How-To: Setup IPv6 Connectivity using DD-WRT

How-To: Setup IPv6 Connectivity using DD-WRT

I was bored. Plus it was planned long before anyway. [Why just now? It’s either i have other things to do, or I had to let go of the completely-configured AP to deploy somewhere else.]

So here’s how i set-up an IPv6 connectivity using Tunnelbroker and a Linksys WRT54G running on DD-WRT firmware.

I. Setup an account in Hurricane Electric’s Tunnelbroker.

  1. Signup for an account in TunnelBroker. Be ready to provide information, such as your valid email address. The password will be delivered to your email.
  2. Once you have logged in, click “Create regular Tunnel” under User Functions in the left-hand side of the screen. NOTE: you can also create BGP tunnel (haven’t tried yet)
  3. In the “Setup IPv6 Regular Tunnel” page, input your static public IPv4 address. Note that this should be reachable via icmp before it can be added.
  4. Select the server closest to you. I chose Hong Kong. Then Submit.
  5. Check the Tunnel Details for your newly created tunnel. You are allowed to create a maximum of 4 tunnels for your account.
  6. Details for my account (not real):
    Server IPv4 address:
    Server IPv6 address: 2001:abc:13:592::1/64
    Client IPv4 address:
    Client IPv6 address: 2001:456:784:321::2/64
    Routed /48: Allocate
    Routed /64: 2001:456:784:321::/64

II. Configure DD-WRT v24 for IPv6.

  1. Download DD-WRTv24 custom build by CrushedHat.
  2. Connect to your router ( to configure.
  3. Enable IPv6 and Radvd in Administration->Management tab (under IPv6 Support).
  4. In Administration->Commands, input the lines below. Then save as Startup Script.
  5. insmod ipv6
    insmod /jffs/lib/modules/2.4.34/ip6_tables.o
    insmod /jffs/lib/modules/2.4.34/ip6table_filter.o
    insmod /jffs/lib/modules/2.4.34/ip6t_multiport.o
    ip tunnel add he-ipv6 mode sit remote local ttl 64
    ip link set he-ipv6 up
    ip addr add 2001:456:784:321::2/64 dev he-ipv6
    ip route add ::/0 dev he-ipv6
    ip addr add 2001:456:784:321::aa:bbbb:cccc/64 dev br0
    echo 1 > /proc/sys/net/ipv6/conf/all/forwarding

    Explanation for each line:
    * Line 1 loads the critical IPv6 kernel module, followed by the IPv6 filter modules, discussed below.
    * Lines 5 and 6 configure the IPv4 tunnel between the appropriate server at HE and the local static IP address.
    * Line 7 sets the local IPv6 address on the small tunnel network supplied by HE.
    * Line 8 sets a default route to the tunnel for IPv6 traffic.
    * Line 9 sets the IPv6 address on the local LAN/WLAN bridge. This is based on the /64 prefix allocated by HE for the local net plus the MAC address of br0, encoded in the standard IPv6 way. This could instead be in a /64 subnet of a /48 allocated by HE.
    * Line 10 enables packet forwarding between IPv6 networks.
    * Line 11 guarantees that radvd is run after this configuration is complete. It seems that the radvd enabled by the GUI option starts in a different thread from the startup script, so that it exits immediately upon discovering IPv6 missing in the kernel or an incomplete config. The second run will simply exit, so there should be correct behavior (one running radvd) regardless of the race.

  6. In Administration->Management tab, input the ff. in the space for Radvd config.
  7. interface br0 {
    AdvSendAdvert on;
    prefix 2001:456:784:321::/64
    AdvOnLink on;
    AdvAutonomous on;

  8. In the Administration->Commands, type the lines below. Then save as Firewall.
  9. iptables -I INPUT 2 -p ipv6 -i vlan1 -j ACCEPT

Note that this is the simplest setup. Add/edit the firewall settings to reflect your specific rules.

