1 (edited by hnyman 2014-04-16 16:00:11)

Topic: IPv6 oriented Openwrt build for WNDR3700/WNDR3800

I have built a rather minimalistic IPv6 oriented build for WNDR3700/WNDR3800 focusing just on the features I need. This is pretty much the basic IPv6 enabled router setup matching the WNDR3700 hardware without additional fancy stuff.

Download location:
I have moved the WNDR3700 firmware downloads to Dropbox.
Download site: https://www.dropbox.com/sh/t52c02rm20y8x9p/khFGAJu3gc
Short link: http://db.tt/4FM5if8e

Currently I am building both the stable Attitude Adjustment 12.09 version and the bleeding edge Trunk "Barrier Breaker" version. Development for Backfire 10.03 has stopped, so I am not building it any more.

Current version:
- Attitude Adjustment 12.09 r40423  (with new ipv6 support modules since 36750)
- Trunk / Barrier Breaker r40521

Documentation for the current ipv6 configuration can be found at http://wiki.openwrt.org/doc/uci/network6

Luci GUI contains my own patches for showing the WPS button setting and informing about the reset functionality.

Full configuration and source code diffs included, in case somebody wants to utilize info in own builds.

(I only upload the versions to the FTP server after flashing my own router, so the build has at least that much quality assurance process.)

Features included:
- USB storage automounting
- Support for various file systems to enable most drives. (ext2/3/4, FAT, NTFS, HFS+, CIFS/SMB)
- WiFi button works to toggle Wifi on or off  (/etc/hotplug.d/button/10-radio-toggle)
- WPS button works to enable automatic Wifi-authentication with WPS-enabled devices (/etc/hotplug.d/button/50-wps) /etc/config/wireless wps_pushbutton setting controllable from Luci
- Reset button works
- IPv6: tunnel support for 6in4, 6to4, 6rd and Aiccu included in the build.
- Version information: Luci interface shows the correct build SVN revision as "OpenWrt Barrier Breaker r36500". (https://forum.openwrt.org/viewtopic.php?id=28006)
- QoS for traffic control (package included, but initially disabled, as max speed needs to be set according to WAN connection speed)
- DynDNS support added, both the scripts package itself and also LuCI for DynDNS config
- VSFTPD FTP server package (access initially disabled by "local_enable=NO" in vsftpd.conf)
- Wake-on-LAN (WOL) LuCI module
- Nano text editor
- Support for EFI/GUID partitions
- SSL support for LuCI
- ccrypt package included for file encryption
- r31244: added support to Dnsmasq for host-specific lease times for static dhcp leases
- r33212: usb-modeswitch added for 3G modems
- r34245: lzma compression dictionary size decreased to keep the image bootable
- r34423: kmod-fs-cifs included
- r35964: added script helping to reinstall add-on packages after sysupgrade.
                See /etc/reinstall-packages.sh
- r36246: TLS/SSL support added for VSFTPD
- r36377: kmod-ipt-nathelper-rtsp included
- r36467: iptables-mod-ipsec (and kmod-ipt-ipsec)  included
- r36750AA: Also AA switched to use new ipv6-support modules instead of radvd
- r38237: trunk gcc compiler options reverted to improved defaults (34kc instead of generic mips32r2)
- r38456: build environment tweaked: attitude and trunk separated, and Luci included as a feed. Explanations in https://forum.openwrt.org/viewtopic.php?pid=215166#p215166
- r39183 trunk: WPS pin code set to the original value given by Netgear in the label at the router's bottom
- r39350: GNU wget and hfsplus file system support added
- r39670AA: he.net 6in4 tunnel login fix from 39646 backported to AA12.09
- 39930AA: trunk wifi drivers backported to AA (r39927 & r39928)
- r40015: trunk collectd 5.4.1 (Luci statistics)
- r40295: logread/logsize bug 15357 should now be fixed
- r40300: reverted back to use log_size options, as it has support is luci and the new logd now supports it

Note: As I have been building my version with standard kernel options, the Attitude Adjustment 12.09 and trunk snapshot modules should be compatible with my builds, in case somebody wishes to add modules to my build.


---- Instructions for re-creating my build environment are in the next message ----

2 (edited by hnyman 2014-03-09 13:39:52)

Re: IPv6 oriented Openwrt build for WNDR3700/WNDR3800

Instructions how to re-create my build environment in Ubuntu x64
Updated in October 2013 to reflect the current process that I used with Ubuntu 13.10

Since r34827 my firmware release contains also a script to re-create my full build environment in a few minutes.

