OpenWRT 10.03.1-rc2 and Comcast IPv6

After documenting the IPv6 goodness for the old kamikaze release of openwrt, I wanted to play with something a little newer. I also wanted newer iptables so I could play with the tee module.

Some notes:

  • Still no 6rd support on OpenWRT AFAIK
  • rc2 and rc3 are the same for the brcm-2.4 version of Openwrt 10.03.1
  • brcm4700 doesn’t work well at all with my WRT54GL. I think the open source broadcom drivers still aren’t as stable as the proprietary ones that ship with 2.4
  • nearly the same config scripts as the old kamikaze work

Once you flash the router with the firmware you will need to install some extra packages.

  1. opkg update
  2. opkg install ip kmod-ipv6 kmod-sit radvd
  3. paste this code into a new startup script at /etc/init.d/comcast6to4
  4. #!/bin/sh /etc/rc.common

    inetip=`ip -4 addr show dev eth0.1 | awk ‘/inet / {print $2}’ | cut -d/ -f 1`
    inetipspaced=`echo $inetip | tr . ‘ ‘`
    local6prefix=`printf 2002:%02x%02x:%02x%02x $inetipspaced`

    start() {
    ip tunnel add c6to4 mode sit ttl 255 remote any local $inetip
    ip link set c6to4 up
    ip -6 addr add $local6prefix:0::1/64 dev c6to4
    ip -6 addr add $local6prefix:1::1/64 dev br-lan
    ip -6 route add 2000::/3 via ::192.88.99.1 dev c6to4
    sysctl -w net.ipv6.conf.all.forwarding=1 > /dev/null
    cat > /etc/radvd.conf <<EOF
    interface br-lan
    {
    AdvSendAdvert on;
    MinRtrAdvInterval 3;
    MaxRtrAdvInterval 10;
    prefix $local6prefix:1::/64
    {
    AdvOnLink on;
    AdvAutonomous on;
    AdvRouterAddr on;
    AdvValidLifetime 86400;
    AdvPreferredLifetime 86400;
    };
    };
    EOF
    }

    stop() {
      ip tunnel del c6to4
      ip -6 addr del $local6prefix:1::1/64 dev br-lan
    }

  5. pushd /etc/rc.d ; ln –s ../init.d/comcast6to4 S42comcast6to4

Then be glad you have ipv6.

 

This will actually work for ANY provider which uses the standard IPv6 6to4 address of 192.88.99.1, not just Comcast.

Now if only Comcast would open back up their trial so I could join my work to the ipv6 network.

Comcast IPv6 on an old Kamikaze 8.09 Openwrt via 6to4

I’m an openwrt novice, but I know enough about linux and iptables to usually get done what I want. When Comcast announced they were trialing IPv6, I jumped at the opportunity to migration from my trusty Hurricane Electric tunnel to something more direct.

I’m running Kamikaze 8.09.1 brcm-2.4 on my Linksys WRT54GL these instructions probably won’t work elsewhere. I’m guessing that IPv6 is a little different in a 2.6 kernel with a new iptables. If you have very new stuff you should be using 6rd instead of 6to4.

I’m writing this because much of the information I found out there for 6to4 on Linux didn’t work for me, or was only partly correct and I had to piece together suggestions from different sources.

make a script in /etc/rc.d with this content. I called mine comcast6to4

inetip=`ip -4 addr show dev eth0.1 | awk ‘/inet / {print $2}’ | cut -d/ -f 1`
inetipspaced=`echo $inetip | tr . ‘ ‘`
local6prefix=`printf 2002:%02x%02x:%02x%02x $inetipspaced`
ip tunnel add c6to4 mode sit ttl 255 remote any local $inetip
ip link set c6to4 up
ip -6 addr add $local6prefix:0::1/64 dev c6to4
ip -6 addr add $local6prefix:1::1/64 dev br-lan
ip -6 route add 2000::/3 via ::192.88.99.1 dev c6to4

Make your /etc/radvd.conf look like this:

interface br-lan
{
AdvSendAdvert on;
MinRtrAdvInterval 3;
MaxRtrAdvInterval 10;
prefix $local6prefix:1::/64
{
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr on;
AdvValidLifetime 86400;
AdvPreferredLifetime 86400;
};
};

That is it. I’m not going to explain it. Read the links below for all of that.

