I have a few 'dumb' Wireless APs around the office. They are set up to provide wireless access to main LAN, guest wifi, and several of them have access to additional VLAN in that area.
All that works fine in IPv4. However, I noticed that it doesn't past IPv6 addresses that are connected to these wireless APs. Not to the main LAN, not to the guest network, not to the additional VLANs.
Everything that is wired works perfectly. I have a Global /48 from HE. I just can't seem to figure out why the OpenWRT wireless APs won't "passthrough" the IPv6 address to the wireless clients.
What I do notice is that wireless clients that are connected to the OpenWRT APs CAN ping local-link IPv6 address. But none of the clients can ping6/ping -6 to google.com (or anything beyond the WAN router)
are the clients getting global addresses but can't use them, or they don't even get global addresses. also can you clarify do your wired clients connected to these APs work fine?
I think the APs don't listen to RA by default. create a lan6 interface and set it up as protocol dhcpv6 client similar to want interface that comes out of the box.
yes it's normal that the clients do, but the AP itself might not, there are good reasons why an infrastructure device might not listen to RA, including DoS/security reasons.
if you agree that the clients do... shouldn't this be the same scenario? I don't really care if the AP itself gets a global ipv6 address. I only care that the wireless clients connected to the AP gets it and get routed.
If the wireless is bridged to the Ethernet, there is no functional reason for the AP to have any address at all, IPv6 or IPv4. It's just passing packets, not sourcing or sinking them.
Yes an IP address of some sort is convenient for management, but not needed for function.
Edit:
If I were debugging this, I'd first confirm that the bridges were set up properly as that should be all that is needed, assuming that the upstream router is properly sending them. If the bridges looked OK, I'd then install tcpdump-mini and look for the RA packets.
root@owrt-n750:~# cat /etc/firewall.user
# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.
# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
iptables -I FORWARD -i br-lan -o br-Guest -j DROP
iptables -I FORWARD -i br-Guest -o br-lan -j DROP
As I mentioned before. IPv4 is routing properly. This AP is the simplest of them all, just the main LAN and a guest LAN.
Since you're comfortable with VLANs, you can put an IP on a management VLAN and don't need one on any other interface (unless you need connectivity off that VLAN).
If you would like your AP to receive IPv6 as a host only and not for routing you have to tell dhcp6c not to request prefix deligation. If you do not do this the AP will reject basic IPv6 addresses. If you want to still be able to use ipv6 on the Router itself change the wan6 to lan6 and @wan to @lan
config interface 'lan6'
option proto 'dhcpv6'
option ifname '@lan'
option reqprefix no
Trying to make sense of that.
If you would like your AP to receive IPv6 as a host only and not for routing you have to tell dhcp6c not to request prefix deligation
So I shouldn't need to do this right? I don't care if the AP to have an IPv6 address, just routing IPv6. Or I am not understanding that sentence correctly....
Was searching for exactly the same issue today and stumbled on this fresh topic. I tried the suggestion of vgaetera but it does not seem to have any effect. The dumb AP does not get an ipv6 ip either.
I did notice that wired users on the dumb AP get an IPv6 address, but no gateway information. Wireless users on the dumb AP get neither IPv6 nor gateway information.
Edit: It seems most likely to me that the problem is upstream and not at the AP. Will check the RA tomorrow.
This is redundant, if you don't specifically allow forwarding between zones they are denied by default.
Other than that, you have static protocol on lan interface, so you have to either assign the IPv6 manually or create a DHCPv6 interface as @vgaetera suggested.
I don't think it is connected, but you can also try to 'ACCEPT' the forward in lan and Guest firewall zones.
If it still doesn't work you need to run tcpdump and check if the RAs are getting to the AP correctly.