IPv6 connectivity stopped to work in LAN, ok on router

You are right, WAN is bridged because I used it for a while together with a wireless.
Proto 41 I do not think is an issue because IPv6 can work on router, so upstream is ok
Generally speaking: can you see why this configuration stopped to work?

Done, no IP is gotten in LAN.

To be honest I am surprised this even worked. Not the henet, that looks fine to me. But the other one can't have worked. Actually I find it rather stupid to use 6in4 to the ISP premises, let alone to allocate only a /64.
Can you ask your ISP out of curiosity, how are you supposed to allocate a single /64 in lan and wan?

But what I do not understand is this: on wan we get the endpoint at the end of the tunnel acting as default gateway. It works because from router I can reach internet

LAN get the prefix /64 and provide SLAAC and DHCPv6 and it works and it advertise router

What it does not work is connectivity between router and LAN because the router decide to send /64 traffic on the tunnel instead resolving MAC with NDP and send packets in LAN.

This is the problem, which is inexplicable to me

It is not that difficult. You wouldn't be able to operate a router that would have 192.168.1.2/24 on wan interface and 192.168.1.1/24 on lan interface.

Ok

So any idea why relay setup does not work at all?

Post one more time the config to see how it looks like now.

uci export network; uci export dhcp; uci export firewall; ifstatus wan; ifstatus wan6; ifstatus lan

@trendy

root@MenionRouter:/etc/config# uci export network; uci export dhcp; uci export f
irewall; ifstatus wan; ifstatus wan6; ifstatus lan
package network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fdb5:24dd:030d::/48'

config interface 'lan'
        option proto 'static'
        option ipaddr '192.168.182.1'
        option netmask '255.255.255.0'
        option ip6assign '64'
        option _orig_ifname 'eth0'
        option _orig_bridge 'false'
        option ifname 'eth0.2'
        option type 'bridge'
        list dns '8.8.8.8'
        list dns '8.8.4.4'

config interface 'wan'
        option proto 'dhcp'
        option ifname 'eth0.3'
        option type 'bridge'

config interface 'vpn0'
        option ifname 'tun0'
        option proto 'none'
        option auto '1'

config interface 'vpn1'
        option ifname 'tun1'
        option proto 'none'
        option auto '1'

config route
        option interface 'lan'
        option target '10.10.0.0'
        option netmask '255.255.255.0'
        option gateway '192.168.182.192'

config route
        option interface 'lan'
        option target '10.11.0.0'
        option netmask '255.255.255.0'
        option gateway '192.168.182.192'

config route
        option interface 'lan'
        option target '10.12.0.0'
        option netmask '255.255.255.0'
        option gateway '192.168.182.10'

config route
        option interface 'lan'
        option target '10.13.0.0'
        option netmask '255.255.255.0'
        option gateway '192.168.182.10'

config route
        option interface 'lan'
        option target '10.14.0.0'
        option netmask '255.255.255.0'
        option gateway '192.168.182.11'

config route
        option interface 'lan'
        option target '10.15.0.0'
        option netmask '255.255.255.0'
        option gateway '192.168.182.11'

config interface 'wan6'
        option proto '6in4'
        option peeraddr '81.208.50.214'
        option ip6addr '2001:xxx:yyyy:d3e3::2/64'

config interface 'henet'
        option proto '6in4'
        option peeraddr '216.66.80.98'
        option ip6addr '2001:ttt:25:yyy::2/64'
        option tunnelid '355738'
        option username 'xxxxxx'
        option password 'xxxxxxxxxx'
        list ip6prefix '2001:ttt:qqqq::/48'
        option auto '0'

config interface 'nat64'
        option proto 'tayga'
        option ipv4_addr '192.0.2.1'
        option ipv6_addr '2001:ttt:qqqq:0201::1'
        option prefix '2001:ttt:qqqq:ffff::/96'
        option dynamic_pool '192.0.2.0/24'
        option accept_ra '0'
        option send_rs '0'
        option auto '0'

config route
        option interface 'lan'
        option target '192.168.183.0'
        option netmask '255.255.255.0'
        option gateway '192.168.182.135'

config route
        option interface 'lan'
        option target '192.168.56.0'
        option netmask '255.255.255.0'
        option gateway '192.168.182.192'

config interface 'VPN_USA'
        option proto 'none'
        option ifname 'tun2'

config interface 'LAN_VPN_USA'
        option proto 'static'
        option ifname 'eth0.10'
        option netmask '255.255.255.0'
        option dns '8.8.8.8 4.4.4.4'
        option metric '10'
        option ipaddr '192.168.180.1'

