How to configure a static IPv6 address

jeff · August 18, 2018, 7:08pm

OK, so all the connectivity you need is on a single link, none of your desired connections (except, of course, Internet access) needs to "go through" a router, correct?

If that's the case, then link-local addressing should cover you, with no need for a ULA.

It seems that the only "problem" is that there isn't a LuCI screen that lets you set the link-local IPv6 address of the OpenWRT interfaces. The post above from jow shows how to configure with UCI at run time. Configuration in /etc/config/network should be very similar.

ULA-based addresses should also work.

Frood42 · August 19, 2018, 7:19pm

What I get on WAN6 with dynamic IPv6 is
IP 2a02:8071...
GW fe80::3a43...
IPv6 routed prefix 2a02:8071...
and I tried this in the static settings. internally the router is accessible via IPv6 which is at least something. Somehow I like it I can even access Luci via https://[2a02:8071:b9b:xxxx:8e3b:yyyy:feba:xxxx]/cgi-bin/luci (masked with x,y)
But something is weird - tested 5-6 times: Sites like https://test-ipv6.com/ do not show an IPv6 address anymore. With dynamic IPv6 on WAN6 the site shows an IPv6.

Just FYI: It would be even more confusing if I tell you the detailed setting on the cable modem, there you can see another IPv6 address, default GW (! for the internet WAN, not the router WAN) and the IPv6 DNS servers.

For the time being, this project is paused, since most of the information is not going into the same direction and is even more misleading / confusing.

dlakelan · August 19, 2018, 7:24pm

Also, if you want to access anything off of your LAN (ie. in the public internet) using ipv6 you will need a public non ULA prefix delegated to you by your ISP, usually via DHCP6 prefix delegation. ISPs rarely hand out "static" (ie. permanently assigned) prefixes to their customers in part because it's an administrative nightmare for them.

dlakelan · August 19, 2018, 7:27pm

You are NOT going to get a static IPv6 prefix from your ISP. It's just NOT going to happen. what you need to do is accept the fact that you need to use prefix delegation and move on to getting your public ipv6 network working properly.

If you want to have a set of static addresses that are under your control use the ULA in addition to the public Prefix Delegated one. As I said, every machine can have millions of IPv6 addresses, but typically they all come from a small number of prefixes. In IPv6 the first 64 bits of the address denote the network prefix and the next 64 bits are the host portion, meaning completely under your control defining particular machines within the network.

You should really read up on ipv6 and/or take the Hurricane Electric ipv6 online course.

EDIT: if you lost your random unique local address somehow, you can generate a new one. There used to be a convenient website but I can't find it now. Does anyone know how OpenWRT generates its ULAs initially?

Frood42 · August 19, 2018, 8:03pm

I think I give up.
My setup is ISP -> Cable Modem -> OpenWrt Router
The router WAN is connected to the cable modem LAN
All settings I do are done on the router.
The modem is a DHCPv6 Server giving me stateless IPv6 start address 2a02:8071:aaaa:bbbb::/64

So, if I change the settings on my Router, the WAN6 settings, how is this related to the prefix I get from my ISP? I dont get it.

If I cannot change the start address, ok, the prefix need to be the same for the router WAN6 IPv6 address, is this what you are trying to say?

dlakelan · August 19, 2018, 8:20pm

Yes, you definitely need to read about IPv6.

the only packets that are going to come into your WAN6 are packets destined for addresses

2a02:8071:aaaa:bbbb:xxxx:yyyy:zzzz:qqqq

This is because your ISP is not going to route any other packets to you. Furthermore they aren't going to accept any packets from you unless they're inside that range.

So, as far as talking to your OpenWRT router or other devices in your LAN you can do whatever you like with ULA addresses. But the ISP will not route packets from your ULA nor will they send packets to your ULAs

so if you want to talk with the outside world, you'll need to use the prefix:
2a02:8071:aaaa:bbbb::/64 that they gave you (or maybe another range, sometimes you can request say a /56 sized prefix and have some additional subnets you can play around with).

It's that simple, any choice on your part to use something other than the 2a02:8071:aaaa:bbbb that they gave you will result in your ISP dropping the packets.

Frood42 · August 19, 2018, 8:30pm

for the cable modem WAN address: It might not be static and I cannot change it. Yes.

I understand that the router WAN6 address needs to be within the range 2a02:8071:aaaa:bbbb::/64
I cannot change this range on the cable modem, if I do so, I always get an error, IP is invalid.

But now the "jumping point" comes into the game: In the last 8-9 months, my public IPv6 changed 9 times.
2a02:8071 never changed
2a02:8071:aaaa changed one time only
2a02:8071:aaaa:bbbb changed 3 times.

