Network device without IPv6? Nonsense, I tell you. Look which year it is. If your ISP is retarded - keep the pace with
IPv6 Tunnel Broker
Now addingaiccu
files/etc/config/aiccu config aiccu option username 'MYHDL-SIXXS' option password 'SomePassword' option protocol 'tic' option server 'tic.sixxs.net' option interface 'sixxs' option tunnel_id '' option requiretls '' option defaultroute '1' option nat '0' option heartbeat '1'
In scope of previous article - adding IPv6 rules:
files/etc/config/ip6tables *filter :INPUT ACCEPT :FORWARD ACCEPT :OUTPUT ACCEPT # Allow lo explicitly, we will drop anything not from lan at the end. -A INPUT -i lo -j ACCEPT -A INPUT ! -i br-lan -p icmpv6 -j ACCEPT -A INPUT ! -i br-lan -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A INPUT ! -i br-lan -j DROP # Forwarding -A FORWARD -d ff0e::/16 -j ACCEPT -A FORWARD -o br-lan -p icmpv6 --icmpv6-type echo-request -j ACCEPT -A FORWARD -o br-lan -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT # Published services -A FORWARD -p udp -m multiport --dport 53,4569,5060 -j ACCEPT -A FORWARD -p tcp -m multiport --dport 25,53,80,143,443 -j ACCEPT -A FORWARD -o br-lan -j DROP COMMITUpdate
Since recently openwrt is not packaging aiccu startup script. That's because it doesn't work correctly via NAT, abusing TIC server. Fair enough. But I'm sure what am I doing, hence I'm still using old packaged aiccu startup file with little modification - again to avoid TIC abuse:
#!/bin/sh /etc/rc.common # Copyright (C) 2006 OpenWrt.org # Copyright (C) 2012 Ruslan.N.Marchenko START=51 config_cb() { local cfg_type="$1" local cfg_name="$2" case "$cfg_type" in aiccu) append cfgs_sections "$cfg_name" "$N" ;; esac } start() { config_load aiccu for cfgs_section in $cfgs_sections; do config_get username $cfgs_section username config_get password $cfgs_section password config_get server $cfgs_section server config_get protocol $cfgs_section protocol config_get interface $cfgs_section interface config_get tunnel_id $cfgs_section tunnel_id config_get_bool requiretls $cfgs_section requiretls 0 config_get_bool defaultroute $cfgs_section defaultroute 1 config_get_bool nat $cfgs_section nat 1 config_get_bool heartbeat $cfgs_section heartbeat 1 mkdir -p /tmp/run echo "username $username" > /tmp/run/aiccu-${cfgs_section}.conf echo "password $password" >> /tmp/run/aiccu-${cfgs_section}.conf [ -n "$server" ] && \ echo "server $server" >> \ /tmp/run/aiccu-${cfgs_section}.conf [ -n "$protocol" ] && \ echo "protocol $protocol" >> \ /tmp/run/aiccu-${cfgs_section}.conf [ -n "$interface" ] && \ echo "ipv6_interface $interface" >> \ /tmp/run/aiccu-${cfgs_section}.conf [ -n "$tunnel_id" ] && \ echo "tunnel_id $tunnel_id" >> \ /tmp/run/aiccu-${cfgs_section}.conf [ "$requiretls" = "1" ] && \ echo "requiretls true" >> \ /tmp/run/aiccu-${cfgs_section}.conf [ "$defaultroute" != "1" ] && \ echo "defaultroute false" >> \ /tmp/run/aiccu-${cfgs_section}.conf [ "$nat" = "1" ] && \ echo "behindnat true" >> \ /tmp/run/aiccu-${cfgs_section}.conf [ "$heartbeat" != "1" ] && \ echo "makebeats false" >> \ /tmp/run/aiccu-${cfgs_section}.conf echo 'daemonize true' >> /tmp/run/aiccu-${cfgs_section}.conf echo "pidfile /var/run/aiccu-${cfgs_section}.pid" >> \ /tmp/run/aiccu-${cfgs_section}.conf # Be nice, respect the TIC until ping -q4c2 $server > /dev/null 2>&1; do sleep 1; done ntpclient -sh pool.ntp.org || exit 1 aiccu start /tmp/run/aiccu-$cfgs_section.conf done } stop() { config_load aiccu for cfgs_section in $cfgs_sections; do aiccu stop /tmp/run/aiccu-$cfgs_section.conf done }
Modification here is endless ping towards TIC before starting the tunnel. This was done due to specifics of my wan connectivity - there's a delay for all my wan trackt to settle, hence this validation.
Link... Sun Feb 21 18:16:34 2010 Upd.: Sat Feb 9 14:51:15 2013