技术

OpenWrt PPPoE环境下IPv6配置完整教程(适用于中国大陆三大运营商)

OpenWrt PPPoE环境下IPv6配置完整教程(适用于中国大陆三大运营商)

本教程基于OpenWrt路由器在PPPoE拨号环境下的IPv6配置经验整理而成,适用于2025-2026年中国大陆电信、联通、移动等运营商。教程覆盖从基本配置到常见问题排查,以及IPv6启用后可能遇到的网络优化问题。假设你已安装OpenWrt固件(推荐23.x或更高版本),并确保WAN接口的PPPoE拨号已成功(有公网IPv4地址)。

前提条件

  • 运营商已开通IPv6服务(打客服电话10000/10010/10086确认账号支持IPv6 + PD前缀委派,通常为/56、/60或/64)。
  • 路由器固件支持IPv6(默认OpenWrt支持)。
  • 测试工具:浏览器访问test-ipv6.com或ipv6-test.com;SSH命令如ifstatus wan6logread | grep odhcp6c

注意:配置过程中,保存&应用后可能短暂断网。建议备份当前配置。如果你是高级用户,可通过SSH/UCI命令微调。

第一部分:WAN接口配置(PPPoE拨号基础)

WAN接口负责IPv4拨号,并可选处理IPv6协商。但为避免干扰WAN6,推荐关闭其内置IPv6管理。

推荐配置步骤

  1. 进入Network → Interfaces → WAN → Edit
  2. General Settings
    • Protocol:PPPoE。
    • 输入你的拨号账号/密码(运营商提供)。
  3. Advanced Settings
    • Obtain IPv6-address:设为disabledmanual(关闭内置IPv6,推荐以避免干扰WAN6)。
    • 如果有“Use builtin IPv6-management”:关闭。
  4. 保存&应用,确保WAN连接成功(Status → Overview显示connected,有IPv4地址)。

WAN IPv6获取选项对比表

选项值 效果描述 推荐场景
disabled/manual 关闭内置IPv6,只靠WAN6处理 最稳,中国大陆三大运营商通用
auto/try 自动尝试获取IPv6地址(可能干扰PD请求) 初步测试,如果WAN6失败再关闭
force 强制获取(易导致WAN6不触发) 基本不推荐,已过时

小贴士:关闭内置IPv6后,WAN接口可能只剩链路本地地址(fe80::开头),这是正常现象。真正的公网IPv6由WAN6负责。

第二部分:WAN6接口配置(获取IPv6地址和PD前缀)

WAN6使用DHCPv6 client协议,从运营商请求IPv6地址和PD前缀(用于内网分发)。

推荐配置步骤

  1. 如果现有WAN6存在,先删除它(避免冲突)。
  2. Network → Interfaces → Add new interface
    • Name:wan6。
    • Protocol:DHCPv6 client
    • Device/Interface:手动输入**@wan**(别名,指向PPPoE虚拟接口;如果列表有pppoe-wan,可选它)。
    • Request IPv6-address:tryforce
    • Request IPv6-prefix of length:auto(首选);如果失败,试56(电信)、6064(联通/移动)。
    • Advanced Settings:Use default gateway → on;如果有Force IPv6 → on。
  3. 保存&应用,等10-60秒。
  4. 检查Status → Overview:WAN6应显示connected,有全局IPv6地址(240e:或2001:开头)和Prefix delegated(e.g., /56)。

运营商PD前缀参考表(2025-2026年中国大陆)

运营商 PD前缀常见值 Request prefix推荐 备注
电信 56/60 auto/56 最稳定
联通 56/64 auto/64 部分地区需指定
移动 64 64 常只给/64,不委派更多

诊断命令(SSH执行):

  • ifstatus wan6:查看"ipv6-address"和"ipv6-prefix"(有前缀如/56表示成功)。
  • logread | grep odhcp6c:看是否有"bound"、"prefix delegated"(成功)或"No prefix"(失败)。

如果WAN6未连接或无PD,参考第五部分排查。

第三部分:LAN接口配置(内网IPv6分发)

有了PD前缀后,LAN负责从前缀中切分子网分发给设备(SLAAC + DHCPv6)。

推荐配置步骤(/56 PD为例)

