Hi there
I am using Openwrt on Raspberry Pi 4 as a router for my home network linking to my ISP over PPOE.
My ISP does not provide IPV6 capability nor does it provide a static Ip address. I am trying to enable IPV6 for devices on my Lan. I have tried following guides and forum posts. In particular
Most recently I was trying to set up "6to4" protocol.
I didn't succeed in enabling ipv6. I fear my key configuration files network and firewall may be horribly confused as I tried to follow guidance without properly understanding what I was doing or the the consequences.
In particular I do not seem to be able to get the wan6 interface to be "up". The ifup wan6 command appears to work but then ifsatus wan6 reports
Thanks very much for replying. I was aware of this site but I had understood from one of the guides I was following that Openwrt no longer requires a dedicated tunnel server and in their suggested set up they didnt use one. So what would this do and would it be likely to resolve my wan6 interface not starting up?
IPv6 doesn't automagically appear on your router. Someone (your ISP or a tunnelbroker) must provide you the connectivity. Or maybe you misunderstood the guide.
Okay. I have followed this guide. I have copied the commands exactly.
I do now have an IPV6 Upstream Connection but I am unable to run Ping6 or Traceroute6 successfully.
I have then
tried adjusting the commands in the "IPV6 with Hurricane Electric" example to reflect the IPV6 addresses and prefixes in the tunnel I created. I have not entered my tunnel name or password as these commands were not in the example. Again I have an upstream connection but no ping or traceroute.
I then tried entering the tunnel iD, tunnel name, and update key via the uci set network.wan6 command and this did then allow ping and traceroute to work successfully.
So major progress. And that will do me for tonight. It is now late here.
But thanks for the pointers. I will be able to check again on Sunday and review where I am.
As mentioned above I now have my tunnel configured and the router is able to connect to IPv6 hosts, but end-user devices (computers, tablets, phones) do not yet have IPv6 connectivity. I have experimented with changes today following the advice in the post above for HE net and other sections of the site to enable IPV6 addresses to be propagated to the lan devices. I have not managed to get this working. Apple devices and my linux computers are connecting normally to the internet via wifi but android devices are not able to connect at all. Could one of you advise please?
Please run the following commands (copy-paste the whole block) and paste the output here, using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have
ubus call system board; \
uci export network; uci export dhcp; uci export firewall; \
head -n -0 /etc/firewall.user; \
ip -6 addr ; ip -6 ro li tab all ; ip -6 ru; \
ls -l /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/* ; head -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/*
Hi there
many thanks for your continued support and interest. I will be definitely responding to this suggestion. Unfortunately however I have only just got onto my computer after a long day out of the house. I have a few other things I must do so I will not get to this today. Apologies for the delay. I will run these commands tomorrow and post the output.
Hi there
thank you for your continued support and patience.
I had tried at the weekend to follow some of the guides in the forum to enable IPV6 addresses to be propagated on the lan. This did lead to some additional entries in my core configuration files. So I restored them to the state they were in when I had the tunnel initially configured with pings and trace-routes working for IPV6 but with the late configurations removed as they were not successful. This is then the output from the commands as requested. Thanks in advance.
