Router Flashing
This section refers to the relevant tutorials from various manufacturers, but it is said that there is a firmware called breed, which seems to make the router less likely to become bricked after flashing!
Changing the Default Mirror Source of the Router and Preparation Work
Connect to the router using SSH, by default it is:
# SSH<span>ssh [email protected]</span>
The password is<span>admin</span>, if a Pandora interface pops up, it means you are connected!
Use WinSCP to access the router path<span>/etc/opkg</span>and modify the file<span>distfeeds.conf</span>as follows:
# WinSCP<span>src</span><span>/</span><span>gz </span><span>17.09</span><span>_core http</span><span>:</span><span>/</span><span>/</span><span>pandorabox</span><span>.</span><span>leoslion</span><span>.</span><span>top</span><span>/</span><span>pandorabox</span><span>/</span><span>17.09</span><span>/</span><span>targets</span><span>/</span><span>ralink</span><span>/</span><span>mt7620</span><span>/</span><span>packages</span><span>src</span><span>/</span><span>gz </span><span>17.09</span><span>_base http</span><span>:</span><span>/</span><span>/</span><span>pandorabox</span><span>.</span><span>leoslion</span><span>.</span><span>top</span><span>/</span><span>pandorabox</span><span>/</span><span>17.09</span><span>/</span><span>packages</span><span>/</span><span>mipsel_24kec_dsp</span><span>/</span><span>base</span><span>src</span><span>/</span><span>gz </span><span>17.09</span><span>_lafite http</span><span>:</span><span>/</span><span>/</span><span>pandorabox</span><span>.</span><span>leoslion</span><span>.</span><span>top</span><span>/</span><span>pandorabox</span><span>/</span><span>17.09</span><span>/</span><span>packages</span><span>/</span><span>mipsel_24kec_dsp</span><span>/</span><span>lafite</span><span>src</span><span>/</span><span>gz </span><span>17.09</span><span>_luci http</span><span>:</span><span>/</span><span>/</span><span>pandorabox</span><span>.</span><span>leoslion</span><span>.</span><span>top</span><span>/</span><span>pandorabox</span><span>/</span><span>17.09</span><span>/</span><span>packages</span><span>/</span><span>mipsel_24kec_dsp</span><span>/</span><span>luci</span><span>src</span><span>/</span><span>gz </span><span>17.09</span><span>_mtkdrv http</span><span>:</span><span>/</span><span>/</span><span>pandorabox</span><span>.</span><span>leoslion</span><span>.</span><span>top</span><span>/</span><span>pandorabox</span><span>/</span><span>17.09</span><span>/</span><span>packages</span><span>/</span><span>mipsel_24kec_dsp</span><span>/</span><span>mtkdrv</span><span>src</span><span>/</span><span>gz </span><span>17.09</span><span>_newifi http</span><span>:</span><span>/</span><span>/</span><span>pandorabox</span><span>.</span><span>leoslion</span><span>.</span><span>top</span><span>/</span><span>pandorabox</span><span>/</span><span>17.09</span><span>/</span><span>packages</span><span>/</span><span>mipsel_24kec_dsp</span><span>/</span><span>newifi</span><span>src</span><span>/</span><span>gz </span><span>17.09</span><span>_packages http</span><span>:</span><span>/</span><span>/</span><span>pandorabox</span><span>.</span><span>leoslion</span><span>.</span><span>top</span><span>/</span><span>pandorabox</span><span>/</span><span>17.09</span><span>/</span><span>packages</span><span>/</span><span>mipsel_24kec_dsp</span><span>/</span><span>packages</span>
By the way, WinSCP can directly launch PuTTY! It’s quite useful!
Configuring OpenWRT Router as an IPv6 Gateway
OpenWRT is an embedded Linux operating system widely used in home routers/gateways. This article will introduce several configuration methods for providing IPv6 services to access devices using OpenWRT routers in the Tsinghua campus network. The content of this article is a compilation from multiple contributors; if you have any questions or suggestions, you can participate in thecontent discussion.
IPv6 NAT
Although NAT (Network Address Translation) is no longer part of the design in IPv6 by the IETF, the Linux kernel has implemented IPv6 NAT since version 3.7. In the past, there were unofficial projects like NAT66, but they are no longer recommended due to lack of maintenance. The IPv6 NAT configuration part of OpenWRT is contributed by @Blaok.
Step 0: Check Kernel Modules and Useful Packages
# SSH<span>opkg install ip6tables kmod-ipv6 kmod-ipt-nat6</span><span>opkg install kmod-ip6tables kmod-ip6tables-extra</span><span>opkg install luci-proto-ipv6 iputils-traceroute6</span>
<span>kmod</span> prefixed kernel modules generally cannot be installed directly via opkg. Other packages can be installed directly using<span>opkg install</span>, but they will occupy more storage space on the router, so it is recommended to include these packages in the firmware during compilation.
