A default route is present but there is no public prefix on lan thus we don’t announce a default route!

It does not work but I honestly haven't seen any official communication from my ISP stating that they support ipv6...

Don't bother with this case any more. I initially just wanted to get rid of that annoying log message entry.

Well, at this point, indeed, disable IPv6. I am 100% sure that this case can be made to work, but this setup is not something that I want to support.

EDIT: we could not get it to work, the ISP is 100% broken (gives out addresses but doesn't route packets), and I should not have been 100% sure.

I'm interested to learn more about the why behind that statement. Do you mean that if we got it to work, I would need to do some weird configuration?

Should I simply remove the wan6 interface?

Well, we need to figure out which packets actually go through, which packets are expected to exist by the ISP but are missing, and how to change the configuration so that they are produced.

With SwissVPN (which suffers from the same issue), I exploited the fact that the assigned /64 prefix is static (according to the contract), and so I set up the swissvpn6 interface as static without assigning any IPs, and added the assigned prefix on swissvpn6 as a routed prefix.

My recommendation would be to set up wan6 using the 6to4 protocol. Yes this is deprecated and is not supposed to work nowadays, but it does (if you add a firewall rule that allws "protocol 41" traffic to reach "this device (input)"), and you do have a public IP, which is a prerequisite.

sounds quite like an scenario one may want to avoid reading how you wrote your message... will I be better off waiting until my ISP announces full ipv6 support, and then restarting this thread?

It throws me off balance to see that my ISP is actually delivering me an ip in the ipv6 world on my public interface...

An IPv6 address starting with fe80: is a link-local address, it exists just because the interface exists. It is used for technical purposes like negotiating "proper" globally routable IPv6 addresses.

What throws me off is that in your previous test you succeeded in getting a public IPv6 address on your Mac, but it didn't work in the end. If you want, we can set up a virtual meeting using meet.jit.si. Details in a private message. EDIT: it's midnight here in the Philippines (UTC+8), so it's too late to have a meeting. Maybe on Sunday.

Results of the meeting:

  • The ISP provides a non-delegated /64 prefix via RA, and the WHOIS information does match the ISP.
  • ping -6 ya.ru doesn't work even from the router, so the received IPv6 address is bogus (no connectivity). We could not get a single inbound IPv6 packet from the world.
  • The best we could do is to set up a 6to4 tunnel - and it works.

You are a beast!

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.