100200300400500600
  
 
 

Network device without IPv6? Nonsense, I tell you. Look which year it is. If your ISP is retarded - keep the pace with

IPv6 Tunnel Broker

Now adding aiccu
files/etc/config/aiccu
config aiccu
        option username         'MYHDL-SIXXS'
        option password         'SomePassword'
        option protocol         'tic'
        option server           'tic.sixxs.net'
        option interface        'sixxs'
        option tunnel_id        ''
        option requiretls       ''
        option defaultroute     '1'
        option nat              '0'
        option heartbeat        '1'

In scope of previous article - adding IPv6 rules:

files/etc/config/ip6tables
*filter
:INPUT ACCEPT
:FORWARD ACCEPT
:OUTPUT ACCEPT
# Allow lo explicitly, we will drop anything not from lan at the end.
-A INPUT -i lo -j ACCEPT
-A INPUT ! -i br-lan -p icmpv6 -j ACCEPT
-A INPUT ! -i br-lan -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT ! -i br-lan -j DROP
# Forwarding
-A FORWARD -d ff0e::/16 -j ACCEPT
-A FORWARD -o br-lan -p icmpv6 --icmpv6-type echo-request -j ACCEPT
-A FORWARD -o br-lan -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
# Published services
-A FORWARD -p udp -m multiport --dport 53,4569,5060     -j ACCEPT
-A FORWARD -p tcp -m multiport --dport 25,53,80,143,443 -j ACCEPT
-A FORWARD -o br-lan -j DROP
COMMIT
Update

Since recently openwrt is not packaging aiccu startup script. That's because it doesn't work correctly via NAT, abusing TIC server. Fair enough. But I'm sure what am I doing, hence I'm still using old packaged aiccu startup file with little modification - again to avoid TIC abuse:

#!/bin/sh /etc/rc.common
# Copyright (C) 2006 OpenWrt.org
# Copyright (C) 2012 Ruslan.N.Marchenko
START=51

config_cb() {
        local cfg_type="$1"
        local cfg_name="$2"

        case "$cfg_type" in
                aiccu)
                        append cfgs_sections "$cfg_name" "$N"
                ;;
        esac
}

start() {
        config_load aiccu
        for cfgs_section in $cfgs_sections; do
                config_get username $cfgs_section username
                config_get password $cfgs_section password
                config_get server $cfgs_section server
                config_get protocol $cfgs_section protocol
                config_get interface $cfgs_section interface
                config_get tunnel_id $cfgs_section tunnel_id
                config_get_bool requiretls $cfgs_section requiretls 0
                config_get_bool defaultroute $cfgs_section defaultroute 1
                config_get_bool nat $cfgs_section nat 1
                config_get_bool heartbeat $cfgs_section heartbeat 1
                mkdir -p /tmp/run
                echo "username $username" > /tmp/run/aiccu-${cfgs_section}.conf
                echo "password $password" >> /tmp/run/aiccu-${cfgs_section}.conf
                [ -n "$server" ] && \
			echo "server $server" >> \
					/tmp/run/aiccu-${cfgs_section}.conf
                [ -n "$protocol" ] && \
			echo "protocol $protocol" >> \
					/tmp/run/aiccu-${cfgs_section}.conf
                [ -n "$interface" ] && \
			echo "ipv6_interface $interface" >> \
					/tmp/run/aiccu-${cfgs_section}.conf
                [ -n "$tunnel_id" ] && \
			echo "tunnel_id $tunnel_id" >> \
					/tmp/run/aiccu-${cfgs_section}.conf
                [ "$requiretls" = "1" ] && \
			echo "requiretls true" >> \
					/tmp/run/aiccu-${cfgs_section}.conf
                [ "$defaultroute" != "1" ] && \
			echo "defaultroute false" >> \
					/tmp/run/aiccu-${cfgs_section}.conf
                [ "$nat" = "1" ] && \
			echo "behindnat true" >> \
					/tmp/run/aiccu-${cfgs_section}.conf
                [ "$heartbeat" != "1" ] && \
			echo "makebeats false" >> \
					/tmp/run/aiccu-${cfgs_section}.conf
                echo 'daemonize true' >> /tmp/run/aiccu-${cfgs_section}.conf
                echo "pidfile /var/run/aiccu-${cfgs_section}.pid" >> \
					/tmp/run/aiccu-${cfgs_section}.conf
		# Be nice, respect the TIC
                until ping -q4c2 $server > /dev/null 2>&1; do sleep 1; done
                ntpclient -sh pool.ntp.org || exit 1
                aiccu start /tmp/run/aiccu-$cfgs_section.conf
        done
}

stop() {
        config_load aiccu
        for cfgs_section in $cfgs_sections; do
                aiccu stop /tmp/run/aiccu-$cfgs_section.conf
        done
}

Modification here is endless ping towards TIC before starting the tunnel. This was done due to specifics of my wan connectivity - there's a delay for all my wan trackt to settle, hence this validation.

Sun Feb 21 18:16:34 2010 Upd.: Sat Feb 9 14:51:15 2013
With to comment
 
 
© ruff 2011