How to use multiple IPv6 addresses?

I am using LEDE-17.01-snapshot. I have a rather special setup (advertising public IPv6 prefixes on both LAN and WAN port, which I get through HE tunnelbroker). Now I want to set up ULA as well. But I can only assign them automatically with option ip6assign which doesn't work well because this will also be applied to the tunnelbroker prefixes and that messes up my setup.

Can I somehow add a second IPv6 address to the interfaces? My idea is to specify the ULA address manually, additionally to the GUA address. But I can only set one IPv6 per interface in the network config.

EDIT: Seems like it's possible in /etc/config/network with using list ip6addr instead of option ip6addr, but LuCi doesn't support this setting.

option ip6class 'henet local'

I think you could add another interface with the same physical ifname or using a @ alias. That yould allow you to use different ip6assign options.

1 Like

ip6assign doesn't work well, because the HE tunnel delegates me two prefixes (one /64 and one /48), and I wanna use both. If I use ip6assign now, OpenWrt will try to advertise both prefixes on both WAN and LAN, breaking network connectivity.

It works perfectly now that I set both prefixes manually with list ip6addr, however LuCi doesn't support this. I don't know if LuCi supports this in newer versions. And I can't find the source for LuCi in LEDE where you define the network interfaces.

@lleachii What does this option do? I can't seem to find it in the wiki.

Could you explain a bit more what your problem is?
I used to have IPv6 from HE until recently along with ULA addresses on all interfaces and didn't face any issue.
Also post your uci show network for reference.

ip6class : Filter for prefix classes to accept on this interface (e.g. wan6 will only assign prefixes with class “wan6” but not e.g. “local”)

@trendy
I get IPv6 from HE and terminate the tunnel on my OpenWRT box. HE assigns me two prefixes, one /48 and one /64. I want to advertise the /64 for devices connected to WAN port, and the /48 for devices on LAN.
The problem is, if I set ip6prefix, and then use ip6assign for either WAN or LAN, OpenWRT will assign addresses from both the /64 and the /48 to these interfaces. But I want the /64 strictly limited to WAN, and /48 strictly limited to LAN. With the config below it works now. But I cannot change it with LuCi, because LuCi doesn't accept multiple IPv6 addresses in static configuration.

So if I wanna do it automatically and use ip6assign instead of ip6addr...what would I have to set ip6class to for each interface? What does ip6class local exactly do? The wiki page is a bit limited on the background things happening.

~# uci show network
network.loopback=interface
network.loopback.ifname='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.globals=globals
network.globals.ula_prefix='fdca:feb4:beef::/48'
network.lan=interface
network.lan.ifname='eth0'
network.lan.force_link='1'
network.lan.type='bridge'
network.lan.proto='static'
network.lan.ipaddr='192.168.1.1'
network.lan.netmask='255.255.255.0'
network.lan.ip6addr='2001:470:xxxx:1::1/64' 'fdca:feb4:beef:1::1/64'
network.lan.ip6prefix='2001:470:xxxx:1::/64'
network.wan=interface
network.wan.ifname='eth1'
network.wan.proto='static'
network.wan.ipaddr='x.x.x.x'
network.wan.netmask='255.255.255.0'
network.wan.gateway='x.x.x.y'
network.wan.ip6addr='2001:470:yyyy:zzzz::1/64' 'fdca:feb4:beef:e8e::1/64'
network.wan.ip6prefix='2001:470:yyyy:zzzz::/64'
network.@switch[0]=switch
network.@switch[0].name='switch0'
network.@switch[0].reset='1'
network.@switch[0].enable_vlan='1'
network.@switch_vlan[0]=switch_vlan
network.@switch_vlan[0].device='switch0'
network.@switch_vlan[0].vlan='1'
network.@switch_vlan[0].ports='0 1 2 3 4'
network.henet=interface
network.henet.proto='6in4'
network.henet.ipaddr='x.x.x.x'
network.henet.peeraddr='216.66.86.114'
network.henet.ip6addr='2001:470:xy:xy::2/64'
network.henet.sourcerouting='0'
network.henet.ip6prefix='2001:470:yyyy:zzzz::/64 2001:470:xxxx::/48'
network.nat64=interface
network.nat64.proto='tayga'
network.nat64.ifname='nat64'

These 2 are pointless, because you are not delegating anything downstream.

I would remove the /64 from henet.ip6prefix and change lan from static to ip6assign=64 or whatever you want there. ip6class doesn't make too much sense in your case, as you want to assign ipv6 from both henet and ULA if I understand correctly.

Regarding multiple ip addresses you'll have to change them manually.

How so? How does odhcpd know which prefixes to advertise on the interface?

I want to use the /64, though. Would have to change too much other stuff. Sure, it would be possible, but it should also work like this.

Ok. I mean, it would be perfect, if ULA would be assigned automatically, and the other prefixes manually.

I just edited LuCi to accept multiple IPv6 addresses as space-separated list, same as it does for IPv6 prefixes in 18.06.

I think newer versions are capable of more stuff cause I often find myself in the need to backport some stuff. Unfortunately, 18.06 runs too sluggish on my box.

I think you have confused the advertisements and the delegations.
Your interface already has the 'ip6addr', so, unless specified differently, it will send out Router Advertisements in the lan. RAs contain the network prefix, the gateway, and possibly the NS.
DHCPv6, implemented with odhcpd in OpenWrt can send some more information to the hosts, including some specific address to use, NS, and Prefix Delegated for downstream routers.
That means that if you connect another router on the LAN and you have specified an ip6prefix, it will be offered to the downstream router in order to autoconfigure.

Then use 'local' for the ip6class and define manually the henet ip6address.

You are right. I thought I need to specify ip6prefix for RA, but now I tried only with ip6addr and it works. So I only need ip6prefix if I want to delegate a prefix using DHCPv6 (I am only using SLAAC)?

I'll try that another time. For now I'll have it work with manual assignment. Especially since I am not quite satisfied with ULA alone. I thought I would be able to have multicast between segments, but seems like I need another daemon/proxy for that.

Yes, that's right.

If your problem is solved, feel free to mark the relevant post as the solution; and edit the title to add "[SOLVED]" to the beginning (click the pencil behind the topic).

grafik

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.