IPv6 mit Tomato 1.28

07/01/2014 - 17:33 von Casaper | Report spam
Hallo

Da ich nun schon zu viel herum experimentiert habe und möglichkeiten die ich in diversen Foren auftreiben konnte, bin ich noch immer nicht zu einer funktionierenden IPv6 Config gekommen. Kurz, ich steh hier total auf dem Schlauch.

Meine Bitte: Eine gutmütige Seele möge mich einfach wenigstens darauf Hinweisen, ob ich hier was total falsch mache, oder vielleicht doch mal den Provider Support anfragen sollte.
IPv4 funzt wunderbar, es geht hier jetzt wirklich nur um ipv6, und der Provider bietet im prinzip eigentlich keinen Heimsupport. Daher..

Vielen Dank!

Lieber Gruss

Also:
-

Die Grundconfig ist:

Router: Asus RT-AC66U
Firmware: Tomato Version 1.28 by shibby http://j.mp/1bNIwJx


Config vom Provider Init7 gegeben:

IPv6 WAN IP: 2001:xxxx:xxxx:xxxx::74 (weis nicht ob noetig das zu xxen)
Gateway: 2001:xxxx:xxxx:xxxx::1
IPv6 Range: 2001:xxxx:xxxx::/48

Plus DNS:
77.109.128.2 (ns10.init7.net)
2001:1620:2777:1::10
213.144.129.20 (ns20.init7.net)
2001:1620:2777:2::20



So interpretier ich das in das Webconfig von Tomato:
http://twitpic.com/driz9a
(bei assigned Prefix/Range hab ich den IPv6 Range vom Provider genommen)

-

Ein Mac OSX client des Tomatorouters:
en1: flagsˆ63<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 28:cf:da:f3:9a:16
inet6 fe80::2acf:daff:fef3:9a16%en1 prefixlen 64 scopeid 0x4
inet 192.168.1.40 netmask 0xffffff00 broadcast 192.168.1.255
inet6 2001:xxxx:xxxx::2acf:daff:fef3:9a16 prefixlen 64 autoconf
inet6 2001:xxxx:xxxx::39d5:c12d:c2e3:a13c prefixlen 64 autoconf temporary
inet6 2001:xxxx:xxxx::bcbc:f258 prefixlen 64
nd6 options=1<PERFORMNUD>
media: autoselect
status: active
-
$ ping6 ipv6.google.com
PING6(56@+8+8 bytes) 2001:xxxx:xxxx::39d5:c12d:c2e3:a13c --> 2a00:1450:400a:806::1013
^C
ipv6.l.google.com ping6 statistics
4 packets transmitted, 0 packets received, 100.0% packet loss


-
_____________________________

Router:

# uname -a
Linux rw 2.6.22.19 #2 Tue Nov 19 17:04:49 CET 2013 mips GNU/Linux

# ifconfig -a br0 && ifconfig -a vlan2
br0 Link encap:Ethernet HWaddr 00:[snipp]:80
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: 2001:xxxx:xxxx::1/48 Scope:Global
inet6 addr: fe80::62a4:4cff:fe68:f080/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1289 errors:0 dropped:0 overruns:0 frame:0
TX packets:1346 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:551002 (538.0 KiB) TX bytes:626411 (611.7 KiB)

vlan2 Link encap:Ethernet HWaddr 60:[snipp]:81
inet addr:77.[snipp].144 Bcast:77.[snipp].255 Mask:255.255.254.0
inet6 addr: fe80::62a4:4cff:fe68:f081/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1394 errors:0 dropped:0 overruns:0 frame:0
TX packets:865 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:588250 (574.4 KiB) TX bytes:537289 (524.6 KiB)


# ping6 ipv6.google.com
PING ipv6.google.com (2a00:1450:400a:806::1013): 56 data bytes

ipv6.google.com ping statistics
4 packets transmitted, 0 packets received, 100% packet loss



# route -A inet6
Kernel IPv6 routing table
Destination Next Hop Flags Metric Ref Use Iface
2001:xxxx:xxxx::/48 :: U 256 0 0 br0
fe80::/64 :: U 256 0 0 vlan1
fe80::/64 :: U 256 0 0 eth2
fe80::/64 :: U 256 0 0 br0
fe80::/64 :: U 256 0 0 vlan2
::/0 :: U 2048 0 0 vlan2
::1/128 :: U 0 8 1 lo
2001:1620:4064::/128 :: U 0 0 2 lo
2001:1620:4064::1/128 :: U 0 121 1 lo
fe80::/128 :: U 0 0 2 lo
fe80::/128 :: U 0 0 2 lo
fe80::/128 :: U 0 0 2 lo
fe80::/128 :: U 0 0 2 lo
fe80::62a4:4cff:fe68:f080/128 :: U 0 0 1 lo
fe80::62a4:4cff:fe68:f080/128 :: U 0 85 1 lo
fe80::62a4:4cff:fe68:f081/128 :: U 0 0 1 lo
fe80::62a4:4cff:fe68:f083/128 :: U 0 0 1 lo
ff02::1/128 ff02::1 UC 0 14 10 br0
ff02::66/128 ff02::66 UC 0 1279 0 br0
ff00::/8 :: U 256 0 0 vlan1
ff00::/8 :: U 256 0 0 eth2
ff00::/8 :: U 256 0 0 br0
ff00::/8 :: U 256 0 0 vlan2



