Ubuntu.schtasks /create /tn "WSLKeepAlive" /tr "wsl -d Ubuntu sleep infinity" /sc ONSTART /ru <USERNAME> /rp <PASSWORD>schtasks /run /tn "WSLKeepAlive"
wget https://developer.download.nvidia.com/compute/cuda/repos/wsl-ubuntu/x86_64/cuda-wsl-ubuntu.pin
sudo mv cuda-wsl-ubuntu.pin /etc/apt/preferences.d/cuda-repository-pin-600
wget https://developer.download.nvidia.com/compute/cuda/12.8.0/local_installers/cuda-repo-wsl-ubuntu-12-8-local_12.8.0-1_amd64.deb
sudo dpkg -i cuda-repo-wsl-ubuntu-12-8-local_12.8.0-1_amd64.deb
sudo cp /var/cuda-repo-wsl-ubuntu-12-8-local/cuda-*-keyring.gpg /usr/share/keyrings/
sudo apt-get update
sudo apt-get -y install cuda-toolkit-12-8
# Disable progress bar for faster download
$ProgressPreference = 'SilentlyContinue'
# Download the ZIP as a stream and open it as a ZipArchive
$response = Invoke-WebRequest "https://github.com/ggml-org/llama.cpp/releases/download/b6374/llama-b6374-bin-win-cuda-12.4-x64.zip" -UseBasicParsing
Add-Type -AssemblyName System.IO.Compression.FileSystem
$stream = New-Object System.IO.MemoryStream ($response.Content)
In certain case, our ISP only provide us a /64 PD and we cannot further split it into subnets. If we cascade multiple routers together, the downstream routers may loose IPv6 access. IPv4 access can be easily guaranteed by NAT. But in the world of IPv6, NAT should be avoided where possible.
The following setup will be on an OpenWrt router connected behind an ISP-provided IPv6-ready router. All configurations are done on the OpenWrt router, and we don't touch the ISP-provided router. We dont need to configure any IPv4, it uses NAT and will work by default.
Here is how to configure relay for IPv6:
In /etc/config/network, our IPv6 upstream interface looks like this
pct create 301 local:vztmpl/openwrt_24.10_rootfs.tar.gz --rootfs local-lvm:0.256 --ostype unmanaged --hostname openwrt --arch amd64 --cores 1 --memory 256 --swap 0 --unprivileged 1where 301 is the VMID and cannot be changed once created. --ostype unmanaged determines that this operation cannot be done in the Web Gui.
The OpenWrt container starts but ujail does not work in an unprivileged container and it prevents critical services such as dnsmasq from running. One solution is:
opkg remove procd-ujailor switch to a privileged container (should be preferred):
The magic spell:
icacls.exe C:\ProgramData\ssh\administrators_authorized_keys /inheritance:r /grant "Administrators:F" /grant "SYSTEM:F"
It is very common that the ISP-provided modem only allows you to block all incoming IPv6 connections entirely or let all incoming requests through.
To publish your service on the internet, the only option is to tell the ISP-provided modem to let all incoming requests go through. However, this poses a security risk, which may accidentally expose private service on the internet (e.g. SMB sharing or remote desktop).
To enhance the security on such a network, each device needs to configure its firewall properly. A device needs to either block all IPv6 incoming requests or only allow connections from hosts with the same IPv6 prefix. For the sake of convenience, we obviously want the latter. But things can be complicated when you have a dynamic IPv6 prefix from your ISP.
Generally speaking, you must run a script to update the firewall rules each time your prefix changes.
So the automated firewall rule modification can be breakdown into two parts:
| [ 0.000000] Linux version 6.6.50 (rikka@i9-13900ks-wsl) (mips-openwrt-linux-musl-gcc (OpenWrt GCC 13.3.0 r27346-c7ba5574f5) 13.3.0, GNU ld (GNU Binutils) 2.42) #0 SMP Mon Oct 14 09:59:31 2024 | |
| [ 0.000000] CPU0 revision is: 0002a070 (Broadcom BMIPS4350) | |
| [ 0.000000] MIPS: machine is Netgear CG3100D | |
| [ 0.000000] 64MB of RAM installed | |
| [ 0.000000] earlycon: bcm63xx_uart0 at MMIO 0x14e00200 (options '115200n8') | |
| [ 0.000000] printk: bootconsole [bcm63xx_uart0] enabled | |
| [ 0.000000] Initrd not found or empty - disabling initrd | |
| [ 0.000000] Reserving 0KB of memory at 4194303KB for kdump | |
| [ 0.000000] Primary instruction cache 64kB, VIPT, 4-way, linesize 16 bytes. | |
| [ 0.000000] Primary data cache 32kB, 2-way, VIPT, cache aliases, linesize 16 bytes |
Some ISP only offer you a /64 prefix. If you want to add an OpenWrt router between the ISP router and your LAN while granting IPv6 access to LAN devices, you need relay. OpenWrt's built-in odhcpd(odhcp-ipv6only) can handle DHCPv6 relay. To enable this feature, you need to enable relay mode for ra and ndp for the wan6 (The upstream-facing IPv6 interface) and lan:
Reboot your router and your LAN devices should get IPv6 addresses.
I'm running an OpenWrt as a VM on a PVE hypervisor. The vmbr0 interface is used as private LAN and the vmbr1 is for the public WAN.
I noticed that vmbr1 got an IPv6 via SLAAC, and the admin web console was accessible on the public Internet. This is a safety threat and must be resolved. The solution is to remove the unwanted IPv6.
Run the following command to append to /etc/sysctl.conf, then reboot.
echo 'net.ipv6.conf.vmbr1.disable_ipv6 = 1' >> /etc/sysctl.conf