package dhcp

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '0'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option localservice '0'
        option enable_tftp '1'
        list server '8.8.8.8'
        list server '8.8.4.4'
        option serversfile '/tmp/adb_list.overall'

config dhcp 'lan'
        option interface 'lan'
        option leasetime '12h'
        option start '50'
        option limit '200'
        list dns '2001:4860:4860::8888'
        list dns '2001:4860:4860::8844'
        option dhcpv6 'relay'
        option ra 'relay'
        option ndp 'relay'

config dhcp 'wan'
        option interface 'wan'
        option dhcpv6 'relay'
        option ra 'relay'
        option ndp 'relay'
        option master '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config domain
        option name 'menionbananapi'
        option ip '192.168.182.192'



package firewall

config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option network 'lan nat64'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        option network 'wan wan6 henet'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config include
        option path '/etc/firewall.user'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config rule
        option target 'ACCEPT'
        option src 'wan'
        option proto 'udp'
        option dest_port '547'
        option name 'Allow DHCPv6 Relay'
        option family 'ipv6'
        option src_port '547'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp'
        option src_dport '10001'
        option dest_ip '192.168.182.18'
        option dest_port '10001'
        option name 'Allarme'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp'
        option src_dport '1028'
        option dest_port '1028'
        option name 'Webcam Cameretta'
        option dest_ip '192.168.182.216'
        option enabled '0'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp'
        option src_dport '1030'
        option dest_port '1030'
        option name 'Webcam Taverna'
        option dest_ip '192.168.182.239'
        option enabled '0'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp udp'
        option src_dport '1027'
        option dest_ip '192.168.182.22'
        option dest_port '1027'
        option name 'Webcam Camera'
        option enabled '0'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp'
        option src_dport '5144'
        option dest_ip '192.168.182.192'
        option dest_port '5144'
        option name 'aMule TCP'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'udp'
        option src_dport '5134'
        option dest_ip '192.168.182.192'
        option dest_port '5134'
        option name 'aMule UDP'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp udp'
        option src_dport '6881'
        option dest_ip '192.168.182.192'
        option dest_port '6881'
        option name 'Torrent first'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp udp'
        option src_dport '6882'
        option dest_ip '192.168.182.192'
        option dest_port '6882'
        option name 'Torrent second'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp udp'
        option src_dport '1032'
        option dest_ip '192.168.182.25'
        option name 'WebCam Sala 720p'
        option dest_port '1032'
        option enabled '0'

config rule
        option name 'Allow-OpenVPN-Inbound'
        option target 'ACCEPT'
        option src '*'
        option proto 'tcp'
        option dest_port '443'

config zone
        option name 'vpn'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option network 'vpn0 vpn1'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp'
        option name 'OpenVPN TCP'
        option src_dport '443'
        option dest_ip '192.168.182.1'
        option dest_port '8094'

config rule
        option name 'Allow-OpenVPN-UDP-InBound'
        option target 'ACCEPT'
        option src '*'
        option proto 'udp'
        option dest_port '1195'
        option enabled '0'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'udp'
        option src_dport '1195'
        option dest_ip '192.168.182.1'
        option dest_port '1195'
        option name 'OpenVPN UDP'

config forwarding
        option dest 'lan'
        option src 'vpn'

config forwarding
        option dest 'wan'
        option src 'vpn'

config forwarding
        option dest 'lan'
        option src 'wan'

config forwarding
        option dest 'vpn'
        option src 'wan'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp udp'
        option src_dport '5201'
        option dest_ip '192.168.182.1'
        option dest_port '5201'
        option name 'Iperf3'
        option enabled '0'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp udp'
        option src_dport '6981'
        option dest_ip '192.168.182.192'
        option dest_port '6981'
        option name 'qBitTorrent'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp udp'
        option src_dport '1029'
        option dest_ip '192.168.182.23'
        option dest_port '1029'
        option name 'Webcam Cucina'
        option enabled '0'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp'
        option dest_ip '192.168.182.192'
        option name 'OpenVPN backup TCP'
        option src_dport '8194'
        option dest_port '8194'
config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'udp'
        option src_dport '8195'
        option dest_ip '192.168.182.192'
        option dest_port '8195'
        option name 'OpenVPN backup UDP'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp'
        option dest_ip '192.168.182.10'
        option dest_port '8294'
        option name 'OpenVPN TCP P0'
        option src_dport '8294'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'udp'
        option src_dport '8295'
        option dest_ip '192.168.182.10'
        option dest_port '8295'
        option name 'OpenVPN UDP P0'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp'
        option src_dport '8394'
        option dest_ip '192.168.182.11'
        option dest_port '8394'
        option name 'OpenVPN TCP P1'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'udp'
        option src_dport '8395'
        option dest_ip '192.168.182.11'
        option dest_port '8395'
        option name 'OpenVPN UDP P1'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp udp'
        option src_dport '34567'
        option dest_ip '192.168.182.26'
        option dest_port '34567'
        option name 'Webcam cucina2'
        option enabled '0'