Since r38450 (18 Oct 2013) the creation script handles trunk and Attitude Adjustment separately and only builds the environment for one of them. The creation script also handles more steps automatically. In a nutshell the needed steps are:
- Create /Openwrt and make it writable by your normal user account
- Download from my newest firmware the buildscripts.txt file and the three *.patch files to /Openwrt
- Execute buildscripts.txt. It unpacks all the other scripts
- Edit newOpenwrtBuildroot.sh: select either trunk or attitude, and adjust the three patch names. Make sure that you have download the correct patches (either trunk or attitude)
- Run newOpenwrtBuildroot.sh. It creates the complete build environment
- Build firmware with updateNmake.sh

More detailed explanation of the steps in the build environment creation process :

  1. Create the directory /Openwrt to your buildhost. chown/chmod that directory to be writable by your normal user account. (If you want to use another root directory you need to modify scripts, as almost all of them reference to the buildroot directory with an absolute path. Buildroot is either /Openwrt/trunk or /Openwrt/attitude)

  2. Download the "buildscripts.txt" file from my newest firmware build package to /Openwrt
    2b) chmod "buildscripts.txt" to be runnable

  3. Run the script "buildscripts.txt" to extract all the other scripts.
    3b) make a work-copy of "newOpenwrtBuildroot.sh" to be edited with the patch names (so that the original stays intact for future use)
    3c) chmod the work-copy of "newOpenwrtBuildroot.sh" to be runnable

  4. Download the firmware's patch files (-openwrt.patch, -packages.patch, -luci-xxx.patch). Note that the trunk build environment needs the trunk patches, and correspondingly the Attitude environment needs the attitude patches.
    4b) Verify that the to-be-run work-copy of "newOpenwrtBuildroot.sh" has the correct patch names

    • The commands needed to apply the patches are at the end of "newOpenwrtBuildroot.sh", but the filenames need to be modified to match the firmware's date stamp. The script saving script should have set the patch names correctly, but verify that. The -openwrt.patch contains also the device profile recipe ".config.init" with all the needed package selections.

  5. Select either trunk or Attitude Adjustment to be the targeted version by editing the work-copy of "newOpenwrtBuildroot.sh". Uncomment the corrent definitions, found in the early part of the file.

  6. Run "newOpenwrtBuildroot.sh". It installs the needed prerequisite packages to Ubuntu, creates trunk or attitude svn repositories and downloads the sources, patches them and also tries to set svn additions as well as chmods the expected script files to be runnable.

    • If you set the patch names correctly at the patch command lines in"newOpenwrtBuildroot.sh", the sources will get patched by the script. Main Openwrt source needs to be patched first, as that patch contains the possible changes to feeds.conf.defaults. Then it updates the packages and luci feeds, patches the feed files and finally install the packages from feeds with "/Openwrt/trunk/scripts/feeds install -a".

  7. Add the new files added by the patches to svn tracking. The script has commands for the "files" directory & ".config.init", but you should check if there are other unknown files added by the patches. The script tries to automatically include the noticed new files created buy the patches. (My scripts *.sh can be added, but I handle them separately with the buildscripts collection.) Note: this should be done automatically by the script, but verify it. Additionally, if you try to run the script several times, it may add unnecessary files into svn tracking.

  8. Also check the attributes of the possible script files added by the patches and chmod them executable, if needed. e.g. /etc/reinstall-packages.sh and other scripts in /etc
    8b) Since the new button hotplug procd functionality also the possible button scripts in /etc/rc.button need to be runnable. (E.g. files/etc/rc.button/BTN_2)
    Note: this should be done automatically by the script, but verify it

  9. Copy the script files (*.sh)  from /Openwrt to /Openwrt/trunk (or attitude) and chmod them runnable. They are copied after the svn add sniffing so that they are not included in svn tracking. Note: this should be done automatically by the script, but verify it.

  10. Copy the possible included extra custom files that you need to <buildroot>/files . E.g. your personal settings to the included in the firmware.

Steps 7-9 should be done automatically by the script, but verify the result.

After this you should have an identical build environment as I. I have actually created my current build environment with this process ;-)

Steps in the actual firmware build process in /Openwrt/trunk:
1) Copy .config.init as the new .config to initialize the build profile:  cp .config.init .config
    ("make defconfig" will expand the recipe to a full .config . You can run that command also manually.)
2) Do the actual make: ./updateNmake.sh
3) transfer files from bin/ar71xx to wherever you need them. I use a script:  ./mountNcopy.sh

Example of the commands I used with Ubuntu 13.04: https://forum.openwrt.org/viewtopic.php?pid=199844#p199844

Explanation of the scripts:

  • updateNmake.sh is the main build script

  • createbuildinfo.sh creates easily transferable firmware release package and is called at the end of updateNmake.

