參考了dd wrt官方文檔. 我用的dd wrt版本為DD-WRT v24-sp2 (06/08/12) mega (SVN revision 19342), 路由器為華碩RT-N16
條件:
- dd wrt路由器開啟jffs.
- 具有公網IP. 本文中以PPPoE撥號為例
- 你的ISP支持6to4隧道的路由
配置完成後, 區域網內所有設備可以自動從路由器獲取IPV6地址, 訪問Google, Youtube等網站時會自動通過IPV6, 不過被牆.以下方案和OpenVPN不衝突, 可以同時在dd wrt路由器上開啟OpenVPN全局翻牆和IPV6.
下載IPV6內核模塊
用`uname -r`查看dd wrt的kernel版本, 下載對應的IPV6內核模塊. 目前dd wrt K26 build的內核版本為2.6.24.111, 可以從這裡下載此版本的IPV6模塊. 下載後, 將nf_conntrack_ipv6.ko, ip6_tables.ko和ip6table_filter.ko這三個文件放到路由器jffs空間里.
IPV6配置
在dd wrt WEB管理界面 Administration – IPv6 Support 設置里 開啟(enable) IPV6和Radvd, “Radvd config”里輸入下面內容
interface br0 {
MinRtrAdvInterval 3;
MaxRtrAdvInterval 10;
AdvLinkMTU 1472;
AdvSendAdvert on;
prefix 0:0:0:1::/64 {
AdvOnLink on;
AdvAutonomous on;
AdvValidLifetime 86400;
AdvPreferredLifetime 86400;
Base6to4Interface ppp0;
AdvRouterAddr on;
};
};
如果你不是通過ppp撥號上網, 將ppp0改為你的WAN介面名. (可以通過ifconfig查看)
創建啟動腳本
在/jffs/etc/config/下創建一個 *.startup文件, 名稱任意, 用於在dd wrt啟動時自動載入IPV6內核模塊
#!/bin/sh MODPATH=/jffs/sagan/lib/modules/`uname -r` KMODS='ip6_tables.ko ip6table_filter.ko nf_conntrack_ipv6.ko' for x in $KMODS; do insmod $MODPATH/$x done insmod /lib/modules/`uname -r`/kernel/net/ipv6/sit.ko insmod /lib/modules/`uname -r`/kernel/net/ipv6/ipv6.ko #Enable IPv6 forwarding echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
將MODPATH改為你下載的IPV6內核模塊存放路徑.
創建IPUP和IPDOWN腳本
在/jffs/etc/config/下創建一個 *.ipup文件, 名稱任意, 用於在連接網路時自動啟動IPV6
#!/bin/sh WANIP=`ifconfig ppp0 | grep "inet addr" | cut -d ":" -f 2 | cut -d " " -f1` if [ -n "$WANIP" ] then V6PREFIX=$(printf '2002:%02x%02x:%02x%02x' $(echo $WANIP | tr . ' ')) ip tunnel add tun6to4 mode sit ttl 255 remote any local $WANIP ip link set tun6to4 mtu 1472 ip link set tun6to4 up ip addr add $V6PREFIX:0::1/16 dev tun6to4 ip addr add $V6PREFIX:1::1/64 dev br0 ip -6 route add 2000::/3 via ::192.88.99.1 dev tun6to4 # Not working in dd wrt, I do not know why #kill -HUP $(cat /var/run/radvd.pid) fi # Start radvd ipv6 DHCP server. will run in background killall radvd radvd -C /tmp/radvd.conf start
同樣創建一個 *.ipdown文件, 內容如下:
#!/bin/sh killall radvd ip tunnel del tun6to4
創建iptables規則
DD WRT Web管理界面 Administration – Commands, 編輯firewall, 加入下面幾行(如果沒有firewall則創建新的):
# ipv6 # IMPORTANT!!! #clear and reset default ip6tables -F # set default policy ip6tables -P INPUT ACCEPT ip6tables -P OUTPUT ACCEPT ip6tables -P FORWARD DROP # Allow traffic on loopback interface ip6tables -A INPUT -i lo -j ACCEPT ip6tables -A OUTPUT -o lo -j ACCEPT # Allow traffic from local host to the IPv6-tunnel ip6tables -A OUTPUT -o tun6to4 -j ACCEPT ip6tables -A INPUT -i tun6to4 -m state --state RELATED,ESTABLISHED -j ACCEPT # Allow traffic from local network to local host ip6tables -A OUTPUT -o br0 -j ACCEPT ip6tables -A INPUT -i br0 -j ACCEPT # Allow traffic from local network to tunnel (IPv6 world) ip6tables -A FORWARD -i br0 -j ACCEPT ip6tables -A FORWARD -i tun6to4 -m state --state RELATED,ESTABLISHED -j ACCEPT # Allow some special ICMPv6 packettypes, do this in an extra chain because we need it everywhere ip6tables -N AllowICMPs # Destination unreachable ip6tables -A AllowICMPs -p icmpv6 --icmpv6-type 1 -j ACCEPT # Packet too big ip6tables -A AllowICMPs -p icmpv6 --icmpv6-type 2 -j ACCEPT # Time exceeded ip6tables -A AllowICMPs -p icmpv6 --icmpv6-type 3 -j ACCEPT # Parameter problem ip6tables -A AllowICMPs -p icmpv6 --icmpv6-type 4 -j ACCEPT # Echo Request (protect against flood) ip6tables -A AllowICMPs -p icmpv6 --icmpv6-type 128 -m limit --limit 5/sec --limit-burst 10 -j ACCEPT # Echo Reply ip6tables -A AllowICMPs -p icmpv6 --icmpv6-type 129 -j ACCEPT # Link in tables INPUT and FORWARD (in Output we allow everything anyway) ip6tables -A INPUT -p icmpv6 -j AllowICMPs ip6tables -A FORWARD -p icmpv6 -j AllowICMPs
OpenVPN
如果你同時在DD wrt上部署了OpenVPN, 在OpenVPN配置文件里加入下面一行:
# 6to4 ipv6 tunnel route 192.88.99.1 255.255.255.255 net_gateway 5
完工. 重啟路由器, 在Windows網路管理里重新啟動網路(如果是Wfi, 斷開重連; 如果是有線網卡, 先禁用再啟用網卡適配器). 應該已經能看到本機獲取的IPV6地址了.
可以訪問http://ipv6.google.com/測試.
PS. 192.88.99.1是ICANN分配的6to4通用unicast地址,实际连接的节点取决于你的ISP。我这里(江苏)电信会把192.88.99.1路由到美国he.net的IPV6线路,速度尚可。