Last weekend I got IPv6 working on my US$60 router, allowing all my machines here to talk IPv6 to the outside world. That includes an Ubuntu Linux server, 4 PCs and one Mac.

The biggest incentive for upgrading to IPv6 is the fact that at the current pace we’ll run out of (IPv4) IP addresses in about two years. These are the unique host addresses (usually written in dotted decimal format like 209.85.171.100) that identify client and server computers on the Internet. The newer IPv6 standard that replaces 32-bit addresses with 128-bit addresses will forever take care of this shortage. It will also do away with the primary need for Network Address Translation (NAT) which has been a big headache for voice over IP (VoIP) and other peer to peer applications.

However, over a decade after the introduction of the newer standard (in 1997), uptake is still slow. Many ISPs still don’t support IPv6 and neither does a lot of the equipment used at homes and offices. This is gradually starting to change. IPv6 is an integral part of modern operating systems such as Linux, Mac OS X, Windows 7, Windows 2008 Server, Windows Vista, Windows 2003 Server and Windows XP (where it’s optional).

If your ISP does not support IPv6, you can still use it by employing the services of a tunnel broker, which gives you IPv6 connectivity over an IPv4 tunnel. This lets you test your software with the new APIs, though you won’t gain native IPv6 performance. If you have a static IP you can use tunnelbroker.net by Hurricane Electric, Inc. Their service is professionally run and free. Another option is SixXS, but I have not tried them.

My router is a Buffalo WHR-HP-G54, which is compatible with the Linux based open source DD-WRT firmware. Recent versions of DD-WRT have IPv6 support. My first attempt with the v24 sp1 std build which is supposed to include IPv6 was unsuccessful, but I had more luck after trying the v24 10070 crushedhat version (dd-wrt.v24-10070_crushedhat_4MB.bin). Here’s what you do:

• The following instructions assume that your WHR-HP-G54 router is running open source DD-WRT firmware. If your router is still running the default firmware, install DD-WRT v24 sp1 mini generic (SVN build 10020, 27-July-2008) on it. See my blog post on the WHR-HP-G54 with DD-WRT for detailed instructions. The WHR-HP-G54DD is a version of this router that comes with DD-WRT preinstalled.
• Go to Security / Firewall on your DD-WRT and remove the check mark on Block anonymous WAN requests (ping) so that Hurricane Electric can verify your router exists by pinging it.
• Go to www.tunnelbroker.net and sign up for an account. Then log in and go to Create a Regular tunnel. You’ll need to enter your static IP, which will be conveniently displayed. You have a choice of tunnel endpoints. Pick one that has a short ping time from where you are. Make a note of all the details of the tunnel that is created. You will need to enter some of these details on your router, in particular these:
  • Server IPv4 address
  • Server IPv6 address
  • Routed /64
• Read crushedhat’s description of how to configure the router with his firmware, which should work with most Broadcom-based DD-WRT-compatible routers.
• I’m assuming you have updated the firmware of your router before and know the usual caveats about “bricking” your router if anything goes wrong. I won’t be responsible for that. 😉 I went from the factory Buffalo firmware to v24 sp1 mini to v24 sp1 std to v24 sp1 mini to v24 crushedhat 10070, with no problems, but your mileage may vary. I downgraded from v24 sp1 std (4 MB) to v24 sp1 mini (2 MB) “just in case” before flashing crushedhat’s std (4 MB) build. I did not opt to reset the NVRAM to factory defaults.
• Download a copy of the v24 crushedhat 10070 build and save it on your hard disk. Use a computer with a wired connection to the router, not WLAN for the firmware upgrade. Go to Administration / Firmware Upgrade and select the dd-wrt.v24-10070_crushedhat_4MB.bin file. Click the upgrade button. Don’t touch anything until after the router has reset and is running the new firmware.
• Go to Administration / Management and check Enable for IPv6 and Radvd enabled. Then paste the following into the Radvd config box:
  

  interface br0
  {
  AdvSendAdvert on;
  prefix 2001:470:YYYY:YY::/64
  {
  AdvOnLink on;
  AdvAutonomous on;
  };
  };

  where 2001:470:YYYY:YY::/64 matches the value of “Routed /64” in the created tunnel given to you by Tunnelbroker.net:

