1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

IPv6 - Using DNSMASQ for IPv6 instead of RADVD

Discussion in 'Tomato Firmware' started by Kevin Darbyshire-Bryant, Apr 5, 2013.

  1. Kevin Darbyshire-Bryant

    Kevin Darbyshire-Bryant Serious Server Member

    Hi All,
    I'd like to gauge people's reaction to the idea of dropping RADVD from the Tomato firmware. What isn't commonly known is that dnsmasq can provide all the functionality of radvd for local prefix announcements and will also act as a dhcpv6 server, with integration into the local DNS service too!
    Since dnsmasq can perform the necessary IPv6 duties I fail to see why radvd should still be included. I don't thing there's anyway that radvd configuration can be customised from the GUI so I don't think the config can even be tweaked.

    If you're interested in using dnsmasq for ipv6 service then here are a couple of examples:

    Disable 'Router Advertisments' in IPv6 section of GUI (disables RADVD)

    Enter in dnsmasq custom configuration (Advanced->DHCP/DNS)

    enable-ra - This enables IPv6 router advertising exactly as per RADVD

    If you want to include some DHCPv6 in this (and hence gain local IPv6 addresses in local DNS) then use something like:

    dhcp-range=tag:br0,::1,::FFFF,constructor:br0, ra-names, 12h
    enable-ra

    The constructor option looks at the existing ipv6 address on your local interfaces and constructs a DHCP range based on the address prefix and the locally defined range :):1 -> ::FFFF)

    The above 2 options are in my router and allow windows boxes to obtain IPv6 addresses via DHCPv6, whilst serving Apple iphones/pads etc via the standard SLAAC algorithm (which since apple don't use privacy extensions still allows a DNS entry to be made)

    The only downside I've encountered is that logging into syslog gets pretty noisy!

    I'd be interested in other people's experiences.
  2. Mangix

    Mangix Serious Server Member

    I wonder if removing radvd reduces firmware size by a decent amount.
  3. jerrm

    jerrm Addicted to LI Member

    Looks like the executable is 75K. Not huge, but every bit helps. It would make room for my openssl s_client patch :) (with some room to spare).

    Is there anything RADVD does that that DNSMASQ doesn't?
  4. xorglub

    xorglub Networkin' Nut Member

    That would be great !
    The only thing dnsmasq does not seem to handle well is when the network mask is more than /64 (eg. /56 is common) :

    no address range available for DHCPv6 request via br0
  5. Kevin Darbyshire-Bryant

    Kevin Darbyshire-Bryant Serious Server Member

    Not exactly earth shattering but on my 'v2z' compile it's saved 32KB - it's two less things to maintain (libdaemon & radvd) and two less collections of bugs :)
  6. Kevin Darbyshire-Bryant

    Kevin Darbyshire-Bryant Serious Server Member

    Okay but you weren't getting dhcpv6 service from radvd anyway? I haven't tried configuring a /56 myself but I do feel the whole ipv6 address management thing is frankly a mess. dhcpv6 doesn't actually offer a way of handing out the prefix length, hosts have to use dhcpv6 to get an address (and possibly some other options) and then still solicit/listen for RA flags to find out the local 'on-net' prefix/length. eg: my windows boxes obtain an address & dns server via dhcpv6, but then still have to listen for RA announcements to get the local prefix length to determine what the local subnet actually is. Failure to do the last bit means Windows firewall doesn't work correctly (local hosts don't respond to ipv6 pings and various other issues) which was the 'big' bug in 2.61 for me hence upgrading to 2.66.
  7. xorglub

    xorglub Networkin' Nut Member

    radvd only serves router advertisements, not DHCPv6. Which means the following things will not work :
    * reverse DNS - hosts will choose random addresses through SLAAC ; the router has no idea who all these hosts are. All the reporting pages - Device List, QOS, Web usage... are a mental challenge to interpret when IPV6 is enabled.
    * static leases - not possible.
    * DNS configuration - because RDDNS is not supported on every os, namely windows :) Ouch.
    * tracability - dnsmasq logs activity, radvd does not. When a host has connection issues, go figure...

    dnsmasq provides everything. And as KDB said, that is 2 less packages to maintain.

    There is no need for a new GUI right now, just change the existing tickbox in Basic/IPV6 "Enable Router Advertisements" to alter the dnsmasq.conf file as per the OP says, and ditch radvd. Totally transparent to the end user how the backend works. If they have special needs, go to Advanced/DHCP/DNS.
    Then as time goes by more options can be added.

    The non-/64 netmask bug must be fixed though.
  8. mstombs

    mstombs Network Guru Member

    One of the big potential benefits of dnsmasq is the great active support from the author and other users on his forums. So can this issue be reported there?
  9. Kevin Darbyshire-Bryant

    Kevin Darbyshire-Bryant Serious Server Member


    Can you send me an example config file please, it might be a syntax issue.
  10. xorglub

    xorglub Networkin' Nut Member

    Not a config per se. My ISP assigns me a /56, and I have no need to subnet it so I just set 56 in "Prefix Length" for the LAN ("Assigned / Routed Prefix")

    When you do that everything works fine with radvd, but if you use dnsmasq (copy the 2 lines verbatim from the OP in Advanced/DHCP/Custom configuration), then DHCPv6 hosts cannot get an IP. Everytime they request one dnsmasq logs this :

    If I go and change the prefix length to 64 on the br0 interface, then everything works fine.

    This is actually somewhat documented albeit unclear in the dnsmasq man page, for the --dhcp-range option. Man page is out of date anyway for 2.66 as it does not mention the generator option at all.
    I don't understand the reason behind it.
  11. M_ars

    M_ars LI Guru Member

    dnsmasq has really become very powerfull. I think we can drop radvd and libdaemon

    KDB (and Toastman) are moving in the right direction i think :)
  12. gogubeb

    gogubeb Networkin' Nut Member

    I have ipv6 but i can't make working with Kevin mod.
    I obtain from my ISP ipv6 i can see it on "WAN" and i can see my router ipv6 on the "LAN" but the PC conected to the router don't obtain ipv6 default gateway or ipv6 DNS Server.
    With ubuntu client i also don't obtain any ipv6.
    Someone any guidance?
    Thank you
  13. Kevin Darbyshire-Bryant

    Kevin Darbyshire-Bryant Serious Server Member

    Can you supply 'dnsmasq' related lines from your system log please, say the first 30 lines from when dnsmasq first starts.
  14. gogubeb

