IP6 prefix between 2 boxes

Hi

I have 2 boxes

  • Box 1 : Connect to my provider (wan4 and wan6), get the public IP and the IPv6
  • Box 2 : this is my internal router with DHCP, DNS, and other tools

How the Box 2 can be aware of the IPV6 prefix received by Box1 from the ISP and distribute IP6 to the local devices ?

Thank you

Box 1 also is a IPv6 server which hands out a Prefix to other routers which request a prefix.
This is more or less the default for OpenWRT at least it works for me that way.
Of course Box 1 can only handout other prefixes if your provider hands out sufficient large prefix e.g. a PD with /60 or lower (/56 , /48)

ifstatus wan6 on box 1 will tell you what PD your provider handsout

I get a /56 PD:

        "ipv6-prefix": [
                {
                        "address": "2001:1c03:XXXX:XXXX::",
                        "mask": 56,
                        "preferred": 392012,
                        "valid": 1000389,
                        "class": "wan6",
                        "assigned": {
                                "lan": {
                                        "address": "2001:1c03:XXXX:XXXX::",
                                        "mask": 58
                                }
                        }
                }
        ],

See: https://openwrt.org/docs/guide-user/network/ipv6/configuration#downstream_configuration_for_lan_interfaces

1 Like

Don't really understand

On Box 1, I have this
image

config interface 'lan'              
        option device 'br-lan'      
        option proto 'static'       
        option ipaddr '192.168.1.61'
        option netmask '255.255.0.0'
        list dns_search 'maduao.net'
        option defaultroute '0'     
        list dns '192.168.1.11'     
        option ip6ifaceid '::2'  
        option ip6assign '64'    
        option ip6hint '10'      
        list ip6class 'STARLINK6'

On Box 2, what settings should I put in mt dnsmasq.conf ?

I am not the IPv6 expert so can only give you how it works for me.

Your LAN is connected to the WAN of the next routers so your LAN delegates prefixes if so setup in dhcp so first check your /etc/config/dhcp, it should look like:

config dhcp 'lan'
	option interface 'lan'
	option start '64'
	option limit '64'
	option leasetime '24h'
	option dhcpv4 'server'
	option dhcpv6 'server'             <<<<< LAN acting is IPv6server
	option ra 'server'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'

But of course the LAN should have enough prefixes to handout and you specified only one /64 for the LAN so it cannot handout other prefixes.

I also have a /56 PD just like you, so i set my LAN to acquire a /58 prefix (I also have guest and IoT subnets on my main router):
/etc/config/network:

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.0.1'
	option netmask '255.255.255.0'
	option ip6assign '58'              <<<<< acquire a larger prefix than /64 to be able to handout
	list dns_search 'home'
	option ip6hint '00'

Not sure I understand also this one

In box one, I have WAN (starlink) and LAN

All other boxes and devices (including the DHCP server) (dnsmasq) are on the lan

So what is your config on teh bax connected on the ISP ? and what is your config for the DHCP server to know which prefix to use ?

Thank you

In my setup LAN of box 1 is connected to WAN of box 2.

If your setup is other wise the you have to describe how box 2 is setup

Setup is (see above)
1 - Box 1 = connected to Starlink (wan6) + lan
2 - Other (openwrt) boxes and devices, including the DHCP server , DNS, etc... are on the (same) lan

I clicked on that on the Box 1
Not knowing what I am really doing...

image

OK it looks like you have setup router 2 as a Dumb AP:
https://openwrt.org/docs/guide-user/network/wifi/dumbap

I cannot help you with that as I do not have IPv6 on my DumbAP but I know that to get an IPv6 address on router 2 you have to add something like:

config interface 'lan6'
    option device '@lan'
    option proto 'dhcpv6'

to etc/config/network to give router 2 an IPv6 address

I think you should also set the newly created lan6 interface in the LAN firewall zone in /etc/config/firewall

That is all I know

no it is not a dumbap, it is an active box with the DHCP/DNS that my question is all about

How to let his DHCP server know about the ipv6 prefix from the first box ?