  • newOpenwrtBuildroot.sh is the build environment creation script

  • Other scripts (versionT, singlecompile, kernelcompile, copypackages2tmp) are just helpers. versionT is useful if one wants to revert everything back to "3 days ago" situation when debugging...

All those scripts will get to be included in the "buildscripts.txt" file, which is a self-expanding script.

3 (edited by hnyman 2012-12-21 17:08:03)

Re: IPv6 oriented Openwrt build for WNDR3700/WNDR3800

I have updated the build to r25348 with an added feature:

WiFi button:
It toggles WiFi off, it at least one radio was on. And if both radios were off, it toggles WiFi on according to the specs set in normal Wifi config.

WPS button:
If you have a WPS-enabled network device (like a modern USB dongle) supporting Wi-Fi Protected Setup (WPS), you can initiate WPS authentication by pushing the similar WPS button on the device (or launching if by software). After the device has initiated the authetication process, you can accept the call with the WPS button on WNDR3700. The connection should then get negotiated. Using the button requires small editing of /etc/config/wireless. See explanation here: https://forum.openwrt.org/viewtopic.php?pid=127010#p127010
(For builders: using WPS authentication requires changing the 'wpad-mini' package to 'wpad' and 'hostapd-utils'.)

This matches pretty much the original button logic in Netgear firmware.

Control for the WPS button is now included in Luci interface in my build.

If anybody else wants to add the patch to their Luci source (if they have Luci source):
I have created a ticket with patch out it, so it might get into the official Luci build at some point.
http://luci.subsignal.org/trac/ticket/194

Re: IPv6 oriented Openwrt build for WNDR3700/WNDR3800

Thank you very much for all your work! I've been playing around with it this evening and it seems pretty solid.

Re: IPv6 oriented Openwrt build for WNDR3700/WNDR3800

Here is the itemized list of source code changes, that was requested in Arokh's thread.

There is no list of the modules selected in menuconfig. I might do that list at some point, but right now you have to compare my .config against yours (with diff), and read the Wiki.

Like I said earlier in Arokh's thread, IPv6 is not about source code changes. Practically the only changes have been in ip6tables firewall rules, aiccu tunnel hotplug script modification and enabling IPv6 forwarding in sysctl.conf (which is already default in Kamikaze/Trunk).

The needed changes to config files not included here (e.g. for WPS button to work) have been explained in the threads referenced earlier.

Base system:
-------------

USB automounting:
Index: /Openwrt/backfire/package/block-mount/files/fstab.config

USB LED (for Backfire only):
Index: /Openwrt/backfire/target/linux/ar71xx/base-files/etc/uci-defaults/wndr3700
Index: /Openwrt/backfire/package/base-files/files/etc/hotplug.d/usb/10-usb

WPS button:
Index: /Openwrt/backfire/package/hostapd/files/wps-hotplug.sh

WiFi Button:
Index: /Openwrt/backfire/files/etc/hotplug.d/button/01-radio-toggle

Network:
---------
QoS:
Index: /Openwrt/backfire/package/qos-scripts/files/etc/config/qos

IPv6:
Index: /Openwrt/backfire/feeds/packages/ipv6/aiccu/files/aiccu.hotplug
Index: /Openwrt/backfire/package/base-files/files/etc/sysctl.conf
Index: /Openwrt/backfire/package/firewall/files/firewall.user

WPS button Luci user interface (separate Luci source code):
--------------------------------------------------------------
Index: /Openwrt/backfire/feeds.conf.default
Index: /Openwrt/luci/branches/luci-0.10/contrib/package/luci/Makefile
Index: /Openwrt/luci/branches/luci-0.10/modules/admin-full/luasrc/model/cbi/admin_network/wifi.lua

Personal preferences (not needed for general build):
------------------------------------------------------
Index: /Openwrt/backfire/feeds/packages/net/ntpclient/files/ntpclient.config
Index: /Openwrt/backfire/scripts/getver.sh
Index: /Openwrt/backfire/package/base-files/files/etc/openwrt_release
Index: /Openwrt/backfire/package/base-files/files/etc/config/system
Index: /Openwrt/backfire/package/base-files/Makefile
Index: /Openwrt/backfire/files/etc/compiled_by.txt

Re: IPv6 oriented Openwrt build for WNDR3700/WNDR3800

This works pretty well, except I can't get native IPv6 working. Is there anything that might preventing this? I noticed some tunnel-specific firewall rules in place, however adding one for eth1 did not make a change.