  1. Network → Interfaces → LAN → Edit
  2. General Settings
    • Protocol:Static address(默认)。
    • IPv6 assignment length (ip6assign)60(推荐,从/56切出16个/64子网);或64(简单,只用一个/64)。
    • IPv6 assignment hint:留空或0
  3. DHCP Server → IPv6 Settings
    • RA-Serviceserver mode(路由器发RA公告)。
    • DHCPv6-Serviceserver mode(推荐,兼容好)或disabled(纯SLAAC)。
    • RA Flagsnoneother-config
    • NDP-Proxydisabled
    • Announced DNS servers:填IPv6 DNS如2400:3200::1(阿里)或2001:4860:4860::8888(Google)。
  4. 保存&应用,等10-30秒。

IPv6分发模式对比表

模式 RA-Service DHCPv6-Service ip6assign 兼容性(设备) 推荐度
纯SLAAC(简单) server disabled 60/64 ★★★★★ ★★★★★
SLAAC + 无状态DHCPv6 server server 60/64 ★★★★★ ★★★★
纯状态DHCPv6(严格) server server 60/64 ★★★ ★★

测试

  • 客户端:ipconfig /all(Win)或网络设置(Android/iOS),看有公网IPv6地址。
  • 全网测试:访问test-ipv6.com,得10/10分。
  • 如果设备拿不到:改ip6assign为64;SSH跑/etc/init.d/odhcpd restart;重连WiFi。

第四部分:防火墙配置(确保IPv6流量通畅)

默认防火墙已有IPv6规则,但需确认/添加DHCPv6端口。

  • Network → Firewall → Traffic Rules
    • 添加两条IPv6规则:
      • Name: Allow-DHCPv6-client;Source: wan;Protocol: UDP;Dest port: 546;Action: ACCEPT。
      • Name: Allow-DHCPv6-server;Source: wan;Protocol: UDP;Dest port: 547;Action: ACCEPT。
  • 确认WAN区有Allow-ICMPv6(Input/Output/Forward)。

第五部分:常见问题排查

问题1:WAN6未连接/Disconnected

  • 原因:Device选错;WAN未拨号;防火墙挡UDP 546/547;运营商未开IPv6。
  • 解决:
    1. 确认WAN connected。
    2. WAN6 Device改@wan或pppoe-wan。
    3. 关闭WAN内置IPv6。
    4. SSH跑ifdown wan; sleep 5; ifup wan; ifup wan6
    5. 检查日志:logread | grep odhcp6c

问题2:WAN6有地址但无PD前缀

  • 原因:Request prefix不匹配;运营商未委派。
  • 解决:
    1. WAN6 Edit:Request prefix改64/56/60。
    2. 客服确认开通PD。
    3. 日志检查:"No prefix" → 运营商问题。

问题3:LAN设备拿不到IPv6

  • 解决:改ip6assign=64;重启odhcpd;确认PD存在;客户端重启。

问题4:IPv6启用后淘宝加载慢(图片/视频刷不出)

  • 原因:运营商IPv6质量差;Happy Eyeballs延迟;MTU问题;DNS慢;设备兼容Bug。
  • 解决:
    1. 临时禁用LAN IPv6(RA/DHCPv6设disabled)。
    2. 调整MTU:WAN/LAN设1492;SSH ip link set mtu 1492 dev pppoe-wan
    3. 优化DNS:WAN6用阿里/Google IPv6 DNS。
    4. IPv4优先:插件规则让*.taobao.com/*.alicdn.com走IPv4。
    5. 升级固件/系统;客服反馈IPv6优化。

第六部分:高级优化与总结

  • 重启服务:常用SSH命令ifup wan6 /etc/init.d/odhcpd restart
  • Workaround(无PD时):启用NDP-Proxy代理上游/64;或用6in4隧道。
  • 总结:中国大陆IPv6配置核心是WAN6用DHCPv6 client + @wan,LAN用SLAAC分发。成功后全家双栈上网,享受更快国际访问。但国内站点如淘宝IPv6支持尚不完美,可选IPv4兜底。
  • 测试成功:路由器/设备有公网IPv6,访问IPv6-only站点无问题。

如果配置中卡住,欢迎提供截图或SSH输出(如ifstatus wan6)进一步调试。祝双栈配置成功!🚀

01/15/2026 by 技术 0

steamdeck_ssh_instructions

These are manual instructions on enabling SSH access on your Steam Deck, adding public key authentication, and removing the need for a sudo password for the main user (deck).