    gogubeb Networkin' Nut Member

    Hi Kevin,
    This is my system log for dnsmasq:
    Code:
    Jan  1 02:00:52 wire daemon.info dnsmasq[510]: started, version 2.67test2tomato cachesize 1500
    Jan  1 02:00:52 wire daemon.info dnsmasq[510]: compile time options: IPv6 GNU-getopt no-RTC no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset Tomato-helper auth
    Jan  1 02:00:52 wire daemon.info dnsmasq[510]: asynchronous logging enabled, queue limit is 5 messages
    Jan  1 02:00:52 wire daemon.info dnsmasq-dhcp[510]: DHCP, IP range 192.168.1.2 -- 192.168.1.11, lease time 7d
    Jan  1 02:00:52 wire daemon.info dnsmasq-dhcp[510]: router advertisement on ::1, template for br0
    Jan  1 02:00:52 wire daemon.info dnsmasq-dhcp[510]: IPv6 router advertisement enabled
    Jan  1 02:00:52 wire daemon.warn dnsmasq[510]: failed to access /etc/resolv.dnsmasq: No such file or directory
    Jan  1 02:00:52 wire daemon.info dnsmasq[510]: read /etc/hosts - 3 addresses
    Jan  1 02:00:52 wire daemon.info dnsmasq[510]: read /etc/dnsmasq/hosts/hosts - 6 addresses
    Jan  1 02:00:52 wire daemon.info dnsmasq-dhcp[510]: read /etc/dnsmasq/dhcp/dhcp-hosts
    Jan  1 02:00:54 wire daemon.notice pppd[489]: local  IP address 188.25.167.25
    Jan  1 02:00:54 wire daemon.notice pppd[489]: remote IP address 10.0.0.1
    Jan  1 02:00:54 wire daemon.notice pppd[489]: primary  DNS address 213.154.124.1
    Jan  1 02:00:54 wire daemon.notice pppd[489]: secondary DNS address 193.231.252.1
    Jan  1 02:00:54 wire daemon.notice pppd[489]: local  LL address fe80::0000:0000:bc1b:7821
    Jan  1 02:00:54 wire daemon.notice pppd[489]: remote LL address fe80::0000:0000:0000:0001
    Jan  1 02:00:54 wire user.debug ip-up[543]: 182: pptp peerdns disabled
    Jan  1 02:00:54 wire daemon.info dnsmasq[510]: reading /etc/resolv.dnsmasq
    Jan  1 02:00:54 wire daemon.info dnsmasq[510]: using nameserver 193.231.252.1#53
    Jan  1 02:00:54 wire daemon.info dnsmasq[510]: using nameserver 213.154.124.1#53
    Jan  1 02:01:01 wire daemon.info dnsmasq-dhcp[510]: DHCPINFORM(br0) 192.168.1.2 00:19:db:f4:1e:ac
    Jan  1 02:01:01 wire daemon.info dnsmasq-dhcp[510]: DHCPACK(br0) 192.168.1.2 00:19:db:f4:1e:ac Go-PC
    Jan  1 02:01:12 wire user.debug init[1]: 182: pptp peerdns disabled
    Jan  1 02:01:12 wire daemon.info dnsmasq[510]: exiting on receipt of SIGTERM
    Jan  1 02:01:12 wire daemon.info dnsmasq[573]: started, version 2.67test2tomato cachesize 1500
    Jan  1 02:01:12 wire daemon.info dnsmasq[573]: compile time options: IPv6 GNU-getopt no-RTC no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset Tomato-helper auth
    Jan  1 02:01:12 wire daemon.info dnsmasq[573]: asynchronous logging enabled, queue limit is 5 messages
    Jan  1 02:01:12 wire daemon.info dnsmasq-dhcp[573]: DHCP, IP range 192.168.1.2 -- 192.168.1.11, lease time 7d
    Jan  1 02:01:12 wire daemon.info dnsmasq-dhcp[573]: router advertisement on ::1, template for br0
    Jan  1 02:01:12 wire daemon.info dnsmasq-dhcp[573]: IPv6 router advertisement enabled
    Jan  1 02:01:12 wire daemon.info dnsmasq[573]: reading /etc/resolv.dnsmasq
    Jan  1 02:01:12 wire daemon.info dnsmasq[573]: using nameserver 193.231.252.1#53
    Jan  1 02:01:12 wire daemon.info dnsmasq[573]: using nameserver 213.154.124.1#53
    Jan  1 02:01:12 wire daemon.info dnsmasq[573]: read /etc/hosts - 3 addresses
    Jan  1 02:01:12 wire daemon.info dnsmasq[573]: read /etc/dnsmasq/hosts/hosts - 6 addresses
    Jan  1 02:01:12 wire daemon.info dnsmasq-dhcp[573]: read /etc/dnsmasq/dhcp/dhcp-hosts
    Apr 28 10:50:16 wire daemon.info pppd[489]: System time change detected.
    Apr 28 10:50:17 wire user.debug dhcp6c-state[910]: 182: pptp peerdns disabled
    Apr 28 10:50:17 wire user.debug init[1]: 182: pptp peerdns disabled
    Apr 28 10:50:17 wire daemon.info dnsmasq[573]: exiting on receipt of SIGTERM
    Apr 28 10:50:17 wire daemon.info dnsmasq[915]: started, version 2.67test2tomato cachesize 1500
    Apr 28 10:50:17 wire daemon.info dnsmasq[915]: compile time options: IPv6 GNU-getopt no-RTC no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset Tomato-helper auth
    Apr 28 10:50:17 wire daemon.info dnsmasq[915]: asynchronous logging enabled, queue limit is 5 messages
    Apr 28 10:50:17 wire daemon.info dnsmasq-dhcp[915]: DHCP, IP range 192.168.1.2 -- 192.168.1.11, lease time 7d
    Apr 28 10:50:17 wire daemon.info dnsmasq-dhcp[915]: router advertisement on ::1, template for br0
    Apr 28 10:50:17 wire daemon.info dnsmasq-dhcp[915]: IPv6 router advertisement enabled
    Apr 28 10:50:17 wire daemon.info dnsmasq[915]: reading /etc/resolv.dnsmasq
    Apr 28 10:50:17 wire daemon.info dnsmasq[915]: using nameserver 193.231.252.1#53
    Apr 28 10:50:17 wire daemon.info dnsmasq[915]: using nameserver 213.154.124.1#53
    Apr 28 10:50:17 wire daemon.info dnsmasq[915]: using nameserver 2a02:2f0c:8000:8::1#53
    Apr 28 10:50:17 wire daemon.info dnsmasq[915]: using nameserver 2a02:2f0c:8000:3::1#53
    Apr 28 10:50:17 wire daemon.info dnsmasq[915]: read /etc/hosts - 3 addresses
    Apr 28 10:50:17 wire daemon.info dnsmasq[915]: read /etc/dnsmasq/hosts/hosts - 6 addresses
    Apr 28 10:50:17 wire daemon.info dnsmasq-dhcp[915]: read /etc/dnsmasq/dhcp/dhcp-hosts
    Apr 28 10:50:17 wire daemon.err httpd[916]: bind: [2a02:2f0b:b000:58:22cf:30ff:fece:68a]:80: Cannot assign requested address
    Apr 28 10:50:17 wire user.debug init[1]: 182: pptp peerdns disabled
    Apr 28 10:50:17 wire daemon.info dnsmasq[915]: exiting on receipt of SIGTERM
    Apr 28 10:50:17 wire daemon.info dnsmasq[921]: started, version 2.67test2tomato cachesize 1500
    Apr 28 10:50:17 wire daemon.info dnsmasq[921]: compile time options: IPv6 GNU-getopt no-RTC no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset Tomato-helper auth
    Apr 28 10:50:17 wire daemon.info dnsmasq[921]: asynchronous logging enabled, queue limit is 5 messages
    Apr 28 10:50:17 wire daemon.info dnsmasq-dhcp[921]: DHCP, IP range 192.168.1.2 -- 192.168.1.11, lease time 7d
    Apr 28 10:50:17 wire daemon.info dnsmasq-dhcp[921]: router advertisement on ::1, template for br0
    Apr 28 10:50:17 wire daemon.info dnsmasq-dhcp[921]: IPv6 router advertisement enabled
    Apr 28 10:50:17 wire daemon.info dnsmasq[921]: reading /etc/resolv.dnsmasq
    Apr 28 10:50:17 wire daemon.info dnsmasq[921]: using nameserver 193.231.252.1#53
    Apr 28 10:50:17 wire daemon.info dnsmasq[921]: using nameserver 213.154.124.1#53
    Apr 28 10:50:17 wire daemon.info dnsmasq[921]: using nameserver 2a02:2f0c:8000:8::1#53
    Apr 28 10:50:17 wire daemon.info dnsmasq[921]: using nameserver 2a02:2f0c:8000:3::1#53
    Apr 28 10:50:17 wire daemon.info dnsmasq[921]: read /etc/hosts - 3 addresses
    Apr 28 10:50:17 wire daemon.info dnsmasq[921]: read /etc/dnsmasq/hosts/hosts - 6 addresses
    Apr 28 10:50:17 wire daemon.info dnsmasq-dhcp[921]: read /etc/dnsmasq/dhcp/dhcp-hosts
    Apr 28 10:50:17 wire daemon.err httpd[922]: bind: [2a02:2f0b:b000:58:22cf:30ff:fece:68a]:80: Cannot assign requested address
    Apr 28 10:51:26 wire daemon.info dnsmasq-dhcp[921]: DHCPINFORM(br0) 192.168.1.2 00:19:db:f4:1e:ac
    Apr 28 10:51:26 wire daemon.info dnsmasq-dhcp[921]: DHCPACK(br0) 192.168.1.2 00:19:db:f4:1e:ac Go-PC
    Apr 28 10:51:36 wire daemon.info dnsmasq-dhcp[921]: DHCPREQUEST(br0) 192.168.1.2 00:19:db:f4:1e:ac
    Apr 28 10:51:36 wire daemon.info dnsmasq-dhcp[921]: DHCPACK(br0) 192.168.1.2 00:19:db:f4:1e:ac Go-PC
    Apr 28 10:51:36 wire daemon.info dnsmasq-dhcp[921]: RTR-SOLICIT(br0) 00:19:db:f4:1e:ac
    Apr 28 10:51:40 wire daemon.info dnsmasq-dhcp[921]: RTR-SOLICIT(br0) 00:19:db:f4:1e:ac
    Apr 28 10:51:42 wire daemon.info dnsmasq-dhcp[921]: DHCPINFORM(br0) 192.168.1.2 00:19:db:f4:1e:ac
    Apr 28 10:51:42 wire daemon.info dnsmasq-dhcp[921]: DHCPACK(br0) 192.168.1.2 00:19:db:f4:1e:ac Go-PC
    Apr 28 10:51:44 wire daemon.info dnsmasq-dhcp[921]: RTR-SOLICIT(br0) 00:19:db:f4:1e:ac
    Apr 28 10:53:02 wire daemon.info dnsmasq-dhcp[921]: DHCPINFORM(br0) 192.168.1.2 00:19:db:f4:1e:ac
    Apr 28 10:53:02 wire daemon.info dnsmasq-dhcp[921]: DHCPACK(br0) 192.168.1.2 00:19:db:f4:1e:ac Go-PC
    Thank you
  15. Kevin Darbyshire-Bryant

