Configuration advice: Linksys E8450 SNAPSHOT wan and wan6 interfaces with CenturyLink (pppoe and vlan tagging)

I'm returning to OpenWrt after several years of being completely hands-off. I have been very comfortable with IPv4 but not totally up to speed on IPv6 as yet.

I have a new Linksys E8450 that I connected as the edge router for my home and home office.

The connectivity provider is CenturyLink fiber, which uses PPPoE and vlan tagging on the wan interface.

After some trial and error, I established the connection but blew away the wan6 interface in the process.

I do need IPv6 because some of the home devices (most notably, Nest thermostat and sensors) require it.

Can someone please advise how to configure wan6 and review the configuration below for glaring errors? I plan to add separate VLANs for home, office, guest, and iot and want to make sure I don't introduce any problems early on.

~# ubus call system board; \
> uci export network; uci export wireless; \
> uci export dhcp; uci export firewall; \
> head -n -0 /etc/firewall.user; \
> ip -4 addr ; ip -4 ro li tab all ; ip -4 ru; \
> ip -6 addr ; ip -6 ro li tab all ; ip -6 ru; \
> ls -l  /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/* ; head -n -0 /etc/resolv.* 
/tmp/resolv.* /tmp/resolv.*/*

{
	"kernel": "6.1.86",
	"hostname": "######",
	"system": "ARMv8 Processor rev 4",
	"model": "Linksys E8450 (UBI)",
	"board_name": "linksys,e8450-ubi",
	"rootfs_type": "squashfs",
	"release": {
		"distribution": "OpenWrt",
		"version": "SNAPSHOT",
		"revision": "r26072-0fc87ddf44",
		"target": "mediatek/mt7622",
		"description": "OpenWrt SNAPSHOT r26072-0fc87ddf44"
	}
}
package network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd00:####:####::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '10.1.0.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

config interface 'wan'
	option device 'wan.201'
	option proto 'pppoe'
	option username 'REDACTED'
	option password 'REDACTED'
	option ipv6 '1'
	option ip6assign '64'

config interface 'wguest'
	option proto 'static'
	option device 'wl0-ap1'
	option ipaddr '172.16.125.1'
	option netmask '255.255.255.0'
	list ip6addr 'fdb0:####:####:9ca1::1'
	option ip6gw 'fdb0:####:####:9ca1::1'
	option ip6prefix 'fdb0:####:####:9ca1::/64'

package wireless

config wifi-device 'radio0'
	option type 'mac80211'
	option phy 'wl0'
	option cell_density '2'
	option htmode 'HT40'
	option band '2g'
	option channel 'auto'
	option country 'US'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option ssid 'REDACTED'
	option encryption 'sae-mixed'
	option key 'REDACTED'
	option wpa_group_rekey '300'

config wifi-device 'radio1'
	option type 'mac80211'
	option phy 'wl1'
	option cell_density '2'
	option htmode 'VHT80'
	option band '5g'
	option channel 'auto'
	option country 'US'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option ssid 'REDACTED'
	option encryption 'sae-mixed'
	option key 'REDACTED'

config wifi-iface 'wifinet2'
	option device 'radio0'
	option mode 'ap'
	option ssid 'REDACTED-guest'
	option encryption 'sae-mixed'
	option key 'REDACTED'
	option network 'wguest'

package dhcp

config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option filterwin2k '0'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option cachesize '1000'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option nonwildcard '1'
	option localservice '1'
	option ednspacket_max '1232'
	option filter_aaaa '0'
	option filter_a '0'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'
	option ra_useleasetime '1'
	list ntp 'fdb0:####:####:9ca1::1'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config dhcp 'wguest'
	option interface 'wguest'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv6 'server'
	option ra_useleasetime '1'

package firewall

config defaults
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'lan'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	list network 'wan'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config zone
	option name 'wguest'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	list network 'wguest'
	option masq6 '1'

config forwarding
	option src 'wguest'
	option dest 'wan'