This gist assumes the following:

  • you have a Steam Deck[[steamdeck_ssh_instructions]]
  • you have a home PC with access to a Linux shell that can ssh, ssh-keygen, and ssh-copy-id
  • your Steam Deck and home PC are on the same local network, with standard SSH traffic (tcp/22) allowed over that network from the PC to the Steam Deck

NOTE: @crackelf on reddit mentions that steamOS updates blow away everything other than /home, which may have the following effects:

  • removing the systemd config for sshd.service, which would prevent the service from automatically starting on boot
  • removing the sudoers.d config, which would reenable passwords for sudo

Instructions:

  • On your Steam Deck, switch to "Desktop Mode" (Steam > Power > Switch to Desktop)
  • On your Steam Deck, open a terminal (eg Steam Icon > System > Konsole or Steam Icon > System > fish)
  • On your Steam Deck, set a temporary passwd for the current user, deck (use Steam + X On your Steam Deck to bring up the on-screen keyboard):
(deck@steamdeck ~)$ passwd
New password:
Retype new password:
passwd: password updated successfully
  • On your Steam Deck, enable and start the sshd.service (use the password above when prompted):
(deck@steamdeck ~)$ sudo systemctl enable sshd.service
Created symlink /etc/systemd/system/multi-user.target.wants/sshd.service → /usr/lib/systemd/system/sshd.service.
(deck@steamdeck ~)$ sudo systemctl start sshd.service
  • On your Steam Deck, determine your steamdeck’s LAN IP:
(deck@steamdeck ~)$ ip addr | grep inet | grep wlan0
    inet 192.168.1.106/24 brd 192.168.1.255 scope global dynamic noprefixroute wlan0
  • On your PC, verify you can ssh into the Steam Deck using your password:
[andygeorge@home-pc ~]$ ssh -o PreferredAuthentications=password -o PubkeyAuthentication=no [email protected]
[email protected]'s password:
Last login: Thu Jul 21 12:51:20 2022 from 192.168.1.115
(deck@steamdeck ~)$

[andygeorge@home-pc ~]$ ssh-keygen -t ed25519 -C "[email protected]"
Generating public/private ed25519 key pair.
Enter file in which to save the key (/home/andygeorge/.ssh/id_ed25519): /home/andygeorge/.ssh/steamdeck_ed25519
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/andygeorge/.ssh/steamdeck_ed25519
Your public key has been saved in /home/andygeorge/.ssh/steamdeck_ed25519.pub
The key fingerprint is:
SHA256:k [email protected]
The key's randomart image is:
k

This will create two files, a private SSH key file, and its corresponding public key with a .pub extension:

[andygeorge@home-pc ~]$ ls -al ~/.ssh/steamdeck*
-rw------- 1 andygeorge andygeorge 411 Jul 21 12:42 /home/andygeorge/.ssh/steamdeck_ed25519
-rw-r--r-- 1 andygeorge andygeorge 100 Jul 21 12:42 /home/andygeorge/.ssh/steamdeck_ed25519.pub
  • On your PC, run ssh-copy-id to copy the public key of the keypair you generated above to the Steam Deck (using the password you created above):
[andygeorge@home-pc ~]$ ssh-copy-id -i ~/.ssh/steamdeck_ed25519.pub [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/andygeorge/.ssh/steamdeck_ed25519.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.
  • On your PC, test the SSH using key auth:
[andygeorge@home-pc ~]$ ssh -i ~/.ssh/steamdeck_ed25519 [email protected]
Last login: Thu Jul 21 13:32:25 2022 from 192.168.1.115
(deck@steamdeck ~)$
  • On your Steam Deck, disable the sudo password for your deck user:
(deck@steamdeck ~)$ echo "%wheel ALL=(ALL) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/wheel >/dev/null
  • On your Steam Deck, delete your deck user’s password:
(deck@steamdeck ~)$ sudo passwd -d deck
passwd: password expiry information changed.

You should now be able to ssh in using key auth and sudo without a password!

