Hi all,

I am having trouble with my IPv6 assignment.
My ISP provides a /56 prefix via pppoe, which OpenWRT correctly attributes to the multiple interfaces with a prefix hint. At the same time, I have ULA-Prefix set, that is also correctly assigned to the OpenWRT VLAN interfaces with the same prefix hint.

However, my desktop Windows 11 Client for example, is getting ip addresses from the VLAN20 its in, but also from other interfaces, which then leads to broken wan over IPv6. Mainly these are from VLAN10 / 30.

IPv4 .121. is correct, and from IPv6 only the 79s would be correct.
I can use Powershell to remove the invalid addresses, but that is only a fix for a few minutes, then those get reassigned.
Get-NetIPAddress -ifIndex 9 | where-object {$_.PrefixOrigin -notlike "WellKnown" -and $_.AddressFamily -like "IPv6" -and $_.IPAddress -notmatch "REDACTED79" -and $_.IPAddress -notmatch "fd86:9bf6:fdfd:79"} | Remove-NetIPAddress

System Info

OpenWRT

Windows 11 Client

Win 11 Pro 24H2

PS C:\Users\crumar> ipconfig

Windows IP Configuration


Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . : lan
   IPv6 Address. . . . . . . . . . . : XXXX:XXXX:XXXX:XX6f:71a5:3393:46cf:7598
   IPv6 Address. . . . . . . . . . . : XXXX:XXXX:XXXX:XX79::a3a
   IPv6 Address. . . . . . . . . . . : XXXX:XXXX:XXXX:XX79:3ad4:6098:2d61:a16d
   IPv6 Address. . . . . . . . . . . : XXXX:XXXX:XXXX:XX83:c167:50de:b3dd:f42b
   IPv6 Address. . . . . . . . . . . : fd86:9bf6:fdfd:6f:6894:8750:a64:1d8
   IPv6 Address. . . . . . . . . . . : fd86:9bf6:fdfd:79::a3a
   IPv6 Address. . . . . . . . . . . : fd86:9bf6:fdfd:79:d201:ecd7:e8b8:8b80
   IPv6 Address. . . . . . . . . . . : fd86:9bf6:fdfd:83:9303:f3a1:7e62:8c53
   Temporary IPv6 Address. . . . . . : XXXX:XXXX:XXXX:XX6f:bda3:a8da:6d3f:e262
   Temporary IPv6 Address. . . . . . : XXXX:XXXX:XXXX:XX79:bda3:a8da:6d3f:e262
   Temporary IPv6 Address. . . . . . : XXXX:XXXX:XXXX:XX83:bda3:a8da:6d3f:e262
   Temporary IPv6 Address. . . . . . : fd86:9bf6:fdfd:6f:bda3:a8da:6d3f:e262
   Temporary IPv6 Address. . . . . . : fd86:9bf6:fdfd:79:bda3:a8da:6d3f:e262
   Temporary IPv6 Address. . . . . . : fd86:9bf6:fdfd:83:bda3:a8da:6d3f:e262
   Link-local IPv6 Address . . . . . : fe80::722e:e33c:7a61:d853%9
   IPv4 Address. . . . . . . . . . . : 192.168.121.130
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : fe80::ccad:25ff:fed6:d929%9
                                       192.168.121.1

Configs

wan/wanb are disabled, alternative upstream but offline.
lan is also disabled
I have removed wireguard device configs.

/etc/config/network

root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd86:9bf6:fdfd::/56'
        option packet_steering '1'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth1'
        list ports 'lan1'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option auto '0'

config device
        option name 'br-wan'
        option type 'bridge'
        list ports 'wan'
        list ports 'eth2'

config device
        option name 'wan'
        option macaddr 'REDACTED'

config device
        option name 'eth2'
        option macaddr 'REDACTED'

config interface 'wan'
        option device 'br-wan'
        option proto 'dhcp'
        option metric '1'
        option auto '0'

config interface 'wan6'
        option device 'br-wan'
        option proto 'dhcpv6'
        option reqaddress 'try'
        option reqprefix '56'
        option norelease '1'
        option metric '1'
        option auto '0'

config device
        option type 'bridge'
        option name 'br-vlan10'
        list ports 'lan2.10'

config interface 'VLAN10'
        option proto 'static'
        option device 'br-vlan10'
        option ip6assign '64'
        option ip6hint '6f'
        list ipaddr '192.168.111.2/24'
        list ipaddr '192.168.111.1/24'

config device
        option type 'bridge'
        option name 'br-vlan30'
        list ports 'lan2.30'

config interface 'VLAN30'
        option proto 'static'
        option device 'br-vlan30'
        option ipaddr '192.168.131.1'
        option netmask '255.255.255.0'
        option ip6assign '64'
        option ip6hint '83'

config device
        option type 'bridge'
        option name 'br-vlan40'
        list ports 'lan2.40'

config interface 'VLAN40'
        option proto 'static'
        option device 'br-vlan40'
        option ipaddr '192.168.141.1'
        option netmask '255.255.255.0'
        option delegate '0'
        option ip6assign '64'
        option ip6hint '8d'

