This tutorial will show how to setup up routed /64. It should be is possible too setup a /48 too. I went through tunnelbroker.net, so that it what I will be showing. The Firmware You will need to find a version of Tomato that supports IPv6 and the IPv6 gui for your router (if it exists), in order to follow the tutorial. I personally have been using the Toastman builds for the Asus rt-n16. I believe all of his builds for MIPSR2 Routers support it. (Please correct me if I'm wrong) He also has firmware for MIPSR1 routers labeled "tomato-K26-1.28.78xxMIPSR1-Toastman-ND-MiniIPv6.trx", for routers with 4mb flash, like the WRT series. http://www.4shared.com/dir/v1BuINP3/Toastman_Builds.html Other mods I believe have IPv6 gui. Shibby mod http://tomato.groov.pl/ Victek mod http://victek.is-a-geek.com/tomato.html Any others? I believe that you should be able to find IPv6 gui firmware for most tomato supported routers. IPv6 is not available on Linux 2.4 tomato firmwares, only under Linux 2.6 where it has been explicitly included. Now for the Tutorial First you'll have to sign up for a tunnelbroker account, and go through the process of getting a routed /64. Once you have done that, you'll end up with a page like this under your list of Tunnels. As you can see, I also have a routed /48, which I am not presently using. We'll be using some of these values to enter into the router. Then in the router, go to "Basic -> IPv6", Fill in the fields with the ones of your tunnel, and save. edit: You can easily setup a /48 too. Just change 'Assigned / Routed Prefix' with your routed /48, and change 'Prefix Length' to 48. Make sure to hit tab after that so that 'Router IPv6 Address' will automatically adjust to the new settings. You can try MTU to default and see if that works for you. If your router receives it's IP by dhcp, try out 1480 , and 1472 for PPPoE. If none of those work for you, put 1280, and it should work at that setting if it's an MTU issue. You can play around with it until you find the highest usable MTU. It would be something in the 1400's range I imagine. The higher that is possible the better, because it allows more information to be sent per packet. 1280 will work, but fragments the packets more. Then head to "Advanced -> Firewall", and check "Respond to ICMP ping", and save. Your network needs to respond to ICMP in order for the tunnel to be created. For those of you with a static IP address, you can just manually update your "Client IPv4 Address:" in the tunnel page. If you have a dynamic IP address like me, also perform the following Head to "Basic -> DDNS" edit: Recent git commits found in some TomatoUSB mods have fixed the TunnelBroker DDNS "Unkown response" error that shows up, you should probably expect to see this fix in the next official stable release of TomatoUSB. 10/20/2011 That should be it. Save and reboot the Router. It takes a moment for the IPv6 tunnel to be established once the Wan connection is up. Make sure your OS has IPv6 enabled, Windows 7 should be already. You can also setup static IPv6 addresses on your local network that fall within you routed /64 range. Under "Port Forwarding -> Basic IPv6", you can open ports to all, or specific machines. I use afraid.org for DDNS, and have setup AAAA DNS records for this. Test out your connection edit: icanhazip.com seems to have lost it's ipv6 checking capability, not sure if or when it will come back, but there's plenty of other places that will tell you too. 10/11/2011 edit 2: icanhazip now appears to work again with ipv6 addressing. If you've setup a static IPv6 address on Windows 7, you will actually have 2 IPv6 addresses. Along with your static IP, you will have a "Temporary IPv6 address" , and it's through this address the you will be recognized on the web. Taken from the TunnelBroker forum, "Basically, it's trying to emulate the dial up days where you had a certain degree of anonymity because every time you would dial in to the internet, you would get a different address." If you wish to disable this temporary address, run "netsh int ipv6 set privacy disabled", and then reboot. I hope this helps demystify the IPv6 setup
Great post! Followed your directions and got it to work thanks! Router: Asus RT-N16 Mod: Shibby's Mod File: tomato-K26USB-1.28.905xRAF-EN-MIPSR2-079V-AIO.trx7.6 MB12-Oct-1
Your tutorial worked perfectly. Thank you. Kind of funny, when I set up the ipv6 DDNS, I got a scolding from Hurricane electric. "Sunday, February 12, 2012 4:01:32 PM: This tunnel is already associated with this IP address. Please try and limit your updates to IP changes"
I hadn't tried it, but now that you brought it up I did it successfully. All you have to do is change 'Assigned / Routed Prefix' with your routed /48, and change 'Prefix Length' to 48. Make sure to hit tab after that so that 'Router IPv6 Address' will automatically adjust to the new settings, then reboot.
Thanks you, had to change the MTU to 1480 for mine to work. I score 9/10 for IPv6, the advanced stats say that my ISP (VirginMedia UK) does not support Ipv6, they are really dragging their feet on this.
