路由器
根据https://wiki.openwrt.org/toh/buffalo/wzr-600dhp 在Buffalo WZR-600DHP上安装OpenWrt。Buffalo路由器的好处在于brick了还能借助bootloader用tftp安装。
我的Internet service provider为COMCAST-7922 - Comcast Cable Communications, LLC, US,提供了4个IPv6 delegated prefix /64。
配置odhcpd的DHCPv6 relay,修改/etc/config/dhcp:
1
2
3
4
5
config dhcp 'wan6'
option dhcpv6 relay
option ra relay
option ndp relay
option master 1
修改/etc/config/network。wan和wan6的bridge没啥用,注释掉option type 'bridge'。
1
2
3
4
5
6
7
8
9
10
11
config interface 'wan'
... ...
#option type 'bridge'
config interface 'wan6'
... ...
#option type 'bridge'
config interface 'lan'
... ...
option ip6assign '60'
如果不填写ip6assign '60'的话,在连接路由器的设备上dhcpcd -6会看到:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
% sudo dhcpcd -6 wlp3s0
DUID 00 :01 :00 :01 :1 d: 04 :34 :19 :d0: 7 e: 35 :f4: c6: 3 a
wlp3s0: IAID 35 :f4: c6: 3 a
wlp3s0: soliciting an IPv6 router
wlp3s0: Router Advertisement from fe80: :b2c7: 45 ff: fe75: 9e90
wlp3s0: adding default route via fe80: :b2c7: 45 ff: fe75: 9e90
wlp3s0: soliciting a DHCPv6 lease
wlp3s0: fe80: :b2c7: 45 ff: fe75: 9e90 : DHCPv6 REPLY missing IA Address
wlp3s0: no useable IA found in lease
wlp3s0: fe80: :b2c7: 45 ff: fe75: 9e90 : DHCPv6 REPLY missing IA Address
wlp3s0: no useable IA found in lease
wlp3s0: fe80: :b2c7: 45 ff: fe75: 9e90 : DHCPv6 REPLY missing IA Address
wlp3s0: no useable IA found in lease
wlp3s0: fe80: :b2c7: 45 ff: fe75: 9e90 : DHCPv6 REPLY missing IA Address
wlp3s0: no useable IA found in lease
^Creceived SIGINT, stopping
wlp3s0: removing interface
dhcpcd exited
我使用的openwrt-15.05.1-ar71xx-generic-wzr-600dhp-squashfs-sysupgrade.bin比较古怪,默认禁用了eth0(lan)及eth1(wan)的IPv6。
1
2
3
4
5
root@OpenWrt:~
. .....
net.ipv6.conf.eth0.disable_ipv6 = 1
net.ipv6.conf.eth1.disable_ipv6 = 1
. .....
用sysctl把它们改成0。要持久化配置的话,修改/etc/config/firewall:
1
2
config defaults
options disable_ipv6 0
修改完两个文件后/etc/init.d/network reload; /etc/init.d/dhcp reload。
笔记本电脑
我的笔记本电脑安装Arch Linux,使用netctl、netctl-auto管理网络。向/etc/netctl/$profile添加两行:
1
2
IP6 =dhcp
DHCP6Client =dhcpcd
默认的DHCPv6客户端dhclient不工作,不明原因,观察/usr/lib/network/ip发现设置DHCP6Client即可指定DHCPv6客户端。
之后访问http://test-ipv6-ct.comcast.net ,查看IPv6评分,10 of 10。
1
2
3
4
5
6
Your IPv4 address on the public Internet appears to be x.x.x.x
Your IPv6 address on the public Internet appears to be x:x:x:x:x:x:x:x
Your Internet Service Provider (ISP) appears to be COMCAST-7922 - Comcast Cable Communications, LLC, US
Since you have IPv6, we are including a tab that shows how well you can reach other IPv6 sites. [more info]
Good news! Your current configuration will continue to work as web sites enable IPv6.
Your DNS server (possibly run by your ISP) appears to have IPv6 Internet access.
诊断
路由器上opkg install tcpdump,之后在笔记本电脑上mkfifo fifo; ssh root@192.168.1.1 'tcpdump -s0 -Unw - -i eth1' > fifo,另一个shell里wireshark -ki fifo。
IPv6一直弄不好,在TUNA群里大家讨论诊断了很久,王邈 给出了很多诊断建议。小结下有这些东西:
1
2
3
4
5
ip -6 a
ip -6 r s t all
ip -6 ru
sysctl -a | grep net.ipv6.conf.$iface
ip6tables -nL
注意以下值: 1
2
3
net.ipv6 .conf .eth1 .accept_ra = 1
net.ipv6 .conf .eth1 .autoconf = 1
net.ipv6 .conf .eth1 .disable_ipv6 = 0
怕ip6tables产生影响的话,ip6tables -F; ip6tables -P ACCEPT FORWARD。
对于OpenWrt系统,当disable_ipv6=1的时候,如果接口外面套了bridge,那么对外发送IPv6包(如connect、sendto等syscall)找不到路由时会报告EACCES(Permision denied);即使有路由,tcpdump也看不到有包发出去。当心套上bridge后会丢失一些错误信息,ip -6 a a $ip6 dev br-wan不会报错,但ip -6 a a $ip6 dev eth1会报告EACCES(Permission denied)。
其他
之前使用D-Link DIR-860 B1 ,https://www.amazon.com 上有打折后$30.75的。通过网页界面安装OpenWrt很方便,但是室友报告Steam上很多游戏有明显丢包。
于是一晃到了2016年底,最终还是去了USA……感谢scateu 以前给我的劝诫。生存能力有很大提高了,但还是害怕。前几日China Tech Day 2016当了回host,感叹工作强度、能学习到的东西,和美国公司差距还是太大,特别是对于毕业不久的人来说。身边的同学学长朋友也看到了好多想去国外大公司却被跨国工作gap拦下来的例子,感叹起步比起国外master PhD差了不知道有多少,尽力赶上去吧。还好几次DEFCON CTF去游玩的机会让我最终还是看清了,如果再像毕业后一年那样混下去,以后职业发展肯定越来越难。现在干的活不是自己最喜欢的但感觉能发挥出自己的足够价值,也能学到足够的东西。