RouterHelper

Linux router setup assistant

This is a project developed by HimbeerserverDE.

Setting up a router on your linux machine is actually pretty easy. But what if you want to use IPv6? Well, there is almost no good educational content out there on that topic. I was struggling for ages. Now that I finally got it to work, I decided to help others by developing this program. It's partially working right now because it's a complicated project. You can download the current dev version by using our download page.

Current available version: 1.2.1

There also is a version with Web interface available but may not show information properly at http://elidragon.tk/graphical.tar.gz

I wasn't able to set up DS-Lite which is necessary until IPv6 becomes the default. If you figure out how to do DS-Lite support, please tell me how: Send an email so that I can add it to my program.

Setup

System requirements

To use this project, it is required to run a dedicated linux machine. It should work with most modern computers. I recommends using Ubuntu 18.04 as this is the distro I use for testing. Your computer needs to have two LAN ports. You will also need some external devices like a modem, a network switch, and if you want to a wireless AP.

Installation

1.

Go to the download page and download "routerhelper.tar.gz"

2.

Unpack the archive and open a terminal in the installation directory

3.

To start the configuration tool, run ./config.sh

4.

Connect the WAN port to your modem, the LAN port to your switch. Now you can connect devices to your LAN by plugging them into the switch.

Usage

When the system started up, execute "routerstarter.sh WANINTERFACE LANINTERFACE deleg/req/no" to activate the router. Then hit CTRL-C and execute it again to make sure everything is working. You can use the simplified iptables commands in PROGRAMDIR/opt/ to configure the firewall. Choose "deleg" if you want to delegate prefixes, choose "req" if you want to use it as a normal router. You may automate the process by creating a crontab, however, remember that it executes sudo and you have to disable password or use root account for automation.

Uninstall

The program comes with an uninstall script, "uninstall.sh". It will reverse all of the changes the scripts made to the system, except removing the added routes.

Changes

Does this program create a WiFi network?

No, it doesn't. This is not job of the router itself. Also don't try to do it on the router itself.

How to do IPv6 prefix delegation?

My method only works if you only use my software in the whole network. If you connect any other router, its subnet will not be reachable. However, I figured out how to make this possible.

First, you have to obtain a prefix and assign it to your "LAN" interface. You can do this by obtaining it from an upstream network or by using static configuration.

For some reason, SLAAC needs to be present on the network. Install the necessary software: sudo apt install radvd
You may use the following radvd config:

interface YOURLANINTERFACE {
    AdvSendAdvert on;
    MaxRtrAdvInterval 200;
    MinRtrAdvInterval 10;
    prefix ::/64 {
        AdvOnLink on;
        AdvRouterAddr on;
        AdvAutonomous on;
        AdvPreferredLifetime 200;
        AdvValidLifetime 250;
    };
    AdvDefaultLifetime 1000;
    RDNSS 2001:4860:4860::8888 {
        AdvRDNSSLifetime 200;
    };
};

Note that we are going to be using Google DNS.

Prefix delegation will be done using dibbler-server because its lease file is in the XML format and contains all the necessary information for creating the routing rules. Install it: sudo apt install dibbler-server

I wrote a configuration file that should do the delegation itself without route creation:

#
# Example server configuration file
#
# This config. file is considered all-purpose as it instructs server
# to provide almost every configuratio
#

# Logging level range: 1(Emergency)-8(Debug)
log-level 8

# Don't log full date
log-mode short

# Uncomment this line to call script every time a response is sent
#script "/var/lib/dibbler/server-notify.sh"

# set preference of this server to 0 (higher = more prefered)
preference 0

iface "enp0s25" {

# // also ranges can be defines, instead of exact values
t1 1800-2000
t2 2700-3000
prefered-lifetime 3600
valid-lifetime 7200

# assign addresses from this pool
class {
pool 2001:db8:affe::/48
}

# assign temporary addresses from this pool

# ta-class {
# pool 2001:db8:2222::/96
# }

#assign /96 prefixes from this pool
pd-class {
pd-pool 2001:db8:affe::/48
#pd-poll 2001:db8:4444::/80
pd-length 56
}

# provide DNS server location to the clients
option dns-server 2001:4860:4860::8888,2001:4860:4860::8844

# provide their domain name
option domain localnet.lan

# provide vendor-specific info (vendor id=5678 will get first value,
# while vendor=1556 will get second value)
# option vendor-spec 5678-1-0x3031323334,1556-2-0x393837363534

# provide ntp-server information
option ntp-server 2001:638:610:be01::108,2001:638:610:be01::104,2001:638:610:be01::103

# provide timezone information
option time-zone CET

# provide VoIP parameter (SIP protocol servers and domain names)
# option sip-server 2000::300,2000::302,2000::303,2000::304
# option sip-domain sip1.example.com,sip2.example.com

# provide NIS information (server addresses and domain name)
# option nis-server 2000::400,2000::401,2000::404,2000::405,2000::405
# option nis-domain nis.example.com

# provide NIS+ information (server addresses and domain name)
# option nis+-server 2000::501,2000::502
# option nis+-domain nisplus.example.com

# provide AFTR information for DS-Lite clients (B4)
# option aftr cgn.example.com

# provide fully qualified domain names for clients
# note that first, second and third entry is reserved
# for a specific address or a DUID
# option fqdn 1 64 zebuline.example.com - 2000::1,
# kael.example.com - 2000::2,
# inara.example.com - 0x0001000043ce25b40013d4024bf5,
# zoe.example.com,
# malcolm.example.com,
# kaylee.example.com,
# jayne.example.com,
# wash.example.com
}

Just modify the default config. The address pool for IA_NAs is the prefix you have been assigned, the pd-pool too. pd-length is the length of prefix handed out.

Now you can try to manage the dibbler server. Use "sudo dibbler-server stop" then "sudo dibbler-server start". Then check if at least one process is running by typing "sudo dibbler-server status". If it is not running, check "/var/log/dibbler/dibbler-server.log" and fix the errors.

Prefix delegation itself should now be working. Now to route creation.

I wrote a PHP script to add the routes. You can download the file here.Don't mind the file name, I am from Germany and used a German file name. Move this file to "/var/www/html/routen.php".

This file loads the lease file into memory, gets the requesting link-local addresses and the lengths of the delegated prefixes and processes each one individually. It adds the rules for all of the prefixes.

For this to work, PHP needs to know the LAN interface. Please execute: "sudo runuser -l root -c 'echo "YOURLANINTERFACE" > /var/www/html/lanif.txt'" to tell my script what the interface name is.

Now you can run "sudo php /var/www/html/routen.php" to create the rules manually. I recommend using a crontab for automating this. Let me show you how:

Modify the file by entering the command "sudo runuser -l root -c 'crontab -e'". Now append "* * * * * php /var/www/html/routen.php" to run it every minute.

Congrats, you have done it. Should be working now. However, it may take a minute to create the route when you connect a device, but at least it's working.