    Kevin Darbyshire-Bryant Serious Server Member

    Apr 28 10:50:17 wire daemon.info dnsmasq-dhcp[921]: router advertisement on ::1, template for br0
    Apr 28 10:50:17 wire daemon.info dnsmasq-dhcp[921]: IPv6 router advertisement enabled
    Apr 28 10:50:17 wire daemon.info dnsmasq[921]: reading /etc/resolv.dnsmasq

    The above extract suggests that IPv6 RA is enabled however for some unknown reason (at this time) it hasn't found the local IPv6 address on the 'br0' interface. I'm wondering if this also relates to

    Apr 28 10:50:17 wire daemon.err httpd[916]: bind: [2a02:2f0b:b000:58:22cf:30ff:fece:68a]:80: Cannot assign requested address
    What does the router think its IPv6 address is? PM me if you're concerned about security.

    I'm away for the next few days so can't promise prompt replies etc, I'm interested to know what the issue is though.
    Elfew likes this.
  16. LanceMoreland

    LanceMoreland LI Guru Member

    Kevin, Are you sure this works with Comcast's prefix delegation? I have not been able to make Toastman's latest builds work correctly. When I am able to get an IPv6 connection using the latest build my computer has an odd address that does not match the Comcast prefiix and test sites tell me that I am using teredo tunneling. The only thing that works 100% is Build 1.28.0501 MIPSR2Toastman-RT-N K26 USB VPN with (route -A inet6 del default gw :: metric 1024 `nvram get wan_iface`) in the WAN up script.
  17. Kevin Darbyshire-Bryant

    Kevin Darbyshire-Bryant Serious Server Member

    I've been able to spend a little bit of time on this and I think I know what's going on. A more than slight oversight and misunderstanding of the constructor option in dnsmasq on my part. My recommendation at this time to Toastman is to revert the 'no RADVD' commits.

    I think that dnsmasq can provide all the functionality required but it's going to require a few gui handling code tweaks which in my present 'development' environment (netgear WNR3500lv2 which takes 2 attempts to flash any code update) I'm not prepare to persue.

    So what's the problem. In essence the 'dhcp-range=tag:br0,::1, ::FFFF, constructor:br0, ra-names, 12h ' line in dnsmasq.conf doesn't work as I understood it to. It works for me 'cos I'm using tunnelled IPv6 which means my prefix (and more importantly) the IPv6 LAN facing suffix are known and fixed at ::1. This allows dnsmasq to lookup & build the entire prefix & suffix IPv6 address on interface br0 and work out the DHCP range (and also RA) details it should be advertising. Anyone who's LAN facing ipv6 address isn't ::1 the above line will not work.

    A working dnsmasq log for ipv6 stuff looks something like this:

    Code:
    May  1 14:19:11 Router daemon.info dnsmasq-dhcp[1526]: DHCPv6, IP range ::1 -- ::ffff, lease time 12h, template for br0
    May  1 14:19:11 Router daemon.info dnsmasq-dhcp[1526]: DHCPv4-derived IPv6 names on ::1, template for br0
    May  1 14:19:11 Router daemon.info dnsmasq-dhcp[1526]: router advertisement on ::1, template for br0
    May  1 14:19:11 Router daemon.info dnsmasq-dhcp[1526]: DHCPv6, IP range 2001:470:1f09:100::1 -- 2001:470:1f09:100::ffff, lease time 12h, constructed for br0
    May  1 14:19:11 Router daemon.info dnsmasq-dhcp[1526]: DHCPv4-derived IPv6 names on 2001:470:1f09:100::, constructed for br0
    May  1 14:19:11 Router daemon.info dnsmasq-dhcp[1526]: router advertisement on 2001:470:1f09:100::, constructed for br0
    
    It would be useful to know if correcting the 'dhcp-range=tag:br0,::1, ::FFFF, constructor:br0, ra-names, 12h' line in dnsmasq.conf to match your environment will suddenly make things work. eg. If the router's LAN IPv6 address is something like ISP_Prefix::DEAD:BEEF:AA then does 'dhcp-range=tag:br0,::DEAD:BEEF:AA, ::DEAD:BEEF:FFFF, constructor:br0, ra-names, 12h' suddenly make things work?

    The more I think about this the more I'm confused by Simon's 'constructor' tag. I'll drop him a line and he can explain to me how stupid I'm being :)
  18. RMerlin

    RMerlin Network Guru Member

    Not sure if you know that trick yet, but a handy way of doing webui development without constant flashing is to use a binding mount. What I do personally is keep a copy of the /www folder on a USB disk, and mount whichever file I'm working on on top of the flashed version. For example:

    Code:
    mount -o bind /mnt/sda1/www/Advanced_System_Content.asp /www/Advanced_System_Content.asp
    
    You can now work on that page, edit and modify it as much as you want, and the httpd daemon will serve the page from the USB disk instead of the original in flash.