config interface 'VLAN20'
        option proto 'static'
        option device 'br-vlan20'
        option ipaddr '192.168.121.1'
        option netmask '255.255.255.0'
        option ip6assign '64'
        option ip6hint '79'
        option delegate '0'

config device
        option type 'bridge'
        option name 'br-vlan20'
        list ports 'lan2.20'

config device
        option type 'bridge'
        option name 'br-vlan21'
        list ports 'lan2.21'

config device
        option type 'bridge'
        option name 'br-vlan90'
        list ports 'lan2.90'

config interface 'VLAN90'
        option proto 'static'
        option device 'br-vlan90'
        option ipaddr '192.168.191.1'
        option netmask '255.255.255.0'
        option delegate '0'
        option ip6assign '64'
        option ip6hint 'bf'

config interface 'wg20'
        option proto 'wireguard'
        option private_key 'REDACTED'
        option listen_port '51820'
        option delegate '0'
        list addresses '10.0.121.1/24'
        list addresses 'fd86:9bf6:fdfe:79::1/64'

config device
        option type 'bridge'
        option name 'br-wanb'
        list ports 'lan3.7'

config interface 'wanb'
        option proto 'pppoe'
        option device 'br-wanb'
        option ipv6 'auto'
        option username 'REDACTED'
        option password 'REDACTED'
        option metric '0'

config interface 'wg90'
        option proto 'wireguard'
        option private_key 'REDACTED'
        option listen_port '51821'
        option delegate '0'
        list addresses '10.0.191.1/24'
        list addresses 'fd86:9bf6:fdfe:00bf::1/64'

/etc/config/dhcp

I am using Adguard Home on the OpenWRT Router to resolve DNS queries.
Host configs have been removed from the following.
Some interface still use 192.168.191.2/fd86:9bf6:fdfd:00bf::2 as dns, which is my pihole, subject to be replaced by Adguard Home on OWRT, not yet done though.

root@OpenWrt:~# cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option cachesize '0'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option localservice '1'
        option ednspacket_max '1232'
        option noresolv '1'
        option port '54'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config dhcp 'VLAN30'
        option interface 'VLAN30'
        option start '50'
        option limit '150'
        option leasetime '12h'
        option force '1'
        option ra 'server'
        option ra_default '2'
        option dhcpv6 'server'
        list ntp 'fd86:9bf6:fdfd:83::1'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'
        list dhcp_option '6,192.168.131.1'

config dhcp 'VLAN40'
        option interface 'VLAN40'
        option start '50'
        option limit '150'
        option leasetime '12h'
        option ra 'server'
        option dhcpv6 'server'
        option ra_default '2'
        option ra_slaac '0'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'
        list ntp 'fd86:9bf6:fdfd:008d::1'
        list dhcp_option '6,192.168.141.1'

config dhcp 'VLAN20'
        option interface 'VLAN20'
        option start '75'
        option limit '175'
        option leasetime '12h'
        option ra 'server'
        option ra_default '2'
        option dhcpv6 'server'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'
        list ntp 'fd86:9bf6:fdfd:79::1'
        option ra_useleasetime '1'
        option force '1'
        list dhcp_option '6,192.168.121.1'

config dhcp 'VLAN10'
        option interface 'VLAN10'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option ra 'server'
        option ra_default '2'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'
        option dhcpv6 'server'
        list ntp 'fd86:9bf6:fdfd:6f::1'
        option ra_useleasetime '1'
        list dhcp_option '6,192.168.111.2'

config dhcp 'VLAN60'
        option interface 'VLAN60'
        option start '100'
        option limit '150'
        option leasetime '12h'
        list dhcp_option '6,192.168.191.2'
        option ra 'server'
        option ra_default '2'
        option ra_slaac '0'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'
        option dhcpv6 'server'
        list dns 'fd86:9bf6:fdfd:00bf::2'

Any advice on whats happening?
I had also unrestricted ICMPv6 forwarding internally, but I restricted that to forward to wan only from each zone.

KR,

Crumar

ip6assign is the option

Thanks for your reply, but can you please elaborate? I am using that on the relevant interfaces, especially those in question (VLAN10,20,30) and still a device from 20 gets the global IPv6 for 10 and 30.
Should I not use ip6assign?

How did you configured the network settings?

More then half of the vlan setup looks broken.

Please use the DSA mini tutorial and forum search to compare your setup with others.

via luci.
Everything else is working as expected right now.

