本文最后更新于 696 天前,其中的信息可能已经有所发展或是发生改变。
教程来源
此教程具体内容来源于恩山论坛:再说 OpenWRT 校园网 IPv6 NAT6
近期学校网络质量越来越拉,速度也越来越难以维持既有的 20 Mbps。
与此同时,学校更是以“维护内网安全”的借口,把上行带宽限制到不足 5 Mbps。
学校的网络质量已经到了让人难以忍受的情况。(就这还好意思收三十块钱每月?)
操作目标
校园网的 IPV6 网速似乎限制较低,若能连接 IPV6 ,在 BT下载 等应用下会有更好的网络体验。
但是,“师兄师姐”们售卖的刷过 OpenWrt 一类系统和 Mentohust/MiniEAP 软件的路由器,在绝大多数情况下是没有正确配置 IPV6 网络的。
本篇教程,即是对此类路由器连接校园网 IPV6 的说明。
操作教程
在进行下列操作前,你需要有:
- 一台刷好 OpenWrt 类系统(PandoraBox 等属于此列)的路由器。
- 正确配置 Mentohust 或者 MiniEAP,已经正常使用校园网。
- 一台能操作路由器的电脑或手机。
本次教程以 路由器界著名宝石垃圾 —— 斐讯K2 为例,进行下列流程。
1. 登录路由器的后台,在 系统 – 管理 界面,进入SSH访问,进行如下设置:
2. 使用任意SSH客户端(推荐 XShell)连接到路由器。
- 地址为 192.168.1.1,用户名和密码同系统后台。
- 进入后,输入 sudo -i 命令,输入自身用户密码,获取 root 权限。
正常状态下,应该有类似下图的界面:
3. 执行如下命令
opkg update
opkg install ip6tables
opkg install kmod-ipt-nat6更新软件源并安装 ip6tables 和 kmod-ipt-nat6。
uci set network.globals.ula_prefix="$(uci get network.globals.ula_prefix | sed 's/^./d/')"
uci commit network将 IPv6 LAN 内网地址由 fd 开头变成 dd 开头。
uci set dhcp.lan.ra_default='1'
uci commit dhcp让DHCP服务器总是通告默认路由。
4. 修改配置文件
vi /etc/init.d/nat6创建对应文件并进行编辑。
注意:进入vim编辑器后,按下 i 键进行编辑,编辑完成后,esc 键退出编辑,输入 :wq 保存退出。
若出现权限问题无法保存退出等情况,请尝试 :wq! 指令。
配置文件内容如下:
#!/bin/sh /etc/rc.common
# NAT6 init script for OpenWrt // Depends on package: kmod-ipt-nat6
# edited by Sad Pencil at 2020-02-09
# replace route command with ip command to solve issues on new OpenWRT
# edited by Sad Pencil at 2021-11-29
# update line WAN6_INTERFACE=$(uci get "network.$WAN6_NAME.device" || uci get "network.$WAN6_NAME.ifname")
START=55
# Options
# -------
# Use temporary addresses (IPv6 privacy extensions) for outgoing connections? Yes: 1 / No: 0
PRIVACY=1
# Maximum number of attempts before this script will stop in case no IPv6 route is available
# This limits the execution time of the IPv6 route lookup to (MAX_TRIES+1)*(MAX_TRIES/2) seconds. The default (15) equals 120 seconds.
MAX_TRIES=15
# An initial delay (in seconds) helps to avoid looking for the IPv6 network too early. Ideally, the first probe is successful.
# This would be the case if the time passed between the system log messages "Probing IPv6 route" and "Setting up NAT6" is 1 second.
