For ipv6 on sub level cascaded router setup

I got a /64 pd eg(240e:abcd:abcd:abcd::/64) from isp by pppoe, the upper level configure:
Router Advertisement-Service: server
DHCPv6-Service: server
NDP-Proxy: relay
DHCPv6-Mode: stateless + stateful
everything is ok, tested by win linux android. slaac and rdnss and stateless-dhcpv6.
then I hope to serial a second level router,
try
Router Advertisement-Service: relay
DHCPv6-Service: relay
NDP-Proxy: relay
DHCPv6-Mode: stateless + stateful

nothing happen, just wan6 with dhclint6 get a /64slaac and /128 dhcpv6 address. could I using dhcp devide the next /64 address space? eg two 254 pc's subnet 240e:abcd:abcd:abcd::1:1/120 as gw 240e:abcd:abcd:abcd::1:2/120 for pc1.1 240e:abcd:abcd:abcd::2.1/120 as gw2 240e:abcd:abcd:abcd::2:2/120 for pc2.1.
but nothing happened. could not get address at all.Does relay means to relay from wan to lan and vice verse? I see the github document of odhcpd, just mention master to slave. what is master port what is slave port?
I see for slaac /64 is minimum , if I use dhcpdv6, can it ok for me to central management with odhcpdv6?

Getting just a /64 PD from ISP is totally lame.

Technically you could, but it will break the protocol as it was supposed to work. Android devices for example use only SLAAC and they expect at least a /64.
This is the configuration for relaying, what you should have on the second downstream router:

# cat /etc/config/dhcp
config dhcp wan
    option dhcpv6 relay
    option ra relay
    option ndp relay
    option master 1
 
config dhcp lan
    option dhcpv6 relay
    option ra relay
    option ndp relay

is configure of wan is only done by edit configure file, no luci ? I could not find related settings.
Show I assign each gw ip?

this is what I get pd from isp, is there way to crack it?

Please don't suggest we assist you in obtaining services not given by your ISP. This is illegal in some Nations.

Have you tried asking your ISP?

No. But nobody can provide x edited screenshots here. In addition to that. LuCI is not providing a GUI for every possible setting of any application you install.

Because they are not there for WAN. Just plain DHCPv6 Client setting.

You have to connect to your unit over ssh (e. g. with putty) and edit /etc/config/dhcp (with for e. g. vi).

Basically you could try to "modify" your ISP modem. But it depends on the unit what you got and how the ISP is handling IP assignment. Those things need time and deeper knowledge about the modem itself and Linux command line tools. Nothing to click like on LuCI. :wink: And you have to do it by yourself. It's much easier to ask the ISP for a /60 /56.

I have some question on your configure. wan is in charge of ipv4, should your configure means wan6?

setting takes no effect. this is second level

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option ndp 'relay'
        option dhcpv6 'relay'
        option ra 'relay'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config dhcp 'wan6'
        option interface 'wan6'
        option dhcpv6 relay
        option ra relay
        option ndp relay
        option master 1

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

this is my first level with ipv6 on pppoe.

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option ra 'server'
        option dhcpv6 'server'
        option ra_default '1'
        option ra_management '1'
        option ndp 'relay'

the ips of first level router:

root@OpenWrt:~# ip -6 a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fe80::c261:18ff:fefc:b89c/64 scope link 
       valid_lft forever preferred_lft forever
5: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fdb7:fedc:3210::1/64 scope global noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 240e:x:x:x::1/64 scope global dynamic noprefixroute 
       valid_lft 188487sec preferred_lft 102087sec
    inet6 fe80::c261:18ff:fefc:b89c/64 scope link 
       valid_lft forever preferred_lft forever
7: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fe80::c261:18ff:fefc:b89d/64 scope link 
       valid_lft forever preferred_lft forever
8: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fe80::c261:18ff:fefc:b89c/64 scope link 
       valid_lft forever preferred_lft forever
9: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fe80::c261:18ff:fefc:b89b/64 scope link 
       valid_lft forever preferred_lft forever
10: pppoe-wan: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 state UNKNOWN qlen 3
    inet6 240e:x:x:x:x:x:x:x/64 scope global dynamic noprefixroute 
       valid_lft 259079sec preferred_lft 172679sec
    inet6 fe80::a199:ae14:ef88:dadc/10 scope link 
       valid_lft forever preferred_lft forever

about dhcpv6-pd, do you use linux? if I use pppoe to dial up internet directly under linux, how I can see the pd requested as openwrt shows?

just to talk. I changed request length in luci /dhcpv6 no use. using multi dial, could not connexion.

