Cannot get IPv6 address on wan6 from ISP (uses SLAAC)

I cannot get an IPv6 address from my ISP (Astoud Broadband), using the default wan6 settings but IPv4 works correctly. According to their FAQ they use SLAAC to assign IPv6 addresses:

  1. Log into TP-Link router through the gateway in your browser.
  • In the address bar, either type “tplinklogin.net” or if that fails, “192.168.0.1”
  • The username and password are both “admin” by default.
  • This can be done over a wireless connection, but if any changes are to be made to the SSID or Password, it is recommended that you connect your router to your computer with an Ethernet cable.
  1. Click on “IPv6 Support” in the menu on the left
  2. In the new menu, click on “IPv6 Setup”
  3. Ensure that “WAN Connection Type” is set to SLAAC
  4. Press connect
  5. Wait about a minute
  6. Ensure that “IPv6 Address Assign Type” is set to SLAAC in the “LAN Setup” area.
  7. Hit Save
  8. Wait about 5 minutes
  9. Test by going to test-ipv6.com

How should I configure wan6 so that I can get an IPv6 address from my ISP on openwrt?

Here's a tcpdump:

00:00:03.077786 IP6 (class 0xe0, hlim 255, next-header ICMPv6 (58) payload length: 32) fe80::deeb:xxxx:xxxx:xxxx > ip6-allnodes: [icmp6 sum ok] ICMP6, router advertisement, length 32
	hop limit 64, Flags [none], pref medium, router lifetime 1800s, reachable time 3000000ms, retrans timer 0ms
	  source link-address option (1), length 8 (1): dc:eb:xx:xx:xx:xx
	    0x0000:  dceb xxxx xxxx
	  mtu option (5), length 8 (1):  1500
	    0x0000:  0000 0000 05dc

Please run the following commands (copy-paste the whole block) and paste the output here, using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have

ubus call system board; \
uci export network; \
uci export dhcp; uci export firewall; \
ip -6 addr ; ip -6 ro li tab all ; ip -6 ru; \
ls -l  /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/* ; head -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/*
{
	"kernel": "5.15.134",
	"hostname": "home-router",
	"system": "Intel(R) Celeron(R) N5100 @ 1.10GHz",
	"model": "Techvision TVI7309X",
	"board_name": "techvision-tvi7309x",
	"rootfs_type": "squashfs",
	"release": {
		"distribution": "OpenWrt",
		"version": "23.05.0",
		"revision": "r23497-6637af95aa",
		"target": "x86/64",
		"description": "OpenWrt 23.05.0 r23497-6637af95aa"
	}
}
package network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd25:2b1f:a29d::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth1'
	list ports 'eth2'
	list ports 'eth3'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '64'

config interface 'wan'
	option device 'eth0'
	option proto 'dhcp'

config interface 'wan6'
	option device 'eth0'
	option proto 'dhcpv6'
	option reqaddress 'try'
	option reqprefix 'auto'
	option delegate '0'

config interface 'tailscale'
	option proto 'none'
	option device 'tailscale0'

package dhcp

config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option cachesize '1000'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option localservice '1'
	option ednspacket_max '1232'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config host
	option name 'tp-link'
	option dns '1'
	option mac '74:DA:XX:XX:XX:XX'
	option ip '192.168.1.2'

package firewall

config defaults
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'
	option flow_offloading '1'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'lan'

config zone
	option name 'wan'
	list network 'wan'
	list network 'wan6'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config zone
	option name 'tailscale'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option masq '1'
	option mtu_fix '1'
	list network 'tailscale'

config forwarding
	option src 'tailscale'
	option dest 'lan'

config forwarding
	option src 'lan'
	option dest 'tailscale'

