Slashdot Mirror
IPv6 for the Linksys WRT54G
AndersBrownworth writes "Earthlink Research and Development has released a firmware load for the Linksys WRT54G wireless access point that supports end-to-end IPv6. They suggest features such as extremely large address space, stateless autoconfiguration and low cost restoration of end-to-end addressability will revolutionize IP communications. It would be interesting if releases like this significantly boost the IPv6 take-up rate but as far as I know, Earthlink doesn't supply end-to-end IPv6 yet."
With the firmware being so easily changed, you can run just about anything on it.
I mean, I telnet into mine right now and review settings.. Which I love.
There is a list of firmware at wikipedia:
http://en.wikipedia.org/wiki/WRT54G
Proceed with Format (Y/N)? Y
but as far as I know, Earthlink doesn't supply end-to-end IPv6 yet.
they probably never will, because Earthlink sucks
Plenty of devices and operating systems fully support IPv6, but that doesn't mean anyone uses it. With things like widespread usage of NAT making the IP availability crunch less and less of a problem, there is no real incentive for the average user to convert to IPv6.
For the great unwashed masses, using IPV6 will mean that:
1) Their ISP supports it
2) The Windoze protocol stack uses it.
I know that Linux on my machine has an IPV6 stack available, but do any commercial ISPs deliver connectivity? It isn't exactly something they put in their TV ads.
"Sic Semper Path of Least Resistance"
I really need that new address space. I mean, there are only 16842752 addresses in the 10.x.x.x and 192.168.x.x address spaces. With the 15 million wireless devices I keep in my home, I was starting to get worried!
Toronto-area transit rider? Rate your ride.
OpenWRT has had this for what, a year now?
.... etc
ipkg install kernel-ipv6
modprobe ipv6
ip tunnel add
this isn't news
I use Earthlink and saw a link on their site about 6 months back for "testers" of their broadband offerings. I signed up cause it offered discount service. About 3 months ago, they sent me a new router (a Linksys, but not the same one as this article) and set me up with end-to-end IPv6. So far, all's worked fine and w/o issue. Perhaps this firmware patch is to be released before they start offering it to more users...
These routers look very impressive. I'm almost tempted to get one for myself.
The only thing that's stopping me is that my current router, an 802.11b Draytek can run as a VPN server, wheras the Linksys seems to not.
- Has any of the firmware updates for the WRT54G added this functionality, or is it just VPN passthru?
- Are there any projects to provide alternative firmware for the draytek 2600 series (none that I know of).
- is there a recommended way to try out IPV6 if your ISP doesn't yet support it yet? I'm thinking an IPV6 provider using VPN tunnels or somesuch.
XWSo I can set up my own 65535-machines network inside my home and each have its own unique internet-addressable IP? :)
Lets tally it up... +1 - Elitism in the terms of your superior computer knowledge vs. whatever else they do, the irony being the average Slashdotter's hygiene is probably somewhat below your "unwashed masses" +1 - Use a clever name in reference to Microsoft or its OS. +1 - Mention you use Linux. +1 - Mention you are ahead of even the elite Linux crowd by doing something special (IPv6, hand compiling kernel code would also have applied here.) Total: +4. Summary: Mod Parent Up! The comrade speaks the truth!
Some people think incremental steps like this will somehow help IPv6 rollout worldwide. I think that is a completely different problem, and very hard to solve. Any volunteers to solve the hard and difficult problem?
The best description I know about The Problem comes from Dan Bernstein, The IPv6 mess.
The IPv6 designers don't have a transition plan. They've taken some helpful steps, but they typically declare success (``IPv6 support'') when the real problem---making public IPv6 addresses work just as well as public IPv4 addresses---still hasn't been solved.
it really doesn't matter how slow NAm and EU are in changing, because most of humanity will be using IPv6 regardless.
.-/
You either surf the wave or it crashes over you.
-- Tigger warning: This post may contain tiggers! --
This thread will of course trigger a bunch of replies from people saying we don't need IPv6, but in fact, we do, badly, and the need is only increasing with time.