Will have a look at the DSA tutorial

So I have converted my switch vlans to bridge vlans, its still occurring.

root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd86:9bf6:fdfd::/56'
        option packet_steering '1'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan2'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config device
        option name 'br-wan'
        option type 'bridge'
        list ports 'wan'
        list ports 'eth2'

config device
        option name 'wan'
        option macaddr 'REDACTED'

config device
        option name 'eth2'
        option macaddr 'REDACTED'

config interface 'wan'
        option device 'br-wan'
        option proto 'dhcp'
        option metric '1'
        option auto '0'

config interface 'wan6'
        option device 'br-wan'
        option proto 'dhcpv6'
        option reqaddress 'try'
        option reqprefix '56'
        option norelease '1'
        option metric '1'
        option auto '0'

config interface 'VLAN10'
        option proto 'static'
        option device 'br-lan.10'
        option ip6assign '64'
        option ip6hint '6f'
        list ipaddr '192.168.111.2/24'
        list ipaddr '192.168.111.1/24'

config interface 'VLAN30'
        option proto 'static'
        option ipaddr '192.168.131.1'
        option netmask '255.255.255.0'
        option ip6assign '64'
        option ip6hint '83'
        option device 'br-lan.30'

config interface 'VLAN20'
        option proto 'static'
        option device 'br-lan.20'
        option ipaddr '192.168.121.1'
        option netmask '255.255.255.0'
        option ip6assign '64'
        option ip6hint '79'
        option delegate '0'

config interface 'VLAN90'
        option proto 'static'
        option ipaddr '192.168.191.1'
        option netmask '255.255.255.0'
        option delegate '0'
        option ip6assign '64'
        option ip6hint 'bf'
        option device 'br-lan.90'

config interface 'VLAN60'
        option proto 'static'
        option ipaddr '192.168.161.1'
        option netmask '255.255.255.0'
        option delegate '0'
        option device 'br-lan.60'
        option ip6assign '64'
        option ip6hint 'a1'

config device
        option type 'bridge'
        option name 'br-wanb'
        list ports 'lan3.7'

config interface 'wanb'
        option proto 'pppoe'
        option device 'br-wanb'
        option ipv6 'auto'
        option username 'REDACTED'
        option password 'REDACTED'
        option metric '0'

config bridge-vlan
        option device 'br-lan'
        option vlan '40'
        list ports 'lan2:t'

config interface 'VLAN40'
        option proto 'static'
        list ipaddr '192.168.141.1/24'
        option ip6assign '64'
        option ip6hint '8d'
        option device 'br-lan.40'

config bridge-vlan
        option device 'br-lan'
        option vlan '20'
        list ports 'lan2:t'

config bridge-vlan
        option device 'br-lan'
        option vlan '30'
        list ports 'lan2:t'

config bridge-vlan
        option device 'br-lan'
        option vlan '60'
        list ports 'lan2:t'

config bridge-vlan
        option device 'br-lan'
        option vlan '90'
        list ports 'lan2:t'

config bridge-vlan
        option device 'br-lan'
        option vlan '10'
        list ports 'lan2:t'

root@OpenWrt:~# cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option cachesize '0'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option localservice '1'
        option ednspacket_max '1232'
        option noresolv '1'
        option port '54'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config dhcp 'VLAN30'
        option interface 'VLAN30'
        option start '50'
        option limit '150'
        option leasetime '12h'
        option force '1'
        option ra 'server'
        option ra_default '2'
        option dhcpv6 'server'
        list ntp 'fd86:9bf6:fdfd:83::1'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'
        list dhcp_option '6,192.168.131.1'

config dhcp 'VLAN20'
        option interface 'VLAN20'
        option start '75'
        option limit '175'
        option leasetime '12h'
        option ra 'server'
        option ra_default '2'
        option dhcpv6 'server'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'
        list ntp 'fd86:9bf6:fdfd:79::1'
        option ra_useleasetime '1'
        option force '1'
        list dhcp_option '6,192.168.121.1'

config dhcp 'VLAN10'
        option interface 'VLAN10'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option ra 'server'
        option ra_default '2'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'
        option dhcpv6 'server'
        list ntp 'fd86:9bf6:fdfd:6f::1'
        option ra_useleasetime '1'
        list dhcp_option '6,192.168.111.2'

config dhcp 'VLAN60'
        option interface 'VLAN60'
        option start '100'
        option limit '150'
        option leasetime '12h'
        list dhcp_option '6,192.168.191.2'
        option ra 'server'
        option ra_default '2'
        option ra_slaac '0'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'
        option dhcpv6 'server'
        list dns 'fd86:9bf6:fdfd:00bf::2'

config dhcp 'VLAN40'
        option interface 'VLAN40'
        option start '50'
        option limit '200'
        option leasetime '12h'
        option force '1'
        list dhcp_option '6,192.168.141.1'
        option ra 'server'
        option ra_default '2'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'
        option dhcpv6 'server'
        list ntp '192.168.141.1'
        list ntp 'fd86:9bf6:fdfd:008d::1'

Edit:
I added a debian VM (arm64 if it matters) in the VLAN20 - it just has the correct addresses 79, nothing else

So..

before I upgraded to Win 10, my desktop had VLANs setup - that didnt work anymore with the intel driver after Win 11. But! I forgot to remove the tagged access to the other VLANs from its port.

So after removing everyting except VLAN20 untagged, it seems to no longer pick up additional addresses.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.