I don't run DHCPv4 or DHCPv6 at all on my network. I'm just using SLAAC. I have so few devices that need IPv4 addresses that I just manually assign them (like, I can count them on one hand).
So here's where I'm at now. I went ahead and did a factory reset on the device, choosing to wipe all of my prior configuration and use the defaults from OpenWRT. Running 23.05.4.
I made the following changes:
Replaced config dhcp 'lan' in /etc/config/dhcp with:
config dhcp 'lan'
option interface 'lan'
option dhcpv4 'disable'
option dhcpv6 'disable'
Replaced the original config interface 'lan' in /etc/config/network with:
config interface 'lan'
option device 'br-lan'
option proto 'dhcpv6'
(There doesn't seem to be option proto 'slaac', which is why I used 'dhcpv6').
That's it. Everything else is stock OpenWRT. Right now I'm only interested in getting the AP a proper IPv6 address. I'm ignoring any clients that connect to the AP.
I apply those settings and reboot. After things settle, I have no IPv6 address on br-lan other than link local. I check the logs and I see
odhcp6c: Failed to send RS (Address not found)
odhcp6c: Failed to send SOLICIT message to ff02::1:2 (Address not found)
At this point, the firewall is up and running.
# /etc/init.d/firewall status
active with no instances
Now here's the weird thing... changing nothing, I run the following:
# /etc/init.d/firewall reload
# /etc/init.d/network restart
(Reminder that I have not touched /etc/config/firewall at all)
I quickly run logread -f and see what happens, and I see the same messages as above about RS and SOLICIT... but then...
odhcp6c: Failed to send RS (Address not found)
odhcp6c: Failed to send SOLICIT message to ff02::1:2 (Address not found)
odhcp6c: Failed to send SOLICIT message to ff02::1:2 (Address not found)
netifd: Interface 'lan' is now up
... abridged dnsmasq messages ...
firewall: Reloading firewall due to ifup of lan (br-lan)
I check ifconfig br-lan again... and voila! My IPv6 assignments are there, just as I expect. (Well, looks like I got an extra ULA, but I don't care about that right now).
This suggests to me that there is some sort of loading order issue.
- if I
reboot, I'm back to no IP assignments. - it seems that the firewall rules work, but that the firewall itself needs to receive an update (ifup) about the interface that it doesn't receive--or receives at the wrong time--during boot
- this behavior is very consistent (tried across 20+ reboots)
As an aside, this also makes me realize that my original issue about IPv6 assignments via SLAAC here was never really resolved, since it was only working when I had the firewall disabled. The above procedure works with the firewall enabled, but only if I manually cycle the network after the device has booted, which... sucks.
What is going on here? I'm thoroughly confused why the exact same configuration fails to secure an IPv6 address at boot (including waiting for at least 10 minutes after boot), but succeeds when manually cycled. 