NAT helps somewhat, but if you're using NAT your computer can't receive incoming connections. That's a problem for servers, for peer-to-peer networking, for games, and for VoIP. Home users can usually work around this with their firewall configuration, but businesses usually can't (one important reason being that only one computer behind the firewall can receive connections this way, not multiple). And, as someone pointed out in the last IPv6-related thread, merging the networks of two corporations is a nightmare - they both use the same IP addresses.
There are theoretically 4 billion IP addresses total. That sounds like a lot, but an IP address isn't just a number which can be assigned individually; what you do is hand out big consecutive blocks of them, so that routers can say things like "for 123.231.*.*, send packets in this direction". The shortage of IP addresses has introduced lots of special cases, so that internet routers need tons of memory and processing power to figure out the mess.
Finally, switching to IPv6 cuts off one of the major ways worms propagate. The Sapphire worm, for example, worked by picking a random IP address and trying to infect it, repeating for a whole bunch of IPs, and it was able to double every 7 seconds. That works because the odds of finding a computer (not necessarily a vulnerable computer) is about 10%. With IPv6, that changes to 10^-28% - instead of doubling the number of infected computers every 7 seconds, it would've scanned for a few years, never find a single computer, and get disinfected.
Is IPv6 a tool looking for a job to do?
It's not a chicken-and-egg thing, where everyone would do it if there were only the infrastructure, but there's no infrastructure because no one's doing it yet. At least, it doesn't seem that way to me.
IPv6 came about when the Internet exploded in the early 90's. Folks looked at the address space and said "Hey, we're running out of room!"
The solution in IPv6 was to use 128-bit addresses instead of 32-bit ones, and to design the next gen of protocols using the lessons learned from the previous one. TCP/IPv4 was designed in an era when security was not in as much focus as it is now.
It seems like about two minutes after IPv6 began to be developed, the world discovered NAT and firewalls. We'd always had routers with private networks, but NAT made it possible for mortals to set up. A whole company with thousands or millions of IP addresses can be hidden behind a very small set of IPv4 addresses.
That solution has worked so well that few feel the need to use IPv6.
I wonder what will happen to force the issue?
Raise your children as if you were teaching them to raise your grandchildren, because you are.
This could be useful for breaking the cycle that prevents adoption of IPv6. ISPs don't provide service because there isn't enough user demand. Users don't demand it in part because a lot of software would break. And software developers don't provide IPv6 support because their ISP doesn't support IPv6. Yes, you can configure tunneling software but if you are behind a NATing and Firewalling router, there are likely to be some problems and by the time you are done configuring it, you don't have time to work on the software; this project actually replaces a commonly used router with one that enables IPv6 rather than getting in the way. And likewise, most people can't really switch to IPv6 only until almost everyone supports IPv6. So, this could help provide critical mass.
The web page is pretty vague about what is actually going on under the hood. Presumably this distribution creates a tunnel to some IPv6 relay router but what gateway or tunneling protocol is used is not specified.
Based on my personal experience in Earthlink Tech Support they have enough problems keeping IPv4 up and running let alone more...
what is it?
what is the benefit to the average user like me?
always mosh clockwise
...but they (through an IPSec tunnel on the WRT54g) will allow you to connect through them and get an IPv6 address. Since none of the ISPs in my area offer IPv6, this seems like a good way to play around with it to me.
Ever tried putting Asterisk on one? It's sweet!
I'd be interested to see more devices embedding 6to4 routing, so that IPv6 can be transparently added while not interfering with the user's normal use, while adding access to the IPv6 space without requring tunnels or seperate addressing to those already assigned. This kind of transparent, background rollout would begin to address the issues that djb identified with the move to IPv6. If i could benefit from IPv6 without disrupting my IPv4 communications and not having to set up routing and tunneling manually, I would find myself taking advantage of that ability wherever possible.
Business Voyeur
The WRT54G might be a nice piece of hardware. But I still like my WRAP more. It has a Compact Flash slot and, most importantly, a serial port.
I find a WRT54G extremely cumbersome to use without a low level access port and the danger of wrecking the device by uploading a wrong firmware.
With the WRAP, I can prepare "firmware" images on an extra computer, I can even test-boot them in a virtual machine and then transfer them straight to a CF card knowing that there is no way the device will ever get inoperable due to a bad OS image (except flashing a wrong BIOS, which sits in a separate area outside of any compact flash card).