    You can apply that trick to the whole /www folder too - just remember to restart the httpd service afterward.

    The same trick can also be used with some FW binaries, provided you can mount bind them early enough in the boot process.
  19. Toastman

    Toastman Super Moderator Staff Member Member

    Kevin, don't worry, the builds are "BETA" builds, and the idea was to get feedback on the updates, so they've accomplished that already, we have feedback on several small issues in the various updates. Just proceed in your own good time and I'm sure that this will be an improvement, I really like the idea of having it all "under one roof".

    I'll follow any recommendations u make, just shout ... !!
  20. bortle

    bortle Network Newbie Member

    I'm probably wrong about this being the same problem. IPv6 on Comcast still isn't working in the beta build 502.3. However, I'm not getting the same behavior from:
    • a older radvd-enabled build while not using the Comcast workarounds I link below
    • The latest beta builds, with or without extra configuration mentioned above in the dnsmasq
    The former gives me no default route until I apply the workarounds.

    The beta build has the correct default route but autoconfig stops working on my internal hosts.
    edit ---------------------\/ \/ Original Post \/ \/ -------
    @Toastman: did you incorporate the fix you mention here? I can corroborate the issue @LanceMoreland mentions above. I've tried both workarounds (using the route command to try to delete the spurious route and using Koitsu's script).

    I love the idea of eliminating radvd, but right now I need it! :\
  21. Kevin Darbyshire-Bryant

    Kevin Darbyshire-Bryant Serious Server Member

    Not being on Comcast I've no idea what they're doing. However try this:

    In advanced DHCP/DNS page disable 'IPv6 RA'

    Find your IPv6 ip address & remove the prefix - e.g. if address is 8888:7777:6666:5555:4000:3000:2000:1
    then your address is 4000:3000:2000:1

    enable-ra
    dhcp-range=::4000:3000:2000:1, ::FFFF:FFFF:FFFF:FFFF, constructor:br0, ra-names, 12h

    Save this away and then look in the syslog for lines related to dnsmasq. Hopefully you should see that it's constructed both a dhcp & RA range for your IPv6 prefix (8888:7777:6666:5555)
  22. Kevin Darbyshire-Bryant

    Kevin Darbyshire-Bryant Serious Server Member

    Another thing to try, this time using the network prefix only:

    enable-ra
    dhcp-range=8888:7777:6666:5555::, slaac
  23. bortle

    bortle Network Newbie Member

    Thanks, KDB! That works great. I'm also using ra-names as you suggested so that hosts register IPv6 addresses in DNS.
  24. Kevin Darbyshire-Bryant

    Kevin Darbyshire-Bryant Serious Server Member

    That's encouraging! I've pushed a fix to git for others to use if they want - the fix writes the ipv6 prefix to config file for now. Of course ra-names will only work for those hosts that don't do privacy extensions but it's more than radvd did.

    I was trying to avoid defining more than I needed to in the dnsmasq config file, however the constructor option doesn't work quite as I thought/hoped. I'm in discussion with Simon about it, and it looks like I'm not the only person confused by its operation. I've proposed a fix, waiting to hear back.
  25. M0g13r

    M0g13r Networkin' Nut Member

    can not thank u enough man :D
  26. bortle

    bortle Network Newbie Member

    Are you trying to get ipv6 served on a second VLAN, e.g. br1? I was playing with that and couldn't get it to work. If you're doing the same thing, I'm interested in helping test.
  27. Beast

    Beast LI Guru Member

    It would be nice if someone can explain how to get IPv6 to work with charter cable on the latest versions of tomato. I have tried some of the things ive read here, but no luck. Charter provides this info.
    6rd Prefix = 2602:100::/32
    Border Relay Address = 68.114.165.1
    6rd prefix length = 32
    IPv4 mask length = 0

    Primary DNS Address = 2607:f428:1::5353:1

    Secondary DNS Address = 2607:f428:2::5353:1
  28. Kevin Darbyshire-Bryant

    Kevin Darbyshire-Bryant Serious Server Member

    No, I wasn't. However it shouldn't be too hard assuming you're doing this on different /64 prefixes. You'll need a corresponding dhcp-range line in your dnsmasq.conf file otherwise it won't offer RA or DHCPv6 service on that prefix.
  29. Kevin Darbyshire-Bryant

    Kevin Darbyshire-Bryant Serious Server Member

    How far do you get? Does the router get in IPv6 address or is the problem that none of your LAN gets one? When you say latest versions of tomato do you mean Toastman's latest beta releases? Did it work before? And what are the things you've tried?
  30. Beast

    Beast LI Guru Member

    Im using v1.28.7502.3 MIPSR2Toastman-RT K26 USB VLAN-VPN on Asus RT-N16
    I had read that some IPv6 functionality had been added
    • Add a default 'dhcp-range ra-only' to dnsmasq.conf if RA enabled
    • (This will provide equivalent RA functionality of RADVD...with a bit of luck!)
    All the talk about IPv6 of late is what got me interested in trying to get it to work. I do not want to set
    up an account with a tunnel broker. My goal is to use what CHARTER CABLE is implementing. Did some
    reading at TomatoUSB ( http://tomatousb.org/forum/t-473266 ) HowTo IPv6 using 6rd. I did add the scripts
    to the init and wanup sections. And tried various combinations of the gui setup options. Since there is not one
    specifically for IPv6 6rd. The best results at some point, was I got the IPv6-test page to tell me that Teredo was
    working. As of now I am back to a clean install of the above firmware.

    I know little to nothing about all the different ways IPv6 is being implemented, and to what extent the underlying
    code in Tomato supports 6rd.

    And no I never tried to get IPv6 working in earlier versions. And the stuff on TomatoUSB is kind of dated. Looking to find up to date information from you IPv6/Tomato gurus.
  31. Toastman

    Toastman Super Moderator Staff Member Member

    The original guy that did much of the ipv6 stuff on Tomatousb was Wes Campaigne, but he left the project along with most of the other devs around 2 years ago. ipv6 kind of stagnated then because we don't know much about it and we can't use it in our respective countries. But soon we will all have to use it (soon? I wonder.. sometimes) At the moment, Kevin is doing his best, and looks pretty good too.

    Nice work, Kevin, and thanks.
  32. Beast

    Beast LI Guru Member

    ok gave it a fresh try, using Basic "other" settings. Did not enter anything for Router IPv6 address.
    Again added the two scripts from TomatoUSB added a sleep 5 at start of wanup. And got these results from IPv6-test page...

    Test with IPv4 DNS record
    ok (0.085s) using ipv4
    Test with IPv6 DNS record
    ok (0.088s) using ipv6
    Test with Dual Stack DNS record
    ok (2.643s) using ipv6
    Test for Dual Stack DNS and large packet
    ok (0.091s) using ipv6
    Test IPv4 without DNS
    ok (0.123s) using ipv4
    Test IPv6 without DNS
    ok (0.181s) using ipv6
    Test IPv6 large packet
    ok (0.528s) using ipv6
    Test if your ISP's DNS server uses IPv6
    bad (2.160s)
    Find IPv4 Service Provider
    ok (2.828s) using ipv4 ASN 20115
    Find IPv6 Service Provider
    ok (2.964s) using ipv6 ASN 20115
  33. Kevin Darbyshire-Bryant

    Kevin Darbyshire-Bryant Serious Server Member

    Ok, I had a little play at this earlier today. To be blunt the VLAN stuff was only ever designed to work with the IPv4 stuff - I don't know which came first IPv6 or VLAN support in tomato, anyway here's what I tried & discovered.

