I'd like to know if additional configuration is needed to get a working IPv6 connectivity on Guest Network.
With reference to https://openwrt.org/docs/guide-user/network/wifi/guestwifi/guest-wlan-webinterface, I have already created a Guest Wifi network with working IPv4 connectivity.
Currently, I have native IPv6 IP subnet (/56) provided by ISP using DHCPv6 and different IPv6 assignment hint set for LAN and Guest network, each assigned a /64 and already using IPv6 happily on internal LAN.
On guest network, for getting IPv6 address, the following firewall rules are added already:
SLAAC and DHCPv6
config rule
option target 'ACCEPT'
option proto 'udp'
option name 'Guest-DHCPv6'
option family 'ipv6'
option src 'guest'
option src_port '546'
option dest_port '547'
config rule
option target 'ACCEPT'
option name 'Guest-SLAAC'
option family 'ipv6'
option src 'guest'
option proto 'icmp'
list icmp_type 'router-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-solicitation'
list icmp_type 'neighbour-advertisement'
list icmp_type '141'
list icmp_type '142'
list icmp_type '148'
list icmp_type '149'
With the above rules added, I am able to get IPv6 connectivity.
In addition, with reference to RFC 4890 Section 4.4, the following rules are added:
Ping and MLD?
config rule
option enabled '1'
option target 'ACCEPT'
option name 'Guest-Ping'
option family 'ipv6'
option proto 'icmp'
option icmp_type 'echo-request'
option src 'guest'
config rule
option name 'Guest-MLD'
option src 'guest'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
list icmp_type '151/0'
list icmp_type '152/0'
list icmp_type '153/0'
option family 'ipv6'
option target 'ACCEPT'
Does the above looks fine for you, any comment?
Thanks.