I have a OpenWRT router.
I'm trying to access my server over SSH from WAN
I can access the luci interface from https://[2603:8001:xxxx:xxxx::1]/cgi-bin/luci/ or https://192.168.1.1/cgi-bin/luci/ or https://[fd0d:c6f2:a86e::1]/cgi-bin/luci/.
After logging in, under Network -> DHCP and DNS > Static Leases, I added an entry for my Server, IPv6 address = 192.168.1.244 , IPv6 suffix (hex) = aa64. After saving and applying, and then replugging the ethernet cable:
The Ethernet "ip a" result of the server is:
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether <redacted mac address> brd ff:ff:ff:ff:ff:ff
altname enp0s25
inet 192.168.1.244😃/24 brd 192.168.1.255 scope global dynamic noprefixroute eno1
valid_lft 39883sec preferred_lft 39883sec
inet6 2603:8001:xxxx:xxxx::557☹️/128 scope global dynamic noprefixroute
valid_lft 39884sec preferred_lft 39884sec
inet6 fd0d:c6f2:a86e::557☹️/128 scope global dynamic noprefixroute
valid_lft 39884sec preferred_lft 39884sec
inet6 fd0d:c6f2:a86e:0:3578:d7c0:fa9f:ed79/64 scope global noprefixroute
valid_lft forever preferred_lft forever
inet6 2603:8001:xxxx:xxxx:aa15:f2fb:3ea5:5d43/64 scope global dynamic noprefixroute
valid_lft 573510sec preferred_lft 573510sec
inet6 fe80::7511:c83a:fe0e:9ffb☹️/64 scope link noprefixroute
valid_lft forever preferred_lft forever
I think 557 should be replaced with aa64 in the above report
I set up port forwarding (from what I heard, this is only done on IPv4): Network > Firewall > Port Forwards > "Incoming IPv4, protocol TCP
From wan
To this device, port 20022
Forward to lan IP 192.168.1.244 port 20022"
Port forwarding to an IPv6 address was not an option.
I set up Traffic Rules: Network > Firewall > Traffic Rules > " Forwarded IPv4 and IPv6, protocol TCP
From wan
To lan, IP 2603:8001:xxxx:xxxx::557, port 20022
Accept forward"
Then, I try to reach the server with ssh on port 20022, using my phone connected to either the wifi or to the mobile network:
on wifi:
~ $ ssh -p 20022 nasadmin@192.168.1.244
nasadmin@192.168.1.244: Permission denied (publickey).
~ $ ssh -p 20022 nasadmin@66.75.xxx.xxx
nasadmin@66.75.xxx.xxx: Permission denied (publickey).
~ $ ssh -p 20022 nasadmin@fd0d:c6f2:a86e::557
nasadmin@fd0d:c6f2:a86e::557: Permission denied (publickey).
~ $ ssh -vp 20022 nasadmin@2603:8001:xxxx:xxxx::557
OpenSSH_9.1p1, OpenSSL 3.0.7 1 Nov 2022
debug1: Reading configuration data /data/data/com.termux/files/usr/etc/ssh/ssh_config
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Connecting to 2603:8001:xxxx:xxxx::557 [2603:8001:xxxx:xxxx::557] port 20022.
<User Patience Timeout>^C
on mobile network
~ $ ssh -p 20022 nasadmin@66.75.xxx.xxx
nasadmin@66.75.xxx.xxx: Permission denied (publickey).
~ $ ssh -vp 20022 nasadmin@2603:8001:xxxx:xxxx::557
OpenSSH_9.1p1, OpenSSL 3.0.7 1 Nov 2022
debug1: Reading configuration data /data/data/com.termux/files/usr/etc/ssh/ssh_config
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Connecting to 2603:8001:xxxx:xxxx::557 [2603:8001:xxxx:xxxx::557] port 20022.
<User Patience Timeout>^C
My server seems to be accessible over IPv4 through normal port forwarding strategies (I did this years ago with a different router software, worked great), but IPv6 DHCP static lease doesn't respond to configuration, and IPv6 traffic rules seem to block the connection.
What am I doing wrong such that the global(?) IPv6 ip of the server never works? How can I make it connect?