't even get your computer to your local repair shop that fast!
    Call us now for a FREE COMPUTER DIAGONISTIC using DISCOUNT CODE (otr214427@gmail.com) on +1-914-613-3786 or chat with us on www.onlinetechrepairs.com.

    ReplyDelete
  3. 1 Problem: HP Printer not connecting to my laptop.
    I had an issue while connecting my 2 year old HP printer to my brother's laptop that I had borrowed for starting my own business. I used a quick google search to fix the problem but that did not help me.
    I then decided to get professional help to solve my problem. After having received many quotations from various companies, i decided to go ahead with Online Tech Repair (www.onlinetechrepairs.com).
    Reasons I chose them over the others:
    1) They were extremely friendly and patient with me during my initial discussions and responded promptly to my request.
    2) Their prices were extremely reasonable.
    3) They were ready and willing to walk me through the entire process step by step and were on call with me till i got it fixed.
    How did they do it
    1) They first asked me to state my problem clearly and asked me a few questions. This was done to detect any physical connectivity issues with the printer.
    2) After having answered this, they confirmed that the printer and the laptop were functioning correctly.
    3) They then, asked me if they could access my laptop remotely to troubleshoot the problem and fix it. I agreed.
    4) One of the tech support executives accessed my laptop and started troubleshooting.
    5) I sat back and watched as the tech support executive was navigating my laptop to spot the issue. The issue was fixed.
    6) I was told that it was due to an older version of the driver that had been installed.

    My Experience
    I loved the entire friendly conversation that took place with them. They understood my needs clearly and acted upon the solution immediately. Being a technical noob, i sometimes find it difficult to communicate with tech support teams. It was a very different experience with the guys at Online Tech Repairs. You can check out their website www.onlinetechrepairs.com or call them on 1-914-613-3786.
    Would definitely recommend this service to anyone who needs help fixing their computers.
    Thanks a ton guys. Great Job....!!

    ReplyDelete