Configuring IPv6 in OpenWrt

Installing and Using OpenWrt Network and Wireless Configuration
1

I want to configure IPv6. I see that my ISP is providing IPv6 recently and I want to connect with OpenWrt. For reference here is the data from one of the other customers' routers:

wan
wan755×472 34.1 KB

(wan)

lan
lan709×384 29 KB

(lan)

As you can see, the router has a different IP than the clients. And on a client connected to that router I get these IPs:

Client:

3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether fa:63:14:8a:13:6a brd ff:ff:ff:ff:ff:ff permaddr 18:d6:c7:11:b3:6c
    inet 192.168.0.223/24 brd 192.168.0.255 scope global dynamic noprefixroute wlan0
       valid_lft 3589sec preferred_lft 3589sec
    inet6 2800:2145:1000:6c8::c0e3/128 scope global dynamic noprefixroute 
       valid_lft 3589sec preferred_lft 3589sec
    inet6 2800:2145:1000:6c8:eb70:ea74:a88d:5697/64 scope global dynamic noprefixroute 
       valid_lft 298sec preferred_lft 298sec
    inet6 fe80::2dbf:fb6e:2b7f:6a8/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

As you can see, the router has a different IP than the clients. I get an IPv6 on WAN like the one in the "Dirección IPv6 WAN (IPv6):

Captura de pantalla_20250208_225743
Captura de pantalla_20250208_2257431366×768 162 KB

As far as I know, I am not having IPv6 on either the lan or the invitados interface.

root@mr70x:~# cat /etc/config/network 

config globals 'globals'
        option packet_steering '2'
        option ula_prefix 'fd84:d35d:406e::/48'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.20.1'
        option netmask '255.255.255.0'
        option defaultroute '0'
        option delegate '0'
        option ip6assign '64'

config interface 'wan'
        option device 'wan'
        option proto 'dhcp'
        option metric '1'
        option peerdns '0'

config interface 'invitados'
        option proto 'static'
        option device 'br-invitados'
        option ipaddr '192.168.50.1'
        option netmask '255.255.255.0'
        option defaultroute '0'
        option delegate '0'
        option ip6assign '64'

config device
        option name 'wan'

config interface 'wan6'
        option proto 'dhcpv6'
        option device '@wan'
        option reqaddress 'try'
        option norelease '0'
        option peerdns '0'
        option reqprefix 'no'
        option ip6assign '64'

root@mr70x:~# cat /etc/config/firewall 

config defaults
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option synflood_protect '1'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'lan'
        list network 'wg0'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        list network 'wan'
        list network 'wan2'
        list network 'wwan'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'
        list src_ip 'fc00::/6'
        list dest_ip 'fc00::/6'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config zone
        option name 'invitados'
        option input 'DROP'
        option output 'ACCEPT'
        option forward 'DROP'
        list network 'invitados'

config forwarding
        option src 'invitados'
        option dest 'wan'

Client:

3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 18:d6:c7:11:b3:6c brd ff:ff:ff:ff:ff:ff
    inet 192.168.20.195/24 brd 192.168.20.255 scope global dynamic noprefixroute wlan0
       valid_lft 86034sec preferred_lft 86034sec
    inet6 fd84:d35d:406e:1::7e7/128 scope global dynamic noprefixroute 
       valid_lft 86038sec preferred_lft 86038sec
    inet6 fd84:d35d:406e:1:a13:16bc:59fa:925a/64 scope global noprefixroute 
       valid_lft forever preferred_lft 604691sec
    inet6 fe80::629d:927b:f513:9060/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

I've already asked the ISP and they say "we only support our device and not customer routers."

2

There is no prefix received from the ISP thus no prefix can be passed down to lan(s). The reason for this may be simply that you have configured to not obtain a prefix. Remove the wan6 reqprefix no, or change it to number like 56. It looks like this ISP may only give out a single /64 though. That only supports one lan.

3

I already tried leaving it on automatic, empty or with some prefix like /56 and /64 and there is no longer any IPv6 on the wan6 interface.

4

Follow the advice of @mk24 but also delete this from the wan6 interface:

Reboot afterwards

1 Like
5

Yes I didn't see that. Ip6assign is used on lan-like interfaces to assign part of the wan prefix to them.

The default configuration is intended to work with this type of ISP and as usual it is best to stay as close to the defaults as you can.

6

Switch the DNS servers in WAN and WAN6 to Cloudflared.
uncheck DNS box enter 1.1.1.1, 1.0.0.1 in WAN. ipv4
Then 2606:4700:4700::1111
2606:4700:4700::1001 in the WAN6 spot. ipv6
Just another swill merchant on the phone.