DELAY=5
# Logical interface name of outbound IPv6 connection
# There should be no need to modify this, unless you changed the default network interface names
# Edit by Vincent: I never changed my default network interface names, but still I have to change the WAN6_NAME to "wan" instead of "wan6"
WAN6_NAME="wan6"
# ---------------------------------------------------
# Options end here - no need to change anything below
boot() {
[ $DELAY -gt 0 ] && sleep $DELAY
WAN6_INTERFACE=$(uci get "network.$WAN6_NAME.device" || uci get "network.$WAN6_NAME.ifname")
logger -t NAT6 "Probing IPv6 route"
PROBE=0
COUNT=1
while [ $PROBE -eq 0 ]
do
if [ $COUNT -gt $MAX_TRIES ]
then
logger -t NAT6 "Fatal error: No IPv6 route found (reached retry limit)" && exit 1
fi
sleep $COUNT
COUNT=$((COUNT+1))
PROBE=$(ip -6 route | grep -i '^default.*via' | grep -i -F "dev $WAN6_INTERFACE" | grep -i -o 'via.*' | wc -l)
done
logger -t NAT6 "Setting up NAT6"
if [ -z "$WAN6_INTERFACE" ] || [ ! -e "/sys/class/net/$WAN6_INTERFACE/" ] ; then
logger -t NAT6 "Fatal error: Lookup of $WAN6_NAME interface failed. Were the default interface names changed?" && exit 1
fi
WAN6_GATEWAY=$(ip -6 route | grep -i '^default.*via' | grep -i -F "dev $WAN6_INTERFACE" | grep -i -o 'via.*' | cut -d ' ' -f 2 | head -n 1)
if [ -z "$WAN6_GATEWAY" ] ; then
logger -t NAT6 "Fatal error: No IPv6 gateway for $WAN6_INTERFACE found" && exit 1
fi
LAN_ULA_PREFIX=$(uci get network.globals.ula_prefix)
if [ $(echo "$LAN_ULA_PREFIX" | grep -c -E "^([0-9a-fA-F]{4}):([0-9a-fA-F]{0,4}):") -ne 1 ] ; then
logger -t NAT6 "Fatal error: IPv6 ULA prefix $LAN_ULA_PREFIX seems invalid. Please verify that a prefix is set and valid." && exit 1
fi
ip6tables -t nat -I POSTROUTING -s "$LAN_ULA_PREFIX" -o "$WAN6_INTERFACE" -j MASQUERADE
if [ $? -eq 0 ] ; then
logger -t NAT6 "Added IPv6 masquerading rule to the firewall (Src: $LAN_ULA_PREFIX - Dst: $WAN6_INTERFACE)"
else
logger -t NAT6 "Fatal error: Failed to add IPv6 masquerading rule to the firewall (Src: $LAN_ULA_PREFIX - Dst: $WAN6_INTERFACE)" && exit 1
fi
ip -6 route add 2000::/3 via "$WAN6_GATEWAY" dev "$WAN6_INTERFACE"
if [ $? -eq 0 ] ; then
logger -t NAT6 "Added $WAN6_GATEWAY to routing table as gateway on $WAN6_INTERFACE for outgoing connections"
else
logger -t NAT6 "Error: Failed to add $WAN6_GATEWAY to routing table as gateway on $WAN6_INTERFACE for outgoing connections"
fi
if [ $PRIVACY -eq 1 ] ; then
echo 2 > "/proc/sys/net/ipv6/conf/$WAN6_INTERFACE/accept_ra"
if [ $? -eq 0 ] ; then
logger -t NAT6 "Accepting router advertisements on $WAN6_INTERFACE even if forwarding is enabled (required for temporary addresses)"
else
logger -t NAT6 "Error: Failed to change router advertisements accept policy on $WAN6_INTERFACE (required for temporary addresses)"
fi
echo 2 > "/proc/sys/net/ipv6/conf/$WAN6_INTERFACE/use_tempaddr"
if [ $? -eq 0 ] ; then
logger -t NAT6 "Using temporary addresses for outgoing connections on interface $WAN6_INTERFACE"
else
logger -t NAT6 "Error: Failed to enable temporary addresses for outgoing connections on interface $WAN6_INTERFACE"
fi
fi
exit 0
}提示:若配置后不生效,可将文本中的
WAN6_INTERFACE=$(uci get "network.$WAN6_NAME.device" || uci get "network.$WAN6_NAME.ifname")修改为:WAN6_INTERFACE=[WAN6的网络设备]
5. 执行命令
chmod +x /etc/init.d/nat6
/etc/init.d/nat6 enable让 nat6 脚本开机启动。
uci set firewall.@rule["$(uci show firewall | grep 'Allow-ICMPv6-Forward' | cut -d'[' -f2 | cut -d']' -f1)"].enabled='0'
uci commit firewall恩山论坛大佬们的说明是,此步可省略,具体为配置防火墙规则。
6. 修改 /etc/sysctl.conf 文件。
同 步骤4 ,输入 vi /etc/sysctl.conf 修改文件。
添加如下内容(若已存在则跳过):
net.ipv6.conf.default.forwarding=2
net.ipv6.conf.all.forwarding=2
net.ipv6.conf.default.accept_ra=2
net.ipv6.conf.all.accept_ra=2保存并退出。至此,可以放心重启路由器,使用校园网的 IPV6 。
学到了,之后大学偷网抢课就靠它了(草
目前来看这玩意最大作用还是下种子的时候能快一点╮(╯▽╰)╭