Buffalo WZR-600DHP OpenWrt使用Comcast的IPv6

路由器

根据https://wiki.openwrt.org/toh/buffalo/wzr-600dhp在Buffalo WZR-600DHP上安装OpenWrt。Buffalo路由器的好处在于brick了还能借助bootloader用tftp安装。

我的Internet service provider为COMCAST-7922 - Comcast Cable Communications, LLC, US,提供了4个IPv6 delegated prefix /64。

配置odhcpd的DHCPv6 relay,修改/etc/config/dhcp

1
2
3
4
5
config dhcp 'wan6'
option dhcpv6 relay
option ra relay
option ndp relay
option master 1

修改/etc/config/network。wan和wan6的bridge没啥用,注释掉option type 'bridge'

1
2
3
4
5
6
7
8
9
10
11
config interface 'wan'
......
#option type 'bridge'
config interface 'wan6'
......
#option type 'bridge'
config interface 'lan'
......
option ip6assign '60'

如果不填写ip6assign '60'的话,在连接路由器的设备上dhcpcd -6会看到:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
% sudo dhcpcd -6 wlp3s0
DUID 00:01:00:01:1d:04:34:19:d0:7e:35:f4:c6:3a
wlp3s0: IAID 35:f4:c6:3a
wlp3s0: soliciting an IPv6 router
wlp3s0: Router Advertisement from fe80::b2c7:45ff:fe75:9e90
wlp3s0: adding default route via fe80::b2c7:45ff:fe75:9e90
wlp3s0: soliciting a DHCPv6 lease
wlp3s0: fe80::b2c7:45ff:fe75:9e90: DHCPv6 REPLY missing IA Address
wlp3s0: no useable IA found in lease
wlp3s0: fe80::b2c7:45ff:fe75:9e90: DHCPv6 REPLY missing IA Address
wlp3s0: no useable IA found in lease
wlp3s0: fe80::b2c7:45ff:fe75:9e90: DHCPv6 REPLY missing IA Address
wlp3s0: no useable IA found in lease
wlp3s0: fe80::b2c7:45ff:fe75:9e90: DHCPv6 REPLY missing IA Address
wlp3s0: no useable IA found in lease
^Creceived SIGINT, stopping
wlp3s0: removing interface
dhcpcd exited

我使用的openwrt-15.05.1-ar71xx-generic-wzr-600dhp-squashfs-sysupgrade.bin比较古怪,默认禁用了eth0(lan)及eth1(wan)的IPv6。

1
2
3
4
5
root@OpenWrt:~# sysctl -a | grep disable_ipv6
......
net.ipv6.conf.eth0.disable_ipv6 = 1
net.ipv6.conf.eth1.disable_ipv6 = 1
......

sysctl把它们改成0。要持久化配置的话,修改/etc/config/firewall

1
2
config defaults
options disable_ipv6 0

修改完两个文件后/etc/init.d/network reload; /etc/init.d/dhcp reload

笔记本电脑

我的笔记本电脑安装Arch Linux,使用netctl、netctl-auto管理网络。向/etc/netctl/$profile添加两行:

1
2
IP6=dhcp
DHCP6Client=dhcpcd

默认的DHCPv6客户端dhclient不工作,不明原因,观察/usr/lib/network/ip发现设置DHCP6Client即可指定DHCPv6客户端。

之后访问http://test-ipv6-ct.comcast.net,查看IPv6评分,10 of 10。

1
2
3
4
5
6
Your IPv4 address on the public Internet appears to be x.x.x.x
Your IPv6 address on the public Internet appears to be x:x:x:x:x:x:x:x
Your Internet Service Provider (ISP) appears to be COMCAST-7922 - Comcast Cable Communications, LLC, US
Since you have IPv6, we are including a tab that shows how well you can reach other IPv6 sites. [more info]
Good news! Your current configuration will continue to work as web sites enable IPv6.
Your DNS server (possibly run by your ISP) appears to have IPv6 Internet access.

诊断

路由器上opkg install tcpdump,之后在笔记本电脑上mkfifo fifo; ssh root@192.168.1.1 'tcpdump -s0 -Unw - -i eth1' > fifo,另一个shell里wireshark -ki fifo

IPv6一直弄不好,在TUNA群里大家讨论诊断了很久,王邈给出了很多诊断建议。小结下有这些东西:

1
2
3
4
5
ip -6 a # address
ip -6 r s t all # route
ip -6 ru # rule
sysctl -a | grep net.ipv6.conf.$iface # $ifame 填 eth0 eth1 br-lan br-wan 等
ip6tables -nL

注意以下值:

1
2
3
net.ipv6.conf.eth1.accept_ra = 1
net.ipv6.conf.eth1.autoconf = 1
net.ipv6.conf.eth1.disable_ipv6 = 0

怕ip6tables产生影响的话,ip6tables -F; ip6tables -P ACCEPT FORWARD

对于OpenWrt系统,当disable_ipv6=1的时候,如果接口外面套了bridge,那么对外发送IPv6包(如connect、sendto等syscall)找不到路由时会报告EACCES(Permision denied);即使有路由,tcpdump也看不到有包发出去。当心套上bridge后会丢失一些错误信息,ip -6 a a $ip6 dev br-wan不会报错,但ip -6 a a $ip6 dev eth1会报告EACCES(Permission denied)。

其他

之前使用D-Link DIR-860 B1https://www.amazon.com上有打折后$30.75的。通过网页界面安装OpenWrt很方便,但是室友报告Steam上很多游戏有明显丢包。