  Server IPv4 address: 216.218.226.238
  Server IPv6 address: 2001:470:XXXX:XX::1/64
  Client IPv4 address: 219.110.159.121
  Client IPv6 address: 2001:470:YYYY:YY::2/64
  Routed /48: 2001:470:ZZZZ::/48
  Routed /64: 2001:470:YYYY:YY::/64

• Go to Administration / Commands and enter these commands, then click Save Startup:
  

  ip tunnel add he-ipv6 mode sit remote 216.218.226.238 ttl 64
  ip link set he-ipv6 up
  ip addr add 2001:470:XXXX:XX::2/64 dev he-ipv6
  ip route add ::/0 dev he-ipv6
  ip addr add 2001:470:YYYY:YY:200:00ff:fe00:0000/64 dev br0

  Replace 216.218.226.238 with Server IPv4 address from your tunnel settings, 2001:470:XXXX:XX:: with the Server IPv6 address value and 2001:470:YYYY:YY:: with the Routed /64 value.

• Go to Administration / Commands and enter these commands, then click Save Firewall:
  

  insmod ip6t_REJECT
  ip6tables -F
  ip6tables -A FORWARD -p tcp -i he-ipv6 –syn -m multiport –dports ftp-data,ftp,ssh,smtp,http,https,ntp,domain -j ACCEPT
  ip6tables -A FORWARD -p tcp -i he-ipv6 –syn -j REJECT –reject-with adm-prohibited
  ip6tables -A FORWARD -p udp -i he-ipv6 -m multiport –dports ntp,domain -j ACCEPT
  ip6tables -A FORWARD -p udp -i he-ipv6 -j REJECT –reject-with adm-prohibited

• Now it’s time to check if everything works. It may take a few minutes or one reboot for your client to obtain an IPv6 address. Here is what things should look like after that:
  

  C:\>ipconfig

  Windows IP Configuration

  Ethernet adapter Motherboard Network Connection:

  Connection-specific DNS Suffix . :
  IP Address. . . . . . . . . . . . : 192.168.100.2
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
  IP Address. . . . . . . . . . . . : 2001:470:YYYY:YY:290:feff:fe66:e237
  IP Address. . . . . . . . . . . . : fe80::290:feff:fe66:e237%6
  Default Gateway . . . . . . . . . : 192.168.100.1
  fe80::21d:73ff:fe3a:3b8c%6

  Tunnel adapter Teredo Tunneling Pseudo-Interface:

  Connection-specific DNS Suffix . :
  IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%5
  Default Gateway . . . . . . . . . :

  Tunnel adapter Automatic Tunneling Pseudo-Interface:

  Connection-specific DNS Suffix . :
  IP Address. . . . . . . . . . . . : fe80::5efe:192.168.42.2%2
  Default Gateway . . . . . . . . . :

  You can ping Google’s IPv6 servers:

  C:\>ping ipv6.google.com

  Pinging ipv6.l.google.com [2001:4860:c004::68] from 2001:470:YYYY:YY:290:feff:fe66:e237 with 32 bytes of data:

  Reply from 2001:4860:c004::68: time=307ms
  Reply from 2001:4860:c004::68: time=307ms
  Reply from 2001:4860:c004::68: time=331ms
  Reply from 2001:4860:c004::68: time=318ms

  Ping statistics for 2001:4860:c004::68:
  Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
  Approximate round trip times in milli-seconds:
  Minimum = 307ms, Maximum = 331ms, Average = 315ms

  Fire up FireFox 3 or the browser of your choice and go to http://www.kame.net/ – if the image of the turtle is dancing then you have IPv6 working. Go to http://whatismyv6.com/ to see your IPv6 address.

Good luck! 🙂