    Created new bridge (BR1) with a new DHCPv4 range. Dropped 1 port off the default VLAN and created new VLAN with only that port (connected to Windows 7 PC) added new IPv6 DHCP range in dnsmasq:

    dhcp-range=tag:br1,::1, ::FFFF:FFFF, constructor:br1, ra-names, 12h

    Added a test '2000:1000::1'/64 to BR1 - the good news here is that dnsmasq automagically noticed the new IPv6 prefix on BR1, created a suitable DHCPv6 range for it AND started doing RA broadcasts.

    My windows box did SLAAC based on the RAs but did NOT get a DHCPv6 address, it did get an IPv4 address in the new VLAN range. Enabling 'firewall drop' logging showed stuff being dropped on the VLAN and without going further into, I suspect the issue here is that there aren't any IPv6 iptables rules for BR1 so it's just dropping everything.

    I'm encouraged by the behaviour of dnsmasq and think the issue is firewall related. I have no working knowledge of iptables....yet (groans at the thought of delving into yet another tomato induced rabbit hole)

    But (yet another) enhancement to Tomato would be IPv6 VLAN support. And if I may be permitted a small outburst.....far more important than any theme based graphic cr*p...a router routes packets first and does pretty graphics later (or not at all)

    Yes, okay, I'm grumpy today (getting old)
  34. Kevin Darbyshire-Bryant

    Kevin Darbyshire-Bryant Serious Server Member

    To be fair, there's been quite a learning curve for everyone involved in IPv6. Simon (of dnsmasq fame) has in my opinion been at the forefront of practical implementations of IPv6 DHCP & the like. And there are some strange things in it. For example did you know that unlike DHCPv4 there is no equivalent way for DHCPv6 to advertise a netmask (alias prefix in IPv6) DHCPv6 can give you an address and tell you a DNS server but that's it. To find out the network prefix you have to listen to RA broadcasts.

    Why does this matter? Windows 7 for one will configure any address it's handed as a /128 and whilst it will talk IPv6, it treats every other host as 'non-local', so won't respond to pings and various other things, whereas it will on the IPv4 addresses. It needs to see the RAs saying 'this is the local subnet prefix' so that it can configure the firewall correctly.
  35. unoriginal

    unoriginal Connected Client Member

    Alright, I'm certainly no networking or Tomato guru, but that is my customized Charter 6rd script at TomatoUSB you've linked to, so i do know just enough to be a menace. For me at least, it has worked 10/10 on ipv6 test sites until recently, though now like you the ipv6 DNS is not passing, either using the radvd method or the new dnsmasq method. Probably something in the script. Hopefully one of the real gurus here can help sort it out.

    Anyways, here's how I've set-up Charter 6rd for upcoming, radvd-less Tomato firmwares:

    Basic->IPv6
    Service Type: Other
    Wan Interface: tun6rd
    Router Address: (leave blank)
    Static DNS: 2607:f428:1::5353:1
    2607:f428:2::5353:1
    Enable RA: (leave unchecked if this activates radvd, otherwise ?)
    Accept RA: (leave unchecked)

    Administration->Scripts->Init:
    insmod tunnel4
    insmod sit

    Administration->Scripts->WAN Up:
    WANIP=$(nvram get wan_ipaddr)
    if [ -n "$WANIP" ]; then
    ip tunnel del tun6rd
    V6PREFIX=$(printf '2602:100:%02x%02x:%02x%02x' $(echo $WANIP | tr . ' '))
    ip tunnel add tun6rd mode sit local $WANIP ttl 64
    ip tunnel 6rd dev tun6rd 6rd-prefix 2602:100::/32 6rd-relay_prefix 68.114.165.1/0
    ip link set tun6rd up
    ip -6 addr add ${V6PREFIX}:0::/32 dev tun6rd
    ip -6 addr add ${V6PREFIX}:1::/64 dev br0
    ip -6 route add ::/0 via ::68.114.165.1 dev tun6rd
    fi

    Advanced->DHCP/DNS
    Custom config: dhcp-range=2602:100:xxxx:xxxx:1::,ra-names
    dhcp-option=option6:dns-server,2602:100:xxxx:xxxx:1::
    enable-ra

    NB: the custom config above is a dirty, filthy hack. In those x's I put in the remainder of the /64 I get from Charter's 6rd, which as I understand it gets calculated from my dynamic IPv4 address, so in the future it will be prone to breakages. The "constructor" stuff posted here that I've tried so far has not worked. One thing to do would be to have the WAN Up script append those three custom config lines using the V6PREFIX variable to /etc/dnsmasq,conf and restart the dnsmasq service. I leave that to somebody who hopefully knows what the hell they're doing.

    Also, I'm not sure that "6rd-relay_prefix" part is right in the second "ip tunnel" line; maybe it's not supposed to be there at all, as I'm just reusing Charter's Border Relay Address. For why the script is like it is now, i.e. is not the old radvd script at TomatoUSB already linked to, see http://projectdaenney.org/blog/2012/10/24/configuring-6rd-with-non-standard-prefixes-and-dnsmasq/, this is based off of those examples.

    All that said, the stuff "works" from a cold reboot, apart from that IPv6 DNS test and the fact that it will break if ever you are assigned a new IPv4 address. So hopefully this will get more people up to testing and improving.

    I am on Shibby's 107 miniIPv6.
  36. Kevin Darbyshire-Bryant

    Kevin Darbyshire-Bryant Serious Server Member

    @unoriginal - I suspect I know why you've not had success with the constructor option....and hence it may well be possible to fix. The 'big' problem with the constructor is that it expects the first address in the constructed range to be that of the local interface. In other words to build a working range say from PREFIX::1->PREFIX::FFFF:FFFF it demands that the local interface (br0) has the address PREFIX::1

    My guess is that for most tunnel operations that'll be fine 'cos you can make the local end point address to PREFIX::1 I personally think Simon has got this wrong, 1st for the above mentioned reason and 2nd, the implication that you can only start the DHCPv6 range from the configured interface address and work up. If the local configured network portion was FFFF:FFFF:FFFF:FFFF then you're stuffed! Admittedly this is a contrived case.

    My personal preference would be that dnsmasq looks on the local interface for a local network address *inside* the configured DHCP range, and use the prefix if one is found.

    Having said the above I'm wondering if the following changed config would work for you....and if it did you'd never need to tell dnsmasq that the prefix has changed in the config file..it would work it out automagically!


    Basic->IPv6 Service Type: Other
    Wan Interface: tun6rd
    Router Address: (leave blank)
    Static DNS: 2607:f428:1::5353:1
    2607:f428:2::5353:1
    Enable RA: (leave unchecked - radvd has gone, this just writes some stuff to dnsmasq.conf in an attempt to
    emulated radvd for *simple* ipv6 networking - we're not doing simple!)
    Accept RA: (leave unchecked)


    Administration->Scripts->Init:
    insmod tunnel4
    insmod sit

    Administration->Scripts->WAN Up:
    WANIP=$(nvram get wan_ipaddr)
    if [ -n "$WANIP" ]; then
    ip tunnel del tun6rd
    V6PREFIX=$(printf '2602:100:%02x%02x:%02x%02x' $(echo $WANIP | tr . ' '))
    ip tunnel add tun6rd mode sit local $WANIP ttl 64
    ip tunnel 6rd dev tun6rd 6rd-prefix 2602:100::/32 6rd-relay_prefix 68.114.165.1/0
    ip link set tun6rd up
    ip -6 addr add ${V6PREFIX}:0::/32 dev tun6rd
    ip -6 addr add ${V6PREFIX}:1::1/64 dev br0 - note the change here
    ip -6 route add ::/0 via ::68.114.165.1 dev tun6rd
    fi

    Advanced->DHCP/DNS
    Custom config:
    dhcp-range=::1, ::FFFF:FFFF, constructor:br*, ra-names, 12h
    #dhcp-option=option6:dns-server,2602:100:xxxx:xxxx:1:: - really not convinced by this line - see below
    enable-ra
    In theory, dnsmasq knows the local IPv6 address and hands out that address as the IPv6 DNS server, which it then forwards etc. However I of course bow to your superior knowledge of your config.
  37. Beast

    Beast LI Guru Member

    Just checked my setup again,
    1- I don't see an option to Enable RA in the Basic IPv6 section. But I do see and have it checked under Advanced DHCP/DNS.

