Help setting up ipv6 in dual stack

I have to be honest and hate to break it to the team that I did something dumb and disabled many of the default ipv6 settings in the "interfaces" page thinking I don't have ipv6 from my ISP. I disabled anything I saw ipv6 in the "interfaces" page.
So I would like to restore or enable necessary ipv6 settings in the "interface" page and anywhere else on openwrt.

I have been watching OneMarcFifty videos on ipv6 to enable ipv6 and ipv4 on dual stack and I have trouble setting up because my ipv6 settings are not openwrt default.

I have not decided to reset the router and start over again because I had great difficulty setting up vlans, 8011.r on the main router and the dumb access point. I don't remember to setup vlans again because my router was setup once long back and it been running like an appliance.

I kindly please request the team here to help me with enabling ipv6, ipv4 in dual stack. I have a main and dumb access point which are Linksys E8450 running the latest stable.

Usually it goes something like this (from /etc/config/network):

config interface 'wan'
	option proto 'pppoe'
	option device 'eth0'
	option username 'username'
	option password 'secret'
	option ipv6 '1'

config interface 'wan6'
	option proto 'dhcpv6'
	option device '@wan'
	option reqaddress 'try'
	option reqprefix 'auto'

If you didn't change your firewall settings by removing IPv6 related stuff (just removed wan6 interface) it should be enough.

If you removed IPv6 related settings in your firewall then you cat find default settings at /rom/etc/config/firewall

Firewall settings


config defaults
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'lan'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	list network 'wan'
	list network 'WAN6'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config zone
	option name 'guest'
	option output 'ACCEPT'
	option forward 'REJECT'
	option input 'REJECT'
	list network 'guest'

config forwarding
	option src 'guest'
	option dest 'wan'

config rule
	option name 'guestDHCP'
	list proto 'udp'
	option src 'guest'
	option dest_port '67'
	option target 'ACCEPT'

config rule
	option name 'guestDNS'
	option src 'guest'
	option dest_port '53'
	option target 'ACCEPT'

config include 'miniupnpd'
	option type 'script'
	option path '/usr/share/miniupnpd/firewall.include'


Network settings:


config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fcxx:xxxx:xxxx::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'

config interface 'lan'
	option proto 'static'
	option netmask '255.255.255.0'
	option ipaddr '192.168.86.1'
	option device 'br-lan.99'
	option delegate '0'
	option ip6assign '64'
	option ip6hint '5'
	option ip6ifaceid '::99'

config interface 'wan'
	option device 'wan'
	option proto 'pppoe'
	option password 'Qxxxft'
	option delegate '0'
	option username '103xxx287'
	option ipv6 'auto'

config interface 'guest'
	option proto 'static'
	option ipaddr '192.168.87.1'
	option netmask '255.255.255.0'
	option device 'br-lan.4'
	option ip6assign '64'
	option ip6hint 'a'
	option ip6ifaceid '::99'

config bridge-vlan
	option device 'br-lan'
	option vlan '4'
	list ports 'lan4:t'

config bridge-vlan
	option device 'br-lan'
	option vlan '99'
	list ports 'lan2:u*'
	list ports 'lan3:u*'
	list ports 'lan4:t'

config interface 'WAN6'
	option proto 'dhcpv6'
	option reqaddress 'try'
	option reqprefix 'auto'
	option ip6assign '64'
	option ip6hint '5'
	option ip6ifaceid '::99'
	option device '@wan'


I just hid the ULA prefix because I don't know if its safe to expose that.

I have prefix delegated ipv6. I don't see the servers global address (2000::/3) not being assigned to lan, wan or guest but I do see it in the WAN6 interface that I created. I would like to know what I am doing wrong.

Comment out ula_prefix, you don't need it and it will just add confusion having ULAs around.

Change "WAN6" to "wan6" as the latter is already defined in the firewall.