config rule
        option src 'lan'
        option name 'Drop IPv6 flooding UPnP'
        option target 'DROP'
        option family 'ipv6'
        option proto 'udp'
        option dest_port '1900'
        option enabled '0'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp udp'
        option dest_ip '192.168.182.21'
        option name 'Webcam Camera2'
        option src_dport '1040'
        option dest_port '1040'
        option enabled '0'

config forwarding
        option dest 'vpn'
        option src 'lan'

config forwarding
        option dest 'wan'
        option src 'lan'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp'
        option dest_ip '192.168.182.192'
        option dest_port '4200'
        option name 'Shellinabox'
        option src_dport '443'
        option enabled '0'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp'
        option src_dport '443'
        option dest_ip '192.168.182.1'
        option dest_port '9999'
        option name 'squid'
        option enabled '0'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'udp'
        option src_dport '88'
        option dest_ip '192.168.182.168'
        option dest_port '88'
        option name 'Xbox 1'
        option enabled '0'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'udp'
        option src_dport '500'
        option dest_ip '192.168.182.168'
        option dest_port '500'
        option name 'Xbox 2'
        option enabled '0'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'udp'
        option src_dport '3544'
        option dest_ip '192.168.182.168'
        option dest_port '3544'
        option name 'Xbox 3'
        option enabled '0'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'udp'
        option src_dport '4500'
        option dest_ip '192.168.182.168'
        option dest_port '4500'
        option name 'Xbox 4'
        option enabled '0'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp udp'
        option src_dport '53'
        option dest_ip '192.168.182.168'
        option dest_port '53'
        option name 'Xbox 5'
        option enabled '0'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp'
        option src_dport '80'
        option dest_ip '192.168.182.168'
        option dest_port '80'
        option name 'Xbox 6'
        option enabled '0'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp udp'
        option src_dport '50182'
        option dest_ip '192.168.182.168'
        option dest_port '50182'
        option name 'Xbox 7'
        option enabled '0'

config rule
        option target 'ACCEPT'
        option src 'wan'
        option proto 'tcp udp'
        option dest_port '50182'
        option name 'Xbox One'
        option family 'ipv6'
        option dest 'lan'
        option enabled '0'

config rule
        option proto 'tcp udp'
        option src 'lan'
        option src_mac 'A0:9D:C1:72:B3:85'
        option target 'DROP'
        option name 'IPCAM Cucina no Internet'
        option dest 'wan'

config rule
        option proto 'tcp udp'
        option name 'IPCAM Sala no Internet'
        option src 'lan'
        option src_mac '48:02:2A:0B:E1:16'
        option dest 'wan'
        option target 'DROP'

config rule
        option proto 'tcp udp'
        option name 'IPCAM Taverna no Internet'
        option src 'lan'
        option src_mac 'A0:9D:C1:72:EC:F4'
        option dest 'wan'
        option target 'DROP'

config rule
        option proto 'tcp udp'
        option name 'IPCAM Letto no Internet'
        option src 'lan'
        option src_mac 'E0:B9:4D:D4:A3:B5'
        option dest 'wan'
        option target 'DROP'

config rule
        option src 'wan'
        option proto 'udp'
        option name 'Block 3074'
        option dest 'lan'
        option target 'REJECT'
        option enabled '0'

config zone
        option output 'ACCEPT'
        option network 'VPN_USA'
        option name 'vpn_usa'
        option input 'REJECT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'

config zone
        option input 'ACCEPT'
        option output 'ACCEPT'
        option name 'lan_vpn_usa'
        option network 'LAN_VPN_USA'
        option forward 'ACCEPT'

config forwarding
        option dest 'vpn_usa'
        option src 'lan_vpn_usa'

config include 'miniupnpd'
        option type 'script'
        option path '/usr/share/miniupnpd/firewall.include'
        option family 'any'
        option reload '1'

config rule
        option name 'STUN'
        option proto 'udp'
        option src 'wan'
        option target 'ACCEPT'
        option dest_port '5349'
        option enabled '0'