Setting the gateway route manually via ssh did allow IPv6 working both to lan and internet from the router (it was set in Luci, wonder if it propagated as it should have?). However, it does not route any IPv6 traffic from lan - the router can be pinged, but thats all.

Re: IPv6 oriented Openwrt build for WNDR3700/WNDR3800

@Unksi:
make sure that you have the default route set up correctly.

At least the 6in4 tunnel script explicitly sets the default route. I am not sure how well it gets set with native Ipv6 connectivity.

How do you get your subnet? DHCPv6 in use? Stateless autoconfig from ISP's router?

Re: IPv6 oriented Openwrt build for WNDR3700/WNDR3800

The default route is set like this manually:
::/0                                        2001:1bc8:102:xxx::1                   UG    1024   472       0 eth1

After this was set up, ping6 ipv6.google.com started working from the router. No effect on the workstations though.

The subnet is configured by hand, though I have noticed that my ISP does have autoconfig as well. I am using radvd on the router for my lan.

9 (edited by hnyman 2011-02-04 19:44:56)

Re: IPv6 oriented Openwrt build for WNDR3700/WNDR3800

Unksi wrote:

After this was set up, ping6 ipv6.google.com started working from the router. No effect on the workstations though.

The subnet is configured by hand, though I have noticed that my ISP does have autoconfig as well. I am using radvd on the router for my lan.

I would guess that you need to edit your WAN interface settings by hand (if you are using Backfire build).

There is a bug in Luci that I have reported (and which was fixed in Luci trunk a week ago), but has not yet been fixed in Luci 0.10 used in Backfire. Hopefully devs backport that change to 0.10 also. http://luci.subsignal.org/trac/ticket/192

Luci sets 'defaultroute' '0' statement to all interfaces it sees (you visit that interface's settings), and you need that as 'defaultroute' '1' for IPv6 radvd to work (unless you provide route in radvd settings by hand).

You might check your /etc/config/network and change WAN interface to offer defaultroute 1. Check it.

Re: IPv6 oriented Openwrt build for WNDR3700/WNDR3800

Not sure if you have the time - but might you try and integrate Comcast's DSLite/6RD software?

11 (edited by hnyman 2011-02-05 17:39:00)

Re: IPv6 oriented Openwrt build for WNDR3700/WNDR3800

@phongn:
I will look into it, although I have no way in testing Comcast's solutions.
And the Sourceforge link seems to lead into a full OpenWrt buildroot. No point for me.
If it looks like there is just info about enabling it in normal Openwrt, then there might be something to include.

But Comast had a nice link to an IPv6 test: http://test-ipv6.com/
(I am getting 9/10 for IPv6... losing one point as my ISP has no DNS server in IPv6 address space.)

EDIT:
At first glance it looks like 6rd is based on 6to4. You might be able to config it by installing the 6to4 package in OpenWrt.

12

Re: IPv6 oriented Openwrt build for WNDR3700/WNDR3800

hnyman wrote:

At first glance it looks like 6rd is based on 6to4. You might be able to config it by installing the 6to4 package in OpenWrt.

Not yet unfortuantely. 6RD is basically 6to4 with the relay server manually specified instead of using the fixed anycast address 192.88.99.1.
Also the prefix can be freely choosen (by the ISP) compared to the fixed 2002::/16 prefix defined for 6to4.

13 (edited by hnyman 2011-02-06 00:39:46)

Re: IPv6 oriented Openwrt build for WNDR3700/WNDR3800

I have updated a new r25370 version of my 'trunk' build to the FTP server.
I am currently running that trunk version myself for finding out the possible differences in configurations between Backfire and trunk.

I have noticed one noteworthy difference:
- button names are different. WPS button in Backfire is 'BTN_1', while in trunk it is 'wps'. That was discussed earlier today in another thread, and I had to find out by myself ;-) I added the correct info also to the WNDR3700 Wiki article.

USB LED definition is already there in trunk, so not need to patch /etc/config/system for trunk
Hopefully it gets patched in Backfire at some point...  https://dev.openwrt.org/ticket/8785

One strange effect, caused by the firewall:
System log shows firewall-related error during boot, which errors look like firewall has tried to apply some additional iptables rules to the IPv6 ip6tables. I determine that from the chain names, which are shown in the error messages

Feb  5 22:36:57 OpenWrt user.info sysinit: ip6tables: No chain/target/match by that name.
Feb  5 22:36:57 OpenWrt user.info sysinit: ip6tables v1.4.10: Couldn't load target `zone_lan':File not found
Feb  5 22:36:57 OpenWrt user.info sysinit: Try `ip6tables -h' or 'ip6tables --help' for more information.
Feb  5 22:36:57 OpenWrt user.info sysinit: ip6tables v1.4.10: Couldn't load target `zone_lan_forward':File not found
Feb  5 22:36:57 OpenWrt user.info sysinit: Try `ip6tables -h' or 'ip6tables --help' for more information.