Except for<span>kmod-ipv6</span>, the above packages are not mandatory. <span>kmod-ipt-nat6</span> provides IPv6 NAT support, <span>ip6tables kmod-ip6tables kmod-ip6tables-extra</span> provide IPv6 firewall, <span>luci-proto-ipv6</span> provides IPv6 configuration options for LuCI, and <span>iputils-traceroute6</span> provides traceroute functionality for IPv6 (<span>mtr</span> is a good dual-stack alternative to <span>traceroute</span>, if the router has enough storage space).
In summary, install ip6tables and kmod-ipt-nat6.
# SSH<span>opkg update</span><span>opkg install ip6tables</span><span>opkg install kmod-ipt-nat6</span>
Step 1: Enable IPv6 Private Address Allocation in OpenWRT
OpenWRT will allocate IPv6 private addresses by default. On the<span>Network->Interfaces</span> page, there should be a random<span>fd</span> prefixed<span>/64</span> address under the<span>Global network options</span>, and LAN clients should be able to automatically obtain IPv6 addresses within this range. DHCPv6 and SLAAC are enabled by default.
To ensure that devices behind OpenWRT can always obtain the IPv6 gateway, check the<span>Always announce default router</span> option in the<span>DHCP Server</span> section under<span>Network->Interfaces->LAN</span>. Otherwise, since the default allocated address is a private address, OpenWRT will not announce the IPv6 default route (i.e., gateway) to downstream devices, which may lead to a situation where IPv6 connectivity is available on the router but not on downstream devices (thanks to @terro for the reminder).
Use WinSCP to modify the content of<span>/etc/config/network</span>, and in the<span>config globals 'globals'</span> section, modify (add) the following content:
option ula_prefix <span>'AAAA:BBBB:CCCC:DDDD::/64</span><span>'</span>
Modify the content of<span>/etc/config/network</span>, in the<span>config interface 'wan'</span> section, modify (add) the following content:
option peerdns ‘0’<span>option dns '2001:4860:4860::8844 2001:4860:4860::8888'</span>
Modify the content of<span>/etc/config/dhcp</span>, change the<span>config dhcp 'lan'</span> line to the following:
config dhcp ‘lan’<span> option interface 'lan'</span><span> option start '100'</span><span> option limit '150'</span><span> option leasetime '12h'</span><span> option dhcpv6 'server'</span><span> option ra 'server'</span><span> option ra_management '1'</span><span> option ra_default '1'</span>
Step 2: Enable IPv6 NAT
After the clients have the correct addresses, IPv6 NAT needs to be enabled on the router. The default firewall configuration in OpenWRT does not manage the IPv6 NAT table, so you can add the following to<span>/etc/firewall.user</span>:
# WinSCP<span>WAN6=pppoe-wan</span><span>LAN=br-lan</span><span>ip6tables -t nat -A POSTROUTING -o $WAN6 -j MASQUERADE</span><span>ip6tables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT</span><span>ip6tables -A FORWARD -i $LAN -j ACCEPT</span>
Replace WAN6 and LAN with the names of the external IPv6 and internal network interfaces, respectively. Note that these are not the names of the firewall zones or the names seen in<span>Network->Interfaces</span> in LuCI, but the names seen in<span>ifconfig</span>.
Step 3: Correctly Configure the Gateway
On the router, check your default gateway using<span>ip -6 route</span>. If you get something like
default<span> from </span><span>2001</span><span>:</span><span>250</span><span>:</span><span>x</span><span>:</span><span>x</span><span>::</span><span>/</span><span>64</span><span> via fe80</span><span>::</span><span>x</span><span>:</span><span>x</span><span>:</span><span>x</span><span>:</span><span>x dev eth0 proto </span><span>static</span><span> metric </span><span>512</span>
This problematic gateway will cause issues when forwarding NAT packets. You need to remove the<span>from 2402:f000:x:x::/64</span> part from the default route and add it to the routing table. You can create a new file<span>/etc/hotplug.d/iface/99-ipv6</span> with the following content:
# WinSCP<span>#!/bin/sh</span><span>[ "$ACTION" = ifup ] || exit 0</span><span>iface=wan</span><span>[ -z "$iface" -o "$INTERFACE" = "$iface" ] || exit 0</span><span>ip -6 route add `ip -6 route show default|sed -e 's/from [^ ]* //'`</span><span>logger -t IPv6 "Add IPv6 default route."</span>
Here, <span>iface</span> is the name seen in LuCI under<span>Network->Interfaces</span>, usually called wan6. This script means that after wan6 comes up, it reads the default gateway, removes the part with from, and adds it to the system routing table. Remember to
# SSH<span>chmod +x /etc/hotplug.d/iface/99-ipv6</span>