create_ap
create_ap copied to clipboard
oblique
Request for IPv6 support
why IPv6?
2014-03-12 21:31 GMT+08:00 oblique [email protected]:
I'm a bit busy these days, I will check it when I have the chance.
Reply to this email directly or view it on GitHubhttps://github.com/oblique/create_ap/issues/14#issuecomment-37407866 .
I want to create a WiFi access point with IPv6 access for my Raspberry Pi to visit some IPv6-only BT(BitTorrent) sites.
I found out that my ISP does not support IPv6, so I can not add support for it because I don't have any way to test it. At Monday I will check if the ISP of my work supports IPv6.
Any patches are welcome.
I know not much about IPv6. Could you give me some advice on how to share IPv6 internet? Thanks for any help.
I don't much either, but if you want to implement it, this is what you must done:
- Use an 192.168.x.x IPv6 equivalent and set it to wifi interface (maybe this will help)
- Add to dnsmasq config (inside create_ap)
dhcp-rangeanddhcp-optionfor IPv6. (check /etc/dnsmasq.conf for examples) - Use
ip6tablesto enable IPv6 forwarding echo 1 > /proc/sys/net/ipv6/conf/all/forwarding- maybe you will also need
echo 1 > /proc/sys/net/ipv6/conf/default/forwarding - Use
ip6tablesto make sure that dns and dhcp ports are not blocked by firewalls
Is it not possible to create an IPv6 access point but still NAT it to a IPv4 external address? If it is, we won't need to make any changes to our external networks. I will look into this and try to submit a patch.
The situation is complicated.
- native IPv6
Not easy without external network configuration - tunneled IPv6
I found some articles1 about this situation. But this method needs setting up an IPv6-in-IPv4 tunnel first. - NAT
There's no standard NAT in IPv6. These are some dirty hacks, not that elegant.
The only practicable solution I've found is setting up an IPv6-only bridge. Here follows the detail.
steps2
# install bridge-utils and ebtables first
ifconfig eth0 down
ifconfig eth2 down
brctl addbr br0
ifconfig br0 up
brctl addif br0 eth0
brctl addif br0 eth2
ebtables -t broute -A BROUTING -p ! ipv6 -j DROP
ifconfig eth0 up
ifconfig eth2 up
limitation
- May not work well with tunneled IPv6 and dial-up connection.
- Setting up bridge may affect IPv4 connection. When I stop the AP, my network is down. I don't known much about bridge device in Linux, so I can't solve this problem.
- should be the solution:
- with ndp_proxy (must be configurated for every ipv6 address)
- or remap the received /64 to client - and use at WAN-interface a /128 for it
Now this script works well with radvd in a raspberrypi3
ipv6 nat
#!/bin/bash
ip6tables -A FORWARD -i wlan0 -j ACCEPT
ip6tables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
ip -6 addr add 6666:1:1:1::1/64 dev wlan0
service radvd restart
@ybw2016v At first thanks that you show your solution (of 1)
- ipv6 was designed drop the bad idea of nat
- on which way you decided to use
6666::? (maybe a /64 of the ULA-Rangefc00::/7should be better for nat)
Has create_ap any possibily to add hooks, so that we could add own scripts for testing ?
See https://github.com/dlenski/create_ap/commit/c545fd4bf28c449e6aee540c3ac11e7b379b4d38
This is my attempt at initial IPv6 support. New config options:
IPV6=1must be setDHCP_DNS6can be set
Assumptions:
- Your ISP gives you an
/64IPv6 address. (see https://en.wikipedia.org/wiki/Prefix_delegation) - This gives a whole
/64worth of addresses which can give be distributed to clients. - No NAT is needed or desired.
Currently, there is no support for firewalling of IPv6 hosts inside the local network. Anyone on the IPv6-enabled internet can contact any host inside the local network. This is delightful if you're trying to run an IPv6 server (end-to-end principle) but may be a security issue if you've been relying on NAT to keep your hosts safe.