That might be caused by my own rules in /etc/firewall.user, that empty the existing built-in chains first.
Probably I will need to delete my own rules for a while and see how they need to be adapted to the current default rules in Trunk.

Backfire was changed two days ago to use that same firewall (with r25353), right after I had made my previous Backfire build... Possibly I need to generate a new IPv6 ruleset also for Backfire, or possibly/hopefully the default rules might play out well.

EDIT:

Yep, Trunk's current IPv6 firewall seem to have decent default ip6tables rules. I mostly commented out my own rules as unnecessary. Trunk version bumped to 25378 and includes only minimal ip6tables rules additions from me.

Re: IPv6 oriented Openwrt build for WNDR3700/WNDR3800

hnyman wrote:
Unksi wrote:

After this was set up, ping6 ipv6.google.com started working from the router. No effect on the workstations though.

The subnet is configured by hand, though I have noticed that my ISP does have autoconfig as well. I am using radvd on the router for my lan.

I would guess that you need to edit your WAN interface settings by hand (if you are using Backfire build).

There is a bug in Luci that I have reported (and which was fixed in Luci trunk a week ago), but has not yet been fixed in Luci 0.10 used in Backfire. Hopefully devs backport that change to 0.10 also. http://luci.subsignal.org/trac/ticket/192

Luci sets 'defaultroute' '0' statement to all interfaces it sees (you visit that interface's settings), and you need that as 'defaultroute' '1' for IPv6 radvd to work (unless you provide route in radvd settings by hand).

You might check your /etc/config/network and change WAN interface to offer defaultroute 1. Check it.

I am using the latest trunk version (just updated, still no change). The defaultroute setting does not help on it, and neither does setting the route from radvd either. I have set the settings manually for WAN interface.

With the newest version the IPv6 does not work to the public internet even with the manually forced route set - does work after turning off the firewall though, still without routing. Will fiddle around with it when I have more time to pin down the rule which may cause it.

Re: IPv6 oriented Openwrt build for WNDR3700/WNDR3800

Although this thread was name as Backfire-related, I have been running trunk for the last day, polishing my build for trunk.

Trunk version at has been bumped to r25382. http://koti.welho.com/hnyman1/Openwrt/
(I have not uploaded a new Backfire build, as the firewall v2 has been impelemented after I last time flashed Backfire. I need to check that everything works ok.)

Full config & source file diffs included, including Luci changes.

There are several enhancements in Kamikaze/trunk:
-Polished IPv6 firewall settings
-Better version display in Luci
-Smart Reset button to return the router to default settings


Explanations:

IPv6:

The trunk firewall v2 seems to have pretty similar default rules as IPv4 firewall. They are ok without modifications. Although there is no special need to include a /etc/firewall.user any more with trunk, I have still have one.
My build includes additional rules doing the following:
- commented-out iptables command to always enable tunnel-provider's IPv4 contacts. Needed for SixXS static tunnels.
- rule for dropping rh0 routing header packets
- commented-out model rule for allowing incoming traffic tto port X. There is no NAT in basic ipv6, so no port-forward, but you have to open the firewall for the desired incoming port X, if you want.
- additionally, commented-out, a full rule set for starting ip6tables without any default rules.


Better version display in Luci:

Kamikaze/trunk and Luci trunk seem to have a mechanism for better version display than the default, but that mechanism is left unused. The default seems to be that SVN version number is only bumped up when Luci is rebuilt. If there are no changes to Luci or the user does not update feeds before compiling, he may end up with old SVN r_number being displayed.

Both Backfire and Kamikaze/trunk enable the functionality, where Luci reads the correct version string from /etc/openwrt_release. But for some reason, that file is not included in default Kamikaze/trunk. I have added that missing file also to my Kamikaze/trunk build, which now always shows the correct SVN revision based on SVN head. 'Base-files' package's Makefile has been modified to add the revision to /etc/openwrt_release.  (Additionally, it might be the 'packages' feed files instead of Backfire or Kamikaze/trunk files that have changed latest, so it is best to use the global SVN head revision. My modified getver.sh takes care of that.)