    2- At this time dont have any of the Custom config: In Advanced->DHCP/DNS. Why not, simple I forgot to put it back in.

    3- And the actual Wan Up looks like this

    WANIP=$(nvram get wan_ipaddr)
    if [ -n "$WANIP" ]; then
    ip tunnel del tun6rd
    V6PREFIX=$(printf '2602:100:%02x%02x:%02x%02x' $(echo $WANIP | tr . ' '))
    ip tunnel add tun6rd mode sit local $WANIP ttl 64
    ip addr add ${V6PREFIX}::1/32 dev tun6rd
    ip addr add ${V6PREFIX}::1/64 dev br0
    ip link set tun6rd up
    ip -6 route add ::/0 via ::68.114.165.1 dev tun6rd
    service radvd restart
    fi

    This setup appears to work as well, just wondering how. Time to read up on Charter IPv6 some more.
    I know NOTHING. :) Just beginning to get into IPv6.
  38. unoriginal

    unoriginal Connected Client Member

    Yes, the change to the br0 addy allows the constructor to work, thanks.
  39. Beast

    Beast LI Guru Member

    What about this line that Kevin changed.?

    ip -6 addr add ${V6PREFIX}:1::1/64 dev br0 <- - note the change here
  40. unoriginal

    unoriginal Connected Client Member

    (1) Since you're using Toastman and I'm using Shibby, it may be the option for radvd (i.e. "Enable RA") is on a different configuration page. You should uncheck it if you've got (2) "enable-ra" in the dnsmasq custom config.

    (3) That's the old script that sussix posted and I edited for Charter 6rd. In my experience it only works with radvd. Once you uncheck "Enable RA" and dnsmasq takes over, it will eventually stop working (once the router's routing table updates and/or you restart your computer's network connection.) dnsmasq apparently requires an additional interface subnet to be added, along with a more properly defined tunnel, and obviously we don't want to restart radvd. Thus you have to use the new Wan Up script (and dnsmasq custom config) Kevin and I just figured out.

    Make sure to reboot your router when you've made the changes.
  41. Kevin Darbyshire-Bryant

    Kevin Darbyshire-Bryant Serious Server Member

    It works by accident. Because you've checked Enable RA in advanced dns/dhcp *AND* you don't have the latest 'fix', a line similar to "dhcp-range=::1,::FFFF:FFFF,constructor:br0,ra-names,12h" (mentioning 'constructor') will be inserted into /tmp/etc/dnsmasq.conf.

    Since you've assigned a $V6PREFIX::1 address on to 'br0', the constructor option picks up that address AND the prefix and starts doing IPv6 RAs (and possibly DHCPv6) Please read my post above 'cos you should really turn uncheck 'Enable RA' and put in the two custom dnsmasq config lines instead. That way it won't break again come the next beta.........hopefully! :)
  42. Beast

    Beast LI Guru Member

    Ok, will make the changes. So back to that one line change. You think it should be your way or as suggested by Kevin?
  43. fubdap

    fubdap Networkin' Nut Member

    Thanks you guys for your effort. So which script should we use. The one on post #36 by Kevin or the one on post #35 by unoriginal? Thanks.

    Edit - Beast you beat me to it.
  44. unoriginal

    unoriginal Connected Client Member

    Use either Kevin's or the corrected one by Kevin I simplified and quoted in post #38.
  45. Beast

    Beast LI Guru Member

    Almost ran out of space in wan up, because of the 4k space limit. I run All-U-Need ad block script. Had to delete some of the comment lines to get enough space to add the IPv6 stuff.

    Testing still = 9/10

    Thank you unorginal and Kevin for getting me and fubdap going.
  46. fubdap

    fubdap Networkin' Nut Member

    IPV6.JPG I am running this:
    Tomato Firmware 1.28.0000 MIPSR2-108 K26 USB VPN
    on my RT-N16. I copied the information on post #38. Saved on every step. I then rebooted my router. I went to the IPv6-test site and I got 10/10.
    @Beast - did you reboot before going to the test site?

    Thanks to all.
  47. Beast

    Beast LI Guru Member

    Yes, this is the failure with my test.
    Test if your ISP's DNS server uses IPv6===bad (0.001s)
  48. fubdap

    fubdap Networkin' Nut Member

    Kevin is right about the logging. It's excessive. Hoping there is a way to quiet it down.
  49. Beast

    Beast LI Guru Member

    Yeah a lot of this
    May 6 21:00:01 BeastNet syslog.info root: -- MARK --
    May 6 21:06:34 BeastNet daemon.info dnsmasq-dhcp[1066]: RTR-ADVERT(br0) 2602:100:615d:db02::
    May 6 21:16:12 BeastNet daemon.info dnsmasq-dhcp[1066]: RTR-ADVERT(br0) 2602:100:615d:db02::
    May 6 21:23:44 BeastNet daemon.info dnsmasq-dhcp[1066]: RTR-ADVERT(br0) 2602:100:615d:db02::
    May 6 21:33:16 BeastNet daemon.info dnsmasq-dhcp[1066]: RTR-ADVERT(br0) 2602:100:615d:db02::
    May 6 21:42:32 BeastNet daemon.info dnsmasq-dhcp[1066]: RTR-ADVERT(br0) 2602:100:615d:db02::
    May 6 21:51:54 BeastNet daemon.info dnsmasq-dhcp[1066]: RTR-ADVERT(br0) 2602:100:615d:db02::
    May 6 22:00:01 BeastNet syslog.info root: -- MARK --
    May 6 22:01:13 BeastNet daemon.info dnsmasq-dhcp[1066]: RTR-ADVERT(br0) 2602:100:615d:db02::
    May 6 22:08:56 BeastNet daemon.info dnsmasq-dhcp[1066]: RTR-ADVERT(br0) 2602:100:615d:db02::
    May 6 22:16:50 BeastNet daemon.info dnsmasq-dhcp[1066]: RTR-ADVERT(br0) 2602:100:615d:db02::
    May 6 22:17:04 BeastNet daemon.info dnsmasq-dhcp[1066]: RTR-ADVERT(br0) 2602:100:615d:db02::
    May 6 22:17:23 BeastNet daemon.info dnsmasq-dhcp[1066]: RTR-ADVERT(br0) 2602:100:615d:db02::
    May 6 22:17:37 BeastNet daemon.info dnsmasq-dhcp[1066]: RTR-ADVERT(br0) 2602:100:615d:db02::
    May 6 22:17:44 BeastNet daemon.info dnsmasq-dhcp[1066]: RTR-ADVERT(br0) 2602:100:615d:db02::
    May 6 22:17:58 BeastNet daemon.info dnsmasq-dhcp[1066]: RTR-ADVERT(br0) 2602:100:615d:db02::
    May 6 22:18:07 BeastNet daemon.info dnsmasq-dhcp[1066]: RTR-ADVERT(br0) 2602:100:615d:db02::
    May 6 22:26:00 BeastNet daemon.info dnsmasq-dhcp[1066]: RTR-ADVERT(br0) 2602:100:615d:db02::
    May 6 22:35:03 BeastNet daemon.info dnsmasq-dhcp[1066]: RTR-ADVERT(br0) 2602:100:615d:db02::
    May 6 22:42:54 BeastNet daemon.info dnsmasq-dhcp[1066]: RTR-ADVERT(br0) 2602:100:615d:db02::
  50. Beast

    Beast LI Guru Member

    I have this in costume config

    quiet-dhcp

    wonder if their is a quiet command for dnsmasq?
  51. Kevin Darbyshire-Bryant

    Kevin Darbyshire-Bryant Serious Server Member

    QUIET-DHCP option is actually a Tomato exclusive, originally added by Teddy_Bear. The router advertisements (RA) Solicits & Adverts at the present time cannot be suppressed.

