Posts tagged Linux

IPV6 Ready Home Network

0
207 days
by in Route of Joy

The ipv6 era has come.  Now it seems that Facebook and all the services in Google have implemented IPV6 connectivity.  I know China Tel always trying to block users from IPV6.  Microsoft Teredo server seems down here.  To integrate my home network with IPV6, A tunnel broker is a good choice.

 

First, make sure all the devices you own are IPV6 capable.  An openwrt Router is preferred.  Linux desktops is recommended (Only Linux can update the DNS record from radvd RDNSS).  Windows 7/Vista is acceptable.(They only accept DHCPv6 for DNS update).  Windows XP or earlier version is unacceptable.  Mac OS X 10.6.8 or higher is recommended.

 

The whole article aims to provide IPV6 through Router using tunnel broker.

 

1. As a Hurricane Electric Certified Sage, I recommend tunnel broker provided by HE.  Register your account and create a regular tunnel here.

2.Install the essential modules on Openwrt Router.  I installed: ip, kmod-ipv6, kmod-sit, radvd, dibbler, curl.  Here I use radvd for Router Advertisement and dibbler for DHCPv6.  dibbler is somewhat big.  If you prefer ISC DHCPv6 or wide DHCPv6, that is OK.  curl is for update my tunnel Endpoint IP address cuz my Router is under Dynamic Address Allocation over PPPoE.

3.Bring the router to the IPV6 network.

This is a shell script for me to add my router to IPV6 Network.

username=xxxxxx

password=xxxxxx

tunnelid=xxxxxx

curl --insecure https://$username:$password@ipv4.tunnelbroker.net/ipv4_end.php?tid=$tunnelID

# Here I use --insecure for not verifying the server certification.  or you can use --cacert to specify the CA file

myip=$(ifconfig|grep -A2 'pppoe-wan'|grep 'inet addr:'|cut -d: -f2 |awk '{ print $1}')

myv6ip=2001:470:c:1376::2/64

server=66.220.18.42

ip tunnel add he-ipv6 mode sit remote $server local $myip ttl 255

ip link set he-ipv6 up

ip addr add $myv6ip dev he-ipv6

ip route add ::/0 dev he-ipv6

If everything is fine you can ping ipv6.google.com on your router now.

 

4.Because my Allocated Routed /64 is 2001:470:d:1376::/64 (be aware, the prefix is different from the address your router get, here is a d, not a c).  This /64 block is for my home network, so I route it to the lan.

ip -6 route add 2001:470:d:1376::/64 dev br-lan

5.Configure /etc/config/radvd and /etc/dibbler/server.conf for Router Advertisement and DHCPv6.  The configuration I am using is:

/etc/config/radvd:

config interface
option interface        'lan'
option AdvSendAdvert    1
option AdvManagedFlag   1
option AdvOtherConfigFlag 0
option ignore           0

config prefix
option interface        'lan'
# If not specified, a non-link-local prefix of the interface is used
option prefix           '2001:470:d:1376::/64'
option AdvOnLink        1
option AdvAutonomous    1
option AdvRouterAddr    0
option ignore           1

config rdnss
option interface        'lan'
# If not specified, the link-local address of the interface is used
option addr             '2001:470:20::2'
option ignore           1

/etc/dibbler/server.conf:

log-level 8
log-mode short
preference 0
iface "br-lan" {
// also ranges can be defines, instead of exact values  t1 1800-2000  t2 2700-3000
prefered-lifetime 86400
valid-lifetime 172800
class {
pool 2001:470:d:1376::/64
}
option dns-server 2001:470:20::2
}

6.Enable ipv6 forwarding in /etc/sysctl.conf

net.ipv6.conf.all.forwarding=1

7.After everything finished, just enjoy the IPV6 in your home network.

P.S.  If  you disable IPV4 on your laptop, it will lead your laptop to IPV6 only network.  At least in IPV6 only network Facebook and all services Google providing are accessible.

L2TP over IPV6 Router

0
513 days
by in Route of Joy

I posted l2tp over ipv6 before. It is a patch file for xl2tpd from Cheng Li, which enable xl2tpd working under ipv6 network for Windows Vista/7 VPN Clients.

And this is the openwrt firmware for buffalo whr-hp-g54 from Cheng Li which includes the hacked xl2tpd. After flashed the hacked firmware, buffalo whr-hp-g54 can connect l2tp server under IPV6.

I just bought Linksys WRT54GS v3. Hope it works.

These are the links you may concern:

Blog Post: L2tp over IPV6 in Linux
Hacked buffalo firmware

P.S.  It is really easy to compile your own openwrt firmware.  Just put the patch file into the patch folder of xl2tpd in the openwrt source code, change its file name and make sure it would be patched at last.  The makefile should be modified cuz the patch file is only for xl2tpd 1.2.4.

PPP Using Freeradius and Mysql, Controled in Daloradius

3
585 days
by in Route of Joy

There exists PPP VPN on my server.  I used auth-file to manage user account before, but it was not efficient.  Now, after radius established, almost everything can be done in WEB!!!

PPP can be used as a NAS of Radius, but it is not fully functioned.  I cannot send packet of disconnection to PPP from Radius and terminate a user’s connection.  But other functions work fine.

I am using ppp, freeradius, mysql and daloradius.  It took me a long time on debug.  And now it works fine.

Let me pick some pics.

Here is the sql.conf I am using.  Hope it helps.

The stable version was for freeradius 1.x, which means you have to edit the sql.conf and PHP files in daloradius to make it work well.

The daloradius in SVN supports Freeradius 1.x and 2.x very well.  I recommend you visit the newer guide HERE.

dd-wrt is suffering

0
647 days
by in Route of Joy

I am mad at my new router.

I tried to buy a dd-wrt based router which can use my vps pptp service.  I am assumed that it can use adsl and pptp at the same time and choose the line with the route list.  However, after the pptp connection established I cannot transfer data in the pptp tunnel.  I tried to configure dd-wrt and vps but failed.  The dd-wrt is far away from linux now as a result in the weak-functioned command line.

I am now thinking about openwrt, a pure linux-based router system as a substitute.  But all the routers I like are too expensive, which are more than 400 RMB in price.  I will make the tough decision.

P.S.  I hope my new router will fully support ipv6.  Because I am used to enjoy IPV6 life now.

VPN(L2TP) over IPV6 in Linux

3
654 days
by in Route of Joy

I own a VPS in Rapidxen who provides me native IPV6 network.  The blog is established on the vps.

For several reasons I want to establish a VPN over IPV6 in Debian.  I searched and searched, getting more and more disappointed.  Poptop (pptpd) was written in 2007 with no ipv6 support.  Neither is xl2tpd.  After sadness and useless trying, I found a patch of xl2tpd 1.2.4 (still works with 1.2.5) written by Cheng Li, a Chinese developer.

His Article is Here:http://blog.lifetoy.org/2009/09/11/vpn-over-ipv6/

The xl2tpd can be found Here and the ipv6 patch diff can be found Here.  Patch the file and install it following the README file in doc directory.  Enjoy it!

P.S.  The patched L2TP lost some config feature such as LNC Range which, however, cannot cover the light of the patch.

Go to Top