Great tutorial, lancethepants. Saved me hours and possibly days of head scratching. Works perfectly on my new Linksys E3000 running Victek's latest mod.
Thanks for all the feedback! This is just a heads up if your are also running DNSCrypt with IPv6. There's nothing wrong with it, just a warning of what to expect. After setting up DNSCrypt with the following guide, or if you use Shibby's latest builds with DNSCrypt integrated, I noticed the following when checking my IPv6. http://www.linksysinfo.org/index.php?threads/dnscrypt-preview.37031/ It shows only a 9 out of 10 on IPv6. Naturally this alerted me and I want to see what test failed. This is the message. This is stating that DNS over IPv6, which was previous working, now is not. This however does not limit the functionality of the HE tunnel. A little explanation: To surf the web on IPv6, all you need is some form of functioning DNS. Whether your queries are performed over IPv4 or IPv6 it doesn't really matter, as they should both return the same results. Usually dnsmasq will query all dns servers (IPv4 and IPv6 alike), and then begin to give preference to the one that responds the quickest. When using DNSCrypt, it's necessary to add 'strict-order' to dnsmasq's config in order to ensure all DNS queries are sent through DNSCrypt only. This essentially prevents any DNS queries to any other server including IPv6 servers defined in Basic->IPv6. That is why this message occurs, as it is not capable of performing DNS over IPv6. DNSCrypt is the default for all IPv4 and IPv6 address lookups. Everything will still continue to function as before. When will this message matter? When the internet has completely moved to IPv6 and IPv4 has been phased out. By that time, DNSCrypt will operate over IPv6 anyway.
This was helpful for me to get it working with my Asus RT-N66U router. Although after trying it, is it normal that websites still see the regular IPv4 address? It seems kind of pointless to run IPv6 if that is the case, or I must be missing something? I probably am, as I'm not that knowledgeable about this.
Once you have IPv6 setup, it will be preferred over IPv4, if and only if the site you visit is IPv6 enabled. Not all the websites you'll visit have IPv6 availability yet, it's still a continual ongoing process. Most big sites do now, like facebook, google etc. If you've confirmed that you've succesfully setup IPv6 through the guide, then you're all set. Now everyone else just needs to catch up to you. Does test-ipv6.com or icanhazip.com confirm that you have IPv6 working? If so, then what your seeing is normal.
Even with DNSCrypt turned off, I'm getting... IPv6 OpenDNS IPs are listed first in dnsmaq config. What could be wrong?
You probably still have 'strict-order' under dnsmsasq options. 'strict-order' only allows the first DNS resolver to be used, this is how we guarentee that dnscrypt is always used. Your IPv6 nameserver may be first in resolv.dnsmasq, but the 'server' option in dnsmasq.conf takes presidence, and I don't believe Tomato is setup to put IPv6 nameserver in dnsmasq.conf. You may put it manually, but it requires a restart of dnsmasq, and tomato will just wipe out your settings anyway. As long as 'strict-order' is enabled, IPv6 won't be uesd. You can remove it, and OpenDNS will always be used since their DNS resolvers are in you IPv6 config, but it won't guarentee that it's encrypted. I've pondered on how to enable DNSCrypt and allow encrypted IPv6 DNS. DNSCrypt now supports IPv6, but you can only use IPv4 or IPv6 at a time, but unless you have native IPv6, I wouldn't trust my entire DNS to a tunnel. I think you would have to run two instances of DNSCrypt. One that handles IPv4, and one that handles IPv6. I just can't figure out how to tell the IPv6 static DNS settings to query to IPv6 localhost ( ::1 ) but on a nonstandard port (like 40). I'm sure it's possible, but I think the gui may not allow it, or work it right.
No, I didn't put that option. I resolved the problem by setting it manually on my computer. It doesn't appear to pass IPv6 DNS IPs to connected devices.
That's an interesting issue. I haven't had any problem with using IPv6 when I've left my PCs to acquire it automatically. Edit: Just to clarify, are you having issues connecting to IPv6 enabled sites, or are you having issues performing DNS queries over IPv6? Just a few things to point out, maybe or maybe not relevant. 1. You don't need to have IPv6 enabled DNS to visit IPv6 sites. Queries performed over IPv4 will return IPv4 and IPv6 results. And if IPv6 is active, it will prefer the IPv6 DNS result of IPv4. 2. DNSMasq will prefer that fastest DNS server. In the case of tunnelled IPv6, IPv4 queries will almost always be faster, because the IPv6 tunnel will not be as fast as your native connection. 3. Perhaps this is a bug. Perhaps trying a different build might work. Or maybe this could be resolved by clearing nvram and re-entering you settings by hand. I believe we've seen that issue at least once with IPv6. 4. From your other post, despite it not showing a value for IPv6 DNS (looks the same as in mine) I can confirm that my router still performs DNS over IPv6 (as long as you DO NOT use 'strict-order). Using tcpdump I've observed the actual IPv6 DNS packets. If you're really in doubt, you should try it out yourself and see if they don't show up.