    There's an argument here that seeing them is very useful - you can see IPv6 LAN provisioning happening. Try without your 'quiet-dhcp' option, fire up a couple each of iphones/pads/pods/androids/windows boxes and see what a noisy log file looks like! :)
  52. Beast

    Beast LI Guru Member

    Oh indeed I remember my log file before I added that option. I looked at the help for dnsmasq and found the quiet-dhcp documented there. Was hopping for some undocumented switches to suppress more logging that someone here in forums might know about. Not all things get documented.

    Still only passing 9/10. I checked use user entered dns along with severed, (even thou I think that is only for ipv4 dns servers) it didnt help.
  53. Kevin Darbyshire-Bryant

    Kevin Darbyshire-Bryant Serious Server Member

    Out of interest, what client OS & browser are you using to run these tests?

    If you log in to the router, can you actually IPv6 ping the DNS server?
  54. Beast

    Beast LI Guru Member

    Router Ping tool says 2607:f428:1::5353:1 is an invalid address. And ping from Win7 with force ipv6 get general failure with 100% loss. It mus be the way the prefix range is being constructed.

    This [ dhcp-range=::1,::FFFF:FFFF,constructor:br0,ra-names,12h ] and
    This [ ip -6 addr add ${V6PREFIX}::1/64 dev br0 ] using :0::1/64 or ::1/64 have made no difference.

    I have to go to work now. Thanks for your interest.
  55. Kevin Darbyshire-Bryant

    Kevin Darbyshire-Bryant Serious Server Member

    Okay. Until the router can ping an IPv6 address then quite frankly you can rule out anything to do with dnsmasq. dnsmasq is responsible for address allocation etc on the LAN only.

    "This [ ip -6 addr add ${V6PREFIX}::1/64 dev br0 ] using :0::1/64 or ::1/64" There is no difference between :0::1/64 and ::1/64. in ipv6 :: is shorthand for 'all zeros'.

    But it has given me a clue as to where I think the problem is.... The corrected line I posted used ':1::1/64' - the way of think about this is that in your case the '0' is your WAN facing IPv6 address allocated to the tunnel, whilst the '1' address range is your local LAN.

    Use the wan up script in post #36 and see how you get on. The router should then have its own WAN facing IPv6 address AND should be able to ipv6 ping ipv6 addresses - Only with that working do we stand a chance of getting the LAN stuff sorted and a 10/10 score :)
  56. Kevin Darbyshire-Bryant

    Kevin Darbyshire-Bryant Serious Server Member

    As a further comment, if you're interested in learning a little more about IPv6 then Hurricane Electric do an on-line certification which teaches (and tests) some of the basics. It's pretty useful & educational and will give you a better overview as to how this stuff works (or not as the case may be)

    http://ipv6.he.net/certification/
  57. unoriginal

    unoriginal Connected Client Member

    At least for me, using anything other than ::1 or ::1:1 for br0 results in being unable to reach ipv6 sites (ipv6.google.com) and in receiving a 0/10 score on test-ipv6.

    I suspect this is related to the dnsmasq constructor being a dick.

    My guess this is because the Tools->Ping page calls "ping" and not "ping6." Try Tools->System (or just ssh in) and run ping6 -c 3 2607:f428:1::5353:1 and ping6 -c 3 ipv6.google.com. My results are that ipv6.google.com works (as it does in my web browser) and pings to Charter's ipv6 DNS fail, sometimes with "Destination Unreachable: Address Unreachable."
  58. Beast

    Beast LI Guru Member

    Just tried #36 wanup script now 0/10 no IP6 detected.
    This is the wan IP 2602:100:615d:db02::
    This is the lan IP 2602:100:615d:db02:1::1

    When using #36 script.

    Ok, using ::1 for br0 gets me a vaild ipv6 address, none of the other combos worked for me.But still cant ping 2607:f428:1::5353:1
  59. Kevin Darbyshire-Bryant

    Kevin Darbyshire-Bryant Serious Server Member

    Hmm, I can't ping Charter's IPv6 DNS server (main or backup) from outside their address space either. Ok, so maybe we have to content ourselves for now with being able to ping ipv6.google.com.

    I'm really at the limit of my knowledge, not come across 6RD before and don't know how it's supposed to work.
  60. Kevin Darbyshire-Bryant

    Kevin Darbyshire-Bryant Serious Server Member

    No it looks like a mistaken attempt to validate IPv4 vs hostnames etc. Entering 'ipv6.google.com' does actually ping the IPv6 address. Entering an IPv4 address works correctly also. Entering an IPv6 address then it fails with an 'invalid hostname'.
  61. Beast

    Beast LI Guru Member

    Time for work again. Thanks for all the feed back. With the ::1 my results are still INVALID ADDRESS using ping tool in Router with address 2607:f428:1::5353:1
  62. shibby20

    shibby20 LI Guru Member

    well after this commit:
    http://repo.or.cz/w/tomato.git/blob...2079c3099c1:/release/src/router/rc/services.c

    i have a lot of warnings in log:
    I had to add no-dhcp-interface=br2 to custom log to resolve this problem.

    I have also huge entries like this:
    and i don`t know why.
  63. Kevin Darbyshire-Bryant

    Kevin Darbyshire-Bryant Serious Server Member

    I would politely request that everyone backs out my updated dnsmasq commits and forgets the idea of replacing radvd with dnsmasq. It's too much hassle to come up with a bullet proof gui that deals with IPv4 (WINS or no WINS, DNS or no DNS), IPv6 (or not, DNS or no DNS), VLANs (or not) The whole Tomato GUI regarding address handling, dhcp ranges etc needs to be thrown out. When the ping test page cannot determine the difference between a hostname, an IPv4 address or an IPv6 address correctly it's time to call it a day.
  64. Kevin Darbyshire-Bryant

    Kevin Darbyshire-Bryant Serious Server Member

    The RTR-ADVERT lines show that dnsmasq is doing ipv6 router adverts. Radvd did them but wasn't as noisy about it. Radvd didn't do dhcpv6 at all.

    "no address range available for DHCP request via br2" is because 'do dhcp' is set false for that vlan and it no longer writes a 'no-dhcp-interface' to allow people to override this in the custom file. Otherwise you end up with a situation where you say 'don't do dhcp' in the gui, but later you wish to do something clever in your own dnsmasq.custom. With the no-dhcp-interface line automatically generated you ended up generating a stupid config file.

    The problem is that if it sees a dhcp request coming in on br2 it logs the above warning.

    I'll say this and then go: The whole LAN address config, handling, integration with Vlans, WINS, ipv6,dhcpv4, dhcpv6 needs to be sorted out. The existing code is an impenetrable uncommented, undocumented mess. It is inflexible and behaves in unexpected ways especially with vlans enabled. And that's just services.c.

