Interfaces not getting ULA, only GUA

I just rebuilt our router this weekend, and found out that none of my subnets are getting ULA prefix. GUA is provided by PPPoE and is dynamic. I need ULA to write some firewall rules to forward packets over, so dynamic IP from ISP cannot be used. Can someone tell me what is wrong?

Here are configurations from 1 subnet and wan:

root@OpenWrt:~# uci show network.@globals[0]
network.cfg083b09=globals
network.cfg083b09.ula_prefix='fdaa::/48'
root@OpenWrt:~# uci show network.wan
network.wan=interface
network.wan.device='eth0.60'
network.wan.ipv6='auto'
network.wan.password='--------'
network.wan.proto='pppoe'
network.wan.username='--------'
root@OpenWrt:~# uci show network.guest
network.guest=interface
network.guest.device='eth0.30'
network.guest.ip6assign='64'
network.guest.proto='static'
network.guest.ipaddr='192.168.31.1/24'
root@OpenWrt:~# uci show dhcp.guest
dhcp.guest=dhcp
dhcp.guest.interface='guest'
dhcp.guest.leasetime='1h'
dhcp.guest.limit='200'
dhcp.guest.start='50'

I have set ip6class to be "local" "wan_6" but it still only gets GUA. If I set it to "local" only then there is no IPv6. I also tried to adjust DHCPv6 related configs but they don't make a difference.

When you have a dynamic prefix you can use negative netmask so that you do not need ULA see:
https://openwrt.org/docs/guide-user/firewall/fw3_configurations/fw3_ipv6_examples

Thanks. I'll see if negative netmask is supported in nft as well.

Certainly, I use it for IPv6 port opening for my VPN server :slight_smile:

OK another issue. I use redsocks to forward packets, and it wants an IP address to bind to. I can't use ULA since it is dynamic, and I can't use negative netmask since it is not an IP address. This only left me with ::0 which I don't want it to be available everywhere. So I'm still looking to get ULA enabled on my interfaces.

The issue is due to incorrect network.globals type. I used a script to generate OpenWrt configs for multiple devices. Previously it was:

config globals
        option ula_prefix 'fdaa::/48'

The correct one is:

config globals 'globals'
        option ula_prefix 'fdaa::/48'

For some reason LuCI can read and write the wrong type without correcting it, but I guess netifd is not so forgiving.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.