Thanks for this post. I finished my IPv6 configuration this morning and got 10/10 on the IPv6 test site. Now I just have to do some windows 7/2008 configurations to get rid of teredo and I think I am all set. Just an update it looks like Windows 7 automatically disabled teredo when the IPv6 address went live. When I executed the ipconfig command it was now listed as "media disconnected" on my 3 workstations.
I tried to do this, and it only seems to work halfway. I'm running Toastman 1.28.0501 MIPSR2Toastman-RT-N K26 USB VPN on an RT-N66u. As far as I can tell, the 6to4 tunnel is established. My laptop gets an ipv6 address. The routing table on the router under Advanced-Routing shows a lot of IPv6 entries. I can look up IPv6 hosts in DNS. I just can't ping anything or connect to anything. The test-ipv6.com site says I don't have IPv6. I can ping ipv6.google.com, and it looks up the address, but can't ping: Code: C:\Users\david>ping ipv6.google.com Pinging ipv6.l.google.com [2607:f8b0:4006:800::1012] with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. Ping statistics for 2607:f8b0:4006:800::1012: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), I have MTU set to 1280 in Tomato, and also in the TunnelBroker advanced settings. Any ideas?
Update: Fixed it...mostly. Appears there was something wrong with HE. When I created a new tunnel with a different location, it works. But now, the test-ipv6.com website tells me the things below. But if I go to a command prompt and type nslookup -q=AAAA ipv6.test-ipv6.com, it works. If I ping ipv6.test-ipv6.com, it says that ping can't find the hose (DNS failure). What's going on? Thanks! A lookup for an IPv6-only name failed; yet the lookup and connect for dual-stack connected via IPv6. Something appears to be confused with the DNS lookups. IPv6 connections work, but connections using DNS names do not use IPv6. For some reason, your browser or your OS is not doing IPv6 DNS 'AAAA' lookups. [more info]
Yeah. At this point I think it's mostly for nerd cred. I am unaware of anything of consequence on IPv6 that's not also on v4.
Has anyone figured out how to do routed subnets or vlans with your /48? I can't figure out how to divide it up and enable it for other LANs.
Thank you, OP, for this guide! I was just reading about Comcast's IPv6 rollout (I'm on Verizon FIOS), and I wanted to have some IPv6 fun. I signed up for a Tunnel at HE, and input the info into my router, an E2500 running Shibby Tomato 1.08. The PC that is wired to that router, shows 9/10 on test-ipv6.com . No problems. (Did have to re-boot to enable it, it seemed.) But I have some other desktops in the other room, that are connected via an identical router, running in WEB mode. On my main desktop, I get IPv4 connectivity just fine, but test-ipv6.com gives me 0/10. "No IPv6 address detected". An IPCONFIG /ALL, shows IPv6 Address: (my HE prefix, plus my address) Temporary IPv6 Address: (my HE prefix, plus a different address) Link-Local IPv6 Address: fe80:: (some address) The default gateway shows an fe80:: address too. Should that show my HE prefix? Edit: The "Tunnel adapter Teredo Tunneling Pseudo-Interface" shows IPv6 Address: 2001:0: xxx (NOT my HE prefix) Default Gateway: fe80:: xxx Edit: >ping -6 www.google.com Pinging www.google.com [2607:f8b0:400c:c01::93] with 32 bytes of data: Destination host unreachable. Destination host unreachable. Destination host unreachable. Request timed out. Ping statistics for 2607:f8b0:400c:c01::93: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), >tracert -6 www.google.com Tracing route to www.google.com [2607:f8b0:400c:c01::93] over a maximum of 30 hops: 1 Destination host unreachable. Trace complete. So IPv6 DNS is working? But not transit?
If you're a Comcast customer, you (more than likely) get native IPv6 (some areas don't have it yet, but most do). I strongly suggest giving native IPv6 a try and get rid of the tunnel broker nonsense. I don't know if Shibby 1.08 has this fix in place, but Toastman's most recent build (released a few days ago) does (meaning you don't need the workaround): http://www.dslreports.com/forum/r27234575-IPv6-TomatoUSB-and-Comcast-IPv6-bugs-found
These are some replies I got at a different forum. Apparently, passing IPv6 over a wireless bridge, is a non-trivial problem, and they have an RFC for a proxy spec for it.