If you have a look at:

You can see that for pppoe and pppoa the wan/wan6 section has to be handled in a special way. There has to be "option ipv6 1" in wan section. The other configuration has to be declared/set under wan6.

I'm not using pppoe anymore since years. So I don't know much about. I would not recommend to dial in directly from a client machine. Abeit from this you won't see more then under OpenWrt. To see more you would need a router with modem integrated or access to the ISP modem/router. Under OpenWrt you can consult "logread" to get more information. Another option is to run the ppp-client directly with debug/not deamonized options? I don't know how the application is called. Maybe others know more.

On the upstream router you don't need the option ndp 'relay' in lan interface.
Other than that the configs are correct. Have you restarted the network service to apply the changes?

dear friend, after cascaded router, I must ping the upper level router first and than I can ping out side, why?

C:\Users\Allan>tracert www.yahoo.com

通过最多 30 个跃点跟踪
到 new-fp-shed.wg1.b.yahoo.com [2406:2000:e4:a1a::11] 的路由:

  1     *        *        *     请求超时。
  2     *        *        *     请求超时。
  3  ^C
C:\Users\Allan>tracert www.yahoo.com

通过最多 30 个跃点跟踪
到 new-fp-shed.wg1.b.yahoo.com [2406:2000:e4:a1a::11] 的路由:

  1     *     ^C
C:\Users\Allan>tracert www.yahoo.com

通过最多 30 个跃点跟踪
到 new-fp-shed.wg1.b.yahoo.com [2406:2000:e4:a1a::10] 的路由:

  1     *     ^C
C:\Users\Allan>ping 240e:82:901:9400::1

正在 Ping 240e:82:aaaa:bbbb::1 具有 32 字节的数据:
来自 240e:82:aaaa:bbbb::1 的回复: 时间=1111ms
来自 240e:82:aaaa:bbbb::1 的回复: 时间=5ms
来自 240e:82:aaaa:bbbb::1 的回复: 时间=2ms
来自 240e:82:aaaa:bbbb::1 的回复: 时间=1ms

240e:82:aaaa:bbbb::1 的 Ping 统计信息:
    数据包: 已发送 = 4,已接收 = 4,丢失 = 0 (0% 丢失),
往返行程的估计时间(以毫秒为单位):
    最短 = 1ms,最长 = 1111ms,平均 = 279ms

I don't know, it is the first time you mention something about wireguard. And judging by the initial delay of the first ping I'd say that the pinging host doesn't know anything about it's neighbor router until you start the ping and then everything works.

Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have

ubus call system board; \
uci export network; uci export wireless; \
uci export dhcp; uci export firewall; \
head -n -0 /etc/firewall.user; \
ip -4 addr ; ip -4 ro li tab all ; ip -4 ru; \
ip -6 addr ; ip -6 ro li tab all ; ip -6 ru; \
ls -l  /etc/resolv.* /tmp/resolv.*; head -n -0 /etc/resolv.* /tmp/resolv.*

Do that on both routers.

sorry, it is none of wireguard's bussiness.It is another quesion.let's go back to share /64 prefix in cascaded router.
even without wireguard, the same thing.

could not ping yahoo.com without ping upper router first.:frowning:

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option ndp 'relay'
        option ra 'relay'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'
        option ra 'relay'
        option ndp 'relay'
        option master '1'

config globals 'globals'
        option ula_prefix 'fdbb:1fc4:1e19::/48'

config interface 'lan'
        option type 'bridge'
        option ifname 'eth0.1'
        option proto 'static'
        option netmask '255.255.255.0'
        option ipaddr '192.168.100.1'
        option ip6assign '64'

config device 'lan_eth0_1_dev'
        option name 'eth0.1'
        option macaddr '04:a1:51:a1:95:e3'

config interface 'wan'
        option ifname 'eth0.2'
        option proto 'dhcp'

config device 'wan_eth0_2_dev'
        option name 'eth0.2'
        option macaddr '04:a1:51:a1:95:e4'

config interface 'wan6'
        option ifname 'eth0.2'
        option proto 'dhcpv6'
        option reqprefix 'auto'
        option reqaddress 'try'


this is the second-level-router's dhcp and network configure files. just use slaac no dhcpv6.

since under this configure, no public ipv6 on br-lan, so the first hop as follows:

C:\Users\Allan>tracert yandex.com

通过最多 30 个跃点跟踪
到 yandex.com [2a02:6b8:a::a] 的路由:

  1     1 ms    <1 毫秒   <1 毫秒 fdbb:1fc4:1e19::1

I cannot say from the snippets that you posted. I asked from both routers specific commands.