head: /etc/firewall.user: No such file or directory
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
8: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    inet 10.1.0.1/24 brd 10.1.0.255 scope global br-lan
       valid_lft forever preferred_lft forever
12: pppoe-wan: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc fq_codel state UNKNOWN qlen 3
    inet 71.###.###.74 peer 207.225.112.2/32 scope global pppoe-wan
       valid_lft forever preferred_lft forever
13: wl0-ap1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    inet 172.16.125.1/24 brd 172.16.125.255 scope global wl0-ap1
       valid_lft forever preferred_lft forever
default via 207.225.112.2 dev pppoe-wan 
10.1.0.0/24 dev br-lan scope link  src 10.1.0.1 
172.16.125.0/24 dev wl0-ap1 scope link  src 172.16.125.1 
207.225.112.2 dev pppoe-wan scope link  src 71.###.###.74 
local 10.1.0.1 dev br-lan table local scope host  src 10.1.0.1 
broadcast 10.1.0.255 dev br-lan table local scope link  src 10.1.0.1 
local 71.###.###.74 dev pppoe-wan table local scope host  src 71.###.###.74 
local 127.0.0.0/8 dev lo table local scope host  src 127.0.0.1 
local 127.0.0.1 dev lo table local scope host  src 127.0.0.1 
broadcast 127.255.255.255 dev lo table local scope link  src 127.0.0.1 
local 172.16.125.1 dev wl0-ap1 table local scope host  src 172.16.125.1 
broadcast 172.16.125.255 dev wl0-ap1 table local scope link  src 172.16.125.1 
0:	from all lookup local 
32766:	from all lookup main 
32767:	from all lookup default 
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1504 state UP qlen 1000
    inet6 fe80::####:####:fe23:ed66/64 scope link 
       valid_lft forever preferred_lft forever
7: wan@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fe80::####:####:fe23:ed65/64 scope link 
       valid_lft forever preferred_lft forever
8: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fdb0:####:####:9ca1::1/64 scope global noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 fd00:####:####::1/60 scope global noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 fe80::####:####:fe23:ed66/64 scope link 
       valid_lft forever preferred_lft forever
9: wan.201@wan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fe80::####:####:fe23:ed65/64 scope link 
       valid_lft forever preferred_lft forever
10: wl1-ap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fe80::####:####:fe23:ed68/64 scope link 
       valid_lft forever preferred_lft forever
11: wl0-ap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fe80::####:####:fe23:ed67/64 scope link 
       valid_lft forever preferred_lft forever
12: pppoe-wan: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 state UNKNOWN qlen 3
    inet6 fd00:####:####:10::1/64 scope global noprefixroute 
       valid_lft forever preferred_lft forever
13: wl0-ap1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fdb0:####:####:9ca1::1/128 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::####:####:fe23:ed67/64 scope link 
       valid_lft forever preferred_lft forever
fd00:####:####::/64 dev br-lan  metric 1024 
fd00:####:####:4::/62 via fe80::####:####:4366:be1f dev br-lan  metric 1024 
fd00:####:####:10::/64 dev pppoe-wan  metric 1024 
unreachable fd00:####:####::/48 dev lo  metric 2147483647 
fdb0:####:####:9ca1::1 dev wl0-ap1  metric 256 
fdb0:####:####:9ca1::/64 dev br-lan  metric 1024 
unreachable fdb0:####:####:9ca1::/64 dev lo  metric 2147483647 
fdb0:####:####:9ca4::/62 via fe80::####:####:4366:be1f dev br-lan  metric 1024 
fe80::/64 dev eth0  metric 256 
fe80::/64 dev br-lan  metric 256 
fe80::/64 dev wan  metric 256 
fe80::/64 dev wan.201  metric 256 
fe80::/64 dev wl0-ap0  metric 256 
fe80::/64 dev wl0-ap1  metric 256 
fe80::/64 dev wl1-ap0  metric 256 
local ::1 dev lo table local  metric 0 
anycast fd00:####:####:: dev br-lan table local  metric 0 
local fd00:####:####::1 dev br-lan table local  metric 0 
anycast fd00:####:####:10:: dev pppoe-wan table local  metric 0 
local fd00:####:####:10::1 dev pppoe-wan table local  metric 0 
anycast fdb0:####:####:9ca1:: dev br-lan table local  metric 0 
local fdb0:####:####:9ca1::1 dev br-lan table local  metric 0 
local fdb0:####:####:9ca1::1 dev wl0-ap1 table local  metric 0 
anycast fe80:: dev eth0 table local  metric 0 
anycast fe80:: dev br-lan table local  metric 0 
anycast fe80:: dev wan table local  metric 0 
anycast fe80:: dev wan.201 table local  metric 0 
anycast fe80:: dev wl0-ap1 table local  metric 0 
anycast fe80:: dev wl0-ap0 table local  metric 0 
anycast fe80:: dev wl1-ap0 table local  metric 0 
local fe80::####:####:fe23:ed67 dev wl0-ap1 table local  metric 0 
local fe80::####:####:fe23:ed65 dev wan table local  metric 0 
local fe80::####:####:fe23:ed65 dev wan.201 table local  metric 0 
local fe80::####:####:fe23:ed66 dev eth0 table local  metric 0 
local fe80::####:####:fe23:ed66 dev br-lan table local  metric 0 
local fe80::####:####:fe23:ed67 dev wl0-ap0 table local  metric 0 
local fe80::####:####:fe23:ed68 dev wl1-ap0 table local  metric 0 
multicast ff00::/8 dev eth0 table local  metric 256 
multicast ff00::/8 dev br-lan table local  metric 256 
multicast ff00::/8 dev wan table local  metric 256 
multicast ff00::/8 dev wan.201 table local  metric 256 
multicast ff00::/8 dev pppoe-wan table local  metric 256 
multicast ff00::/8 dev wl0-ap0 table local  metric 256 
multicast ff00::/8 dev wl0-ap1 table local  metric 256 
multicast ff00::/8 dev wl1-ap0 table local  metric 256 
0:	from all lookup local 
32766:	from all lookup main 
4200000000:	from fdb0:####:####:9ca1::1/64 iif br-lan lookup unspec unreachable
lrwxrwxrwx    1 root     root            16 Apr 27 05:34 /etc/resolv.conf -> /tmp/resolv.conf
-rw-r--r--    1 root     root            47 Apr 29 09:08 /tmp/resolv.conf
-rw-r--r--    1 root     root            64 Apr 29 09:07 /tmp/resolv.conf.d/resolv.conf.auto
-rw-r--r--    1 root     root            48 Apr 29 09:07 /tmp/resolv.conf.ppp