Speaking of BIOS, there even is a BIOS update for WRAP with included Etherboot to boot an OS over the net, yay!
Of course it runs NetBSD. BTC: 1NT7QvbetmANwaMzhpVL6
If that "sucks," may the Wiki Gods of Slashdot rain fire down on you....you AOLish flame-boy troll!
IPv4 is dead, long live 6to4!
I had slow access times on my network copying files via scp, samba, and nfs. And my ssh logins seemed slow as well. However, my only XP laptop it didn't seem like an issue. I found a post somewhere's while searching for what I thought was an OS X Samba problem and it suggested disabling IPv6 on all interfaces. Hmmm, I thought. I sorta felt OS X having this turned on outta the box was kinda a neat thing. However, when I did turn v6 off, ALL my network traffic sped up dramatically.
I haven't really dove into this, but it would be interesting to find out why this is and because others mentioned the same thing, I know it's not my home network. For those of you experiencing slow network speeds, I recommend giving this a try.
Can this be done? I currently have a WRT54G with the sveasoft firmware. Is there some way it could work to have IPv6 internally as well as to end points that support IPv6 while keeping current IPv4 configuration? I have no clue on IPv6 Tunneling but from the generic definition what would be the end point of this tunnel where it would connect to the IPv6 world?
End to end IPv6 might be good for people that know what they are doing , but in my limited experience i have found one of the best ways to protect uneducated people from themselves is via NAT.
Nice little linux box to keep all the nastys away, and have their Windows box behind it, rest of the time everything just works.
IPv6 for mums and dads? are you *sure* this is a good idea?
I'd bet that what they're doing is setting up 6to4 and advertising the 6to4 prefix to the inside LAN. Makes perfect sense.
They could also be implementing NATPT and a DNS proxy, but that would be, IMHO, more trouble than it's worth (it presumes that all of your applications are IPv6 aware and that you can't, for some reason, set up IPv4+NAT). Much more likely that they're doing traditional NAT for IPv4, and doing IPv6 in parallel with 6to4.
Alas, I got my router appliance from Vonage, so it will probably be a while before that sees an upgrade. But I have another machine doing IPv6 router duty anyway, so it's no big loss.
You're underestimating the power of inertia in the US. Remember that this is a country that still doesn't recognize the metric system!
I wonder when they're going to do this for the WRT54GS counterpart. It shouldn't be too hard to get it to work with the WRT54GS, should it? Though the wireless part...
Debugging? Klingons do not debug. Bugs are good for building character in the user.
Just set up an IPv6 tunnel (Linux SIT tunnels support this natively), and point it to 192.88.99.1 to send to non-6to4 addresses. Other 6to4 destinations will be auto-tunnelled with IPv6-over-IPv4, and any IPv6 packets sent to you will also be automatically routed over IPv6-over-IPv4 by the Internet. Therefore, there's no need to set up a tunnel with a third party if you're using 6to4.
Fedora Core supports 6to4 more or less out-of-the-box. All you need to do are two things: /etc/sysconfig/network (why does Slashdot split the lines?):
2. Add these lines to the1. Add these lines to
What really surprises me is that noone has said anything about what license this new firmware has. If it's based on LinkSys' firmware, it's (atleast partly) under the GPL. Are they required to make the source available?
;-)
Bah. Nevermind. Found the source tarball. 59mb. Won't bother downloading to check license
The NAT you speak of is called NAT overloading. If you want multiple computers to receive connections from the outside you can use Static NAT.... most real routers handle this with no problems.
Also, let me add that the IPv4 blocks are a lot smaller today. We don't give out 4 million or ~250 addresses at a time, we give out a small block here and there (CIDR). Plus, since the rest of the world is going to move to IPv6 we can reclaim those billions of Asian addresses.
Just a thought...
Get your Unix fortune now!
You're underestimating the power of inertia in the US. Remember that this is a country that still doesn't recognize the metric system!
Doesn't matter. We already converted over in science, in manufacturing, and in retail.
Why do you think it's 8.5 ounces when you buy a carton? It's actually a metric measurement - we just pretend it isn't for the consumer.
-- Tigger warning: This post may contain tiggers! --
NAT stands for ``Network Address Translation'' not ``Stateful Firewall.'' I will never understand why people confuse these things so easily.