root@OpenWrt:/# ubus call system board; \
> uci export network; uci export dhcp; uci export firewall; \
> head -n -0 /etc/firewall.user; \
> ip -6 addr ; ip -6 ro li tab all ; ip -6 ru; \
> ls -l /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/* ; head -n -0 /etc/resolv.*
/tmp/resolv.* /tmp/resolv.*/*
{
"kernel": "5.4.137",
"hostname": "OpenWrt",
"system": "ARMv8 Processor rev 3",
"model": "Raspberry Pi 4 Model B Rev 1.4",
"board_name": "raspberrypi,4-model-b",
"release": {
"distribution": "OpenWrt",
"version": "21.02.0-rc4",
"revision": "r16256-2d5ee43dc6",
"target": "bcm27xx/bcm2711",
"description": "OpenWrt 21.02.0-rc4 r16256-2d5ee43dc6"
}
}
package network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd48:98f9:7ec8::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0'
config interface 'lan'
option device 'br-lan'
option ifname 'eth0'
option proto 'static'
option netmask '255.255.255.0'
option gateway 'x,x,x,x'
option ipaddr 'x.x.x.x'
option ip6assign '60'
list dns '1.1.1.1'
list dns '1.0.0.1'
config device
option name 'eth0'
option ipv6 '1'
config interface 'eth0'
option proto 'dhcp'
option device 'eth0'
option type 'bridge'
option peerdns '0'
option ipv6 '1'
config device
option name 'eth1'
option ipv6 '1'
config interface 'wan'
option proto 'pppoe'
option username 'username@address'
option password 'Password'
option ipv6 'auto'
option device 'eth1.101'
option peerdns '0'
list dns '1.1.1.1'
list dns '1.0.0.1'
config route6
option interface 'lan'
option target 'ipv6address::1/64'
option gateway 'ipv6address'
config device
option type 'bridge'
option name 'eth1.101'
list ports 'eth1'
option ipv6 '1'
config route
option interface 'lan'
option target 'y.y.y.y'
config interface 'wan6'
option proto '6in4'
option peeraddr 'x.x.x.x'
option ip6addr 'ipv6addrss/64'
list ip6prefix 'ipv6address:/64'
list ip6prefix 'ipv6address:/48'
option tunnelid '123456'
option username 'username
option updatekey 'updatekey'
package dhcp
config dnsmasq
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option localservice '1'
option ednspacket_max '1232'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
list ra_flags 'none'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'WAN'
option interface 'WAN'
list ra_flags 'none'
config domain
option name 'Devicea'
option ip 'Deviceip on lan'
config domain
option name 'Deviceb'
option ip 'Deviceip on lan'
cconfig domain
option name 'Devicec'
option ip 'Deviceip on lan'
config domain
option name 'Deviced'
option ip 'Deviceip on lan'
config domain
option name 'Devicee'
option ip 'Deviceip on lan'
config host
option name 'wifiaccesspoint'
option dns '1'
option mac 'macaddress'
option ip 'deviceiponlan'
package firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
list network 'eth0'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan'
config zone
option name 'IPV6'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option network 'wan6'
config forwarding
option dest 'IPV6'
option src 'lan'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option proto 'icmp'
option family 'ipv4'
option target 'ACCEPT'
list icmp_type 'echo-request'
option src 'wan'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option target 'ACCEPT'
option src 'wan'
option proto 'udp'
option dest_port '547'
option name 'Allow DHCPv6 (546-to-547)'
option family 'ipv6'
option src_port '546'
config rule
option target 'ACCEPT'
option src 'wan'
option proto 'udp'
option dest_port '546'
option name 'Allow DHCPv6 (547-to-546)'
option family 'ipv6'
option src_port '547'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fcxx::/6'
option dest_ip 'fcxx::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fexx::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config rule
option name 'Support-UDP-Traceroute'
option src 'wan'
option dest_port '33434:33689'
option proto 'udp'
option family 'ipv4'
option target 'REJECT'
option enabled '0'
config include
option path '/etc/firewall.user'
config forwarding
option src 'wan'
option dest 'lan'
# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.
# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 ipv6address/64 scope link
valid_lft forever preferred_lft forever
4: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 ipv6address/64 scope link
valid_lft forever preferred_lft forever
20: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 ipv6address/60 scope global noprefixroute
valid_lft forever preferred_lft forever
inet6 ipv6address/64 scope global noprefixroute
valid_lft forever preferred_lft forever
inet6 ipv6address/60 scope global noprefixroute
valid_lft forever preferred_lft forever
inet6ipv6address58/64 scope link
valid_lft forever preferred_lft forever
21: eth1.101: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 ipv6address/64 scope link
valid_lft forever preferred_lft forever
22: 6in4-wan6@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1280 state UNKNOWN qlen 1000
inet6 ipv6address/64 scope global
valid_lft forever preferred_lft forever
inet6 ipv6address/64 scope link
valid_lft forever preferred_lft forever
default from ipv6address::/64 dev 6in4-wan6 metric 1024
default from ipv6address::/64 dev 6in4-wan6 metric 1024
default from ipv6address/48 dev 6in4-wan6 metric 1024
ipv6address/64 dev 6in4-wan6 metric 256
ipv6address/64 dev br-lan metric 1024
unreachable ipv6address::/64 dev lo metric 2147483647
ipv6address:/64 dev br-lan metric 1024
unreachable ipv6address/48 dev lo metric 2147483647
ipv6address/64 dev br-lan metric 1024
unreachable ipv6address/48 dev lo metric 2147483647
fexx::/64 dev eth0 metric 256
fexx::/64 dev br-lan metric 256
fexx::/64 dev eth1.101 metric 256
fexx::/64 dev eth1 metric 256
fexx::/64 dev 6in4-wan6 metric 256
local ::1 dev lo table local metric 0
anycast ipv6address:: dev 6in4-wan6 table local metric 0
local ipv6address dev 6in4-wan6 table local metric 0
anycast ipv6address:: dev br-lan table local metric 0
local ipv6address dev br-lan table local metric 0
anycast ipv6address: dev br-lan table local metric 0
local ipv6address:1 dev br-lan table local metric 0
anycast fexx:: dev 6in4-wan6 table local metric 0
anycast fexx:: dev eth0 table local metric 0
anycast fexx:: dev eth1.101 table local metric 0
anycast fexx:: dev br-lan table local metric 0
anycast fexx:: dev eth1 table local metric 0
local fexx::c0a8:201 dev 6in4-wan6 table local metric 0
local fexx::2e0:4cff:fe88:370e dev eth1.101 table local metric 0
local fexx::2e0:4cff:fe88:370e dev eth1 table local metric 0
local fexx::e65f:1ff:fe4d:6b58 dev eth0 table local metric 0
local fexx::e65f:1ff:fe4d:6b58 dev br-lan table local metric 0
multicast ffxx::/8 dev eth0 table local metric 256
multicast ffxx::/8 dev br-lan table local metric 256
multicast fexx::/8 dev eth1.101 table local metric 256
multicast ffxx::/8 dev eth1 table local metric 256
multicast ffxx::/8 dev 6in4-wan6 table local metric 256
0: from all lookup local
32766: from all lookup main
4200000000: from ipv6address::1/64 iif br-lan lookup unspec unreachable
4200000000: from ipv6address:1/60 iif br-lan lookup unspec unreachable
4200000001: from all iif lo lookup unspec 12
4200000020: from all iif br-lan lookup unspec 12
4200000022: from all iif 6in4-wan6 lookup unspec 12
4200000023: from all iif pppoe-wan lookup unspec 12
lrwxrwxrwx 1 root root 16 Jul 31 18:21 /etc/resolv.conf -> /tmp/resolv.conf
-rw-r--r-- 1 root root 47 Sep 28 15:37 /tmp/resolv.conf
-rw-r--r-- 1 root root 108 Sep 28 15:37 /tmp/resolv.conf.d/resolv.conf.auto
-rw-r--r-- 1 root root 48 Sep 28 15:37 /tmp/resolv.conf.ppp
/tmp/resolv.conf.d:
-rw-r--r-- 1 root root 108 Sep 28 15:37 resolv.conf.auto
==> /etc/resolv.conf <==
search lan
nameserver 127.0.0.1
nameserver ::1
==> /tmp/resolv.conf <==
search lan
nameserver 127.0.0.1
nameserver ::1
==> /tmp/resolv.conf.d <==
head: /tmp/resolv.conf.d: I/O error
==> /tmp/resolv.conf.ppp <==
nameserver x.x.x.x
nameserver y.y.y.y
==> /tmp/resolv.conf.d/resolv.conf.auto <==
# Interface lan
nameserver 1.1.1.1
nameserver 1.0.0.1
# Interface wan
nameserver 1.1.1.1
nameserver 1.0.0.1
root@OpenWrt:/#
lan interface is not supposed to have gateway, whatever the address may be.
lan and eth0 interfaces share the same physical interface, but they are using different protocols. I guess you may want to delete eth0.
