I want to use my WR841ND with OpenWRT as an IPv6 tunnel endpoint (HE Tunnelbroker) and publish the RA on the same WAN-Port that the router is connected to the internet via IPv4. I have to do it this way because I don't want all devices in the network be connected via the WR841ND, but to the main router. The WR841N should only act as tunnel endpoint and IPv6 gateway. Is this doable via Luci?
I have set it up like this currently with the very old WRT54G v1.1 on White Russian (or Kamikaze?), but that device is quite slow, so I am looking to upgrade to the spare WR841ND that I have lying around.
The WR841ND has some hope of running current OpenWrt, but LuCI may be a stretch, especially when running and consuming RAM / CPU cycles. I wouldn't expect much more than 100 mbps through it for the earlier revisions, perhaps 200 mbps "on a good day" for the later ones.
I don't want to turn off RAs, I just want to have them on the WAN interface.
I have OpenWRT already installed (Chaos Calmer) already up and running incl. Luci. Seems ok so far. 100 Mbps would be fine. The network is only Fast Ethernet anyways. It'll definitely be better than the 10-20 Mbps I'm getting with the old WRT54G.
I have not tried such a setup, but I have an idea that might work for you:
Use one of the WR841ND's LAN ports to connect it to your network, and assign the IPv6 tunnel interface to the wan zone in its firewall config.
Would it be feasible to run the tunnel endpoint on your main router instead?
It's probably a one-in-a-million (maybe even billion ) situation.
I thought about that as well when I originally set up the old Kamikaze device. However, that would mean I would not be able to connect any other devices to the box (I only have one static IPv4 that I can use, no DHCPv4 on the network, so NAT on the LAN-interface is needed).
Also, running on the main router is no option, as that device is not capable of terminating the tunnel.
I managed now to have the RA on the WAN so that clients get an IPv6, but IPv6 routing doesn't work yet. I suspect firewall. Trying to figure that out.
What's the best tool to draw a sketch of my network setup?
so I should not try this build? Yes, I have a v7 with 4/32MB.
One of the biggest challenges I think you'll face is that the old releases are from a time when IPv6 wasn't in common use. IPv6 support has improved immensely in both the kernel, as well as in the application software that support it. It may take hours of time to force an old version into (half) working.
Given that there are devices like the GL.iNet AR300M-Lite that support current firmware and have enough resources to comfortably run current releases available at under US$20, forgoing a couple coffees or beers may be a better path. Yes, that device is a single Ethernet, 2.4 GHz only device, but it will run circles around the other two devices combined, as well as likely improving your wireless over the WRT54G v1.1 and WR841N both.
Edit: There are devices at under US$40 that have multiple ports and/or 5 GHz support. I don't have personal experience with them, so I can't recommend a specific model.
You can try, but you should be aware that 4/32MB are deemed insufficient for a current up-to-date OpenWrt like 18.06.2 and that issues are to be expected, depending on your usecase. See https://openwrt.org/supported_devices/432_warning and search the forum for 432 (you will find quite a number of topics where this is discussed extensively).
Thanks jeff, but aren't we also in for the fun? And the other device, even if it can run the newest version, it will still need manual configuration for my use case as it seems, which is the most time consuming part. I had it running fine also on the 10+ years old Kamikaze on a box from 2003. Just slow and I have this other box that I want to use, instead of buying something new.
I now upgraded to LEDE (currently compiling 18 in the background) but the options still don't satisfy my needs. For some odd reason both prefixes (the /64 and the /48) get now advertised on the WAN interface, while the LAN interfaces only advertises the /48. Seems like a bug to me, cause probably noone really examined the WAN interface in his network.
Even a sketch and a cell-phone photo would be sufficient.
Though I've got three routers cracked open on my bench and am working with "pre-beta" code under Linux 4.19 on them, I don't consider working with outdated, unpatched kernels and application software "fun". Same for not having enough flash, RAM, and CPU power.
It's one thing to see what you can cram into a $10 ARM-based, BLE board that is going to run off a battery, but into a 15-year-old, Broadcom-based router with ancient 802.11 standards and closed-source driver blobs that haven't been updated in nearly as long? That can't run a current Kernel that properly supports IPv6? That's not "fun" for me.
I've probably still got 5 WRT54g units somewhere that I held onto with the thought that they'd be good for something. Between $10 ARM Cortex-M0+ boards, $20 routers, and Pi-class devices, they aren't.
ip tunnel add he-ipv6 mode sit remote 18.104.22.168 local x.x.x.19 ttl 255
ip link set he-ipv6 up
ip addr add 2001:470:xx:e8e::2/64 dev he-ipv6
ip -6 addr add 2001:470:xy:e8e::1/64 dev eth0.1
ip -6 addr add 2001:470:xxyy::1/64 dev br-lan
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
iptables -I INPUT 2 -p ipv6 -i eth0.1 -j ACCEPT
iptables -t nat -A POSTROUTING --proto ! 41 -o eth0.1 -j MASQUERADE
radvd -C /etc/config/radvd &
ip route add ::/0 dev he-ipv6