Source: IPv6 on v24 (DD-WRT)

  • cateye

    works for me with dd-wrt.v24-10070_crushedhat_4MB.bin and wrt54gl 1.1

    thank you 🙂

  • I have been using CrushedHats 10070 build for a while now, and since moving house have switched from a tunnel to Native IPv6. I highly recommend this build of DD-WRT for anyone that wants to have IPv6 at home or testing at the office. (I don’t recommend using for live v6 at the office) unfortunately it still only has a 2.4 Kernel and not 2.6. so ip6tables does not support “states” making it difficult to configure a good firewall on DD-WRT. I would like to see a 2.6 Kernel for with crushedhats changes, I have successfully got a 2.6 Kernel running from openWRT – however there is no wifi (broadcom) so this requires a seperate AP.

    Anyway – Thumbs up to CrushedHats DD-WRT build, I look forward to him building a 24sp2 version.


  • freak132

    Out of curiosity, what edition of the dd-wrt firmware were you using? And which version of the WRT54G? Anything later than v3 of the WRT54G can only take the micro firmware which does not support IPv6.

  • where the heck did you get all the files in /jffs/ ?

  • Mike

    I had a terrible time setting up my router and the one thing that was the issue was line #9. I did not know how to convert a mac address to an ipv6 address and all you said was “in the standard IPv6 way.” That’s so incredibly vague. It’s not like it’s common knowledge. You should have explained it or at least linked to somewhere that explains it. After a lot of digging I finally found it. For any of you out there with the same problem you do it like this:

    Mac = MM:NN:OO:PP:QQ:RR
    conversion = mmnn:ooff:fepp:qqrr (you take the first 3 pairs, add fffe, then add the next 3 pairs)

    • Max

      The MAC address is irrelevant. You can put any address you like on the interface.

      The only reason to use MAC is to make it unique. But a random 64 bit number is already extremely unique.

      2001:456:784:321::1337 would be a good address. You should shout “IS ANYBODY USING ADDRESS 1337 ON THE LAN?”, just to make sure.

  • thank you! finally i have this working! the only thing i had to change was the last line of the startup script, to radvd -C /jffs/radvd.conf (where i put the conf file) — the default location of the conf file didnt exist

  • Yet another set of direction that do not work. Really IPV6 in DD-WRT routers will be unusable so long as there are no debug tools included such as ping6. Right now there is no way to tell if my router is simply not connecting to the tunnel, the firewall is blocking the connection, or radv6 is not handing out the correct information.

  • One of the big problems with this example, is the numbers are not very real. In that both routed/64 and the client ipv6 address have the same prefix in this example. In my instance they are both difference. So I have no way of knowing from this example where to use the client ipv6 address and where to use the routed/64 address.

  • One of the big problems with this example, is the numbers are not very real. In that both routed/64 and the client ipv6 address have the same prefix in this example. In my instance they are both difference. So I have no way of knowing from this example where to use the client ipv6 address and where to use the routed/64 address.

  • Khurramtanveer45
  • there is no IPv6 and Radvd in Administration->Management tab (under IPv6 Support)

  • alife store

    Alife presents their new range of Summer 2011 sneakers. The brand has worked hard on their footwear offering these last couple of years, adapting to the new market needs. The outcome is a more refined and clean collection of styles, that span over both the athletic and more fashionable markets. The brand continues to be innovative in terms of materials, fusing new and old with interesting looks as a result.
    Check out the various silhouettes to release this season after the jump.

    alife store
    alife shoes

  • Alihussain448

    On which version of WRT54G do you test this procedure?

  • r000t

    Unfortunately, this only enables v6 on Wireless. Ethernet hosts get an IP but are unable to use it. As someone who has most of his machines connected through Ethernet, this isn’t a workable solution.

  • seo_urani
  • It’s Goods

  • How to use >>>>?

  • phuong nguyen

    thanks for you máy đo huyết áp

  • tran

    Thanks for share 🙂
    máy đo đường huyết

  • nguyenha

    Thanks for share

Comments are closed.