Generally you have redacted too much making it impossible to understand what is going on. You are supposed to redact the public addresses only, not the private ones.
A couple of routes you have there seem unnecessary.
Delete IPV6 zone and add wan6 interface under wan zone.
Okay thanks.
I have made those changes and redone the command. I have left in the IPV4 private addresses but I am unclear whether some IPV6 ones are private or public at the moment. I have redacted obvious ones but I am not sure about others. Please alert me if I have made a mistake or if you need a specific section that is redacted.
Thanks in advance for any help..
This is the output
root@OpenWrt:~# ubus call system board; \
> uci export network; uci export dhcp; uci export firewall; \
> head -n -0 /etc/firewall.user; \
> ip -6 addr ; ip -6 ro li tab all ; ip -6 ru; \
> ls -l /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/* ; head -n -0 /etc/resolv.*
/tmp/resolv.* /tmp/resolv.*/*
{
"kernel": "5.4.137",
"hostname": "OpenWrt",
"system": "ARMv8 Processor rev 3",
"model": "Raspberry Pi 4 Model B Rev 1.4",
"board_name": "raspberrypi,4-model-b",
"release": {
"distribution": "OpenWrt",
"version": "21.02.0-rc4",
"revision": "r16256-2d5ee43dc6",
"target": "bcm27xx/bcm2711",
"description": "OpenWrt 21.02.0-rc4 r16256-2d5ee43dc6"
}
}
package network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd48:98f9:7ec8::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0'
config interface 'lan'
option device 'br-lan'
option ifname 'eth0'
option proto 'static'
option netmask '255.255.255.0'
option ipaddr '192.168.2.1'
option ip6assign '60'
list dns '1.1.1.1'
list dns '1.0.0.1'
config device
option name 'eth0'
option ipv6 '1'
config device
option name 'eth1'
option ipv6 '1'
config interface 'wan'
option proto 'pppoe'
option username 'username@address'
option password 'Password'
option ipv6 'auto'
option device 'eth1.101'
option peerdns '0'
list dns '1.1.1.1'
list dns '1.0.0.1'
config route6
option interface 'lan'
option target 'IPV6 address/64'
option gateway 'IPv6 Address::1'
config device
option type 'bridge'
option name 'eth1.101'
list ports 'eth1'
option ipv6 '1'
config interface 'docker'
option device 'docker0'
option proto 'none'
option auto '0'
config device
option type 'bridge'
option name 'docker0'
config route
option interface 'lan'
option target '192.168.2.2'
config interface 'wan6'
option proto '6in4'
option peeraddr 'x.x.x.x'
option ip6addr 'Ipv6address/64'
list ip6prefix 'ip6address:/64'
list ip6prefix 'ip6address::/48'
option tunnelid 'Tunnelid'
option username 'username'
option updatekey 'Password'
package dhcp
config dnsmasq
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option localservice '1'
option ednspacket_max '1232'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
list ra_flags 'none'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'WAN'
option interface 'WAN'
list ra_flags 'none'
config host
option name 'Wifi-Access-Point'
option dns '1'
option mac 'MAC-Address'
option ip '192.168.2.2'
package firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan'
list network 'wan6'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option proto 'icmp'
option family 'ipv4'
option target 'ACCEPT'
list icmp_type 'echo-request'
option src 'wan'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option target 'ACCEPT'
option src 'wan'
option proto 'udp'
option dest_port '547'
option name 'Allow DHCPv6 (546-to-547)'
option family 'ipv6'
option src_port '546'
config rule
option target 'ACCEPT'
option src 'wan'
option proto 'udp'
option dest_port '546'
option name 'Allow DHCPv6 (547-to-546)'
option family 'ipv6'
option src_port '547'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config rule
option name 'Support-UDP-Traceroute'
option src 'wan'
option dest_port '33434:33689'
option proto 'udp'
option family 'ipv4'
option target 'REJECT'
option enabled '0'
config include
option path '/etc/firewall.user'
config forwarding
option src 'wan'
option dest 'lan'
config zone 'docker'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option name 'docker'
list network 'docker'
# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.
# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fe80::e65f:1ff:fe4d:6b58/64 scope link
valid_lft forever preferred_lft forever
4: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fe80::2e0:4cff:fe88:370e/64 scope link
valid_lft forever preferred_lft forever
40: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 2001:470:6a0d::1/60 scope global noprefixroute
valid_lft forever preferred_lft forever
inet6 2001:470:1f09:473::1/64 scope global noprefixroute
valid_lft forever preferred_lft forever
inet6 fd48:98f9:7ec8::1/60 scope global noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::e65f:1ff:fe4d:6b58/64 scope link
valid_lft forever preferred_lft forever
41: eth1.101: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fe80::2e0:4cff:fe88:370e/64 scope link
valid_lft forever preferred_lft forever
43: 6in4-wan6@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1280 state UNKNOWN qlen 1000
inet6 2001:470:1f08:473::2/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::5409:432a/64 scope link
valid_lft forever preferred_lft forever
default from 2001:470:1f08:473::/64 dev 6in4-wan6 metric 1024
default from 2001:470:1f09:473::/64 dev 6in4-wan6 metric 1024
default from 2001:470:6a0d::/48 dev 6in4-wan6 metric 1024
2001:470:1f08:473::/64 dev 6in4-wan6 metric 256
2001:470:1f09:473::/64 dev br-lan metric 1024
unreachable 2001:470:1f09:473::/64 dev lo metric 2147483647
2001:470:6a0d::/64 dev br-lan metric 1024
unreachable 2001:470:6a0d::/48 dev lo metric 2147483647
fd48:98f9:7ec8::/64 dev br-lan metric 1024
unreachable fd48:98f9:7ec8::/48 dev lo metric 2147483647
fe80::/64 dev eth0 metric 256
fe80::/64 dev br-lan metric 256
fe80::/64 dev eth1.101 metric 256
fe80::/64 dev eth1 metric 256
fe80::/64 dev 6in4-wan6 metric 256
local ::1 dev lo table local metric 0
anycast 2001:470:1f08:473:: dev 6in4-wan6 table local metric 0
local 2001:470:1f08:473::2 dev 6in4-wan6 table local metric 0
anycast 2001:470:1f09:473:: dev br-lan table local metric 0
local 2001:470:1f09:473::1 dev br-lan table local metric 0
anycast 2001:470:6a0d:: dev br-lan table local metric 0
local 2001:470:6a0d::1 dev br-lan table local metric 0
anycast fd48:98f9:7ec8:: dev br-lan table local metric 0
local fd48:98f9:7ec8::1 dev br-lan table local metric 0
anycast fe80:: dev 6in4-wan6 table local metric 0
anycast fe80:: dev eth1 table local metric 0
anycast fe80:: dev eth0 table local metric 0
anycast fe80:: dev br-lan table local metric 0
anycast fe80:: dev eth1.101 table local metric 0
local fe80::5409:432a dev 6in4-wan6 table local metric 0
local fe80::2e0:4cff:fe88:370e dev eth1 table local metric 0
local fe80::2e0:4cff:fe88:370e dev eth1.101 table local metric 0
local fe80::e65f:1ff:fe4d:6b58 dev eth0 table local metric 0
local fe80::e65f:1ff:fe4d:6b58 dev br-lan table local metric 0
multicast ff00::/8 dev eth0 table local metric 256
multicast ff00::/8 dev br-lan table local metric 256
multicast ff00::/8 dev eth1.101 table local metric 256
multicast ff00::/8 dev eth1 table local metric 256
multicast ff00::/8 dev 6in4-wan6 table local metric 256
0: from all lookup local
32766: from all lookup main
4200000000: from IPv6Address/64 iif br-lan lookup unspec unreachable
4200000000: from IPv6Address/60 iif br-lan lookup unspec unreachable
4200000001: from all iif lo lookup unspec 12
4200000040: from all iif br-lan lookup unspec 12
4200000042: from all iif pppoe-wan lookup unspec 12
4200000043: from all iif 6in4-wan6 lookup unspec 12
