OpenWRT on a NanoStation M2 with IPv6

Hardware: NanoStation M2

  • Runs Linux by default (AirOS)
  • Atheros wifi, supports 802.11n
  • Power over ethernet

The official reseller for UBNT in Canada is See there M2 product page for more information. In Québec, also has good deals and is near Montréal.

The instructions below may apply to other types of routers. Your mileage may vary.


We are going to configure an AP for file sharing between neighbors. It will have its own subnet (for better privacy) and IPv6 (for fun). It will not directly route to the Internet for IPv4 (NAT can be done on the main router anyway).

Download the firmware

OpenWRT 10.03.1 backfire for ar71xx ubnt nano m: squashfs (recommended) or trunk

Save the file locally on a computer which will connect to the AP in order to flash it.

Flashing the device

Connect a computer directly into the AP with an ethernet cable (using the PoE injector, or using a PoE switch).

On the computer, disable the network-manager (Linux) and manually configure the network interface:

# ifconfig eth0:ap

Immediately after powering the AP, press the "reset" button (located near the "main" network jack). When the AP is ready, its network LEDs will flash in an alternating pattern.

Make sure the AP is plugged into a reliable power source so that the flashing procedure is not interrupted.

From the computer, send the firmware using tftp:

$ tftp

tftp> binary
tftp> put openwrt-ar71xx-ubnt-nano-m-squashfs-factory.bin

Wait at least 5-10 minutes. The AP should reboot by itself.

Initial configuration

By default, OpenWRT uses, so use the same network configuration as above for the next steps.

Telnet into the router:

$ telnet

Enable ssh by setting a password on the device:

openwrt# passwd

Configure the network:

openwrt# vi /etc/config/network

In my case, the AP is not my main router, so I am assigning it an IP using DHCP from my main network:

config interface lan
        option ifname   eth0
        option type     bridge
        option proto     dhcp

Reboot for the settings to become effective:

openwrt# reboot

The AP is now available on its new address, by ssh:

$ ssh root@

A web interface is also available, ex:

Wireless network configuration

Enable the wifi interface by commenting out the line "option disabled 1" in /etc/config/wireless :

config wifi-device  radio0
        # option disabled 1

config wifi-iface
        option device   radio0
        option network  lan
        option mode     ap
        option ssid     librenet-change-this
        option encryption none

You will also want to change the SSID and the encryption mode. Then reboot the router.



Assuming your local (upstream) network already supports IPv6:

root@OpenWrt:~# opkg update
root@OpenWrt:~# opkg install kmod-ipv6 radvd ip kmod-ip6tables ip6tables

The was interface will auto-configure itself if your upstream network has radvd:

root@OpenWrt:~# ping
PING (2001:4860:800b::93): 56 data bytes
64 bytes from 2001:4860:800b::93: seq=0 ttl=53 time=57.845 ms

At this point, we only have IPv6 on the AP itself, we cannot route it yet for our own wifi subnet.

Separate the wifi and lan on the AP

Used this to separate the wifi and lan, since the AP is acting weird and using the lan as an uplink:

File /etc/config/network (adding the "wifi" interface, and settings eth0 to dhcp, because my main dhcp server gives the AP a static IP and DNS servers):

config interface loopback
        option ifname   lo
        option proto    static
        option ipaddr
        option netmask

 # this is in fact.. the wan/uplink. it will get
config interface lan
        option ifname   eth0
        option proto    dhcp

config interface wan
        option ifname   eth1
        option proto    dhcp

config interface wifi
        option proto    static
        option ipaddr
        option netmask
        option ip6addr  '2001:470:b1e2:50::1/64'

File /etc/config/wireless (the "option network wifi" is the main change):

config wifi-iface
        option device   radio0
        option network  wifi
        option mode     ap
        option ssid     librenet-m2-sud
        option encryption none

For the file /etc/config/firewall, see the main howto from the openwrt wiki (see above).


Enable routing in /etc/sysctl.conf :


Enable routing in iptables, in file /etc/firewall.user (there is probably a cleaner way of doing this?) :


Provide automatic configuration on IPv6 by installing radvd

opkg install radvd

Configuration file is /etc/radvd.conf

interface wlan0
  AdvSendAdvert on;
  MaxRtrAdvInterval 30;

  prefix 2001:470:b1e2:50::1/64
    AdvOnLink on;
    AdvAutonomous on;
    AdvRouterAddr off;
    AdvValidLifetime 300;
    AdvPreferredLifetime 120;

Start the service:

/etc/init.d/radvd start

Testing: network routing (ipv4 + ipv6)

  • my main network is 192.168.42.x, and in IPv6 is 2001:470:b1e2::/48
  • AP configured to use, and in IPv6 received automatically 2001:470:b1e2:42:215:6dff:fe71:37ea/64 using stateless configuration (radvd)

Added a static route entry on my main router:

ip route add via dev eth1

For IPv6:

ip -6 route add 2001:470:b1e2:50::1/64 via 2001:470:b1e2:42:215:6dff:fe71:37ea dev eth1

Splash page: nodogsplash

Install the package:

root@OpenWrt:~# opkg install nodogsplash

The configuration file is in /etc/nodogsplash/nodogsplash.conf

GatewayInterface wlan0

FirewallRuleSet authenticated-users {
  FirewallRule block to
  FirewallRule block to

  # Serveur de fichiers
  FirewallRule allow tcp port 80 to

  # respectivement: DNS, http, https, ssh
  FirewallRule allow tcp port 53
  FirewallRule allow udp port 53
  FirewallRule allow tcp port 80
  FirewallRule allow tcp port 443
  FirewallRule allow tcp port 22

FirewallRuleSet preauthenticated-users 
  # DNS
  FirewallRule allow tcp port 53
  FirewallRule allow udp port 53
  # Splash page
  FirewallRule allow tcp port 80 to

GatewayName librenet-m2-sud
TrafficControl yes
UploadLimit 128

On peut modifier le html de la splash page dans /etc/nodogsplash/htdocs/

vnstat: stats de bande passante


To generate graphs:

 # vnstati image generation script.
 # Source:
WWW_D=/tmp/www/vnstat # output images to here
LIB_D=/var/lib/vnstat # db location
BIN=/usr/bin/vnstati  # which vnstati
outputs="s h d t m"   # what images to generate
 # Sanity checks
[ -d "$WWW_D" ] || mkdir -p "$WWW_D" # make the folder if it dont exist.
 # You might want to setup a link if it dont exist.
 # [ -L /www/vnstat ] || ln -sf /www/vnstat /tmp/www/
 # End of config changes
interfaces="$(ls -1 $LIB_D)"
if [ -z "$interfaces" ]; then
        echo "No database found, nothing to do."
        echo "A new database can be created with the following command: "
        echo "    vnstat -u -i eth0"
        exit 0
        for interface in $interfaces; do
                for output in $outputs; do
                        $BIN -${output} -i $interface -o $WWW_D/vnstat_${interface}_${output}.png

exit 1


root@OpenWrt:~# opkg install qos-scripts
root@OpenWrt:~# /etc/init.d/qos enable
root@OpenWrt:~# /etc/init.d/qos start

Configuration file in /etc/config/qos. The default configuration limit to 50ko/sec down, 15kb/sec up.

2011-07-08: conflicts with nodogsplash... workaround not found yet -ML