09/24/2025 by 技术 0

Omnivore Docker Setup Guide

Omnivore Docker Setup Guide

Overview

This guide documents the complete setup process for running Omnivore using Docker Compose, including common issues and their solutions.

Prerequisites

  • Docker and Docker Compose installed
  • Debian GNU/Linux system
  • sudo privileges

Initial Setup Steps

1. Pull Docker Images

docker compose pull

2. First Attempt to Start Services

docker compose up

Issues Encountered and Solutions

Issue 1: Database User Authentication Failed

Problem: The application services couldn’t connect to PostgreSQL because the app_user role didn’t exist.

Error Message:

error: password authentication failed for user "app_user"
FATAL: Role "app_user" does not exist

Solution:

  1. Start PostgreSQL container first:
docker compose up -d postgres
  1. Wait for PostgreSQL to be ready:
sleep 10
  1. Create the required database user:
docker exec -it omnivore-postgres psql -U postgres -d omnivore -c "CREATE USER app_user WITH PASSWORD 'app_pass';"
docker exec -it omnivore-postgres psql -U postgres -d omnivore -c "GRANT ALL PRIVILEGES ON DATABASE omnivore TO app_user;"
docker exec -it omnivore-postgres psql -U postgres -d omnivore -c "ALTER USER app_user CREATEDB;"

Issue 2: MinIO Bucket Creation Failed

Problem: The createbuckets container was using an outdated MinIO client command syntax.

Error Message:

mc: <ERROR> `config` is not a recognized command. Get help using `--help` flag.

Solution:

  1. Update the docker-compose.yml file to use the correct MinIO client syntax:
sed -i 's/mc config host add/mc alias set/g' docker-compose.yml
  1. Remove and recreate the createbuckets container:
docker compose stop createbuckets
docker compose rm createbuckets
docker compose up -d createbuckets

Issue 3: Environment Variable Updates Not Taking Effect

Problem: After updating the .env file, changes weren’t reflected in running containers.

Solution: Complete rebuild of all containers and volumes:

# Stop and remove all containers and volumes
docker compose down -v

# Rebuild all containers from scratch
docker compose up --build -d

# If database authentication fails again, recreate the app_user:
docker exec -it omnivore-postgres psql -U postgres -d omnivore -c "CREATE USER app_user WITH PASSWORD 'app_pass';"
docker exec -it omnivore-postgres psql -U postgres -d omnivore -c "GRANT ALL PRIVILEGES ON DATABASE omnivore TO app_user;"
docker exec -it omnivore-postgres psql -U postgres -d omnivore -c "ALTER USER app_user CREATEDB;"

# Restart all services
docker compose up -d

Complete Working Setup Process

Step 1: Initial Deployment

# Pull latest images
docker compose pull

# Start all services
docker compose up -d

Step 2: Fix Database Authentication (if needed)

# Create database user manually
docker exec -it omnivore-postgres psql -U postgres -d omnivore -c "CREATE USER app_user WITH PASSWORD 'app_pass';"
docker exec -it omnivore-postgres psql -U postgres -d omnivore -c "GRANT ALL PRIVILEGES ON DATABASE omnivore TO app_user;"
docker exec -it omnivore-postgres psql -U postgres -d omnivore -c "ALTER USER app_user CREATEDB;"

# Restart services
docker compose restart api queue-processor

Step 3: Fix MinIO Bucket Creation (if needed)

# Update MinIO command syntax
sed -i 's/mc config host add/mc alias set/g' docker-compose.yml

# Recreate createbuckets container
docker compose stop createbuckets
docker compose rm createbuckets
docker compose up -d createbuckets

Step 4: Verify All Services

# Check status of all containers
docker compose ps

# Check for any exited containers
docker compose ps -a

For Environment Variable Updates

When you need to update the .env file:

# Stop and remove everything
docker compose down -v

# Rebuild from scratch
docker compose up --build -d

# Recreate database user (will be needed after volume reset)
docker exec -it omnivore-postgres psql -U postgres -d omnivore -c "CREATE USER app_user WITH PASSWORD 'app_pass';"
docker exec -it omnivore-postgres psql -U postgres -d omnivore -c "GRANT ALL PRIVILEGES ON DATABASE omnivore TO app_user;"
docker exec -it omnivore-postgres psql -U postgres -d omnivore -c "ALTER USER app_user CREATEDB;"

