How to stop dhcpv6 from assigning GUAs

Hi Community, how do I stop dhcpv6 from assigning GUAs (like 2001:db80:abcd:1234::567/128 (from my ISPs (DTAG) delegated ip6 prefix)) to my lan clients? My lan clients also do SLAAC, so in my opinion there is no need for dhcpv6 to assign GUAs.

I already tried:

  • dhcpv6-mode stateless, which doesn't do/change anything for me, my lan clients still get GUAs assigned from dhcpv6

  • setting option dhcpv6_na '0' on my lan interface (in dhcp config file), which doesn't do/change anything for me, my lan clients still get GUAs assigned from dhcpv6

  • setting ip6class 'local' on my lan interface (in network config file), this kind of does what i want, it stops dhcpv6 from assigning GUAs to my lan clients (and still assigns ULAs, exactly as i want it), but this also breaks global ip6 connectivity for my lan clients at the same time (well, works as designed i guess since this option will only accept local (ULA) ip6 traffic on the lan interface according to the docs)

So how do I (properly) stop dhcpv6 from assigning GUAs (and only GUAs) to my lan clients without breaking global ip6 connectivity at the same time?

My router still runs 19.07.7.

Or you may want to disable DHCPv6 entirely and keep only RA:

uci set dhcp.lan.dhcpv6="disabled"
uci set dhcp.lan.ra="server"
uci commit dhcp
/etc/init.d/odhcpd restart
1 Like

yeah, i already tried setting ip6class="local" but then my lan clients loose global ip6 connectivity

or do i have to do all the settings under extra? (Using IPv6 by default + Disabling source routing + Announcing default IPv6 route + Disabling GUA prefix + Missing GUA prefix)

but when i disable dhcpv6 entirely what happens then to the ULAs?

As long as you have

        option ra 'server'
        option ra_slaac '1'

you can disable the dhcpv6 and you'll get the slaac addresses only for the ULA and GUA. You can control the addresses given with ip6class, as mentioned earlier.

1 Like

this way i will have to manually set local ip6 addresses and to also manually keep the hostnames file up to date. :unamused:

so is there no way to have slaac and stateful ULA at the same time?

I don't think you can have such a combination.

1 Like

Using SLAAC XOR DHCPv6 is a client-side decision, nothing you could influence on the router (aside from not offering DHCPv6 or RAs at all, breaking all IPv6 connectivity), you should end up with one or more GUAs in either way.

As expected, you can't reach the internet without either NAT64 (horrible idea) or GUAs.

Thanks to the heavily dynamic IPv6 prefix assignments by DTAG (guaranteed to change on every login), there's no way for static IPv6 address assignments either, you effectively must use DHCPv6 or SLAAC (and get your GUA that way).

Going through might help you understand the requirements.

1 Like

my lan clients have slaac GUAs all the time, so why is ip6 internet connectivity broken for them when i set ip6class 'local' on my lan interface? is local ip6class also supposed to stop slaac GUAs from working and/or connecting to the internet?

This is intentional behavior as ip6class=local delegates only ULA prefix.
By the way, since the default just works, maybe you don't need to fix it.

1 Like

I just figured out that my initial issue (why I wanted my clients not get a GUA from dhcpv6) was related to ip6tables on client side.

But I guess there is no way to stop dhcpcd to request a GUA anyways, without affecting to request an ULA?

Of course you can, by filtering (option ip6class 'local') for the ULA prefix only. Doing so just doesn't make sense, your clients wouldn't have IPv6 connectivity to the outside anymore - you can't access the internet with an IPv6 address from an ULA prefix.

1 Like