Sorry this isn’t a complete solution. You’ll have to fill in that $local6prefix in radvd.conf yourself.

Works Cited:

http://www.reddit.com/r/linux/comments/dbobx/

http://www.comcast6.net/

http://wiki.debian.org/DebianIPv6#IPv66to4Configuration

http://tldp.org/HOWTO/Linux+IPv6-HOWTO/configuring-ipv6to4-tunnels.html

http://en.wikipedia.org/wiki/6to4

http://www.dslreports.com/forum/r24972279-IPv6-via-6in4

http://www.anyweb.co.nz/tutorial/v6Linux6to4

Fly places…

I first became aware of it when Meg McCain told her story on Thursday, November 11th. Google her name. I recommend you carefully listen to what she said. She has been called a liar, but after listening to her story there is no point that I can tell that she lied. She never said that she was felt up. She said that she would have been felt up. Watch the video, you see that she never was felt up.

I’m writing this because I was a little surprised when some people I know weren’t outraged or at least a little disturbed. But I draw the line at anyone saying that the TSA is doing a good job or that they are making us safer. They do neither. Here is a collection of links which suggest that they provide no security and do a poor job attempting to.

http://blogs.forbes.com/artcarden/2010/11/14/full-frontal-nudity-doesnt-make-us-safer-abolish-the-tsa/

http://fuckthetsa.com/

http://www.flyertalk.com/forum/travel-safety-security/1147551-flyer-san-says-no-grope-escorted-checkpoint-leo-threatened-suit.html
http://wewontfly.com/6-year-old-aggressively-patted-down

http://www.ourlittlechatterboxes.com/2010/11/tsa-sexual-assault.html 

 http://pajamasmedia.com/blog/why_have_67000_tsa_employees_l/

http://www.thestar.com/news/world/article/744199—israelification-high-security-little-bother

 http://www.theblaze.com/stories/cair-tsa-can-only-pat-down-muslim-women%E2%80%99s-head-neck/ 

 http://flywithdignity.org/ 

 http://johnnyedge.blogspot.com/2010/11/these-events-took-place-roughly-between.html 

 http://www.theatlantic.com/national/archive/2010/11/tsa-opt-out-day-now-with-a-superfantastic-new-twist/66545/

http://www.schneier.com/essay-303.html 

 http://www.flyertalk.com/forum/travel-safety-security/1147497-tso-saying-heads-up-got-cutie-you.html 
http://www.optoutday.com/ 

this is the most disturbing which I won’t even watch again : http://www.youtube.com/watch?v=2TCHSGvNwRY

http://gizmodo.com/5435675/president-obama-its-time-to-fire-the-tsa

nevermind that the x-ray scanners are a result of lobbying and not security descision : http://www.washingtonexaminer.com/politics/_Naked-scanners__-Lobbyists-join-the-war-on-terror-1540901-107548388.html

deadlier terrorism existed long before 9/11, but we were calmer and less panicky : http://www.salon.com/technology/ask_the_pilot/2010/11/10/airport_security/index.html

I don’t usually agree with Alex Jones, but I link you for completeness : http://wewontfly.com/tsa-fondles-women-children

http://www.nationalpost.com/news/Naked+scanners+airports+dangerous+scientists/3819955/story.html

http://www.theatlantic.com/national/archive/2010/11/body-searching-children-no-for-the-us-army-yes-for-the-tsa/66535/

 