7

In the OpenWrt router, ISP router baby POOP

8

I tried several configurations and I get the same result. And in each test I did a reboot of the router and modem:

config interface 'wan6'
	option proto 'dhcpv6'
	option device '@wan'
	option reqaddress 'try'
	option norelease '0'
	option peerdns '0'

config interface 'wan6'
	option proto 'dhcpv6'
	option device '@wan'
	option reqaddress 'try'
	option norelease '0'
	option peerdns '0'
	option reqprefix '64'

config interface 'wan6'
	option proto 'dhcpv6'
	option device '@wan'
	option reqaddress 'try'
	option norelease '0'
	option peerdns '0'
	option reqprefix 'auto'

Captura de pantalla_20250209_193809
Captura de pantalla_20250209_1938091128×121 11.6 KB

But when I add the option reqprefix 'no' line, I get an IPv6. I clarify that I have the modem in bridge mode and I have access to IPv6 from the router:

config interface 'wan6'
	option proto 'dhcpv6'
	option device '@wan'
	option reqaddress 'try'
	option norelease '0'
	option peerdns '0'
	option reqprefix 'no'

Captura de pantalla_20250210_002301
Captura de pantalla_20250210_0023011126×111 17.8 KB

Captura de pantalla_20250210_001657
Captura de pantalla_20250210_0016571366×768 83.8 KB

Captura de pantalla_20250210_001731
Captura de pantalla_20250210_0017311366×768 69.3 KB

I tried connecting my PC directly to the modem and I get this:

2: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1280 qdisc fq_codel state UP group default qlen 1000
    link/ether 40:8d:5c:ee:52:dd brd ff:ff:ff:ff:ff:ff
    altname enx408d5cee52dd
    inet 190.244.136.204/24 brd 190.244.136.255 scope global dynamic noprefixroute enp2s0
       valid_lft 335sec preferred_lft 335sec
    inet6 2800:2105:1000:20:443d:dfa4:4278:6e68/128 scope global dynamic noprefixroute 
       valid_lft 333sec preferred_lft 333sec
    inet6 fe80::9dd0:5cf9:d611:f9e1/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

[franco@pc ~]$ ping openwrt.org
PING openwrt.org (2a03:b0c0:3:d0::1a51:c001) 56 data bytes
64 bytes from wiki-03.infra.openwrt.org (2a03:b0c0:3:d0::1a51:c001): icmp_seq=1 ttl=51 time=239 ms
64 bytes from wiki-03.infra.openwrt.org (2a03:b0c0:3:d0::1a51:c001): icmp_seq=2 ttl=51 time=238 ms
64 bytes from wiki-03.infra.openwrt.org (2a03:b0c0:3:d0::1a51:c001): icmp_seq=3 ttl=51 time=239 ms
64 bytes from wiki-03.infra.openwrt.org (2a03:b0c0:3:d0::1a51:c001): icmp_seq=4 ttl=51 time=239 ms
64 bytes from wiki-03.infra.openwrt.org (2a03:b0c0:3:d0::1a51:c001): icmp_seq=5 ttl=51 time=237 ms
64 bytes from wiki-03.infra.openwrt.org (2a03:b0c0:3:d0::1a51:c001): icmp_seq=6 ttl=51 time=238 ms
64 bytes from wiki-03.infra.openwrt.org (2a03:b0c0:3:d0::1a51:c001): icmp_seq=7 ttl=51 time=238 ms
64 bytes from wiki-03.infra.openwrt.org (2a03:b0c0:3:d0::1a51:c001): icmp_seq=8 ttl=51 time=237 ms
^C
--- openwrt.org ping statistics ---
8 packets transmitted, 8 received, 0% packet loss, time 7742ms
rtt min/avg/max/mdev = 237.134/238.074/239.088/0.706 ms

Captura de pantalla_20250210_020506
Captura de pantalla_20250210_0205061366×768 97.8 KB

DNS Settings:

config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '0'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option cachesize '10000'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option localservice '1'
	option ednspacket_max '1232'
	list addnmount '/bin/busybox'
	option doh_backup_noresolv '1'
	list doh_backup_server '45.90.28.46#5353'
	list doh_server '127.0.0.1#5053'
	list doh_server '127.0.0.1#5054'
	list address '/internal/192.168.20.100'
	list address '/*.internal/192.168.20.100'
	option dnsforwardmax '1000'
	list server '45.90.28.46#5353'
	list server '2a07:a8c0::cf:f892#5353'
9

Shut all that ipv6 off from the WAN and be done with it. I don't think your provider even supports it.
The other customer in the picture above does not have a default DNS server set in their modem that should be provided by the ISP.
disable by unchecking reboot, see what happens. Your trying to hard to make something work that never will, they cant afford ipv6 even though the modem supports it.

1 Like