AICCU support for merlin firmware

Discussion in 'Asuswrt-Merlin' started by probutus, Dec 23, 2012.

  1. probutus

    probutus New Around Here

    Joined:
    Dec 23, 2012
    Messages:
    6
    Thank you very much for this great firmware modification.

    I was searching around a little bit if anyone already had added support for aiccu, which is a special IPv6 tunnelling software provided from Sixxs:

    http://www.sixxs.net/archive/sixxs/aiccu/unix/aiccu_current.tar.gz

    I already managed to have aiccu integrated in your most recent source tree; it compiles and works just fine , the only thing I did not manage to find out is how to add a new menu entry for Aiccu in the IPv6 tab and to generate the configuration file based on the given input.

    The configuration info is pretty simple:

    username string
    password string
    tunnelid string
    use TLS boolean

    AICCU needs to be started after the timebase via NTP has been received. I searched in the source tree and found out that Asus does the complete startup handling in C code. Is there an easier way to start the daemon dependant on the availability of a valid system time?
     

    Attached Files:

  2. Log in / Register to remove this ad

  3. RMerlin

    RMerlin Part of the Furniture

    Joined:
    Apr 14, 2012
    Messages:
    13,353
    Location:
    Canada
    I would put it in wan-start, giving it a sleep 10 delay to give it time to finalize things such as setting up the clock.

    Fully integrating would require code to be added to the rc service. Not something that simple.
     
  4. probutus

    probutus New Around Here

    Joined:
    Dec 23, 2012
    Messages:
    6
    Thanks for the hint but the problem then is that I can't start radvd manually (since the admin user is not named "root") it rants about incorrect privileges for radvd.conf. Unfortunately, I can't enable radvd without having some option chosen from the ipv6 menu...

    By the way: I managed to compile mini_fo for the router and mounted the www directory as overlay filesystem; so I could easily manipulate the asp-files :cool:

    I have an adapted Advanced_IPv6_Config.asp which already contains the correct forms. I have seen how the values are read from the NVRAM for displaying. What I did not yet find out is how the files are stored when I click the commit button.. Can you give me a hint?

    EDIT: attached mini_fo modules: docs are here http://www.denx.de/wiki/Know/MiniFOFAQ
    Please rename attachment from .pdf to .zip
     

    Attached Files:

    Last edited: Dec 23, 2012
  5. RMerlin

    RMerlin Part of the Furniture

    Joined:
    Apr 14, 2012
    Messages:
    13,353
    Location:
    Canada
    Just specify the username to use:

    radvd -u admin
     
  6. f41thr

    f41thr New Around Here

    Joined:
    Dec 25, 2012
    Messages:
    5
    Great job, but could you please give a hint who I can integrate this on my own?
    I more than happy to make the build after several experiments.

    BTW, AICCU launch is a liitle bit tricky (be aware of the ntp). I maintain i.e. the OpenBSD AICCU wiki on sixxs. After several experiments with DD-WRT, OpenWRT, FreeBSD and OpenBSD I now playing with Merlin ;->

    Next question is where to place the configuration data to survive a reboot?
    In addition with a adopted ip6tables configuration.


    F41THR

    Looks like that this is feasable on the standard ASUS firmware, too.

     
    Last edited: Dec 25, 2012
  7. probutus

    probutus New Around Here

    Joined:
    Dec 23, 2012
    Messages:
    6
    First, you have to download the patches I submitted in the first post and the full aiccu_20070115.tar.gz file from sixxs; extract this tar.gz archive into release/src/router

    then you change in this directory and do a

    patch -p1 < aiccu_20070115.patch

    The second patch is in release/src/router/config:

    patch -p1 < config.in.patch

    Last but not least in release/src/router:

    patch -p1 < release_src_router_Makefile.patch

    If you do a "make" of the merlin firmware you will be prompted if you want to have aiccu support (this is because I did not add this option into the configuration yet)

    The released firmware then contains the aiccu binary in /usr/sbin

    I searched everywhere and I could not find the aiccu package, this is why I compiled it on my own ;-)

    I created the jffs partition and put the radvd.conf and the aiccu.conf into /jffs/configs. I also extended the webfrontent to have an additional menu for aiccu but I dont have a clue yet how to persist the forms contents into the nvram... (@RMerlin: do you have a hint for me?)