1 Like

the second level, not routed with wireguard.

root@OpenWrt:~# ubus call system board; \
> uci export network; uci export wireless; \
> uci export dhcp; uci export firewall; \
> head -n -0 /etc/firewall.user; \
> ip -4 addr ; ip -4 ro li tab all ; ip -4 ru; \
> ip -6 addr ; ip -6 ro li tab all ; ip -6 ru; \
> ls -l  /etc/resolv.* /tmp/resolv.*; head -n -0 /etc/resolv.* /tmp/resolv.*
{
        "kernel": "4.14.180",
        "hostname": "OpenWrt",
        "system": "Atheros AR9344 rev 2",
        "model": "NETGEAR WNDR4300",
        "board_name": "wndr4300",
        "release": {
                "distribution": "OpenWrt",
                "version": "19.07.3",
                "revision": "r11063-85e04e9f46",
                "target": "ar71xx/nand",
                "description": "OpenWrt 19.07.3 r11063-85e04e9f46"
        }
}
package network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fdbb:1fc4:1e19::/48'

config interface 'lan'
        option type 'bridge'
        option ifname 'eth0.1'
        option proto 'static'
        option netmask '255.255.255.0'
        option ipaddr '192.168.100.1'
        option ip6assign '64'

config device 'lan_eth0_1_dev'
        option name 'eth0.1'
        option macaddr '04:a1:51:a1:95:e3'

config interface 'wan'
        option ifname 'eth0.2'
        option proto 'dhcp'

config device 'wan_eth0_2_dev'
        option name 'eth0.2'
        option macaddr '04:a1:51:a1:95:e4'

config interface 'wan6'
        option ifname 'eth0.2'
        option proto 'dhcpv6'
        option reqprefix 'auto'
        option reqaddress 'try'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'
        option ar8xxx_mib_type '0'
        option ar8xxx_mib_poll_interval '500'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '1 2 3 4 0t'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '5 0t'

config interface 'wg0'
        option proto 'wireguard'
        option private_key '0FThGxl+xEktZ0n2IciWxgOnPtkpf6uCWIPqIdIkP0c='
        list addresses '10.10.191.10/24'
        list addresses 'fd39:5335:1241:7412::10/64'
        list addresses '2001:x:x::10/64'

config wireguard_wg0
        option public_key '9jGY0R3jSVJj/ubkhXC9hVY1b9TRz4krSu73AsKNC0U='
        option persistent_keepalive '25'
        option endpoint_port '44280'
        option endpoint_host '45.62.236.91'
        option preshared_key 'zsV5c2+dIB2nA1pFIaAMbx/y4iFZ03DOdsHwlkYbIj0='
        list allowed_ips '0.0.0.0/1'
        list allowed_ips '128.0.0.0/1'
        list allowed_ips '::/1'
        list allowed_ips '8000::/1'

package wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option channel '11'
        option hwmode '11g'
        option path 'platform/ar934x_wmac'
        option txpower '26'
        option htmode 'HT40'
        option disabled '0'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid 'OpenWrt'
        option key '12345678'
        option encryption 'psk2'

config wifi-device 'radio1'
        option type 'mac80211'
        option hwmode '11a'
        option path 'pci0000:00/0000:00:00.0'
        option txpower '22'
        option htmode 'HT40'
        option disabled '0'
        option channel '44'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option ssid 'OpenWrt'
        option key '12345678'
        option encryption 'psk2'

package dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option ndp 'relay'
        option ra 'relay'

config dhcp 'wan'
        option interface 'wan'
        option ignore '0'
        option ndp 'relay'
        option ra 'relay'
        option master '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

package firewall

config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        list network 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        option network 'wan wan6 wg0'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config include
        option path '/etc/firewall.user'

config include 'miniupnpd'
        option type 'script'
        option path '/usr/share/miniupnpd/firewall.include'
        option family 'any'
        option reload '1'

# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.

# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.