Version displayed for me: "OpenWrt Kamikaze/trunk SVN (r25382)"

References:
https://dev.openwrt.org/changeset/20659
http://luci.subsignal.org/trac/changeset/6016


Buttons:

I have restructured my button files and added support for a smart reset button.

I hated the approach that you have to press the reset button for at least X seconds. The reset button is so well hidden in a hole in the bottom of the router, that I have no wish to try to press it for 10 seconds etc. So I figured out something else:

WNDR3700 has many buttons and many LEDs. I designed a smart reset button script, that requires you to first press 'reset' in the bottom of the router, and then during the next 20 seconds to press the WPS button. The time period is indicated by a flashing the WPS LED.

Additionally, Luci has been modified to explain this functionality to the user on the Backup/restore/reset page in the System section of Luci. The following explnation is shown:

This router's firmware has been modified to support the 'reset' button located in the bottom of the WNDR3700. If you press the 'reset' button, the WPS LED starts to blink for the next 20 seconds. If you press 'WPS' button during that time, the router resets itself to the initial settings (by removing the jffs partition completely and thus reverting to the original configuration files included in the firmware). If you want to disable this reset feature, delete files '/etc/hotplug.d/button/05-reset' and '/sbin/blink_wps_20' .

The reset script works by first monitoring the reset button itself. If the button is pressed, then the script launches the WPS LED blinking process that has two functions:
- it runs for 20 seconds blinking the WPS LED every second
- it acts as a "reset enabled" flag for the reset script that also monitors WPS button. The existence of the flag process is evaluated when the WPS button pressed event is noticed.

If the script then notices that the WPS button is pressed during the period when that flag process is running (and LED is blinking), it restores the device to default firmware settings by deleting the jffs partition containing the modified config files, by running 'firstboot' and then 'reboot'. I am not 100% sure, if 'firstboot' is the 100% correct process for this, but it seems to work. I tested, it works. User returns to the situation after flashing firmware without saving config files.

This is not useful if the system is completely screwed and has crashed, but it might help if you forget password or otherwise lock yourself out of the router e.g. with disabling network interfaces.

The reset script is '/etc/hotplug.d/button/05-reset' and the blinking/flag script is '/sbin/blink_wps_20'. I made the script compatible with both Backfire and Trunk by using both button names for the buttons.

Note: The same approach could be used also for other routers with several buttons & LEDs.

The new '01-log-button-action' hotplug just records all button actions to system log, that can be seen both from Luci and from the console with the  'logread' command.

Additionally, I modified other button scripts too. Currently there are 4 button scripts and the flag helper script:
/etc/hotplug.d/button/01-log-button-actions  : log all button activities, good for finding out what happens
/etc/hotplug.d/button/05-reset  : Functionality for Reset button
/sbin/blink_wps_20  : Helper script for Reset (blink & flag), needs to be executable, chmod +x
/etc/hotplug.d/button/10-radio-toggle  : WiFi button functionality
/etc/hotplug.d/button/50-wps  : WPS button's normal functionality.

(I have added the other files to the build using /files sub-directory in buildroot, but 50-wps alrady exists in feeds/packages 'hostapd', so I have modified source there.)

/etc/hotplug.d/button/01-log-button-actions

#!/bin/sh
logger "Button '$BUTTON' was '$ACTION'"

/etc/hotplug.d/button/05-reset

#!/bin/sh

# RESET button is 'reset' in trunk, 'BTN_0' in Backfire
# WPS button is 'wps' in trunk, 'BTN_1' in Backfire

if [ "$ACTION" = "pressed" ] && [ "$BUTTON" = "reset" -o "$BUTTON" = "BTN_0" ]; then
  logger "RESET button: status active for 20 seconds"
  #launch reset flag process and blink WPS LED for 20 seconds
  /sbin/blink_wps_20 &
fi

if [ "$ACTION" = "pressed" ] && [ "$BUTTON" = "wps" -o "$BUTTON" = "BTN_1" ]; then
  ps | grep -v grep | grep blink_wps
  if [ $? == 0 ] ; then
    # blinking reset flag process still alive, reset is possible
    logger "WPS button when reset flag is active: go for RESET"
    # RESET action here
    firstboot && reboot &
  else
    logger "WPS button when no reset flag, no reset action"
  fi
fi

/sbin/blink_wps_20   (Note: needs to be executable, chmod +x )

#!/bin/sh
# remember to chmod this file runnable
a=0
while [ "$a" -lt 10 ]
do
        echo "255" > /sys/devices/platform/leds-gpio/leds/wndr3700:green:wps/brightness
        sleep 1
        echo "0" > /sys/devices/platform/leds-gpio/leds/wndr3700:green:wps/brightness
        sleep 1
        let "a += 1"
done