# Restart all services
docker compose up -d

Final Service Overview

After successful setup, you should have these services running:

ServiceContainer NamePortStatus
Web Interfaceomnivore-web3000Running
API Backendomnivore-api4000Running (Healthy)
PostgreSQLomnivore-postgres5432Running (Healthy)
Redisomnivore-redis6379Running (Healthy)
MinIOominivore-minio-11010Running (Healthy)
Content Fetchomnivore-content-fetch9090Running
Image Proxyomnivore-image-proxy7070Running
Mail Watcheromnivore-mail-watch-server4398Running
Queue Processoromnivore-queue-processorRunning

Completed Tasks (will show as Exited 0):

  • omnivore-migrate (Database migration)
  • ominivore-createbuckets-1 (MinIO bucket setup)

Access Information

  • Web Application: http://localhost:3000 (or your configured domain)
  • API Endpoint: http://localhost:4000 (or your configured domain)
  • Demo Login:

Common Commands

# Check container status
docker compose ps

# View logs for specific service
docker logs <container-name>

# Restart specific service
docker compose restart <service-name>

# Stop all services
docker compose down

# Stop and remove volumes (complete reset)
docker compose down -v

# Rebuild and start
docker compose up --build -d

Troubleshooting

Container Won’t Start

  1. Check logs: docker logs <container-name>
  2. Verify .env file configuration
  3. Ensure all dependencies are running
  4. Try recreating the container: docker compose up -d <service-name>

Database Connection Issues

  1. Verify PostgreSQL is running: docker compose ps postgres
  2. Check if app_user exists: docker exec -it omnivore-postgres psql -U postgres -d omnivore -c "\du"
  3. Recreate app_user if needed (see Step 2 above)

MinIO Issues

  1. Check MinIO logs: docker logs ominivore-minio-1
  2. Verify bucket creation: docker logs ominivore-createbuckets-1
  3. Manually create bucket if needed:
    docker exec ominivore-minio-1 mc alias set myminio http://localhost:9000 minio miniominio
    docker exec ominivore-minio-1 mc mb myminio/omnivore

Web Interface Not Loading

  1. Check if web container is running: docker compose ps web
  2. Verify API is healthy: docker compose ps api
  3. Check network connectivity between containers
  4. Verify port mappings in docker-compose.yml

Note: This guide was created based on the actual deployment experience on Debian GNU/Linux with Docker Compose. The issues and solutions documented here were encountered and resolved during the setup process.

Last Updated: June 12, 2025

06/13/2025 by 技术 0

群晖nextcloud安装

安装MariaDB

设置密码和端口

安装web station

PHP高级设置,设置MySQL的sock(使用MariaDB的)和端口

安装phpMyAdmin

在MariaDB中添加DB和用户,注意一定要把用户和DB关联起来,或者说要授予该用户DB的全部权限

phpMyAdmin是在web文件夹下面,访问的时候注意要大写。配置文件里面会使用到上面说到的PHP高级设置的内容

安装docker

配置nextcloud

注意设置地址为群晖的地址,端口为MariaDB的端口

参考

Nas 篇一:黑群晖 折腾 nextcloud安装 笔记_NAS存储_什么值得买

Synology NAS 安装phpMyAdmin和MySQL(MariaDB)的外网连接 – 知乎

03/26/2024 by 技术 0

N1盒子旁路由

https://zhuanlan.zhihu.com/p/129414399

另外需要注意的是:

1. 防火墙自定义规则里面加入:

iptables -t nat -I POSTROUTING -j MASQUERADE

2. 有时候新加的WAN接口需要重新启动才能把主路由网关设到route里面

3. 进行端口映射的时候,两个接口都选LAN。然后在主路由里面的端口映射里面把内部主机设置为旁路由的WAN接口IP。

4. 如果主路由的内部网络的DHCP中的网关设置为旁路由的LAN地址,从而让网络中的主机都自动使用旁路由作为网关的话,则旁路由的WAN不能设置为DHCP Client,而需要设置为静态地址,并且把网关设置为主路由的地址。

06/25/2020 by 技术 转载 0