So to follow the theory, I could have been using static IPv6 addresses on WAN6 for the router if I changed it 3 times in 9 months, right?
And if understand it correctly, it doesnt matter if we talk about WAN6 or LAN IPv6 on the router, the problem is the same.

lleachii · August 19, 2018, 9:48pm

There is no theory. I think you're completely lost. What does this statement even mean!?!?

Why do you continue to insist and make statements as if you can manipulate or change your dynamic IPv6 WAN addresses?!?!

Your WAN is controlled by your ISP, regardless if your cable modem permits you to NAT the IPv4 public address to 192.168.11.0/24.

All of the IPs you wrote are part of the larger subnet above it...likely issued to your ISP. I think this point is being made to again try to set a static WAN6 IP...

I guess this is because your ISP let's you use Private IPv4 addresses on WAN, you think the same works with IPv6.

Please explain the problem?

I think you need to better understand how this Public IPv6 block works, as it related to you ISP issuing the dynamic space via DHCPv6 before you attempt to setup IPv6.

Because, if you want Public IPv6 Internet access, your clients must all possess a Public IPv6 address, that simple. There [normally] isn't a such thing as NAT, so all devices must have a Public IPv6 address. I think this is what you're not understanding about IPv6.

dlakelan · August 19, 2018, 10:12pm

What is the issue that you are trying to solve by typing in a static IPv6 address to your system? Because I don't "get it". Although the prefix you have may stay constant for a long time, without the DHCPv6 requests to renew it constantly it most likely will expire in a few hours to days, so it's never going to work for more than a short period of time to just type in something here.

lleachii · August 19, 2018, 10:18pm

Another major thing here is the understading of subnetting:

While Hex is a little harder to read than other numbering systems, especially if it's an IP address, You still need to know the breakdown. Earlier in the thread, I noted something that's very important now:

Multiple times, the OP used IPs that weren't issued to the ISP. The OP continues to call them "invalid..." but I'm not sure the OP understands that those IPs don't even belong to the ISP...a misunderstanding of routing as well.

I think there's a belief that the IPv6 addresses the OP sees on the cable modem - are somehow similar to RFC1918 IPv4 space. There also seems to be a beleif of some IPv6 "NAT" in place, as the OP doesn't grasp that the WAN and LAN subnets need to be of the same upstream subnet (or delegated to be routed to that subnet) - for Public IPv6 access to work.

Frood42 · August 20, 2018, 8:17am

Why do you say "Your WAN is controlled by your ISP," ?
Why do you mention ISP when we talk about an IPv4 address on the router?
Why do you mention the ISP and control over WAN when we talk about the router hat sits behind the cable modem?
Why do you say that the router address 192.168.11.0 is public?
If you mean the WAN of the OpenWrt Router something bad will happen...

I have the feeling that you did not understand the question and the setup.
Setting a static IPv4 address on the router (in this setup) is as usual as eating chewing gum.

Are you sure you understood the setup? ISP --> Cable Modem --> Router --> LAN

So far, the posts above did not help me to get a better understanding of the options for static IPv6 addresses settings on OpenWrt. Now I more and more get the feeling that this might be because you are talking about different things.

lleachii · August 20, 2018, 8:24am

Screenshot%20from%202018-08-20%2004-21-10

This is on your WAN per Post # 1.
192.168.0.11/24 is not a Public Static IP, they are Private RFC1918 SPECIAL IPv4 addresses
You cannot use the same philosophy to set an IPv6 address

Yes!

To have Private IPv6 network access, you use the ULA or Link-Local addresses. If you want Public Internet access, you must use the IPs issued from the cable modem connected to the ISP.

Frood42 · August 20, 2018, 8:30am

So why do you write

Your WAN is controlled by your ISP, regardless if your cable modem permits you to NAT the IPv4 public address to 192.168.11.0/24.

And if this is the case: "You cannot use the same philosophy to set an IPv6 address"

Why are there fields for IPv6 address, GW on the WAN and WAN6 tab?
Why is there a big chapter for that topic https://openwrt.org/docs/guide-user/network/ipv6/start ?

I think you are not serious anymore. Not sure what your intension is.

Anyways, you are totally confusing. Sorry.

lleachii · August 20, 2018, 8:41am

Because, you keep saying this:

You CANNOT set IPv6 addresses that easily as if they are RFC1918 IP addresses. Others explained that to you as well. It was likened to giving out a different phone number than your provider issued to you:

I asked you to visit whatismyip.com so that you can see your Public IPv4 address. You would then realize it doesn't look like 192.168.0.0/24. It should start with one of these: https://bgp.he.net/AS29562#_prefixes - as this is your ISP.

Because you changed the interface from DHCPv6 to Static.

