IPv6 in the house was no big deal

ipv6.jpgI have been following the IPv6 thing for a while now, mostly wondering why it is second nature for non-US ISPs, and why the US just can’t seem to get its act together on it.

So a few days ago I took it upon myself to determine just how far out of reach IPv6 was for the average finance geek turned tech explorer.

What did I find? Cake..nothing but cake.

What follows is a “base map” that any remotely tech savvy person can use to get IPv6 service over a broadband connection. And when I say tech savvy, I mean if you can visit a few websites, follow a few directions, plug in an ethernet cable, and don’t mind blowing $60 on a router, you can be on IPv6 in just a few hours time.

First stop, Hurricane Electric, an IPv6 tunnel broker. Register – it costs you nothing. Give them your connection’s regular IP address, and within a day or two (assuming they can ping your router – make sure you let it accept pings), you are approved. You then set your nameservers as blank, and you get an IPv6 address block.

Next step, get a new router that is IPv6 capable. Here is where the $60 and a few tricks come in. I found that the Linksys WRT54G was hackable as all getup, as long as you had a version lower than v5. I picked one up at CompUSA, and with rebates, set me back $45. Then hit BrainSlayer’s DD-WRT Wiki, where you can find all the information you need to turn that Linksys router into a powerhouse. Follow the directions there closely, particularly if you have a version 4 router like I did (more on that later).

Once you have the new firmware installed, visit Chris Sologuk’s Solosoft.org – Chris provides all the instructions and scripts you need to light up that router’s IPv6 capability. And for those of you unlucky enough to have version 4 of those Linksys routers, don’t fret when you can’t get those scripts to work. Chris was kind enough to email me a proposed workaround that I am including below, with as little editing as possible so the contributor (whoever Jimmy is) gets credit where credit is due:

Hi Chris,

I think I’ve tested this enough, after unplugging the router and
rebooting the router a few times it still retained the settings…
here’s a brief outline of what i did using your guide as the initial
basis… i’d like to have used jffs as well but since space is at a
premium here goes…

(im running the dd-wrt standard image on the wrt54gsv4 device)

1. sign up to HE for a tunnel
2. got your sample radvd.conf and ip.sh scripts…
2a) i modified radvd.conf to suit my subnet…

interface br0
{ AdvSendAdvert on;
MinRtrAdvInterval 3;
MaxRtrAdvInterval 10;
AdvHomeAgentFlag off;
prefix 2001:470:xxxx:xxxx::/64
{ AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr on;
};};

2b) i got the ip.sh file and ripped out all the comments and
variable substitutions…. and was left with this….

/usr/sbin/ip tunnel add sixbone mode sit local xxx.xxx.xxx.xxx
remote 64.xxx.xxx.xxx
/usr/sbin/ip link set sixbone up
/usr/sbin/ip link set mtu 1280 dev sixbone
/usr/sbin/ip tunnel change sixbone ttl 64
/usr/sbin/ip -6 addr add 2001:470:xxxx:xxxx::xxxx/127 dev sixbone
/usr/sbin/ip -6 ro add default via 2001:470:xxxx:xxxx::112E dev
sixbone
/usr/sbin/ip -6 addr add 2001:470:1F00:xxxx::/64 dev br0

3. go to the web interface of the linksys router…
3a) go to administration -> management, then enable ipv6 and radvd
3b) paste the above radvd config to the config box in the web
interface

4. go to the webinterface of the linksys router…
4a) go to administration -> services, then enable sshd, enable
password login if not using ssh keys

5. (here’s the neat thing that i found after reading the dd-wrt
wiki…) it involves using the rc_startup variable in the nvram to store
the iproute commands to setup the tunnel itself. this can be done either
via the web interface or the console. I’ll just show you what/where i
went to set this up….
5a) go to the web interface of the linksys router…
administration -> diagnostics
5b) click on the “run” button
5c) a new window will have popped up allowing one to enter in
commands to run on the router, its just a fancy interface to the console.
5d) enter in the above iproute commands and then click on “save
startup”.
5e) to verify or do this from the command line, ssh into the
router, then do

=======sample=======
~ # nvram show | grep rc_start
size: 24279 bytes (8489 left)
rc_startup=/usr/sbin/ip tunnel add sixbone mode sit local
xxx.xxx.xxx.xxx remote 64.xxx.xxx.xxx
=======sample=======
(the above seems to be truncated but if you do nvram show |
more and just scroll through the list you’ll see the whole set of commands)

this is how one would set it up from the console, you can
set the radvd config up with one of the nvram variables as well but its
easier to use the web interface

=======sample=======
~ # nvram set rc_startup=”
/usr/sbin/ip tunnel add sixbone mode sit local
xxx.xxx.xxx.xxx remote 64.xxx.xxx.xxx
.
.
(press enter on a blank line to end the sequence of commands)
=======sample=======

the rc_startup variable is generally used to call a user defined script
on startup, but since its just a shell variable and you’re just calling
a script you can put a few commands in there… i seem to have only 10kb
of free nvram before doing this, and after wards about 8kb left, thats
why i stripped down the iproute commands as much as possible and used
the inbuilt radvd config stuff (which is probably using up some nvram as
well)

this method does appear to work for me since i couldnt get the samba
stuff working properly as i dont always have a machine on and the method
does require some thinking on the person setting up, but i think most
people who are interested in this will probably know what they are at
anyway….

Jimmy.

Master Jimmy’s instructions worked first try for me. And don’t be intimidated by all the technical stuff – it was easier than it looks at first glance. For me, it was a sum total three hours work, including a trip to the store.

Good luck!

***UPDATE***

Tooling around with IPv6 may be fun to some, education to others (like me). But it isn’t going to make you any safer from web bugs, so keep your firewall and anti-virus on on on.

***UPDATE 2***

On a lighter note, once you finish all this work, you can test your connection at www.kame.net. If you see the “dancing kame” then check the bottom left hand corner of the page. You should see some stats that look like this:

ipv6viakamenet.gif

Again, good luck.

Comments

Spamroll says:

Releasing hacking tools early ain’t so bad

Hackers tools can be used for no good, but a lot of folks use them to test vulnerabilities, so early release can be a very good thing. Meanwhile, IPv6 is hardly popular in the US, despite how easy it is…

Abner says:

So now that you have IPv6 – what exactly can you do on your home network that you couldn’t do before?

Not much. Then again, there isn’t much out there right now.

I totally remember helping you out on this !!

Thanks for mentioning me on this too, I still have that website up but its been neglected for quite awhile now but I will eventually get back to it.

Gotta give credit where due. Was a cool little project, and the assistance was appreciated.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.