{
        "up": true,
        "pending": false,
        "available": true,
        "autostart": true,
        "dynamic": false,
        "uptime": 58385,
        "l3_device": "br-wan",
        "proto": "dhcp",
        "device": "br-wan",
        "updated": [
                "addresses",
                "routes",
                "data"
        ],
        "metric": 0,
        "dns_metric": 0,
        "delegation": true,
        "ipv4-address": [
                {
                        "address": "192.168.188.24",
                        "mask": 24
                }
        ],
        "ipv6-address": [

        ],
        "ipv6-prefix": [

        ],
        "ipv6-prefix-assignment": [

        ],
        "route": [
                {
                        "target": "0.0.0.0",
                        "mask": 0,
                        "nexthop": "192.168.188.1",
                        "source": "192.168.188.24/32"
                }
        ],
        "dns-server": [
                "192.168.188.1"
        ],
        "dns-search": [
                "fritz.box"
        ],
        "neighbors": [

        ],
        "inactive": {
                "ipv4-address": [

                ],
                "ipv6-address": [

                ],
                "route": [

                ],
                "dns-server": [

                ],
                "dns-search": [

                ],
                "neighbors": [

                ]
        },
        "data": {
                "leasetime": 864000,
                "ntpserver": "192.168.188.1"
        }
}
{
        "up": true,
        "pending": false,
        "available": true,
        "autostart": true,
        "dynamic": false,
        "uptime": 58385,
        "l3_device": "6in4-wan6",
        "proto": "6in4",
        "updated": [
                "addresses",
                "routes"
        ],
        "metric": 0,
        "dns_metric": 0,
        "delegation": true,
        "ipv4-address": [

        ],
        "ipv6-address": [
                {
                        "address": "2001:xxx:yyyy:d3e3::2",
                        "mask": 64
                }
        ],
        "ipv6-prefix": [

        ],
        "ipv6-prefix-assignment": [

        ],
        "route": [
                {
                        "target": "::",
                        "mask": 0,
                        "nexthop": "::",
                        "source": "2001:xxx:yyyy:d3e3::2/64"
                }
        ],
        "dns-server": [

        ],
        "dns-search": [

        ],
        "neighbors": [

        ],
        "inactive": {
                "ipv4-address": [

                ],
                "ipv6-address": [

                ],
                "route": [

                ],
                "dns-server": [

                ],
                "dns-search": [

                ],
                "neighbors": [

                ]
        },
        "data": {

        }
}
{
        "up": true,
        "pending": false,
        "available": true,
        "autostart": true,
        "dynamic": false,
        "uptime": 58389,
        "l3_device": "br-lan",
        "proto": "static",
        "device": "br-lan",
        "updated": [
                "addresses",
                "routes"
        ],
        "metric": 0,
        "dns_metric": 0,
        "delegation": true,
        "ipv4-address": [
                {
                        "address": "192.168.182.1",
                        "mask": 24
                }
        ],
        "ipv6-address": [

        ],
        "ipv6-prefix": [

        ],
        "ipv6-prefix-assignment": [
                {
                        "address": "fdb5:24dd:30d::",
                        "mask": 64,
                        "local-address": {
                                "address": "fdb5:24dd:30d::1",
                                "mask": 64
                        }
                }
        ],
        "route": [
                {
                        "target": "10.10.0.0",
                        "mask": 24,
                        "nexthop": "192.168.182.192",
                        "source": "0.0.0.0/0"
                },
                {
                        "target": "10.11.0.0",
                        "mask": 24,
                        "nexthop": "192.168.182.192",
                        "source": "0.0.0.0/0"
                },
                {
                        "target": "10.12.0.0",
                        "mask": 24,
                        "nexthop": "192.168.182.10",
                        "source": "0.0.0.0/0"
                },
                {
                        "target": "10.13.0.0",
                        "mask": 24,
                        "nexthop": "192.168.182.10",
                        "source": "0.0.0.0/0"
                },
                {
                        "target": "10.14.0.0",
                        "mask": 24,
                        "nexthop": "192.168.182.11",
                        "source": "0.0.0.0/0"
                },
                {
                        "target": "10.15.0.0",
                        "mask": 24,
                        "nexthop": "192.168.182.11",
                        "source": "0.0.0.0/0"
                },
                {
                        "target": "192.168.56.0",
                        "mask": 24,
                        "nexthop": "192.168.182.192",
                        "source": "0.0.0.0/0"
                },
                {
                        "target": "192.168.183.0",
                        "mask": 24,
                        "nexthop": "192.168.182.135",
                        "source": "0.0.0.0/0"
                }
        ],
        "dns-server": [
                "8.8.8.8",
                "8.8.4.4"
        ],
        "dns-search": [

        ],
        "neighbors": [

        ],
        "inactive": {
                "ipv4-address": [

                ],
                "ipv6-address": [

                ],
                "route": [

                ],
                "dns-server": [

                ],
                "dns-search": [

                ],
                "neighbors": [

                ]
        },
        "data": {

        }
}
root@MenionRouter:/etc/config#

Remove these from lan and assign them to wan. Or don't assign them at all, since you have them in dhcp config.