    Wish I'd never touched it.
  65. unoriginal

    unoriginal Connected Client Member

    Sorry to see you go Kevin.

    But on the assumption that eventually IPv6 is going to have to get worked out better in Tomato, I've worked out a 6rd script that functions under both radvd and dnsmasq... turns out the old script was good, it was the dnsmasq constructor that was the missing piece:

    Basic->IPv6
    Service Type: Other
    IPv6 Wan Interface: tun6rd
    Static DNS: 2607:f428:1::5353:1
    2607:f428:2::5353:1

    Administration->Scripts:

    Init:
    Code:
    insmod tunnel4
    insmod sit
    WAN Up:
    Code:
    WANIP=$(nvram get wan_ipaddr)
    if [ -n "$WANIP" ]; then
        ip tunnel del tun6rd
        V6PREFIX=$(printf '2602:100:%02x%02x:%02x%02x' $(echo $WANIP | tr . ' '))
        ip tunnel add tun6rd mode sit local $WANIP ttl 64
        ip link set tun6rd up
        ip -6 addr add ${V6PREFIX}::1/32 dev tun6rd
        ip -6 addr add ${V6PREFIX}::1:1/64 dev br0
        ip -6 route add ::/0 via ::68.114.165.1 dev tun6rd
    fi
    If you want to use radvd:
    Check "Enable Router Advertisements" on either Basic->IPv6 or Advanced->DHCP/DNS

    If you want to use dnsmasq:
    Advanced->DHCP/DNS
    Custom Config:
    Code:
    dhcp-range=::1:1,::FFFF:FFFF,constructor:br0,ra-names,12h
    enable-ra
    Swap out the Charter-specific addresses in the WAN Up script (i.e. 2602:100 and 68.114.165.1, see here) and Static DNS, and you should be able to use this for any 6rd Border Relay service.

    Still only get 9/10 IPv6 service however. Must be due to a fairly recent change either in Charter's 6rd service or in Tomato.
  66. bortle

    bortle Network Newbie Member

    Sorry to see you get frustrated with this, Kevin. I was having fun trying to make my stuff work with dnsmasq, but can't blame you for exasperation.

    I'll document a couple small things I came across.
    I discovered this rule:
    Code:
    Chain FORWARD (policy DROP 0 packets, 0 bytes)
    num  pkts bytes target    prot opt in    out    source              destination
    ...
    9        0    0 DROP      all      !br0  vlan2  ::/0                ::/0
    ...
    This drops ipv6 trafffic from the WAN interface that isn't to br0. I got around it by dropping this line into the Firewall tab on Administration, Scripts:
    Code:
    ip6tables -I FORWARD 9 -o vlan2 -i br1 -j ACCEPT
    I'm running using Comcast HSI, who support either anycast relay or DHCPv6. Since they hand out a /64, there really is only room for one routed interface. Subnetting further breaks SLAAC and who knows what else. The best I could do was
    • both interfaces assigned addresses, using an 'ip addr add' command in a WAN up script
    • routing table can have either br0 or br1 as the route for my /64 prefix
    I've decided to roll back to Toastman's 501.3 release and stick with radvd, abandoning my multi-vlan ipv6 plans at least for now. Once Comcast will hand me a /63 or larger, I'll probably give it another shot.
  67. Edrikk

    Edrikk LI Guru Member

    I really hope this is just frustration speaking and Kevin isn't leaving his work behind.
    Kevin, you've done incredible work, and what you're doing is so important for Tomato long term (dnsmasq updates continue to fix issues which is critical for ipv6 daemon).

    Please don't abandon your great work!
  68. Victek

    Victek Network Guru Member

    Already signed a blood contract a week ago with 500 beer fine if he try to abandon ... I saw him sleeping over the code ;)
    tomatosoup, Elfew and M_ars like this.
  69. krism75

    krism75 Network Newbie Member

    Is it required to have an ISP that supports ipv6 to have dnsmasq in tomato support ipv6 for the LAN (br0) ?

    Currently I configured dnsmasq using:
    Code:
    dhcp-range=tag:br0,::1,::FFFF,constructor:br0, ra-names, 12h
    enable-ra
    I can see in the logging that the service is working, but non of my client machines obtain an ipv6 address from the dhcp server in my rt-n66.

    Any idea's?
  70. Kevin Darbyshire-Bryant

    Kevin Darbyshire-Bryant Serious Server Member

    dnsmasq won't advertise an IPv6 prefix unless there's a global prefix to hand out. If you're not native IPv6 then consider using a tunnelbroker service. I use hurricane electric's free tunnelbroker service.
  71. fuzinc

    fuzinc Network Newbie Member

    Hi guys, I need a help.
    I have latest shibby tomato firmware without radvd. From my ISP I've got a IPes for native IPv6 setting.
    settings are:


    connecting segment: aaaa:bbb:xxxx::c/126
    isp router: aaaa:bbb:xxxx::d
    my router: aaaa:bbb:xxxx::e

    subnet: aaaa:bbb:xxxx:0004::/64

    DNS 1: 2a01:260:1:2::3
    DNS 2: 2a01:260:1:3::3

    settings window in gui is:
    [​IMG]

    So please, could you tell me what exactly to put in the settings and I think this input in basic ipv6 config is not enough for working network.

    thanks
    darkknight93 likes this.
  72. Lorenceo

    Lorenceo Serious Server Member

    Can DNSMASQ announce the MTU in its router advertisements? Without that working you're going to have issues in situations where the WAN MTU is lower than 1500.
    RADVD doesn't announce the correct MTU (or DNS or prefix) in the current builds either FWIW.
    I have posted in the main Toastman releases thread about this see here and only recently received input on it from Kevin.
  73. bortle

    bortle Network Newbie Member

    Using your examples in blue,
    Assigned/Routed Prefix: aaaa:bbb:xxxx:0004::
    Prefix Length: 64
    Router IPv6 Address: aaaa:bbb:xxxx:0004::e <-- that last character could vary, should probably start with your /64 prefix and end with ::something

    You could also try DHCPv6. Your provider may hand you prefixes and simplify this part.
  74. krism75

    krism75 Network Newbie Member

    Is there somewhere a good tutorial to setup ipv6 with dnsmasq? I'm very interested in having ipv6 DHCP on my internal (LAN) network which has 2 seperated bridges (br0 and br1)
    darkknight93 likes this.
  75. bortle

    bortle Network Newbie Member

    I've been banging my head on this, but I'm not sure how to do it correctly without a few things. First off, I think I'd need a larger than /64 prefix, since both br0 and br1 would need a set of addresses to hand out and ranges smaller than /64 break SLAAC (I think?). Comcast has rumors that it will hand customers up to a /60 but that hasn't happened yet, so I'm living with it broken. No complaints, br0 works great!

    What I find is that I can have either br0 or br1 working but not both, and that's all through command-line scripts to assign my ISP DHCPv6 address to one or the other.

    So my br1 clients piteously RTR-SOLICIT(br1) all the time but screw 'em. They're getting free ipv4.:cool:
    darkknight93 likes this.
  76. tokyovigilante

    tokyovigilante New Member Member

    Hi, I'm using Shibby's 112 build of Tomato on my RT-AC66U. I was previously using my ISP's anycast relay at 192.88.99.1 for 6to4 IPv6 access (with a WRT-54GL, back when radvd was all that was available).

    My router does not seem to be handing out IPv6 addresses via DHCP with dnsmasq.

    Is this configuration still supported? Is there any custom configuration I need to add? Thanks.

Share This Page