# ip6tables --list -v
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 logdrop all any any anywhere anywhere rt type:0
43 5360 ACCEPT all any any anywhere anywhere state RELATED,ESTABLISHED
0 0 ACCEPT ipv6-nonxt any any anywhere anywhere length 40
116 8472 ACCEPT all br0 any anywhere anywhere
0 0 ACCEPT all lo any anywhere anywhere
0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp destination-unreachable
0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp packet-too-big
0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp time-exceeded
0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp parameter-problem
0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp echo-request
0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp echo-reply
0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp type 130
0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp type 131
0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp type 132
0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp router-solicitation
0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp router-advertisement
0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp neighbour-solicitation
0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp neighbour-advertisement
0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp type 141
0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp type 142
0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp type 143
0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp type 148
0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp type 149
0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp type 151
0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp type 152
0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp type 153
0 0 ACCEPT tcp any any anywhere anywhere tcp dpt:445
0 0 logdrop all any any anywhere anywhere

Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP all any any anywhere anywhere rt type:0
0 0 ACCEPT all br0 br0 anywhere anywhere
0 0 DROP all any any anywhere anywhere state INVALID
163 13692 monitor all any vlan2 anywhere anywhere
0 0 ACCEPT all any any anywhere anywhere state RELATED,ESTABLISHED
0 0 logdrop all vlan2 vlan2 anywhere anywhere
0 0 ACCEPT ipv6-nonxt any any anywhere anywhere length 40
0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp destination-unreachable
0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp packet-too-big
0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp time-exceeded
0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp parameter-problem
0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp echo-request
0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp echo-reply
0 0 wanin all vlan2 any anywhere anywhere
163 13692 wanout all any vlan2 anywhere anywhere
163 13692 ACCEPT all br0 any anywhere anywhere
0 0 ACCEPT all br0 vlan2 anywhere anywhere

Chain OUTPUT (policy ACCEPT 626 packets, 55780 bytes)
pkts bytes target prot opt in out source destination
0 0 logdrop all any any anywhere anywhere rt type:0

Chain logdrop (4 references)
pkts bytes target prot opt in out source destination
0 0 LOG all any any anywhere anywhere state NEW limit: avg 1/sec burst 5 LOG level warning tcp-sequence tcp-options ip-options macdecode unknown-flags prefix `DROP '
0 0 DROP all any any anywhere anywhere

Chain logreject (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all any any anywhere anywhere limit: avg 1/sec burst 5 LOG level warning tcp-sequence tcp-options ip-options macdecode unknown-flags prefix `REJECT '
0 0 REJECT tcp any any anywhere anywhere reject-with tcp-reset

Chain monitor (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN tcp any any anywhere anywhere WEBMON --max_domains 300 --max_searches 300

Chain wanin (1 references)
pkts bytes target prot opt in out source destination

Chain wanout (1 references)
pkts bytes target prot opt in out source destination

-

# cat /etc/dhcp6c.conf
interface vlan2 {
send ia-pd 0;
send ia-na 0;
send rapid-commit;
request domain-name-servers;
script "/sbin/dhcp6c-state";
};
id-assoc pd 0 {
prefix-interface br0 {
sla-id 0;
sla-len 16;
};
};
id-assoc na 0 { };



Tomato Wan-up Script (Gefunden auf http://j.mp/1gdM9gt und anderenorts):

#
# Workaround for modifying /etc/dhcp6c.conf to work with Comcast IPv6,
# requiring IA-NA DHCP option bit set.
#
# Note that this workaround intentionally messes up the spacing of
# the send ia-pd option; this is to ensure that if if the sed command
# is run multiple times it won't continue to append the send ia-na entry
# over and over.
#
# http://www.dslreports.com/forum/r27...bugs-found
#
sed -i -e's/ send ia-pd 0;/send ia-pd 0; send ia-na 0;/' /etc/dhcp6c.conf
kill `cat /var/run/dhcp6c.pid` && dhcp6c -T LL `nvram get wan_iface`
#
# Workaround for TomatoUSB bug where a spurious default IPv6 route is
# added for no justified reason, resulting in packets getting forwarded
# effectively to /dev/null.
#
# http://www.dslreports.com/forum/r27...bugs-found
#
route -A inet6 del default gw :: metric 1024 `nvram get wan_iface`