#ip6tables -t mangle -I POSTROUTING -s 240e:82:901:9400::/64 -o wg0 -j SNPT --src-pfx 240e:82:901:9400::/64 --dst-pfx 2001:x:x:x::/64
#ip6tables -t mangle -I PREROUTING -i wg0 -d 2001:x:x:x::/64 -j DNPT --src-pfx 2001:x:x:x::/64 --dst-pfx 240e:82:901:9400::/64
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
5: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    inet 192.168.100.1/24 brd 192.168.100.255 scope global br-lan
       valid_lft forever preferred_lft forever
7: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    inet 192.168.1.138/24 brd 192.168.1.255 scope global eth0.2
       valid_lft forever preferred_lft forever
11: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
    inet 10.10.191.10/24 brd 10.10.191.255 scope global wg0
       valid_lft forever preferred_lft forever
0.0.0.0/1 dev wg0 proto static scope link
default via 192.168.1.1 dev eth0.2 proto static src 192.168.1.138
10.10.191.0/24 dev wg0 proto kernel scope link src 10.10.191.10
45.62.236.91 via 192.168.1.1 dev eth0.2 proto static
128.0.0.0/1 dev wg0 proto static scope link
192.168.1.0/24 dev eth0.2 proto kernel scope link src 192.168.1.138
192.168.100.0/24 dev br-lan proto kernel scope link src 192.168.100.1
broadcast 10.10.191.0 dev wg0 table local proto kernel scope link src 10.10.191.10
local 10.10.191.10 dev wg0 table local proto kernel scope host src 10.10.191.10
broadcast 10.10.191.255 dev wg0 table local proto kernel scope link src 10.10.191.10
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
broadcast 192.168.1.0 dev eth0.2 table local proto kernel scope link src 192.168.1.138
local 192.168.1.138 dev eth0.2 table local proto kernel scope host src 192.168.1.138
broadcast 192.168.1.255 dev eth0.2 table local proto kernel scope link src 192.168.1.138
broadcast 192.168.100.0 dev br-lan table local proto kernel scope link src 192.168.100.1
local 192.168.100.1 dev br-lan table local proto kernel scope host src 192.168.100.1
broadcast 192.168.100.255 dev br-lan table local proto kernel scope link src 192.168.100.1
0:      from all lookup local
32766:  from all lookup main
32767:  from all lookup default
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fe80::d09b:6bff:fe44:f4f8/64 scope link
       valid_lft forever preferred_lft forever
5: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fdbb:1fc4:1e19::1/64 scope global noprefixroute
       valid_lft forever preferred_lft forever
    inet6 fe80::6a1:51ff:fea1:95e3/64 scope link
       valid_lft forever preferred_lft forever
7: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fdb7:fedc:3210:0:/64 scope global noprefixroute
       valid_lft forever preferred_lft forever
    inet6 240e:82:901:9400:/64 scope global dynamic noprefixroute
       valid_lft 251577sec preferred_lft 165177sec
    inet6 fe80::6a1:51ff:fea1:95e4/64 scope link
       valid_lft forever preferred_lft forever
9: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fe80::6a1:51ff:fea1:95e5/64 scope link
       valid_lft forever preferred_lft forever
10: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fe80::6a1:51ff:fea1:95e3/64 scope link
       valid_lft forever preferred_lft forever
11: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 state UNKNOWN qlen 1000
    inet6 2001:x:x::10/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fd39:5335:1241:7412::10/64 scope global
       valid_lft forever preferred_lft forever
default from 240e:82:901:9400::/64 via fe80::c261:18ff:fefc:b89c dev eth0.2 proto static metric 512 pref medium
default from fdb7:fedc:3210::/64 via fe80::c261:18ff:fefc:b89c dev eth0.2 proto static metric 512 pref medium
2001:470:4999::/64 dev wg0 proto kernel metric 256 pref medium
240e:82:901:9400::/64 dev eth0.2 proto static metric 256 pref medium
::/1 dev wg0 proto static metric 1024 pref medium
fd39:5335:1241:7412::/64 dev wg0 proto kernel metric 256 pref medium
fdb7:fedc:3210::1 dev eth0.2 proto static metric 1024 pref medium
fdb7:fedc:3210:0:89e2:fe2:7292:b661 dev br-lan proto static metric 1024 pref medium
