Aiccu/Installing on OpenWRT

From SixXS Wiki

Jump to: navigation, search

Main topic page: Aiccu.

It is possible to maintain a dynamic AYIYA tunnel using the Aiccu client on a OpenWRT Router. The subnet can then be announced on the lan giving IPv6 connectivity to all compatible connected devices.


For this walk through we assume you have a basic install of OpenWRT Kamikaze installed and know how to connect to it using ssh, Linux directory transversal and vi.

Contents

Prerequisites

Out of the box, OpenWRT does not have any ipv6 utilities or kernel level support for IPv6. This can easily be solved by installing the necessary packages.

To install the packages, via ssh execute the following commands. 

ipkg install kmod-ipv6
ipkg install radvd
ipkg install ip
ipkg install kmod-ip6tables
ipkg install ip6tables
ipkg install kmod-tun
ipkg install aiccu

In order, the above packages are:

  • Kernel support for IPv6
  • Router IPv6 Advertisement Daemon
  • Utilities to manage the configuration
  • Kernel support for iptables for IPv6
  • iptables for IPv6
  • Virtual Network Interface
  • Aiccu


If you run White Russian, be warned that distribution contains old aiccu and backports broken one. If you want working one for mipsel, you can get it here (see related blog post for more information).


If you run a newer version of OpenWRT (e.g., kamikaze-7.09, kamikaze-8.09_RC1), the package installer might be called opkg (instead of ipkg). In addition, the repository in the default configuration does not include the Aiccu package. Try changing the following line (after the default package repository) in /etc/opkg.conf:

from 

src/gz kamikaze-### http://downloads.openwrt.org/kamikaze/8.09/brcm47xx/packages

to 

src/gz snapshots http://downloads.openwrt.org/kamikaze/8.09/brcm47xx/packages

(The exact line you see may be different, the important thing is the bold part)

After updating the repository, don't forget to update the your local package list: 

opkg update


After installing the above mentioned packages, restart the router with the following command 

reboot

Tunnel Configuration

Aiccu

White Russian

Edit /etc/aiccu.conf to include your login and what tunnel to bind to.

Sample Configuration: 

# AICCU Configuration
#
# Login information (defaults: none)
username ABC1-SIXXS
password 1234
#
# Interface names to use (default: aiccu)
ipv6_interface sixxs
#
# The tunnel_id to use (default: none)
# (only required when there are multiple tunnels in the list)
tunnel_id T12345
#
# Be verbose? (default: false)
verbose false
#
# Daemonize? (default: true)
# Set to false if you want to see any output
# When true output goes to syslog
daemonize true
#
# Automatic Login and Tunnel activation?
automatic true
#
# Require TLS?
#
requiretls false
#
# PID File
pidfile /var/run/aiccu.pid
#
# Add a default route (default: true)
defaultroute true

Start aiccu and check the system logs for errors using the following. 

aiccu start
logread

If aiccu is pleased it will show in the log something along the lines of 

Jul 18 13:47:51 (none) local7.info syslog: Succesfully retrieved tunnel information for T12345
Jul 18 13:47:51 (none) local7.info syslog: AICCU running as PID 1234
Jul 18 13:47:52 (none) local7.info syslog: [AYIYA-start] : Anything in Anything (draft-02)
Jul 18 13:47:52 (none) local7.info syslog: [AYIYA-tun->tundev] : (Socket to TUN) started

Check that ipv6 is working by pinging sixxs. 

ping6 sixxs.net

Media:Example.ogg

Kamikaze

Kamikaze uses /etc/config/aiccu instead of /etc/aiccu.conf. The config file is dynamically generated at boot

Sample config: 

config aiccu
       option username         'ABC1-SIXXS'
       option password         '1234'
       option protocol         
       option server           
       option interface        'sixxs'
       option tunnel_id        
       option requiretls       '0'
       option defaultroute     '1'
       option nat              '1'
       option heartbeat        '1'

Verify your settings. At the command prompt, type: 

/etc/init.d/aiccu start
cd /var/run
ls

You should see a file named aiccu-cfg######.conf and possibly aiccu-cfg######.pid (###### will be a random string of letters and numbers) Type 

/etc/init.d/aiccu stop
rm aiccu-cfg#####.pid
aiccu start aiccu-cfg#####.conf
logread

If aiccu is pleased it will show in the log something along the lines of 

Jul 18 13:47:51 (none) local7.info syslog: Succesfully retrieved tunnel information for T12345
Jul 18 13:47:51 (none) local7.info syslog: AICCU running as PID 1234
Jul 18 13:47:52 (none) local7.info syslog: [AYIYA-start] : Anything in Anything (draft-02)
Jul 18 13:47:52 (none) local7.info syslog: [AYIYA-tun->tundev] : (Socket to TUN) started

Check that ipv6 is working by pinging sixxs. 

ping6 sixxs.net

Subnet Configuration

Most tunnels will grant a /48 subnet. This would give you enough addresses for many eternities. A /64 subnet is smaller but will still last for several eternities, it's also easier. So instead of <Subnet-Prefix>::/48 we will use <Subnet-Prefix>::/64.

Routing

To route packets into the LAN correctly we need to modify the startup of the aiccu to add more routing info for the LAN. Although like in IPv4 the gateway can be anything, for simplicity we assume the postfix 1.

In the directory /etc/init.d/ modify the aiccu file with vi, add the following after the line aiccu start: 

ip -6 addr  add <Subnet-Prefix>::1/64 dev br-lan
ip -6 route add <Subnet-Prefix>::1/64 dev br-lan

One problem that can be hard to figure out is that the default stage the aiccu starts is too soon and default routes get messed up. So modify the line below the copyright to read: 

START=80

Radvd

Edit /etc/radvd.conf to make radvd properly advertise the subnet.

(note br-lan, the configuration default is br0) 

interface br-lan
{
       AdvSendAdvert on;
       prefix <Subnet-Prefix>::/64
       {
               AdvOnLink on;
               AdvAutonomous on;
       };
};

Finalize

Execute the following commands to make what we've done actually do something: 

/etc/init.d/radvd enable
/etc/init.d/aiccu enable

Then restart the router one last time to make everything take effect. 

reboot

If everything has been done correctly then restarting network adapters of connected devices should give an IPv6 address. If it doesn't work unplug the router, count to 30 and plug it back in to make sure computers on the LAN arn't "remembering" old settings.

Post Setup

You can use the command ip6tables (iptables for IPv6) to setup IPv6 Firewalling.

Troubleshooting

If you can ping6 www.sixxs.net from your router, and you can ping6 your router from your clients, but somehow the clients cannot ping6 www.sixxs.net, maybe you have an issue with your default route. Check out this forum post: OpenWRT Kamikaze routing problem (I solved the problem by ensuring that aiccu starts after radvd).

References

Retrieved from "http://www.sixxs.net/wiki/Aiccu/Installing_on_OpenWRT"