You, sir, have hit the nail on the head.
What people like about NAT boxes from a security perspective is that they must implement a particular sort of stateful firewalling in order to do their job. But a very simple stateful firewall accomplishes *exactly* the same security task without the limitations of NAT.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Not that I think the switch to IPv6 isn't a worthwhile undertaking, but I'm surprised at the extent to which the article seemed to be bashing NAT. When I was shopping for a wireless router recently, I noticed all the models tout NAT as an effective security tool. Perhaps that's just marketting hogwash, but I did think (correct me if I'm wrong) that because I'm using NAT, my ISP doesn't know how many computers I have connected. They charge for extra IP addresses, and if they could specifically charge for extra computers, they probably would. I have no doubt they will continue charging for extra v6 addresses even if they justify the current charge by the scarcity of v4 addresses.
EarthLink sucks donkey dicks. Enough said.
Will there be a firmware upgrade for the
WCG200 Cable Gateway router?
I agree with your argument about IPv6. The problem is that that is one of the main ways that the NAT hack is marketed. It is a furphy in both cases, so shouldn't be used in either. The real issue worth considering is what benefits does IPv6 give over IPv4 by itself, and IPv4 and NAT in combination. There are a number of them.
For example, NAT prevents the ability to easily move to new transport protocols, by forcing the user of the new transport protocol to have to upgrade all intermediary NAT devices between the transport protocol end-points.
A new UDP like transport protocol is comming, called DCCP or Datagram Congestion Control Protocol. One problem with UDP is that it an application using it can just send packets into the network, irrespective of the congestion state of the network. This means that if the network is overloaded, UDP won't adapt - it just keeps sending packets in at the same rate, irrespective of whether those packets get delivered or not. This not only is wasteful for the application using UDP, it also impacts other users of the network, such as applications using TCP. A UDP like protocol that adapts to the available capacity of the network would be useful - and that is what DCCP is. DCCP would be much better to use for VoIP because of this capability.
Since I don't use NAT, and as long as there aren't any NAT boxes between me and anybody I'd like to have a VoIP over DCCP converstation, to deploy DCCP all that is required is for me to upgrade my PC's local software, and for my VoIP recipient to upgrade theirs - no network devices (ie. routers) would have to be upgraded. If they did, I, nor my VoIP recipient have the ability to do that, as we don't own them. Yet we do have absolute control of our PCs, so we can upgrade them when ever we like.
Now, imaging if NAT was between one of us. There are now a number of problems trying upgrade to NAT. (a) If neither of us have administrative capabiliity on the NAT box, neither of us can upgrade it. (b) Even if we can upgrade the NAT box(es), DCCP support needs to be available within the NAT software, which only may be the case with some NAT devices, but not others. Imagine if there were two NAT devices, with one being able to be upgraded to DCCP capable, but one not because the manufacture doesn't release software for it any more, as they have end-of-lifed it.
Now, swap out NAT for plain IP router in the above, and you'll see that all these problems disappear. If I, and my VoIP call recipient want to use DCCP, all we have to do is upgrade our end-node software, and we can instantly use DCCP.
The Internet's nature is peer to peer - 20050301_cs_profs.pdf
and that is the mistake that the OP was making. NAT inherently provides a firewall function, in addition to address space expansion. Firewalling however is not a NAT exclusive feature - public address space with "conventional" firewalling is just as effective security-wise as NAT firewalling, and with IPv6, you don't need the address expansion function that NAT provides.
The Internet's nature is peer to peer - 20050301_cs_profs.pdf
WRT54GS has a bit more space and RAM, IIRC, but I'm not aware of any actual features it has over the 54G
Luke-Jr
For a moment I was worried I was reading a discussion about something else entirely.
go check www.ipv8.org
get a clue.
IPv6 is dead, has been for years
IPV8 is the future.
seriously.
Really! It's not that hard to get a working tunnel broker, for free even. Come on Slashdot, get with it!
IPv6 is an attempt to re-engineer the IP protocol to solve a number of problems, but exactly how it does so has shifted a few times over the course of time. Here is a summary of what it does, why it matters, and what it means to the newcommer:
IPv6 is a simpler, heirarchical protocol
IPv6 is automagic
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
For residential, you're more or less right on the money about this, except for a few minor details.
