OpenWRT routers: Difference between revisions
m (Mention that Technicolor's firmware is based on OpenWrt) |
(Describe gotcha with multiple /64 blocks.) |
||
Line 13: | Line 13: | ||
= Configuring the WAN interface to access AAISP = |
= Configuring the WAN interface to access AAISP = |
||
== Multiple routed IPv6 /64 blocks == |
|||
There's a gotcha for users who have multiple /64 blocks routed to them by AAISP. OpenWrt uses Policy-Based Routing (PBR) which allows routing to be configured according to multiple rules, not just be destination address. |
|||
If DHCPv6 is used to request Prefix Delegation (PD), AAISP reply with one /64 block. OpenWrt uses this to set the LAN address and netmask, and then enables routing from '''just this block''' from LAN to WAN. Any other /64 blocks routed to you won't be able to send packets to the Internet. |
|||
In my case, I have 2001:8b0:xxxx:4534::/64, ...:4535/64, ...:4536::/64 and ...:4536::/64 routed to me, but only ::4534 is routed back. |
|||
# ip -f inet6 route |
|||
default from 2001:8b0:xxxx:4534::/64 via fe80::203:97ff:feba:900 dev pppoe-wan metric 512 |
|||
=== Solutions === |
|||
I'm investigating the options: |
|||
* Configure manually, not using DHCPv6 |
|||
* Configure automatically, adding missing routes |
|||
* See whether delegating a /60 is any better |
|||
= Enabling IPv6 in the local network = |
= Enabling IPv6 in the local network = |
Revision as of 10:10, 25 December 2023
Overview
OpenWrt is an open source operating system specifically designed for Routers. It was originally released by Linksys as the firmware for the WRT54G series of routers that use software licenced under the GPL. The software has been modified from this point and is available for many brands of router, and is supplied as the firmware on others.
The current range of Technicolor routers (e.g. DGA0122) use a customised version of OpenWrt.
OpenWrt can be configured using the shell commands when accessing the router with ssh or a serial console. This uses the Unified Configuration Interface (UCI) commands. You can also edit the configuration files directly, though there is no verification of settings made via this route, use with caution. There is also a web based configuration management system that can be run if you have sufficient memory and resources. The LuCI web configuration system may need to be installed onto the base system.
Securing the Router
OpenWrt is a very secure operating system. This is the result of the open nature of the development process. Many eyes mean that all bugs are shallow, and and problems that are found are fixed quickly as there is no opaque company that has to do the development. But you should do the basic steps to your new installation of changing the base password to a long complex one ideally one generated by your password manager.
Configuring the WAN interface to access AAISP
Multiple routed IPv6 /64 blocks
There's a gotcha for users who have multiple /64 blocks routed to them by AAISP. OpenWrt uses Policy-Based Routing (PBR) which allows routing to be configured according to multiple rules, not just be destination address.
If DHCPv6 is used to request Prefix Delegation (PD), AAISP reply with one /64 block. OpenWrt uses this to set the LAN address and netmask, and then enables routing from just this block from LAN to WAN. Any other /64 blocks routed to you won't be able to send packets to the Internet.
In my case, I have 2001:8b0:xxxx:4534::/64, ...:4535/64, ...:4536::/64 and ...:4536::/64 routed to me, but only ::4534 is routed back.
# ip -f inet6 route default from 2001:8b0:xxxx:4534::/64 via fe80::203:97ff:feba:900 dev pppoe-wan metric 512
Solutions
I'm investigating the options:
- Configure manually, not using DHCPv6
- Configure automatically, adding missing routes
- See whether delegating a /60 is any better
Enabling IPv6 in the local network
OpenWrt fully supports IPv6, as well as IPv4 and dual stacks to enable the mix of both protocols.