If box1 runs Openwrt you set a proper large subnet with ip6assign and use prefix delegation to box2. then box2 would have one or more prefixes available for local assignments.

In practice, what does it mean ?

What should I setup on Box1 (openwrt) and Box 2(Openwrt with my dnsmasq / dns / etc..)

By in practice, I mean a factual config example

Thank you

If I enable a "dhcpv6" client on any other box on the lan, no IPv6 assigned

image

How to
1 - Ensure that my dnsmasq (box2) knows the public prefix (if needed)
2 - FInd out DNS and routing to push the right settings to the devices
3 - Allow to assign IP6 to devices as I want ?

Good morning @grosjo

(So after a long family weekend I finally have found the time to answer you...)

First question: Are you familiar with ssh and are you able to use vim to edit config files on the command line?

Advise: Most of the time its more helpful if you post the content of the config files and no screenshots.

Ok lets start then.
On your box1 you need something like this on your wan and wan6 interface:

config interface            'wan'
    ...
    option  ipv6            'auto'
    ...

config interface            'wan6'
    ...
    option  proto           'dhcpv6'
    option  reqaddress      'try'       # [try,force,none]
    option  reqprefix       '56'        # Assuming your ISP provides you with a /56 prefix

Assuming for the sake of simplicity you have two networks, a LAN for clients and a network your the point-to-point connection to box2:

config interface            'lan'
    ...
    option  proto           'static'
    option  ipaddr          '192.168.1.1/24'
    list    ip6ifaceid      '::1'
    option  ip6assign       '64'
    option  ip6hint         '1'

This gives you an Link Local Address, an ULA, and a GUA (Global Unique Address) on the lan interface on box1.

The relevant section in /etc/config/dhcp looks like this:

config dhcp 'lan'
    option  interface           'lan'
    ...
    option  dhcpv4              'server'
    ...
    option  dhcpv6              'server'
    option  ra                  'server'
    option  ra_slaac            '1'
    list    ra_flags            'managed-config'
    list    ra_flags            'other-config'

Clients can request IPv4 addresses with DHCP, and can assign IPv6 addresses with SLAAC, get DNS Nameserver info via SLAAC as well as addresses and nameserver via DHCPv6...

Now to the interface config for the point-to-point to box2:
(Just to illustrate, I use the "second half" of the prefix, and from that second half I don't use the full prefix space (/57 or 2^7 bit but just 2^5 bit or /59)

config interface            'p2p'
    ...
    option  proto           'static'
    option  ipaddr          '192.168.128.1/24'
    list    ip6ifaceid      '::1'
    option  ip6assign       '59'
    option  ip6hint         '80'

On box2, you now either configure the wan interface or a new interface which you might could also call p2p. It totally depends how you want to setup your network and what you need. If you want to configure the default wan interface you might want to disable or re-configure the default firewall-rules on the wan interface, or you create a new firewall zone with your desired rules. You also might want to disable masquerade on WAN. etc etc pp
The p2p interface on box2 would look like (Similar to wan6 on box1:

config interface            'p2p'
    ...
    option  ipv6            'auto'
    ...

config interface            'p2p6'
    ...
    option  proto           'dhcpv6'
    option  reqaddress      'try'       # [try,force,none]
    option  reqprefix       '59' 

Then you setup/configure the lan interface on box2:

config interface            'lan'
    ...
    option  proto           'static'
    option  ipaddr          '192.168.129.1/24'
    list    ip6ifaceid      '::1'
    option  ip6assign       '64'

And you configure /etc/config/dhcp to also provide DHCP, DHCPv6, and SLAAC on that interface...

I hope this helps you. If you have further questions feel free to ask. Or if you need more context. I know I know this might look overwhelming at first, but I can ensure you its rather simply when all the pieces fall together :slight_smile:

Ok but how to configure the DNSMasq to receive the IP6 prefix and orchestrate the network ?

Sorry I must somehow missed your post...
How to configure dnsmasq to act as an dhcpv6 Server, See https://openwrt.org/docs/guide-user/base-system/dhcp
But if you have not touched it it should be the default already.