WR720N刷OpenWRT开启IPv6教程

最近将上半年入手的TP-LINK wr720n（v4）刷上了OpenWRT，希望能够使用学校的native IPv6网络，下面分享一下我的配置流程。

720n这款路由器配有两个网口（一个WAN，一个LAN），并且支持充电宝供电和USB接入，非常适合晚上断电的学生党使用，同时在连接网线的时候速度还比较快，若有其他刷OpenWRT的路由器（如703n）若想配IPv6也同理。

一、准备

①下载OpenWRT固件

现在最新的版本是Chaos Calmer (CC) 15.05.1，大家可以前往https://openwrt.org/进行下载，我的路由器对应固件的下载地址是：

https://downloads.openwrt.org/latest/ar71xx/generic/openwrt-15.05.1-ar71xx-generic-tl-wr720n-v4-squashfs-factory.bin

②确保路由器有稳定的供电电源

二、刷入OpenWRT

① 连接路由器（通过无线或是LAN口都可以），在浏览器中输入192.168.1.253进入配置界面，并点击固件升级，选择刚才下载好的bin文件，确认升级。升级过程大概1分钟左右，成功之后路由器会自动重启。

② 升级完成后，通过网线连接路由器，一头插入路由器的LAN口，另一头插入电脑，并通过浏览器访问192.168.1.1，根据上面的提示（个人认为这个界面还是比较友好的）更改管理员密码。

③ 点击Network导航栏中的Wireless选项，设置无线参数，即你的无线上网账号和密码，注意interface一项要绑定在lan端口上。

④ 如果成功的话，将路由器的WAN口连接外网，并通过你的笔记本访问刚才设置好的无线网络，应该就能访问普通网络了。

三、配置IPv6的NAT

① 通过ssh连接你的路由器（Windows下可以使用putty软件，linux下在命令行输入ssh [email protected]即可）密码是之前在网页端设置的。

② 在路由器上ping一下IPv6站，如果ping不通的话请使用reboot命令重启

③ 在能ping通的前提下，开始IPv6 NAT的配置：

在ssh终端中依次输入以下命令：

opkg update
opkg install kmod-ipt-nat6
uci set network.globals.ula_prefix="$(uci get network.globals.ula_prefix | sed 's/^./d/')"
uci commit network
uci set dhcp.lan.ra_default='1'
uci commit dhcp
vi /etc/init.d/nat6

在接下来的界面中按小键盘的i键进入输入模式，粘贴进下面的内容：

#!/bin/sh /etc/rc.common
# NAT6 init script for OpenWrt // Depends on package: kmod-ipt-nat6
 
START=55
 
# Options
# -------
 
# Use temporary addresses (IPv6 privacy extensions) for outgoing connections? Yes: 1 / No: 0
PRIVACY=1
 
# Maximum number of attempts before this script will stop in case no IPv6 route is available
# This limits the execution time of the IPv6 route lookup to (MAX_TRIES+1)*(MAX_TRIES/2) seconds. The default (15) equals 120 seconds.
MAX_TRIES=15
 
# An initial delay (in seconds) helps to avoid looking for the IPv6 network too early. Ideally, the first probe is successful.
# This would be the case if the time passed between the system log messages "Probing IPv6 route" and "Setting up NAT6" is 1 second.
DELAY=5
 
# Logical interface name of outbound IPv6 connection
# There should be no need to modify this, unless you changed the default network interface names
WAN6_NAME="wan6"
 
# ---------------------------------------------------
# Options end here - no need to change anything below
 
boot() {
        [ $DELAY -gt 0 ] && sleep $DELAY
        logger -t NAT6 "Probing IPv6 route"
        PROBE=0
        COUNT=1
        while [ $PROBE -eq 0 ]
        do
                if [ $COUNT -gt $MAX_TRIES ]
                then
                        logger -t NAT6 "Fatal error: No IPv6 route found (reached retry limit)" && exit 1
                fi
                sleep $COUNT
                COUNT=$((COUNT+1))
                PROBE=$(route -A inet6 | grep -c '::/0')
        done
 
        logger -t NAT6 "Setting up NAT6"
 