Because some people are issued Static IPv6 addresses from their ISPs, and can therefore configure their routers using Static addressing

Then you missed me, and all those who attempted to assist you.

jow · August 20, 2018, 8:43am

"WAN6" is merely a name for an additional interface, it could be called "foo" or "test" or anything else. When the "WAN" and "WAN6" are set to the same protocol (e.g. both static) then LuCI will display exactly the same options for them. As I wrote earlier, there is a bug in LuCI that prevents rendering the various IPv6 address fields for proto "static", hence the confusion.

If you configure your WAN side IPv4 and IPv6 addresses completely statically, you do not need a WAN6 interface at all since you can (LuCI bug aside) configure both ipaddr and ip6addr on the same "WAN" interface.

The "WAN6" interface is needed for cases where the protocol differs, commonly dhcpv4 for wan + dhcpv6 for wan6 or pppoe for wan + dhcpv6 for wan6.

When both "wan" and "wan6" are set to static, LuCI will treat them equally, very much like the lan interface.
There is nothing intrinsically special about "wan" in OpenWrt, it is just another interface that happens to be preconfigured for internet access. This concept deviates from vendor firmwares where you usually have a fixed, hardcoded wan/lan concept.

Edit:
If you would like to keep the wan/wan6 separation, even in the static config case, you would basically set the IPv4 fields on wan and leave the IPv6 fields empty, and on wan6 you would set the IPv6 fields and keep the IPv4 ones empty.

Frood42 · August 20, 2018, 8:54am

Can you imagine my Setup is
ISP --> Router A --> Router B --> LAN?
So there is a Router A instead of the cable modem?

And here, we are taking about Router B only. And Router B is not facing the internet directly. And the WAN IPv4 address on router B is static and set by me.
The WAN IP address of router B is different than the one on router A. And the WAN IP address on router A is in fact the public IP Adress on the internet which I can tell you because I am sharing it with tons of other UM customers.
I dont need https://bgp.he.net/AS29562#_prefixes to understand that.
I was asking for static IP addresses on OpenWrt - as I can easily use them on my internal devices on my LAN.

But I give up here and ask the Admins to close or delete this thread.

Thanks and best regards,
Frood

lleachii · August 20, 2018, 8:58am

I can.

Then configure Router A to issue you a Static /48 from here: https://bgp.he.net/AS29562#_prefixes6

Make sure it never changes. Problem solved. Then you can configure Router B with as many /64 subnets/prefixes as you wish.

dlakelan · August 20, 2018, 10:47am

This is confusion on your part, the great thing about ipv6 is that all devices use public ips and thus every device is facing the public internet directly. Of course normally people use firewalls for permission restriction, but there is no network address translation normally used, so router B is just as much on the public internet as A is.

jeff · August 20, 2018, 1:22pm

Yes, that is what several of us have been trying to explain, especially in that IPv6 addressing is very different than NAT-ed IPv4 addressing.

The people on this thread trying to help you likely understand that whether you call it a "modem" or you call it a "router" it has the same function of transporting packets to and from your ISP and delivering them appropriately.

You need to consider in your thinking that your IPv4 addressing is completely independent of your IPv6 addressing.

For that matter, there is no such thing as "sharing" of a "public IP Adress on the internet". Public addresses are required to be on no more than one, globally unique interface within the public, routable Internet space.

When you think about IPv6, you need to disassociate from your experience with NAT-ed IPv4.

In your topology, every node will have a link-local address (required for all nodes in IPv6). Router A's upstream interface will likely have an public IPv6 address assigned by your ISP. If, and only if your ISP provides IPv6 transport for multiple devices, then it will have a Prefix Delegation (PD) also assigned by your ISP. The ISP's router will set up a router for the PD via the upstream interface of Router A. Router A will also "ensure" that destination IPs in the PD are not routed back to the ISP (often a "blackhole" route for the entire PD). Typically Router A would advertise a portion of that PD on its downstream interface, as well as potentially assign one of those addresses to its downstream interface (though neither is required).

The IPv6 address assigned to the modem is not "yours", nor does it necessarily have anything at all to do with address(es) or a PD potentially assigned to you. Your default route may well be a link-local address, which is completely "fine" under IPv6.

Router B would be similar, with "ISP" in the forgoing becoming "Router A". Like the ISP assigning you a PD, if you chose to take a portion of your PD that your ISP gave you and assign it to be downstream of Router B, Router A would need a route installed for that address space via the upstream interface of Router B (which, like any on-link connection, only needs a link-local address, not a publicly routable address.

Edit:

While it may be convenient for router interfaces to be assigned a public IPv6 address, routing, being a next-hop process, can be accomplished with only link-local addresses. Technically, as long as a router knows the next-hop address for a given packet, that is sufficient. Given that return routes need not be the same as "outbound" routes, this knowledge need not even be reciprocal.

Frood42 · August 20, 2018, 5:20pm

I hope this is not the case for all internal devices. And most likely not for router B if possible.