fdb7:fedc:3210::/64 dev eth0.2 proto static metric 256 pref medium
fdbb:1fc4:1e19::/64 dev br-lan proto static metric 1024 pref medium
unreachable fdbb:1fc4:1e19::/48 dev lo proto static metric 2147483647 error 4294967148 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev eth0.2 proto kernel metric 256 pref medium
fe80::/64 dev br-lan proto kernel metric 256 pref medium
fe80::/64 dev wlan1 proto kernel metric 256 pref medium
fe80::/64 dev wlan0 proto kernel metric 256 pref medium
8000::/1 dev wg0 proto static metric 1024 pref medium
local ::1 dev lo table local proto kernel metric 0 pref medium
anycast 2001:x:x:: dev wg0 table local proto kernel metric 0 pref medium
local 2001:x:x::10 dev wg0 table local proto kernel metric 0 pref medium
anycast 240e:82:901:9400:: dev eth0.2 table local proto kernel metric 0 pref medium
local 240e:82:901:9400: dev eth0.2 table local proto kernel metric 0 pref medium
anycast fd39:5335:1241:7412:: dev wg0 table local proto kernel metric 0 pref medium
local fd39:5335:1241:7412::10 dev wg0 table local proto kernel metric 0 pref medium
anycast fdb7:fedc:3210:: dev eth0.2 table local proto kernel metric 0 pref medium
local fdb7:fedc:3210:0:6a1:51ff:fea1:95e4 dev eth0.2 table local proto kernel metric 0 pref medium
anycast fdbb:1fc4:1e19:: dev br-lan table local proto kernel metric 0 pref medium
local fdbb:1fc4:1e19::1 dev br-lan table local proto kernel metric 0 pref medium
anycast fe80:: dev eth0.2 table local proto kernel metric 0 pref medium
anycast fe80:: dev br-lan table local proto kernel metric 0 pref medium
anycast fe80:: dev eth0 table local proto kernel metric 0 pref medium
anycast fe80:: dev wlan1 table local proto kernel metric 0 pref medium
anycast fe80:: dev wlan0 table local proto kernel metric 0 pref medium
local fe80::6a1:51ff:fea1:95e3 dev br-lan table local proto kernel metric 0 pref medium
local fe80::6a1:51ff:fea1:95e3 dev wlan0 table local proto kernel metric 0 pref medium
local fe80::6a1:51ff:fea1:95e4 dev eth0.2 table local proto kernel metric 0 pref medium
local fe80::6a1:51ff:fea1:95e5 dev wlan1 table local proto kernel metric 0 pref medium
local fe80::d09b:6bff:fe44:f4f8 dev eth0 table local proto kernel metric 0 pref medium
ff00::/8 dev br-lan table local metric 256 pref medium
ff00::/8 dev eth0 table local metric 256 pref medium
ff00::/8 dev eth0.2 table local metric 256 pref medium
ff00::/8 dev wg0 table local metric 256 pref medium
ff00::/8 dev wlan1 table local metric 256 pref medium
ff00::/8 dev wlan0 table local metric 256 pref medium
0:      from all lookup local
32766:  from all lookup main
4200000001:     from all iif lo failed_policy
4200000005:     from all iif br-lan failed_policy
4200000007:     from all iif eth0.2 failed_policy
4200000007:     from all iif eth0.2 failed_policy
4200000011:     from all iif wg0 failed_policy
lrwxrwxrwx    1 root     root            16 May 16 18:32 /etc/resolv.conf -> /tmp/resolv.conf
-rw-r--r--    1 root     root            32 Jul 15 20:21 /tmp/resolv.conf
-rw-r--r--    1 root     root            96 Jul 15 20:21 /tmp/resolv.conf.auto
==> /etc/resolv.conf <==
search lan
nameserver 127.0.0.1

==> /tmp/resolv.conf <==
search lan
nameserver 127.0.0.1

==> /tmp/resolv.conf.auto <==
# Interface wan
nameserver 192.168.1.1
search lan
# Interface wan6
nameserver fdb7:fedc:3210::1
root@OpenWrt:~#

Better double check it because the default routes are via wireguard.
Post here the from the window host:

ipconfig
route -6 print
netsh int ipv6 show neighbors

sorry, may be I put ndp and ra and master setting to wan6. this time I put it on wan!

why put it on wan not wan6, even I see the example here:
https://openwrt.org/docs/guide-user/network/ipv6/start#router_advertisement_dhcpv6

Does it work now?

yes, http works. not need to ping first. thanks.
why put it on wan not wan6, even I see the example here:
https://openwrt.org/docs/guide-user/network/ipv6/start#router_advertisement_dhcpv6?

I updated the wiki to be more clear.

1 Like