/etc/hotplug.d/button/10-radio-toggle

#!/bin/sh 
if [ "$BUTTON" = "BTN_2" ] && [ "$ACTION" = "pressed" ]; then
    if [ -d /var/run/hostapd-phy0 -o -d /var/run/hostapd-phy1 ]; then
        logger "WiFi button used: WiFi down"
        /sbin/wifi down
    else    
        logger "WiFi button used: WiFi up"
        /sbin/wifi up
    fi
fi

/etc/hotplug.d/button/50-wps

if [ "$ACTION" = "pressed" -a "$BUTTON" = "wps" ]; then
        logger "WPS button pressed, looking for active radios"
        echo "255" > /sys/devices/platform/leds-gpio/leds/wndr3700:green:wps/brightness
        for dir in /var/run/hostapd-*; do
                [ -d "$dir" ] || continue
                logger "WPS activated for: $dir"
                hostapd_cli -p "$dir" wps_pbc
        done
        sleep 10
        echo "0" > /sys/devices/platform/leds-gpio/leds/wndr3700:green:wps/brightness
fi

Re: IPv6 oriented Openwrt build for WNDR3700/WNDR3800

hnyman wrote:

@phongn:
I will look into it, although I have no way in testing Comcast's solutions.
And the Sourceforge link seems to lead into a full OpenWrt buildroot. No point for me.
If it looks like there is just info about enabling it in normal Openwrt, then there might be something to include/

The guys out in this thread seem to indicate that some of the changes might not be too hard (package ISC DHCP, ipv6tunnel, sipcalc and ensure 6RD and dslite are enabled in the kernel). Do you have a repository for your own branches that might be testable?

Re: IPv6 oriented Openwrt build for WNDR3700/WNDR3800

Back on the Backfire track: version bumped to r25407. http://koti.welho.com/hnyman1/Openwrt/

The firewall in Backfire has really been upgraded in r25353 to use the same firewall_v2 as Kamikaze/trunk.

In practice this means that neither in Backfire nor in Kamikaze/trunk any special ip6tables rules are currently needed for basic IPv6 connectivity, if you have a "normal" tunnel config.

You only need rules for
- making sure that tunnel stays up (possibly an IPv4 iptables rule)
- possibly allowing incoming packets to port X to get forwarded for those ports you want to open. The correct 'chain' in ip6tables to add the rule seems to be 'forwarding_rule'.

I have thus removed most the rules from /etc/firewall.user and left only the rules explained in my message last Sunday.

However, I have left the old rules for information purposes to a new file /etc/old.firewall.user , which has no actual config meaning. These rules provide a complete basic ruleset, should anybody like to start from scratch with ip6tables.

Both Backfire and Kamikaze/trunk builds have been updated regarding this.


(And the reset button routine works nicely also in Backfire, as expected.)

Re: IPv6 oriented Openwrt build for WNDR3700/WNDR3800

@phongn - I have OpenWRT trunk up and running using a Comcast 6to4 tunnel.

To do this I,

Installed the radvd, ip6tables, and 6to4 packages with opkg.

Created a wan6 interface, set it to be 6to4, and assigned it to the wan firewall zone.
Had it advertise on the lan.
-- This can be done through Luci.

I enabled RADVD on the LAN interface. All defaults.
I enabled a RADVD prefix on the LAN interface. All defaults.
I enabled RDNSS on the LAN interface. All defaults.
-- This can also be done in Luci, and the defaults will pick up your wan6 settings.

I made sure to edit the /etc/config/network file and change the config option 'defaultroute' to '1' under the wan6 interface after I was done in Luci.

That was it. After I did all this, I had a public ipv6 address wan6, and global ipv6 addresses for everything on the lan in addition to their link local addresses.

I didn't have to enter any custom ipv4 or ipv6 firewall rules. The defaults seem to be fairly locked down, and I have no problems keeping the tunnel up 24/7.  I did an ipv6tables --list before and after the suggested rules here and in other places, and the defaults seem to do the right thing. I also noticed that Luci shows things for like "enabled for IPV4 and IPV6 families" on the echo/icmp rule, for instance.

Another note: I've seen a number of places saying to change the MTU to 1280 for tunnels. If I did that on either the wan6 interface or in RADVD, I could not use the Comcast tunnel. The default 1500 MTU seems to be the only thing that works.