Then use ifstatus wan6 to see what kind of IPv6 service the ISP provides.

config interface 'wan'
	option proto 'pppoe'
	option device 'eth0'
	option username 'username'
	option password 'secret'
	option ipv6 '1'

config interface 'wan6'
	option proto 'dhcpv6'
	option device '@wan'
	option reqaddress 'try'
	option reqprefix 'auto'

If you create an alias interface pointing to wan, then option ipv6 can be set to 0, it does not matter. I haven't tried with auto though.

... or leave it. At least you will have some IPv6 address even if pppoe (or whatever you use) fails to go up.

Firewall settings are predefined, but /etc/config/network is generated during first start. This is why I specified only IPv6 sections.

Hi! If I have made some mistake kindly please, please be direct so I can take the corrective steps. To the best of my knowledge, I only changed WAN6 to wan6 and tried to get get ipv6 in the lan interface.

That's just cosmetics. I had problem similar to yours few years ago when my provider finally rolled out IPv6. I just added those lines to my /etc/config/network in the end of file and that's it. I didn't change /etc/config/firewall because I never modified its IPv6 stuff.

If you're confused by editing files in vi... well, that's a esoteric. Is it a problem for you?

The prefix from the ISP is only a /64. This means that you can't have two LAN-like interfaces (lan and guest) each with their own /64. In this case guest got the available prefix first, and lan will not have IPv6.

2 Likes

How can I make sure LAN gets it and guest does not?

Do not set an ip6assign on guest.

1 Like
root@OpenWrt:~# ifstatus wan6
{
        "up": true,
        "pending": false,
        "available": true,
        "autostart": true,
        "dynamic": false,
        "uptime": 3822,
        "l3_device": "pppoe-wan",
        "proto": "dhcpv6",
        "device": "pppoe-wan",
        "updated": [
                "prefixes"
        ],
        "metric": 0,
        "dns_metric": 0,
        "delegation": true,
        "ipv4-address": [

        ],
        "ipv6-address": [
                {
                        "address": "2965:7236:c3:0:3ddd:7bd8:51ba:b209",
                        "mask": 128,
                        "preferred": 82578,
                        "valid": 82578
                }
        ],
        "ipv6-prefix": [
                {
                        "address": "2256:7348:c4:366c::",
                        "mask": 64,
                        "preferred": 82578,
                        "valid": 82578,
                        "class": "wan6",
                        "assigned": {
                                "guest": {
                                        "address": "2345:7769:c4:366c::",
                                        "mask": 64
                                }
                        }
                }
        ],
        "ipv6-prefix-assignment": [

        ],
        "route": [
                {
                        "target": "::",
                        "mask": 0,
                        "nexthop": "fe80::eec0:1baa:fe01:91e1",
                        "metric": 512,
                        "valid": 1524,
                        "source": "2489:7734:c4:366c::/64"
                },
                {
                        "target": "::",
                        "mask": 0,
                        "nexthop": "fe80::eec0:1baa:fe01:91e1",
                        "metric": 512,
                        "valid": 1524,
                        "source": "2465:7234:c3:0:3ddd:7bd8:51ba:b209/128"
                }
        ],
        "dns-server": [
                "2476:7456:b0:b::2",
                "2456:7445:a:10::2"
        ],
        "dns-search": [

        ],
        "neighbors": [

        ],
        "inactive": {
                "ipv4-address": [

                ],
                "ipv6-address": [

                ],
                "route": [

                ],
                "dns-server": [

                ],
                "dns-search": [

                ],
                "neighbors": [

                ]
        },
        "data": {
                "passthru": "001700202406740000b0b000000000000000224067400000a00100000000000000002"
        }
}

is there anyway to ip6 assign to both guest and lan network? What should I ask my ISP for successful ip6 assign of guest and lan network?

That part is a problem, you need more than a (single-) /64 to provide IPv6 connectivity to your two networks, your ISP should hand out a /56 or similar.

2 Likes

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.