        WAN6_INTERFACE=$(uci get "network.$WAN6_NAME.ifname")
        if [ -z "$WAN6_INTERFACE" ] || [ ! -e "/sys/class/net/$WAN6_INTERFACE/" ] ; then
                logger -t NAT6 "Fatal error: Lookup of $WAN6_NAME interface failed. Were the default interface names changed?" && exit 1
        fi
        WAN6_GATEWAY=$(route -A inet6 -e | grep "$WAN6_INTERFACE" | awk '/::\/0/{print $2; exit}')
        if [ -z "$WAN6_GATEWAY" ] ; then
                logger -t NAT6 "Fatal error: No IPv6 gateway for $WAN6_INTERFACE found" && exit 1
        fi
        LAN_ULA_PREFIX=$(uci get network.globals.ula_prefix)
        if [ $(echo "$LAN_ULA_PREFIX" | grep -c -E "^([0-9a-fA-F]{4}):([0-9a-fA-F]{0,4}):") -ne 1 ] ; then
                logger -t NAT6 "Fatal error: IPv6 ULA prefix $LAN_ULA_PREFIX seems invalid. Please verify that a prefix is set and valid." && exit 1
        fi
 
        ip6tables -t nat -I POSTROUTING -s "$LAN_ULA_PREFIX" -o "$WAN6_INTERFACE" -j MASQUERADE
        if [ $? -eq 0 ] ; then
                logger -t NAT6 "Added IPv6 masquerading rule to the firewall (Src: $LAN_ULA_PREFIX - Dst: $WAN6_INTERFACE)"
        else
                logger -t NAT6 "Fatal error: Failed to add IPv6 masquerading rule to the firewall (Src: $LAN_ULA_PREFIX - Dst: $WAN6_INTERFACE)" && exit 1
        fi
 
        route -A inet6 add 2000::/3 gw "$WAN6_GATEWAY" dev "$WAN6_INTERFACE"
        if [ $? -eq 0 ] ; then
                logger -t NAT6 "Added $WAN6_GATEWAY to routing table as gateway on $WAN6_INTERFACE for outgoing connections"
        else
                logger -t NAT6 "Error: Failed to add $WAN6_GATEWAY to routing table as gateway on $WAN6_INTERFACE for outgoing connections"
        fi
 
        if [ $PRIVACY -eq 1 ] ; then
                echo 2 > "/proc/sys/net/ipv6/conf/$WAN6_INTERFACE/accept_ra"
                if [ $? -eq 0 ] ; then
                        logger -t NAT6 "Accepting router advertisements on $WAN6_INTERFACE even if forwarding is enabled (required for temporary addresses)"
                else
                        logger -t NAT6 "Error: Failed to change router advertisements accept policy on $WAN6_INTERFACE (required for temporary addresses)"
                fi
                echo 2 > "/proc/sys/net/ipv6/conf/$WAN6_INTERFACE/use_tempaddr"
                if [ $? -eq 0 ] ; then
                        logger -t NAT6 "Using temporary addresses for outgoing connections on interface $WAN6_INTERFACE"
                else
                        logger -t NAT6 "Error: Failed to enable temporary addresses for outgoing connections on interface $WAN6_INTERFACE"
                fi
        fi
 
        exit 0
}

然后按下esc键，输入:wq回车

接下来再在命令行中输入：

chmod +x /etc/init.d/nat6
/etc/init.d/nat6 enable
uci set firewall.@rule["$(uci show firewall | grep 'Allow-ICMPv6-Forward' | cut -d'[' -f2 | cut -d']' -f1)"].enabled='0'
uci commit firewall
reboot

重启之后客户端即可连接IPv6了，配置成功。

建议将配置文件进行备份，方便以后的使用哦。