Mask the username and password of henet.

If the LAN hosts are not able to acquire any GUA IPv6 from your ISP, then the other thing I can think of is NAT66.
However you should call your ISP and shame-talk them for allocating just a /64, which is only applicable for one device.

I don't understand honestly (my limitation) why /64 routable network cannot make it work for more than one device. If I use my ISP router with IPv6 enable, all the device in the network gets the IPv6 address and IPv6 works. And it is just opening a 6in4 tunnel as I am doing on my OpenWRT. In the and also Hurricane by default gives /64 network

Coming back to the relay. It never worked for me. When I had a working IPv6, I tried to set a relay setup on a router acting as relayd bridge over WiFi. And never worked.

I suspect that the entire IPv6 relay has some problem to work, did you ever been able to have it working at all?

A /64 is the smallest possible network prefix in IPv6 according to the standard. You can use smaller prefixes but it will break SLAAC.

Then it is using either NDP or NAT6.

HE gives you 2 prefixes, one /64 for the tunnel and one /48 to delegate in your lan.

IPv6 is known to not work over relayd.

Yes.

Or actually ISP router does not have firewall (inter zone).
So if I get only this /64 network, one approach could be to have the 6in4 tunnel in LAN and not WAN, so I do not need inter zone routing, right?
It is so strange that it worked, there are plenty of people had it working as well, with the setup I had (6in4 tunnel in WAN)
Side question: what is the correct naming of wan interface?

Just chiming in because @trendy has referenced my thread a couple of times. In my case I was able to use NDP to relay across a /64 from another WAN interface where no prefix delegation is passed down. Essentially NDP allows the /64 to be relayed across to the LAN, so clients get an IPv6 from the second WAN, you cannot subnet a /64 without blowing things up.

I already have a /48 from HE.net which is delegated from another WAN interface using RA in server mode on the LAN. I did find hybrid mode prevented my 6in4 addresses from being allocated to LAN clients in the end, but NDP alone was enough for my second WAN, meaning in the end I didn't have change RA or DHCPv6 from server mode. However if you only have one WAN interface with v6, you'll have more flexibility with adjusting RA/DHCPv6 to relay mode.

These are my settings on the LAN interface:

image

Second WAN with v6:

config dhcp 'wanb6'
        option dhcpv6 'relay'
        option ra 'relay'
        option ndp 'relay'
        option master '1'

These might not help you specifically, but NDP should be able to help. Make sure you aren't blocking NS requests or ICMPv6 related traffic as it will be needed for it to work.

1 Like

Unless the ISP router is in bridge mode, that wouldn't work either. All the discovery packets like neighbor solicitation, neighbor advertisement, router solicitation, and router advertisement are valid on the link only. They will not span over different broadcast domains.

6in4 is an interface of its own, even if you assign it in a machine in the LAN it would not advertise to other machines.

I have never seen it working like this before. And being a tunnel interface, it needs its own prefix and routes packets. Can you share the configuration from a working setup?

There is no right or wrong, it is a naming convention. You can give it another name if you prefer.

BTW I have just realized that the Hurricane tunnel expired, I made a new one and ipv6 works.
Really I cannot make it understand why /64 and lower IPv6 are supposed to work, there are payed tunnel that gives 128 or 80 like 6project

The tunnels giving /128 are for only one host. If they provide something like /80, you can use more than one IP in the same machine, or use NAT6 to allow more hosts to use IPv6, but this is a bad solution as IPv6 was supposed to eliminate the need for NAT.
The bare minimum for normal operation without compromises or workarounds is /64 for the lan.

But /64 requires a working DHCPv6 on ISP side to use relay, right?

You can relay SLAAC too, it doesn't have to be only DHCP6.

But in this case the tunnel endpoint shall advertise the prefix or?

The tunnel is using static configuration. To the best of my knowledge the ISP endpoint doesn't expect other hosts to be active on the link. You can troubleshoot it yourself with tcpdump.
tcpdump -i 6in4-wan6 -vn icmp6
If you see solicitations from LAN going out but no advertisements coming in, then NDP won't work.