“So, IPv6. That’s a thing. Maybe I should see if I can get it working”

Two routers and many hours later, it sort of maybe works. Here’s what I did.

I have a Belkin N600 600 modem/router, an F7D4401. It doesn’t support IPv6, or rather there’s nothing in the GUI that indicates it does. My ISP (Xilo / uno) doesn’t support IPv6 natively, but Hurricane Electric are trying to make foot-dragging idiot ISPs less foot-draggy or something. I’ve lost my train of thought. Summary - Belkin router without IPv6 talking over an HE tunnel.

Custom firmware - dd-wrt! Investigate, investigate… ah, it doesn’t support anything with a built-in modem. OpenWRT? Yeah, that seems to - oh, no prebuilt binaries for my router. That’s okay, I’ll just build the whole thing from source after applying some patches to the correct revision.

The OpenWRT page has a flash method, which seemed to work, but my router don’t boot no more.

After getting the USB serial connection working, I could see that the squashfs image was not found, so the router kernal panic’d.

There are also some custom-built binaries for older versions of OpenWRT, which got a lot further, but only had PPPoE support, but Xilo says they need PPPoA.

I then needed the Internet reasonably soon, so I re-flashed the stock image, and the modem didn’t boot at all. The CFE console said the flash was fine, but that it couldn’t find flash0.boot (which sounds important).

So, dash into town before PC World closes and buy a Netgear DGN4400. It says it supports IPv6, so that’s a win. Something seems odd about the old Belkin, so I keep it for experiments.

With the Netgear, I set up the 6in4 tunnel, and nothing. After I manage to send a magic packet (I think I needed to change the source to send a UDP packet) to enable the telnet console and install tcpdump, I find out it’s blocking IP protocol 41 (6in4). That’s not really ‘IPv6 support’. But hey, Internet.

But it niggles me that the other router didn’t boot, so I keep trying. I’ve got two copies of the stock firmware, maybe I did the wrong one? Nope. Maybe any of these four images I have will boot? Nope. What about the one that booted last time? Nope. Maybe the flash chip is fried. Let’s see what the TFTP flash steps are again… oh.

h4. Idiot mistake #1

Turn on binary mode.

So the Belkin’s back. But this image I built (with PPPoA) doesn’t boot, let’s try to find this error.

h4. Idiot mistake #2

When applying patches, checkout the revision that the patches are based on.

Turns out the magic number recognition didn’t kick in, so it didn’t even build the right image for the router.

After rebuilding the (correct) image with PPPoA, and flashing it (correctly), I get somewhere. I’ve got a Luci interface (openWRT’s web UI), and it allows me to set up a PPPoA interface… but it doesn’t connect. It uses weird pppd wrappers that I haven’t seen before (and it’s been a long time since I had to use pppd on Linux), but it seems to set up and tear down the connection immediately, every time. I try some things, but nothing really works. Let’s re-flash the stock and get a refund for the Netgear, that’ll make me feel slightly better.

Hmm, but now I have a serial console into the stock firmware, and it seems to be doing IPv6-like things, so for example on bootup it says ‘ipv6.ko not found’, so it’s trying to load the module.

I know, I’ll cross-compile Linux 2.4.22 just enough to get the ipv6 module made, use FMK to put the module in the image, and then I’ll have a stock firmware with IPv6 support?

Kind of. Turns out :

h4. Idiot mistake #3

If your interfaces have IPv6 addresses, then your kernel already has IPv6 support.

Yeah, so all the interfaces had IPv6 addresses, but I couldn’t make a tunnel with ‘ip’ so I assumed that it was a bit broken. After a lot of messing around with ‘ip’ and trying to create a tunnel but all the commands returning 0 but not affecting the tunnel, I find out what’s creating the tunnel in the first place by grepping the decompressed firmware. ‘ip’ is an alias for busybox, but ‘/usr/sbin/ip’ is the actual iproute2 command that actually does stuff.

Thanks busybox.

So now I get an IPv6 tunnel setup, and the router has connectivity to ipv6.google.com! Hooray! Now, what about forwarding so other machines on the network can use it?

Long story short - I don’t think I ever really got this working, but I got as far as wireless devices being able to ping the router and each other, but wired devices had no connectivity at all (to the router or each other). IPv4 was fine, just not v6. Then I gave up and threw out this idiot charade.

Ah, I’m just kidding… I saw that the ppp connection on the stock firmware was managed by something called ‘pppoecd’, which doesn’t indicate PPPoA to me. Several re-flashes (and stock re-flashes) later, I’m nowhere with PPPoE. It seems to take longer to tear down the connection, but nothing.

… why not… why not just copy the pppoecd binary from the stock flash to the openwrt flash? That works nicely, so now I have a router that can connect to the internet again. But nothing else on the network can. The pppoecd binary creates a ppp0 interface, with no way to configure it. Luci doesn’t know about this, so it’s not in the firewall management. Creating an unmanaged ppp0 interface in Luci and then starting pppoecd worked excellently - Luci saw ppp0 as part of the wan firewall group, and traffic could be routed from machines on the lan.

After writing some procd scripts to start the pppoecd daemon on boot (and attempt to mangle the default route, which I still haven’t got working fully), I’m back to square 1, but with OpenWRT, which is IPv6 aware.

I can now set up my HE tunnel with little trouble, but it seems that the router becomes a bit unstable. After some investigation (mainly crashlogs that said wlc_phy_compute_dB+0x298/0x46c [brcmsmac]), I thought it was to do with the second wifi antenna that I couldn’t connect to and couldn’t run in 5GHz mode, so I turned it off. The router’s now stable even with the tunnel up.

When I enable the IPv6 tunnel, my MacBook gets a non-link-local IPv6 address immediately and can ping6 ipv6.google.com with impunity. My RPi is a little less simple, requiring a networking restart before it worked. Even my NAS got an IPv6 address from the tunnel immediately, it’s just that the UI can only show one non-link-local IPv6 address.

I got there in the end. Now I just need to remember why I wanted IPv6 so much in the first place.


27 October 2015