/tmp/resolv.conf.d:
-rw-r--r--    1 root     root            64 Apr 29 09:07 resolv.conf.auto
==> /etc/resolv.conf <==
search lan
nameserver 127.0.0.1
nameserver ::1

==> /tmp/resolv.conf <==
search lan
nameserver 127.0.0.1
nameserver ::1

==> /tmp/resolv.conf.d <==
head: /tmp/resolv.conf.d: I/O error

==> /tmp/resolv.conf.ppp <==
nameserver 205.171.3.65
nameserver 205.171.2.65

==> /tmp/resolv.conf.d/resolv.conf.auto <==
# Interface wan
nameserver 205.171.3.65
nameserver 205.171.2.65

I noticed another thing that is decidedly odd: the guest network is listed as the IPv6 Upstream network in LuCI:


Now I'm worried.

I see no GUA addresses in the router, so you won't have any usable IPv6 connectivity.

The default is option ipv6 'auto' in the ppp-wan section. If the ISP offers IPv6, the pppoe driver should spawn a wan_6 interface and obtain an address using DHCPv6 through the tunnel. (note that wan_6 is not the same as wan6). Try setting ipv6 to auto instead of 1.

1 Like

Thank you, @mk24

After restarting with:

network.wan.ipv6='auto'
network.wan.ip6assign='64'

(first the interface and then the whole box), the router did not spawn a wan_6 or any other new interfaces.

The pppoe-wan interface now shows a ULA IPv6 address.

With a static address, I did have IPv6 connectivity. With 'auto' there is none:

~# ping -6 google.com
PING google.com (2607:f8b0:400f:804::200e): 56 data bytes
ping: sendto: Network unreachable

Can you please explain the difference between wan6 and wan_6 you alluded to (or point me to relevant documentation)?

What else can I do?

ip6assign is for lan-like interfaces which need a delegated prefix-- it should not be applied to a wan.

Is CenturyLink issuing ULAs to customers instead of GUAs? It appears there are two ULAs in play here, you can comment out your local ula_prefix to save clutter.

@mk24 - Got it, thank you.

I did restore wan6 by adding the following to /etc/config/nerwork:

config interface 'wan6'
	option device '@wan'
	option proto 'dhcpv6'

I've disabled ipv6 on wan for now, however.

Here's what I found in CenturyLink docs. It is not entirely clear if this applies to their fiber service (which is what I have) or DSL.

<...> 6. Select Enable for the 6rd (sic! - A.P.) State and enter the IP addressing values.
advanced-setup-enable-ipv6-7
<...> 10. Select Stateless for the IPv6 Addressing State. If the Network Address does not populate automatically, [look up the IPv6 address] in the Modem Status menu and enter it here.
advanced-setup-enable-ipv6-12

I've been playing with this on and off for the past few days. I finally gave up on getting CenturyLink to provide any useful information and went the 6in4 route with an he.net tunnel.

~ % ping6 google.com 
PING6(56=40+8+8 bytes) 2001:470:4021:0:XXXX:XXXX:XXXX:cc9f --> 2607:f8b0:4023:1000::64
16 bytes from 2607:f8b0:4023:1000::64, icmp_seq=0 hlim=108 time=23.749 ms

A million thanks to @onemarcfifty for his super-helpful tutorials and reference.

And thank you to @mk24 for pointing me in the right direction!

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.