How do I make IPv6 clients reachable from the net?

I have a WD My Net N750 router running OpenWRT 19.07.9. My IPv6 works fine for connections out. I can reach and many other IPv6 services from all of my devices in the LAN.

The issue I'm struggling immensely with is trying to enable the other way around. I want to run a VPN that would allow me to get at services I run at home from inside my LAN. But I can't seem to access any thing I have running from a remote IPv6 address. Currently testing with my cellular phone which gets a IPv6. I tried setting up traffic rules to see if I could reach a web server I have on a Raspberry Pi and nothing. However I can reach the same web server over IPv4 just fine.

I appear to get two IPv6 from my ISP Comcast/Xfinity, one that is a IPv6-PD with /60 and a IPv6 that is a /128. I've already tried setting the router to try for bigger subnets like /56 and I don't get that.

Does anyone here have any ideas how I can get this to work?

By default, the firewall treats IPv6 equivalent to IPv4, rejecting (non-established) incoming connections - you need to allow them via traffic rules (either on a by-port-basis or for selected IPv6 addresses).

1 Like

I tried setting up a static IPv6 suffix for the device I want to expose. Then in traffic rules I tried using the settings from here But that didn't seem to work.