Getting IPv6 to work with a cascaded router setup


I am fairly new to IPv6, but I think I have learned a few things in the last days...
I need to get IPv6 to work in our office since we occasionally need to connect to IPv6-only (DS-Lite) connected sites for remote administration. This works from my home, where I am using a tunnel from because I only have IPv4 connectivity.

In our office, we have full dual-stack from the german telekom. Unfortunately, we have to use their router (which they call "Digitalisierungsbox Premium", it is actually a bintec be.IP plus) to provide ISDN emulation for our phones. An OpenWRT router is connected to the LAN side of this box, configured as "DHCP client" on the WAN side, all computers are then connected to this OpenWRT router.
So we are doing double NAT with IPv4, which works well. How do I configure IPv6 correctly in this case? It looks like we are only getting a /64 prefix from the ISP, is it even possible to delegate this from the be.IP box to the OpenWRT router and use that?

I have configured a DHCPv6 server on the be.IP box and it even shows an address assigned to the OpenWRT router, but on this the WAN6 interface doesn't even have an address.

If you connect a PC on the be.IP does it acquire IPv6 correctly?
I have not come across this particular scenario, but I would try to use the relay option in DHCPv6, since the /64 you are getting from the be.IP on the Openwrt is already delegated.
Also post here the /etc/config/network , /etc/config/firewall and /etc/config/dhcp

This is stupid, call them up and tell them you need at least a /60 :thinking:

I say this because sometimes they actually just pin your account to whatever you first requested, and they have a system in place to give you a /60 or even a /56 but they won't do it unless you first unpin the whatever you have so far settings on their back end database.

Also, sometimes these ISP equipment devices will only give out /64 but they will give out multiple ones. I can use wide-dhcpv6-client on my Debian router to request explicitly several /64s but that package isn't available on openwrt. you might be able to use the isc-dhcp-client-ipv6 package to do the same, I don't know.


Is your line VDSL? If so, do you have another DSL modem available, beside the Digitalisierungsbox?

Connect the OpenWrt router to the uplink and the Telekom router downstream of it for testing the prefix delegation. If it works and you decide to use this in production, I would recommend to set up SQM on OpenWrt to ensure good audio quality for phone calls.

Deutsche Telekom AG will always hand out /56 prefixes (usually dynamic ones, unless you are on a business contract and eligible to static IPv4 addresses/ IPv6 prefixes ("feste-ip")). If your OpenWrt router only gets a single /64 prefix via DHCPv6-PD, the fault would be with the upstream router (Digitalisierungsbox Premium) - maybe just a matter of configuration, maybe in need of a firmware upgrade, maybe 'unfixable' without replacing the device.

1 Like

This Box can handle biger prefixes. It just need to be configured. It can be used in modem/bridge mode too. OP should just delete the active dsl profile before configured so, or the next bill will be very expensiv (accidental double login on dsl/vdsl cost you a liver). After that: use ppoe in Openwrt and it will pull the entire /56 prefix. At the end, you save yourself a double nat for ipv4 too.


You seem to be familiar with this box, I just read some documentation.
Can it actually delegate more than a /64 prefix to a downstream router via DHCPv6-PD?
How would you configure this?

Good question, i didnt touch a bintec device since about 3 years because of bugs not getting fixed fast enough.

You can find here some workshops in german and english from them. Maybe you can find something there.

OpenWrt controls this via, e.g., option ip6assign '60'.

Pretty sure the question is whether the bintec device can hand out bigger than a /64. My Arris device from ATT will only hand out /64 but it will hand out multiple ones... Better than nothing.