    Here's my start_aiccu.sh:
    I can start aiccu and ping e.g. heise.de from the router but from my laptop I cant reach the ipv6 internet (but got the correct subnet from radvd)..:confused:

    Edit: add ip6tables config

    Edit 2: If you like, I can provide you my binary which contains the latest merlin fw with aiccu included
     
    Last edited: Dec 25, 2012
  8. RMerlin

    RMerlin Part of the Furniture

    Joined:
    Apr 14, 2012
    Messages:
    13,353
    Location:
    Canada
    For nvram values to work properly, you must define default values in shared/defaults.c .
     
  9. probutus

    probutus New Around Here

    Joined:
    Dec 23, 2012
    Messages:
    6
    That was it! Now I can see and save the values; I have seen that in the HTML document there is a reference to some script called "restart_allnet" which seems to be inside
    release/src/router/rc/services.c


    input type="hidden" name="action_script" value="restart_allnet"
     

    Attached Files:

    Last edited: Dec 26, 2012
  10. f41thr

    f41thr New Around Here

    Joined:
    Dec 25, 2012
    Messages:
    5
    Can you send me the patches for, I couldn't find this ;-<

    At least we have to define in some source code that al thie can be set via the web interface. So far I have no clue where I find the settings you show in your post.

    jffs seems to be OK, I made the patches so far.


    :confused:
    F41THR
     
  11. probutus

    probutus New Around Here

    Joined:
    Dec 23, 2012
    Messages:
    6
    patches are in the zip file (this time we have 2 files):

    in src/router/shared

    patch -p1 < src_router_shared_defaults_c.patch

    in

    in src/router/www

    patch -p1 <src_router_www.patch

    The first patch adds the contents to the nvram default values and the second patch enhances the IPv6 page
     

    Attached Files:

  12. f41thr

    f41thr New Around Here

    Joined:
    Dec 25, 2012
    Messages:
    5
    Update

    Confirmed: ASUS RT-N16 works fine with Merlin Firmware.
    Might have some issue I'll report later.

    With support from Protubus, we made AICCU integration.
    After a few mails between Protubus and me I finally made it. And I have some recommendations on FW security. See script below.
    (Manual load of contrack and logging). This is not the final one, a more sophisticated will be made availiabel later this month.

    Following my experience with pf on OpenBSD, it can be simplified later on! Even with ip6tables!

    So primarily thank to Merlin for the Merlin Firmware of ASUS Routers and then to Protubus for the AICCU integration.

    cu F41THR

    Replace

    SUBNETPREFIX='your-prefix/48'
    MYTUNNEL='see Your IPv6 on SIXXS'
    SIXXSTUNNEL='see Pop IPv6 on SIXXS'

    with your settings.
     
    Last edited: Dec 29, 2012
  13. probutus

    probutus New Around Here

    Joined:
    Dec 23, 2012
    Messages:
    6
    I'm currently having a hell of a time with integrating aiccu into rc... RMerlin was absolutely right that this would be the "fun part"....

    Is there a chance to configure the IPv4/IPv6 firewall rules via webinterface?
    Starting and stopping aiccu is one thing but having a customizable firewall is another...
     
  14. f41thr

    f41thr New Around Here

    Joined:
    Dec 25, 2012
    Messages:
    5
    Maybe I'm completely wrong, but have a look at jffs. Custom scripts can be placed there. aiccu and ipv6 FW can be configured per ssh. An autolauncher during startup make sense but everything else can be handled per ssh.

    This is similar with impementations on OpenWRT, DD-WRT, etc...
    SIXXS and AICCU is not such popular that ie. vendors spend much effort to integrate this. Look at Manual Kaspers M0n0wall, there you have a full web based integration.

    But to have a look at rc coud be interessting I start to look into that, too.
    Some ideas on that:

    It could be much easier to create and add a few handsome static scripts in
    ~/asuswrt-merlin/release/src-rt/router/rc/ to launch ie. aiccu, radvd and the firewall. Or one script launchig all together.

    The related config files can be placed either in jffs or /mnt/sda1/etc/config/
    Scripts check if a config file exist and will be fired up. So there is no need to place defaults in NVRAM.
    A feasable place for scripts is /etc/rc.d/

    Question is how a script can be integrated, but this is an option of the Makefile in ../router

    I just have an deeper look into the ip6tables configuration and I'll place an updated version soon (see also SIXXS WIKI later on).



    Regards

    F41THR
     
    Last edited: Dec 29, 2012

Share This Page