Hi, all! Behind my ISP's modem, I have placed my OpenWrt router. I would like all devices connected to the OpenWrt router to get global IPv6 addresses so that test-ipv6.com returns 10/10 for each of them. Unfortunately, my ISP provides my modem with a 64-bit IPv6 prefix, so that no more bits are left for any subnets.

In other words, OpenWrt is unable to provide its connected devices with global IPv6 addresses (although the OpenWrt router itself does receive a global IPv6 address from the FRITZ!Box modem). On my laptop, test-ipv6.com returns 0/10, and ping6 2a03:b0c0:3:d0::1a51:c001 does not work either.

1. Network setup

The device that connects to the internet in my network is a FRITZ!Box 6660 Cable (running the official FRITZ OS) provided by my ISP. Behind it, I have put my Archer A7 router running OpenWrt.

Here's a diagram showing my network setup. (Ignore the bandwidths, they're unrelated to this issue. I was too lazy to create a new drawing.)

2. Why IPv6 prefix delegation doesn't work

By default, my ISP provides a 64-bit IPv6 prefix to the FRITZ!Box, which makes IPv6 prefix delegation (PD) impossible. That's why only the devices connected directly to the FRITZ!Box receive global IPv6 addresses, and devices connected to the Archer A7 only get local IPv6 addresses not suitable for accessing the public internet.

In the FRITZ!Box' web interface, there is a setting to request an IPv6 prefix of a custom length, which would very easily solve this problem. However, when clicking on “save”, the changes are not applied, meaning I can't actually change the IPv6 prefix length.

Another customer of my ISP also experienced this issue and was able to get through to the technical support hotline where an ISP employee fixed the issue. When I called customer support myself, however, they didn't understand the problem and referred me to the ISP's local office and the FRITZ!Box' manufacturer AVM, both of whom also didn't understand the issue and couldn't help me either.

3. Static IPv6 route: seems to work?

I read online that static routes may be an option if prefix delegation is not available. (Actually, several people claimed that, in practice, PD is the only realistic option because static routes are allegedly “too complicated”.)

3.1 FRITZ!Box

Therefore, in the FRITZ!Box' web interface, I opened “Home network” “network” “network settings” “IPv6 routes” and created this route:

• IPv6 network: 0000:X1:X2:X3:X4:0000:0000:0000
• prefix length: 48
• IPv6 gateway: fe80:0000:X1:X2:X3:X4:0:0

(For privacy, I redacted parts of the IPv6 addresses with consistent placeholders, i.e. for example, X1 has the same value in both the network and in the gateway.)

Here, the gateway is the local IPv6 address of the OpenWrt router in the FRITZ!Box modem's network. ifconfig reveals that the address is associated with the Archer A7's br-lan, eth0 and eth0.2 interfaces.

3.2 OpenWrt

In OpenWrt's web UI, I opened “Network” “Firewall” “WAN” “Advanced Settings” where I disabled “IPv6 masquerading” in order to prevent OpenWrt from doing network address translation, so that the static route is actually used. (Is this explanation correct at all?)

3.3 Result

When visiting test-ipv6.com, I get a 10/10, and ping6 2a03:b0c0:3:d0::1a51:c001 (openwrt.org) also works fine on my laptop, which basically means that my setup works.

However, I am not sure whether I am following good practices and whether my solution will continue to work permanently.

3.4 Static IPv6 address?

I interpret the term “static route” and the fact that I “hard-coded” a specific IPv6 address that my setup will cease to work once the OpenWrt router gets a new IPv6 address. So far, it has not yet changed across multiple reboots of the OpenWrt router (although the FRITZ!Box was not rebooted in the meantime).

Should I configure OpenWrt to use a static IPv6 address in order to prevent breaking my setup? If so, what should I enter in “Network” “Interfaces” “WAN6”?

Of course, I would enter the current IPv6 address. But where to look up the IPv6 gateway address?

Also, why does the popup ask me to enter an IPv4 address, IPv4 netmask and IPv4 gateway on the IPv6 interface?

3.5 Privacy implications of a static local IPv6

Does the global IPv6 address' interface identifier depend on the local IPv6 address? In other words: Will the interface identifier of the global IPv6 address also become static if OpenWrt gets a static local address?

If so, how can I circumvent this? I don't want to artificially make myself more trackable online.

4. Other approaches

I am not aware of any other ways to circumvent prefix delegation, but feel free to suggest any (if there are). Especially if you happen to know how to fix the PD issue in the FRITZ!Box' settings

Thanks for your advice

Hey there.

