Category Archives: Network

IPv6 on Time Warner with VLANs using OpenWrt

I’ve retired the old Linksys e3000 running TomatoUSB and have replaced it with a ZyXEL NBG6716 802.11AC router that is running OpenWrt Chaos Calmer.  One of the things I was never able to get to work on the e3000 with Tomato-USB was getting each of the four VLANs an IPv6 subnet.  I could only seem to pull down a /64 from Time Warner, which would then get assigned automatically to my first VLAN.  The good news is, I am now running with a /56 assignment from Time Warner with each VLAN assigned a /64.

My current setup looks like:

  • ZyXEL NBG6716 AC router
  • OpenWrt Chaos Calmer r43762 (snapshot of trunk at the time)

So, to start out, make sure you have the following software packages installed:

  • ip6tables
  • ip6tables-extra
  • kmod-8021q
  • kmod-ip6tables
  • kmod-ipv6
  • odhcp6c
  • (optional) luci-proto-ipv6

Setup WAN

At this point, I configured the WAN interfaces to pull an IPv6 address (Network -> Interfaces).  Edit the WAN6 interface to update the following settings:

  • General Setup Tab
    • Protocol: DHCPv6 client
    • Request IPv6-address: try
    • Request IPv6-prefix of length: 56
  • Advanced Settings Tab
    • Bring up on boot: checked
    • Use builtin IPv6-management: checked
    • Use default gateway: checked
    • Use DNS servers advertised by peer: check (even though TW hasn’t passed IPv6 DNS servers to me yet)
  • Physical Settings Tab
    • Bridge interfaces: unchecked
      • Interface: “Ethernet Adapter: “eth1”
  • Firewall Settings
    • Create / Assign firewall-zone: wan

Create VLANs

Now create the VLANs that you want to use (Network -> Switch).  Make sure that each of the VLANs you create are tagged for the CPU.  In my setup, I have the VLANS: Management, Home, Guest, DMZ.

Create Interfaces for the VLANs

Read more »

Burnt VPN Pi (VPN Hotspot on Raspberry Pi)

Warning: I found this in my drafts and I think it was mostly done.  Enough where I can follow it again.  You might have issues following it word for word though until I can recheck and remove this warning.

Purpose

The purpose of this project is to create an environment where we can use two Raspberry Pi’s to create a temporary VPN tunnel, where the client Pi also has an AP hotspot that routes all traffic through the VPN tunnel.  This is good for those people who are going to countries that have different policies than your current country.  Some of the uses I’ve used it for:

  • Watching Netflix while in another country so that I can view my home countries content
  • Getting around country firewalls that block applications such as Facebook, twitter, Instagram, etc
  • Connecting back to a trusted network when I am in a spot where the network is known to be monitored and trying to steal data.

Install the Required Software

Install the following packages:

apt-get update
apt-get upgrade
rpi-update
apt-get install openvpn hostapd resolvconf dnsmasq cryptsetup libnet-ifconfig-wrapper-perl cryptsetup

Now disable some of the software from starting up, as we will be having these pieces start up triggered by future events such as eth0 up and openvpn up:

update-rc.d openvpn disable
update-rc.d hostapd disable
update-rc.d dnsmasq disable

Load modules

Read more »

Setting up TomatoUSB for VLANs and Ubiquiti AP

So after getting a quarter of the way through a comment to a question somebody had on my Ubiquiti APs, TomatoUSB, VLANS, and Linksys e3000 post, I realized it would probably work better as a post instead. Christoph’s question was:

How did you wire everything? I’m trying to do the same and had no luck. I only have one UAP, but if I turned on tagging for the Port I used for each bridge, I wouldn’t even get an IP.
I would like Management and Home to be one vlan, and guest another, so my setup is simpler. Maybe knowing how you wired it will help.
Thanks!

I’m going to walk essentially through what steps I remember taking to get up that far.

Assumptions

  • VLAN 2: Home / Management
  • VLAN 3: DMZ
  • UAP plugged into Port 1
  • Admin Computer plugged into Port 4
  • Management / Home network is 192.168.1.0/24
  • Guest network is 192.168.2.0/24
  • You have a VLAN edition of Toastmans TomatoUSB mode

Setting up TomatoUSB Read more »