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fe80::62be:b4ff:fe0a:eaa0/64 scope link 
       valid_lft forever preferred_lft forever
7: tailscale0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1280 state UNKNOWN qlen 500
    inet6 fd7a:115c:XXXX:XXXX:XXXX:XXXX:XXXX:XXX/128 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::23e3:3bb1:a4ed:f011/64 scope link flags 800 
       valid_lft forever preferred_lft forever
8: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fd25:2b1f:a29d::1/64 scope global noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 fe80::62be:b4ff:fe0a:eaa1/64 scope link 
       valid_lft forever preferred_lft forever
fd7a:115c:XXXX::/48 dev tailscale0 table 52  metric 1024 
fd25:2b1f:a29d::/64 dev br-lan  metric 1024 
unreachable fd25:2b1f:a29d::/48 dev lo  metric 2147483647 
fd7a:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXX dev tailscale0  metric 256 
fe80::/64 dev tailscale0  metric 256 
fe80::/64 dev eth0  metric 256 
fe80::/64 dev br-lan  metric 256 
local ::1 dev lo table local  metric 0 
anycast fd25:2b1f:a29d:: dev br-lan table local  metric 0 
local fd25:2b1f:a29d::1 dev br-lan table local  metric 0 
local fd7a:115c:a1e0:ab12:XXXX:XXXX:XXXX:XXX dev tailscale0 table local  metric 0 
anycast fe80:: dev tailscale0 table local  metric 0 
anycast fe80:: dev eth0 table local  metric 0 
anycast fe80:: dev br-lan table local  metric 0 
local fe80::23e3:3bb1:a4ed:f011 dev tailscale0 table local  metric 0 
local fe80::62be:b4ff:fe0a:eaa0 dev eth0 table local  metric 0 
local fe80::62be:b4ff:fe0a:eaa1 dev br-lan table local  metric 0 
multicast ff00::/8 dev tailscale0 table local  metric 256 
multicast ff00::/8 dev eth0 table local  metric 256 
multicast ff00::/8 dev br-lan table local  metric 256 
0:	from all lookup local 
5210:	from all fwmark 0x80000/0xff0000 lookup main 
5230:	from all fwmark 0x80000/0xff0000 lookup default 
5250:	from all fwmark 0x80000/0xff0000 lookup unspec unreachable
5270:	from all lookup 52 
32766:	from all lookup main 
-rw-r--r--    1 root     root           234 Oct 14 13:54 /etc/resolv.conf
lrwxrwxrwx    1 root     root            16 Oct  9 14:45 /etc/resolv.pre-tailscale-backup.conf -> /tmp/resolv.conf
-rw-r--r--    1 root     root            47 Oct 14 15:16 /tmp/resolv.conf
-rw-r--r--    1 root     root           131 Oct 14  2023 /tmp/resolv.conf.d/resolv.conf.auto

/tmp/resolv.conf.d:
-rw-r--r--    1 root     root           131 Oct 14  2023 resolv.conf.auto
==> /etc/resolv.conf <==
# resolv.conf(5) file generated by tailscale
# For more info, see https://tailscale.com/s/resolvconf-overwrite
# DO NOT EDIT THIS FILE BY HAND -- CHANGES WILL BE OVERWRITTEN

nameserver 100.100.100.100
search XXXXXXX-XXXX.ts.net lan

==> /etc/resolv.pre-tailscale-backup.conf <==
search lan
nameserver 127.0.0.1
nameserver ::1

==> /tmp/resolv.conf <==
search lan
nameserver 127.0.0.1
nameserver ::1

==> /tmp/resolv.conf.d <==
head: /tmp/resolv.conf.d: I/O error

==> /tmp/resolv.conf.d/resolv.conf.auto <==
# Interface wan
nameserver 208.76.152.1
nameserver 208.76.152.9
nameserver 76.14.192.8
nameserver 76.14.192.9
search wavecable.com

The router advertisement you receive is incomplete. It doesn't advertise any prefix. Openwrt by default will autoconfigure want from the RA and try to get a delegated prefix with dhcp6.

1 Like

The stock TP-Link router I was using previously was able to get an IPv6 address without the prefix, is there any way to replicate this functionality in OpenWRT? Presumably I could use NAT66 with the SLAAC-assigned address for downstream devices or relay them, if I could get one.

Yes if that tcpdump is what you receive from the ISP, it is an empty RA, it doesn't issue any IP to you.

If the ISP routes a single /64 to you (with your wan interface holding one IP in that /64), you can use relay mode to give LAN devices additional IPs out of that same /64. This is probably what "SLAAC mode" on the LAN means in the stock TP-Link firmware. This configuration does allow all LAN devices to have a public GUA and route to/from the v6 Internet without NAT.

It doesn't appear that I'm getting an /64, is there any way to coax OpenWRT into acquiring one without a proper prefix advertisement?

Can I do anything with the link-local address that is in the packet, create some static SLAAC addresses in that range or something? I just don't understand how the TP-Link firmware can somehow pull an IPv6 address but not openwrt.

You cannot use SLAAC if the RA is wrong.
If you use static settings you need to know beforehand the correct prefix to use.
I suggest you ask your ISP about that and mention the empty RA.

1 Like

Is it possible for you to flashback to default. And have a detailed look what the TP Link displays, how IPv6 is configured and what kind of address and prefix are actually used?