Do you use a specific branded Fritz!Box of your ISP or do you use a free one with the original firmware? I live in Germany and use a Fritz!box bought by myself instead of one provided by my ISP. I have no problems in changing the size of the requested prefix.

Assuming you are not able to change the prefix size, I see only two options:

1. You can use a (yet) unassigned global prefix internally and make use of NAT6.

https://openwrt.org/docs/guide-user/network/ipv6/ipv6_extras#using_ipv6_by_default
https://openwrt.org/docs/guide-user/firewall/fw3_configurations/fw3_nat#ipv6_nat

This way you will NOT have a public reachable address on each device, but they can reach the internet with IPv6.

2. You disable downstream prefix delegation. Instead you let your OpenWRT router forward/relay all IPv6 related messages like RA / DHCPv6 / NDP. I have no experience with this, but you should be able to get all your downstream devices into the same /64 prefix you got from your provider. There are some options available in LuCI. Basically your Fritz!Box would assign adresses to them, but your OpenWRT will still act as a firewall.

Hm, guessing from the image of your network setup, I think we have the same ISP -
if the company logo is correct - Vodafone. In my case I can make my Fritz!Box 6430 get a /56 prefix which is the maximum size Vodafone will give to you. This is because I own a Fritz!Box with the original firmware. You wrote you rent a Fritz!Box from the ISP. This one runs a modified formware. If I read your link correctly, you can still request a prefix with a size of /62 bits. This is not much, but should still fit your need. I assume you tried to save another prefix size, e.g. /60, /56 or even /48 bits. In this modified firmware this is prohibited by not saving such sizes.

So, long storry short: request a prefix of /62 bits with your Fritz!Box. This leaves you 4 prefixes of size /64 or 2 prefixes of size /63 for use in OpenWRT. You just need to change the size of the requested prefix here for your wan6 niterface as well as for your lan interface.

In my screenshot I request /60 bits. You should choose /63 for your wan6 interface and you can (but you need not) request a prefix of /64 bits on your lan interface.

OpenWrt's relay mode can be used to give LAN devices each a unique IP from the single /64 that exists on wan. This is commonly used with LTE connections, as LTE services almost never route a larger prefix to customers. A wired ISP should do better though.

1. IPv6 prefix delegation

There's no mention of the ISP neither in the web interface nor on the cardboard box it was shipped in, but they may have patched the firmware anyway, not sure.

Yes

Sadly not: Regardless of what I enter, the setting is never saved. The other Vodafone customer had the issue solved by technical support – but they were unable to assist me.

1.1 Screen capture

Screen capture showing me trying to get an IPv6 prefix smaller than 64 bit: https://i.imgur.com/QCXLTZZ.mp4 (note that the number 62 already filled in does not represent the current prefix length.

1.2 Actual prefix length

The actual prefix length is still 64 bit:

2. Unassigned global IPv6 prefix

Interesting idea, but honestly, this seems less robust than my approach.

3. Relay mode

In the FRITZ!Box? I don't see an option for that.

Like this? (I had already set up these settings.)

3.1 Disabling the static IPv6 route

I just disabled the static IPv6 route in the FRITZ!Box' web interface, in order to check whether enabling relay mode is already sufficient to get global IPv6 addresses on the client devices. After that, I restarted the lan, wan and wan6 interfaces in OpenWrt and re-connected to the Wi-Fi with my laptop.

It turns out that test-ipv6.com now still returns 10/10 and that ping6 2a03:b0c0:3:d0::1a51:c001 also works fine when connected to OpenWrt's Wi-Fi!

I guess this avoids the need for a static local IPv6 address completely?

Nitpick: you wanted to say "larger". Like, if you want a /56, that's a larger prefix then a (single) /64, because now you would have 8 bits space for allocation networks, which are 256 in total.

Ps: I can not help out on the topic because I'm with Deutsche Telekom and v6 just works with them since ages

I would say, the relay mode is working. And yes: as our ISP delegates long living but not static prefixes, you should avoid static (global) adressing. Local adresses start with fd.. and you may use them additionally, if you need static adressing internally. I do not need that.

I also became friends with dynv6. It is super nice to update one account and you are able to use many devices per account which are auto-updated as well:

Update the prefix for myaccount.dynv6.net and be able to access e.g.

• tv.myaccount.dynv6.net
• nas.myaccount.dynv6.net
• vpn.myaccount.dynv6.net

Also, if you ever really need prefix delegation, you may need to buy your own Fritz!Box. Here is my proof that vodafone hands out /56 prefixes:

Thank you very much, everyone!

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.