Re: IPv6 oriented Openwrt build for WNDR3700/WNDR3800

Basker wrote:

@phongn - I have OpenWRT trunk up and running using a Comcast 6to4 tunnel.

I also have the OpenWRT 6to4 tunnel up! I was looking to experiment with 6RD and possibly DSLite (I am part of Comcast's IPv6 trials).

20 (edited by hnyman 2011-02-13 00:03:26)

Re: IPv6 oriented Openwrt build for WNDR3700/WNDR3800

I have updated both Backfire and trunk versions to r25489.

No major changes during this week, but I noticed that you can disable the debug output functionality in wpad = hostapd, which act can decrease the size of the hostapd application by over 200 kB (from 800 kB to 580 kB) and even the size of the compressed squashfs image by 100 kB.

This applies both to Trunk and Backfire, and both to wpad-mini and wpad-full:
Check the config files hostapd-full.config and wpa_supplicant-full.config in  /package/hostapd/files/:
The option line about disabling debug output is commented for some reason:
#CONFIG_NO_STDOUT_DEBUG=y

Uncommenting that line makes the hostapd to get built without part of the debug functionality, which is rather unnecessary for us basic users. I have so far disabled the debug from my Backfire image and didn't notice any side effects.

I just wonder, why this debug has been left as the default to hostapd/wpad packages.

(EDIT: additionally, I have built Backfire using Luci trunk, so that it includes the new status screen.)

Re: IPv6 oriented Openwrt build for WNDR3700/WNDR3800

Good tip, thx smile

Re: IPv6 oriented Openwrt build for WNDR3700/WNDR3800

Hallo, I have a couple of questions:
  What do you need for basic IPv6 support? Only "kmod-ipv6" | 156 851 Bytes | Kernel modules for IPv6 support |?
  How can you disable IPv4 support?  (I guess only possible when you compile yourself)

  Where can I read about Dual-Stack-Operation?
  When I obtained an IPv6 /64-Block from my ISP, how can I test everything?
  What about privacy?

Re: IPv6 oriented Openwrt build for WNDR3700/WNDR3800

Orca wrote:

What do you need for basic IPv6 support? Only "kmod-ipv6" | 156 851 Bytes | Kernel modules for IPv6 support |?
  How can you disable IPv4 support?  (I guess only possible when you compile yourself)

  Where can I read about Dual-Stack-Operation?
  When I obtained an IPv6 /64-Block from my ISP, how can I test everything?

A few more packages are needed than just kmod-ipv6:
opkg install kmod-ipv6 radvd ip kmod-ip6tables ip6tables 6in4

And as most ISPs do not offer IPv6 services yet, you need a tunnel from a provider. Hurricane Electric (HE) and SixXS offer free tunnels.
http://tunnelbroker.net/
http://www.sixxs.net/main/

I just followed the guidelines in Wiki...
...both here and SixXS, from where I have the IPv6 6in4 tunnel. I had used the same tunell with my D-Link DIR-615C1, which offered tunnel support, so I had the basics already.

As the steps were not that clear and so well documented, I wrote guidelines how to do it. The story has links to the relevant Wiki articles, and I have improved some of the Wiki articles myself:
https://forum.openwrt.org/viewtopic.php?id=27541

Re: IPv6 oriented Openwrt build for WNDR3700/WNDR3800

hnyman wrote:
Orca wrote:

What do you need for basic IPv6 support? Only "kmod-ipv6" | 156 851 Bytes | Kernel modules for IPv6 support |?
  How can you disable IPv4 support?  (I guess only possible when you compile yourself)
  Where can I read about Dual-Stack-Operation?
  When I obtained an IPv6 /64-Block from my ISP, how can I test everything?

A few more packages are needed than just kmod-ipv6:
opkg install kmod-ipv6 radvd ip kmod-ip6tables ip6tables 6in4

And as most ISPs do not offer IPv6 services yet, you need a tunnel from a provider. Hurricane Electric (HE) and SixXS offer free tunnels.

But let's say, I do not need any tunnel or whatsoever. I want to use dual-stack or even IPv6-single stack ;-) kmod-ipv6 should suffice? Also, as long as I do not want to configure routes, I shouldn't need "ip".



hnyman wrote:

As the steps were not that clear and so well documented, I wrote guidelines how to do it. The story has links to the relevant Wiki articles, and I have improved some of the Wiki articles myself:
https://forum.openwrt.org/viewtopic.php?id=27541

Yes, Thank You!

Re: IPv6 oriented Openwrt build for WNDR3700/WNDR3800

I recommend getting a sixxs tunnel. If you are running trunk, all that's needed is configuring the aiccu client and optionally radvd.