lrwxrwxrwx 1 root root 16 Jul 31 18:21 /etc/resolv.conf -> /tmp/resolv.conf
-rw-r--r-- 1 root root 47 Sep 28 21:21 /tmp/resolv.conf
-rw-r--r-- 1 root root 108 Sep 28 21:21 /tmp/resolv.conf.d/resolv.conf.auto
-rw-r--r-- 1 root root 48 Sep 28 21:21 /tmp/resolv.conf.ppp
/tmp/resolv.conf.d:
-rw-r--r-- 1 root root 108 Sep 28 21:21 resolv.conf.auto
==> /etc/resolv.conf <==
search lan
nameserver 127.0.0.1
nameserver ::1
==> /tmp/resolv.conf <==
search lan
nameserver 127.0.0.1
nameserver ::1
==> /tmp/resolv.conf.d <==
head: /tmp/resolv.conf.d: I/O error
==> /tmp/resolv.conf.ppp <==
nameserver x.x.x.x
nameserver x,x,x,x
==> /tmp/resolv.conf.d/resolv.conf.auto <==
# Interface lan
nameserver 1.1.1.1
nameserver 1.0.0.1
# Interface wan
nameserver 1.1.1.1
nameserver 1.0.0.1
I have made the couple of changes suggested thanks and there is significant progress.
Some of the household devices have been acquiring DHCPV6 leases. Eg Apple watch and my Linux Laptop. But none of my android devices (phone tablet, Alexa, Firestick) were getting any access to the internet although they are showing that they have received an IP address and some have an IPV6 addresses. The suggestion form @RuralRoots to set a /48 prefix in the Network file had an immediate impact with my phone and tablet connecting to the internet and web pages loading. The phone quickly lost connection again but the tablet now appears to be working normally.
I came across a Reddit Post that had erratic behaviour from android devices and apps which suggested that it may be related to MTU settings on PPOE links to the ISP. My connection is via a PPOE ISP also.
I would be interested in your view about whether this or any other reason that you are aware of, could be causing the behaviour I am experiencing.
OpenWrt will automatically adjust the mtu to 1492 for pppoe. You can verify with ip link | grep pppoe
In he.net tunnel details, in the advanced tab there is a setting for mtu, which by default is 1480. 6in4 overhead is 20 bytes, so the 1480 is fine if the underlying mtu is 1500. In your case you can lower it to 1472 and verify it is the same in OpenWrt.
Hi there
Please excuse my failure to reply last week. Real life intervened for a bit and I was unable to spend time on my Openwrt interests. Nevertheless I should have thanked you for taking the time to reply so my apologies.
These posts have definitely moved me forward in terms of establishing a working IPV6 connection. Most of my android devices now have access to the internet but my mobile phone is still not working properly. This device has an IP address showing on my router and a number of IPV6 addresses recorded in the advanced connection settings of the phone. The wifi settings on the phone show it is connected to the internet but no web pages or app data will load. Most other devices that access the internet via wifi appear only to be using IPV4 addreses as they only appear in the DHCPV4 leases. 2 devices that use wifi appear in the DHCP6 leases, One linux and one apple. But other apple devices do not and amazon devices do not. I try to test out possible alternative settings when I have time but so far I am seeing no impact.
Keep in mind that in the DHCP6 leases you'll only see the hosts that use DHCP6. Most of the hosts will use only SLAAC, which won't appear on the status page, but it is enough to browse the internet over IPv6.
Check with ipleak if you have only ipv4 or ipv6 as well.