# netstat -rue
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
77.xx.xx.1 * 255.255.255.255 UH 0 0 0 vlan2
192.168.1.0 * 255.255.255.0 U 0 0 0 br0
77.xxx.xxx.0 * 255.255.254.0 U 0 0 0 vlan2
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default gw.private.ewz. 0.0.0.0 UG 0 0 0 vlan2



So... Jetzt fàllt mir wirklich nichts mehr ein, was ich noch liefern könnte, damit man sehen kann ob und was hier bei mir falsch konfiguriert ist.
Jederzeit werde ich natürlich gerne nach liefern, wenn ich etwas vergessen haben sollte.

Dankend Grüsst

Casaper
 

Lesen sie die antworten

#1 Frank Graf
07/01/2014 - 21:04 | Warnen spam
Am Tue, 07 Jan 2014 08:33:38 -0800 schrieb Casaper:


Da ich nun schon zu viel herum experimentiert habe und möglichkeiten die
ich in diversen Foren auftreiben konnte, bin ich noch immer nicht zu einer
funktionierenden IPv6 Config gekommen. Kurz, ich steh hier total auf dem Schlauch.

Meine Bitte: Eine gutmütige Seele möge mich einfach wenigstens darauf Hinweisen,
ob ich hier was total falsch mache, oder vielleicht doch mal den Provider Support
anfragen sollte.
IPv4 funzt wunderbar, es geht hier jetzt wirklich nur um ipv6, und der Provider
bietet im prinzip eigentlich keinen Heimsupport. Daher..

Vielen Dank!

Lieber Gruss

Also:
-

Die Grundconfig ist:

Router: Asus RT-AC66U
Firmware: Tomato Version 1.28 by shibby http://j.mp/1bNIwJx


Config vom Provider Init7 gegeben:

IPv6 WAN IP: 2001:xxxx:xxxx:xxxx::74 (weis nicht ob noetig das zu xxen)
Gateway: 2001:xxxx:xxxx:xxxx::1
IPv6 Range: 2001:xxxx:xxxx::/48

_____________________________

Router:

# uname -a
Linux rw 2.6.22.19 #2 Tue Nov 19 17:04:49 CET 2013 mips GNU/Linux




Ich meiner hier fehlt ein richtig gesetztes IPv6 Default-Gateway:

Das von dir oben genannte Gateway fehlt hier.


# route -A inet6
Kernel IPv6 routing table
Destination Next Hop Flags Metric Ref Use Iface
2001:xxxx:xxxx::/48 :: U 256 0 0 br0
fe80::/64 :: U 256 0 0 vlan1
fe80::/64 :: U 256 0 0 eth2
fe80::/64 :: U 256 0 0 br0
fe80::/64 :: U 256 0 0 vlan2
::/0 :: U 2048 0 0 vlan2
::1/128 :: U 0 8 1 lo
2001:1620:4064::/128 :: U 0 0 2 lo
2001:1620:4064::1/128 :: U 0 121 1 lo
fe80::/128 :: U 0 0 2 lo
fe80::/128 :: U 0 0 2 lo
fe80::/128 :: U 0 0 2 lo
fe80::/128 :: U 0 0 2 lo
fe80::62a4:4cff:fe68:f080/128 :: U 0 0 1 lo
fe80::62a4:4cff:fe68:f080/128 :: U 0 85 1 lo
fe80::62a4:4cff:fe68:f081/128 :: U 0 0 1 lo
fe80::62a4:4cff:fe68:f083/128 :: U 0 0 1 lo
ff02::1/128 ff02::1 UC 0 14 10 br0
ff02::66/128 ff02::66 UC 0 1279 0 br0
ff00::/8 :: U 256 0 0 vlan1
ff00::/8 :: U 256 0 0 eth2
ff00::/8 :: U 256 0 0 br0
ff00::/8 :: U 256 0 0 vlan2





Wie sieht ein "traceroute6 ipv6.google.com" aus?

# ip6tables --list -v



Die Firewall würde ich wàhrend der Tests (ping) temporàr ausschalten.

So... Jetzt fàllt mir wirklich nichts mehr ein, was ich noch liefern könnte, damit man
sehen kann ob und was hier bei mir falsch konfiguriert ist.
Jederzeit werde ich natürlich gerne nach liefern, wenn ich etwas vergessen haben sollte.





Frank

Ähnliche fragen