Thanks for tutorial. I am having issues with Windows 8. For some reason, i am unable to ping anything, where with Windows 7 i am having no issues. I contacted HE, but, they say that they are unable to provide me much support since they are Linux ppl. Any1 else having issues with Windows 8 ? Windows 7: Pinging ipv6.l.google.com [2607:f8b0:4009:802::1013] with 32 bytes of data: Reply from 2607:f8b0:4009:802::1013: time=24ms Reply from 2607:f8b0:4009:802::1013: time=23ms Reply from 2607:f8b0:4009:802::1013: time=22ms Reply from 2607:f8b0:4009:802::1013: time=22ms Windows 8: Pinging ipv6.l.google.com [2607:f8b0:4009:802::1013] with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. Ping statistics for 2607:f8b0:4009:802::1013: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), When i go to: http://test-ipv6.com/ it gives me 10/10 on both Windows OS's. Also, when i do tracert from Windows 8, it times out. Please help
http://technet.microsoft.com/en-us/library/cc739629(v=ws.10).aspx I dont have any Windows 8 box at hand to test it myself. Good luck. Alternatively you can try a different ping program, for example fping. Also dont forget to check your Windows firewall settings, turn it off temporarily.
Hello, Thanks for responding. Firewall is completely disabled (service), so, i don't think it should be an issue here. C:\Windows\system32>ping -6 google.com Pinging google.com [2607:f8b0:4009:804::1003] with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. Ping statistics for 2607:f8b0:4009:804::1003: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), C:\Windows\system32>nslookup google.com Server: home.router Address: 10.0.0.1 Non-authoritative answer: Name: google.com Addresses: 2607:f8b0:4009:804::1003 Fast pinger version 3.00 (c) Wouter Dhondt (http://www.kwakkelflap.com) Pinging 2607:f8b0:4009:804::1003 with 32 bytes of data every 1000 ms: 2607:f8b0:4009:804::1003: request timed out 2607:f8b0:4009:804::1003: request timed out 2607:f8b0:4009:804::1003: request timed out 2607:f8b0:4009:804::1003: request timed out Ping statistics for 2607:f8b0:4009:804::1003: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss) Approximate round trip times in milli-seconds: Minimum = 0.0 ms, Maximum = 0.0 ms, Average = 0.0 ms Please advise
http://www.tunnelbroker.net/forums/index.php?topic=2314.0 If that doesnt work, i have to say i think its getting too much offtopic here, and google is your friend.
My ISP gave specific proxy IPv4: port for their customers's need of IPV6. Non customers (wordwide users) can't use this proxy. Instead, my ISP provide tunnel for others (different IPv4 with user/pass). So the best is to use proxy for me instead tunnel, right? How do I implement it into Tomato? So I do not have to write proxy info into browser/etc. Using WAN-Up script? But how?
If i understand you correctly, you need to install a proxy daemon on Tomato. Google for squid proxy for example, or just search the forum here. You are a bit off topic. Proxy has nothing really to do with ipv6 setup.
@philees: which one is better for me? proxy or tunnel? OK, I have experience with entware. If proxy is better than tunnel (in my case), what proxy I shall install? rtpproxy, tinyproxy, ziproxy, microproxy, 3proxy, or other? EDIT: Got the answer. Tunnel is much better than Proxy. Proxy: only for TCP based application. Tunnel: support any application. Unicast, multicast, tcp based, udp based, non-tcp/non-udp.
It is not a question of better or worse. You said your ISP is giving you a proxy port. I think you are having trouble understanding this. Can you give me a link to your ISP's website with a description of this?
This is my ISP tunnel. Code: h++p://rdc-v6.telkom.co.id/tunnel There is also FAQ on that site. BTW, I have tried everything and I can't use /find a way implement it into Tomato 9013 R1.1n. Also have tried combination Tunnel MTU from 0, 1472, and 1480. I used Google DNS IPV6 in DNS column.
Well that FAQ does only cover very little about using "IPv6 over TCP". Ignore everything about proxy or OpenVPN as they mention it. It may not be possible at the moment to use that IPv6 service with multiple computers (or from the router). I cannot see what exact data they give you because it requires loggin in as a customer. In the video FAQ, http://rdc-v6.telkom.co.id/tunnel/winXP_ipv6_udp_tunnel/, they briefly show the menu after logging in. "IPv6 over TCP Tunnel" that is what you have to activate. I assume after doing so, the page will show more details. Have you tried connecting your computer to their IPv6 service following their FAQ etc? If all else fails, just give up on that providerĀ“s IPv6 and use HE Tunnelbroker instead.
