Hello. I'm really noob at ipv6. I cannot get this working. I have 2 interfaces on same router. First is lan, example ULA address fd56:fc56:cafe::1/64 , second is guest, example ULA address in different subnet fd56:fc56:cafe:1::1/64 . I cannot PING guest host from host in lan subnet. Error Destination Unreachable: Address Unreachable
/etc/config/dhcp
config dhcp 'lan'
option start '100'
option limit '150'
option interface 'lan'
option leasetime '12h'
option dhcpv6 'server'
option ra 'server'
option ra_management '1'
config dhcp 'guest'
option start '100'
option leasetime '12h'
option limit '150'
option interface 'lan6'
option ra 'server'
option dhcpv6 'server'
option ra_management '1'
Welcome to the forum!
Could you post your firewall zones for us?
ubus call uci get '{ "config": "firewall", "type": "zone" }'
Also:
wolverine998:
option interface 'lan6'
This seems odd. You have lan6 as the guest DHCP interface--is that intentional?
wolverine998:
option ra_management '1'
FYI, ra_management is deprecatedra_slaac and ra_flags now. The equivalent of what is presently in your config is:
option ra_slaac '1'
option ra_flags 'managed-config'
But in your case, are you truly using SLAAC?
1 Like
Yes, i'm obtaining IPV6 addresses and prefixes. Alsoo checked with wireshark. Btw i'm using OpenWrt 18.06, odhcpd-ipv6only.
Firewall config is default, guest zone has same access as LAN zone.
{
"values": {
"cfg02dc81": {
".anonymous": true,
".type": "zone",
".name": "cfg02dc81",
".index": 1,
"name": "lan",
"input": "ACCEPT",
"output": "ACCEPT",
"forward": "ACCEPT",
"network": "lan"
},
"cfg03dc81": {
".anonymous": true,
".type": "zone",
".name": "cfg03dc81",
".index": 2,
"name": "wan",
"input": "REJECT",
"output": "ACCEPT",
"forward": "REJECT",
"masq": "1",
"mtu_fix": "1",
"network": "wan wan6 wwan ipv6 dhcp internet internet6"
},
"cfg0edc81": { ".anonymous": true,
".type": "zone",
".name": "cfg0edc81",
".index": 13,
"input": "ACCEPT",
"output": "ACCEPT",
"forward": "ACCEPT",
"name": "guest",
"network": "guest"
}
}
}
Help me understand your scenario better, please. Are you trying to just enable IPv6 communication between LAN and Guest? Or are you also trying to enable IPv6 WAN access as well?
Just trying to enable communication between LAN subnet and GUEST subnet.
I would start by updating your /etc/config/dhcp config to fix the interface from lan6 to guest in config dhcp 'guest'.
Then, from one of your clients, what do you see for the IPv6 default route address?
Also, on a slightly different topic connected to your firewall zones... typically for security reasons you would want to set Input-->reject on your guest zone. This will disallow unhindered access to all ports on your router's guest interface(s). Once set to reject on the Input chain, you would typically set up firewall allow rules for any ports your guest clients truly need to access (if any) on your router.
route -A inet6 | grep -w "wlan0"
fd92:c32a:223a::/64 [::] UAe 256 9 93 wlan0
fd92:c32a:223a::/64 [::] U 1024 1 0 wlan0
fd92:c32a:223a:a::/64 [::] UA 256 9 1144 wlan0
fd92:c32a:223a:a::/64 [::] U 1024 1 0 wlan0
fd92:c32a:223a::/48 fe80::9ada:c4ff:feeb:d8df UGA 1024 1 0 wlan0
fe80::/64 [::] U 256 1 0 wlan0
fe80::/64 [::] U 1024 1 0 wlan0
fd92:c32a:223a:0:6508:8bcc:4b05:34b9/128 [::] Un 0 8 30 wlan0
fd92:c32a:223a:0:cc72:16ff:fe89:623e/128 [::] Un 0 2 0 wlan0
fd92:c32a:223a:a:6508:8bcc:4b05:34b9/128 [::] Un 0 10 818 wlan0
fd92:c32a:223a:a:cc72:16ff:fe89:623e/128 [::] Un 0 2 0 wlan0
fe80::cc72:16ff:fe89:623e/128 [::] Un 0 9 201 wlan0
ff00::/8 [::] U 256 9 210 wlan0
This is output from device, connected to WIFI AP bridged to LAN interface.
From this client, can you ping6 the following?
fe80::9ada:c4ff:feeb:d8df
fd92:c32a:223a:a::1
fd92:c32a:223a:b::1
I can PING fe80 etc.etc that is routers link local address, also i can PING lan interface ULA. Guest cannot be pinged.
ping6 -c 4 fe80::9ada:c4ff:feeb:d8df%wlan0
PING fe80::9ada:c4ff:feeb:d8df%wlan0(fe80::9ada:c4ff:feeb:d8df) 56 data bytes
64 bytes from fe80::9ada:c4ff:feeb:d8df: icmp_seq=1 ttl=64 time=17.3 ms
64 bytes from fe80::9ada:c4ff:feeb:d8df: icmp_seq=2 ttl=64 time=20.3 ms
64 bytes from fe80::9ada:c4ff:feeb:d8df: icmp_seq=3 ttl=64 time=19.7 ms
64 bytes from fe80::9ada:c4ff:feeb:d8df: icmp_seq=4 ttl=64 time=21.0 ms
--- fe80::9ada:c4ff:feeb:d8df%wlan0 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3007ms
rtt min/avg/max/mdev = 17.332/19.632/21.087/1.408 ms
~ $ ping6 -c 4 fd92:c32a:223a:a::1
PING fd92:c32a:223a:a::1(fd92:c32a:223a:a::1) 56 data bytes
64 bytes from fd92:c32a:223a:a::1: icmp_seq=1 ttl=64 time=17.1 ms
64 bytes from fd92:c32a:223a:a::1: icmp_seq=2 ttl=64 time=19.9 ms
64 bytes from fd92:c32a:223a:a::1: icmp_seq=3 ttl=64 time=19.2 ms
64 bytes from fd92:c32a:223a:a::1: icmp_seq=4 ttl=64 time=18.9 ms
--- fd92:c32a:223a:a::1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3010ms
rtt min/avg/max/mdev = 17.162/18.833/19.969/1.031 ms
~ $ ping6 -c 4 fd92:c32a:223a:b::1
PING fd92:c32a:223a:b::1(fd92:c32a:223a:b::1) 56 data bytes
From fd92:c32a:223a:a::1 icmp_seq=1 Destination unreachable: Address unreachable
From fd92:c32a:223a:a::1 icmp_seq=2 Destination unreachable: Address unreachable
From fd92:c32a:223a:a::1 icmp_seq=3 Destination unreachable: Address unreachable
From fd92:c32a:223a:a::1 icmp_seq=4 Destination unreachable: Address unreachable
--- fd92:c32a:223a:b::1 ping statistics ---
4 packets transmitted, 0 received, +4 errors, 100% packet loss, time 3114ms
Can you confirm if you made this change for the guest iface?
From your OpenWrt box, can you ping6 both:
fd92:c32a:223a:a::1
fd92:c32a:223a:b::1
I managed to solve it. I didn't know that my guest interface wasn't bridged to a Wifi AP. After i Associated the access point with the guest interface, i can PING from lan to guest, vice-versa, and i can PING from router both nodes.
system
April 13, 2023, 3:34am
17
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.