 

lots of people sharing their experiences with this tyranny: http://views.washingtonpost.com/post-user-polls/2010/11/have-you-ever-been-subjected-to-an-airport-security-pat-down.html?hpid=talkbox1

The Israeli model is nice, but might not scale to US needs : http://www.schneier.com/blog/archives/2010/01/adopting_the_is.html

I’m all for a call to abolish the TSA : http://www.allamericanblogger.com/12818/dont-change-the-system-end-it-a-free-market-case-for-ending-the-tsa/

Absolute power corrupts absolutely:  http://www.huffingtonpost.com/fred-gevalt/airport-security-and-tsa_b_561156.html

They want to make it status quo so that you accept it everywhere : http://canadafreepress.com/index.php/article/29959

Awesome story of spreading truth and getting results : http://blog.izs.me/post/1591805056/tsa-success-story

Canada doesn’t like it : http://www.torontosun.com/comment/columnists/ezra_levant/2010/11/15/16158116.html

Great discussion comparing the Israeli model : http://roomfordebate.blogs.nytimes.com/2009/12/30/aviation-security-and-the-israeli-model/#more-27215

The TSA is apparently optional : http://www.washingtonexaminer.com/politics/Amid-airport-anger_-GOP-takes-aim-at-screening-1576602-108259869.html

Its a DHS decision : http://publicintelligence.net/wide-use-of-u-s-airport-body-scanners-depends-on-obama/

The images get leaked : http://gizmodo.com/5690749/

The TSA seeks retaliates by starting an investigation : http://www.signonsandiego.com/news/2010/nov/15/tsa-probe-scan-resistor/

I find it disgusting that the TSA keeps saying “there will be civil penalties” of up to $10,000 or $11,000. What penalties? WTF are they talking about?

Penn Jillette might be getting special treatment : http://www.pennandteller.com/03/coolstuff/penniphile/roadpennfederalvip.html

New Jersey Legislators take on the TSA: http://www.youtube.com/watch?v=9H9HNEtrvEE

Senate had a tiny useless hearing on the subject of TSA pat downs : http://news.cnet.com/8301-31921_3-20023038-281.html

TSA and America’s Culture of Zero Risk : http://seclists.org/isn/2010/Nov/50

You could use the XRays to send messages to the TSA, but you are still subjecting yourself to unnecessary radiation : http://jstogdill.posterous.com/send-the-tsa-a-message-it-will-be-fun

Ron Paul responds well : http://www.youtube.com/watch?v=d-N5adYM7Kw

oh, there is a higher quality version of that same thing here: http://www.youtube.com/watch?v=Qwsdq69AHnw

An airport opts out : http://wdbo.com/localnews/2010/11/sanford-airport-to-opt-out-of.html

http://www.examiner.com/libertarian-in-national/florida-airport-to-opt-out-of-tsa-screening

Ron Paul writes about it too: http://paul.house.gov/index.php?option=com_content&task=view&id=1796&Itemid=60

A very good op-ed on Milgram’s obedience experiments : http://elusis.livejournal.com/2141915.html

Audio of a TSA Integration: http://www.youtube.com/watch?v=tEJpzVPmih0

Seaport airlines – no lines, no rubber gloves, no TSA : http://www.seaportair.com/

Compilation of TSA issues  : http://www.youtube.com/watch?v=RhkQoiaf7Uc

first hand account of getting on a plane with guns but not nail clippers: http://www.redstate.com/erick/2010/11/18/another-tsa-outrage/

EFF has good advise on dealing with the TSA : http://www.eff.org/deeplinks/2010/11/stand-against-tsa-invasive-security-procedures

Bruce is summarizing and commenting : http://www.schneier.com/blog/archives/2010/11/tsa_backscatter.html

It looks like Future Speaker of the House Boehner would change his behavior if the bill proposed by Ron Paul above were passed : http://thecaucus.blogs.nytimes.com/2010/11/19/no-security-pat-downs-for-boehner/?hp

</P?