rum
January 27, 2017, 5:32pm
1
So I have a mostly working dslite setup. Most of the time. Sometimes the IPv4 connection dies, ICMP packages and IPv6 still work.
/etc/config/network
config interface 'wan'
option ifname 'eth1.40'
option username '<userid>@<provider>'
option password '<passwd>'
option ipv6 '1'
option proto 'pppoe'
config interface 'wan6'
option ifname '@wan'
option proto 'dhcpv6'
config interface 'wan4'
option peeraddr '<providerpeeraddr>'
option proto 'dslite'
/etc/init.d/network restart
sometimes fixes it, but most of the time it does not.
1 Like
rum
March 14, 2017, 7:23pm
2
I started of with
http://openwrt-devel.openwrt.narkive.com/IyDPDgot/dslite-tunnel-setup
https://lists.openwrt.org/pipermail/openwrt-devel/2014-April/024649.html
but eventually went to the official docs and tried to verify the above:
https://wiki.openwrt.org/doc/uci/network#protocol_dslite_dual-stack_lite
For sake of comlpeteness my firewall config.
$ cat /etc/config/firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
list network 'wan4'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
option family 'any'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fe80::/10'
option src_port '547'
option dest_ip 'fe80::/10'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config include
option path '/usr/share/firewall/turris'
option reload '1'
config include
option path '/etc/firewall.d/with_reload/firewall.include.sh'
option reload '1'
config include
option path '/etc/firewall.d/without_reload/firewall.include.sh'
option reload '0'
config rule
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include 'miniupnpd'
option type 'script'
option path '/usr/share/miniupnpd/firewall.include'
option family 'any'
option reload '1'
# allow attached network printer
config rule
option src 'lan'
option proto 'tcp'
option dest_port '9100'
option target 'ACCEPT'
rum
March 28, 2017, 5:21am
4
I filed a ticket about 10 days ago, but no response so far.
rum
March 30, 2017, 10:51am
5
I got a response telling me to be a little more patient. The network specialist will have a look into it.
1 Like
rum
April 13, 2017, 6:44am
6
the peeraddr has to be an IPv6 address (in my case). the network scripts do not resolve an url. This was the core issue for me.
n1ete
April 13, 2017, 3:45pm
7
So what did you do at your network config to resolve it?
rum
April 13, 2017, 8:33pm
8
resolveip some.aftr.url.ext
and put the ipv6 I got into the peeraddr
field
n1ete
April 25, 2017, 6:34pm
9
i don’t get it, where did u get you aftr address?? can you post your etc/conf/network??
it would be very nice if someone could help me finally to get turris omnia proper running with my ds-lite config!
rum
April 27, 2017, 7:54am
10
Your provider has to provide that to you, you then put that one in as peeraddr
for the wan connection (the IPv6 one).
I am not sure if you have the same problem as I do, can you describe what connects to what in your setup?
n1ete
May 8, 2017, 4:13pm
11
So i got an Cisco EPC 3212 cable modem wich is connected to the turris via dhcp
The epc 3212 checks at boot the connected device and provides the wan to this device.
Everything Works fine except for any ipv4 connection from the terminal in turris?!! it would be a pleasure if someone is able to help me! because this problem persists since i got the turris and its realy annyoing!
i posted this problem in another thread no one seems able to help me yet
n1ete
July 26, 2017, 6:42pm
13
no the aftr address is automaticly provided to docsis 3.0 modem after they provisioned the mac address and serial.
the ethernet out from that modem was providing wan for my turris.
you have to reboot the modem after you connect them, so the modem pass trough that information to turris
yes that worked
it was for sure a ds-lite shitty nat ipv4 connection
nope i didnt because i switched meanwhile in an ipv4 buisness contract.
thanks for your help though
and i have to admit…i get more and more in love with the possibiltys from that beauty-omnia-box