/me looks at what he just typed. /me dies laughing.
1. Primary limitation on residential broadband is hardware. Only so much throughput DSL can provide, additional throughput throttling at the ISP (consequently, our company doesn't do this, doesn't need to...yet), so IPv4 vs IPv6 isn't much of an issue there.
2. Hacked systems abound. For argument's sake, let us presume that I manage to convert my entire customer base to IPv6 overnight.
Using IPv6 and providing end users with as many public IP's as they want will encourage them to hook their systems directly to the net without a hardware level of seperation. This is very, very bad. You thought Windows boxen got 0wned quickly before? Yeesh.
Now true, a router would have to exist at the demarc in order to route a full subnet to the home rather than a single IP address, and yes, you could have some basic rules to filter out some of that nasty traffic, maybe even a centralized infrastructure to manage those rules, but at the end of the day, you're still allowing the 'world' to come to your ethernet interface. As things are right now, no one comes to my ethernet interface unless I explicitly allow it. I port forward ssh, and happenstance 80 to my machine (not for much longer though), otherwise it all gets blocked at my firewall. How much do you *really* trust the Windows XP firewall? That's where you're putting your trust at the end of the day as most of the world is still on windows.
Anyhoo, enough manic rambling. I should already be in bed.
Tired of the Slashdot Effect and stories full of broken links? I think I may have a real solution to the problem.
Karma: Chameleon (mostly due to the fact that you come and go).
I'm not trying to flame, I just haven't seen this be an issue with games in a long time.
That's because NAT has been around for long enough that you can't write a game that doesn't cope with it.
This means, however, that all of them have to use TCP (inbound, at least), a system that was never designed for real-time data. (Unless you're a network guru and know what "port forwarding" is.)
Today's games have high budgets. It's worth it to spend the extra money doing some development on your network code to produce something that outperforms TCP for your particular application. Unfortunately, people with NAT cannot take advantage of this.
Still not convinced? VoIP's a big up-and-coming application, and the same limitations apply to it.
How about security? You feel comfy behind that NAT box, after all. Well, think about that for a moment. What's the point? You can make a box that can do the exact same filtering that the NAT mechanism forces on users. The difference is that they can do more with IPv6 -- you can stick everything directly on the Internet, you can have a firewall that limits a few things, you can have an system that out-of-box blocks everything that a NAT box would plus operates as a transparent HTTP proxy. NAT is an ugly hack, a workaround, and the only reason that it's still here is because there's still enough IPv4-only hardware out there (which is on its way out, as systems are replaced).
Any program relying on (nontrivial) preemptive multithreading will be buggy.
I've never really understood what all the fuss is about re IPv6 adoption. You don't need end-to-end connectivity or tunnel brokers any more. If you want to use IPv6, just enable it and use it - 6to4 will take care of any required tunneling with no user involvement.
I've been using v6 for more than two years between home, work, and a couple of other sites. No explicit tunnels, no nasty messing about. It all "just works" and I'm generally not concious of whether my traffic is going over v6 or v4. When my provider starts handing me v6 addresses over my PPPoE link (which I hope they will EVENTUALLY do) I won't even have to change anything.
Now, not much of my traffic to the "rest of the world" goes over v6 yet... but I don't much care.
Your MOM supplies end-to-end IPv6 connectivity.
Quote: Contrary to popular belief, Internet Protocol version 6 (IPv6)-capable devices, computers, and routers can provide users with virtually all the benefits of IPv6 without having to wait for Internet service provider (ISP) support for native IPv6 connectivity. This is made possible through IPv6 transition technologies that support IPv6 communications over an Internet Protocol version 4 (IPv4) network infrastructure.
This sig is just as redundant as the rest of this posting
Too bad *Linksys* didn't do this in the first place. It's not as though the IPv6 spec.s were released only last week.
The vendors had better be getting ready. Assuming Longhorn ever makes it out the door, one thing I'm confident of is that it will at last have IPv6 as standard equipment (properly firewalled, I hope) rather than an extra download (Win2k) or packaged manual add-on (XP). And then, because it's Microsoft, everybody will suddenly think it's kool and they must have it.