IPv6 config problem

Installing and Using OpenWrt Network and Wireless Configuration
#1

Hi everybody,

i have set up OpenWRT with an LTE modem (using modemmanager). Everything works well so far. My mobile-carrier provides IPv4 and IPv6 Dualstack. I successfully confirmed, that OpenWRT itself can ping IPv6 targets on the internet.

wwan
wwan955×230 17.5 KB

My only problem is, that internal computers do not get an IPv6 address from the OpenWRT router. I think the problem is, that my mobile-carrier assigned a single /64 subnet. Could that be the reason? Can i provide internal computers IPv6 addresses from the same /64 subnet, which is configured on the WAN side of the OpenWRT router?

#2

Although very cheap from your ISP, a /64 delegated is enough for one internal network to work correctly with Ipv6.
Maybe there is something wrong with your configuration.

Please run the following commands (copy-paste the whole block) and paste the output here, using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have

ubus call system board; \
uci export network; \
uci export dhcp; uci export firewall; \
head -n -0 /etc/firewall.user; \
ifstatus lan; ifstatus wan6; ifstatus wwan; ifstatus wwan6
#3

I just learned, that it is normal behaviour that a router first gets a /64 network. It is designated for the routers WAN interface only. The router then get's another prefix via prefix delegation for internal use (usually a /56). That is, as far as i know, standard for fixed line internet conncetions. But i am not sure, if this is the case for mobile internet connections (LTE) as well...

#4 
root@OpenWrt:~# uci export network
package network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd90:a3f9:8b1d::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'port1'
        list ports 'port2'
        list ports 'port3'
        list ports 'port4'
        list ports 'eth1'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option broadcast '192.168.1.255'
        option gateway '192.168.1.254'

config interface 'broadband'
        option proto 'modemmanager'
        option device '/sys/devices/platform/ocp@f1000000/f1050000.ehci/usb1/1-1'
        option auth 'pap'
        option iptype 'ipv4v6'
        option apn 'internet.telekom'
        option username 'telekom'
        option password 'tm'

root@OpenWrt:~# uci export dhcp
package dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'
        option ednspacket_max '1232'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

root@OpenWrt:~# uci export firewall
package firewall

config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        list network 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        list network 'wan'
        list network 'wan6'
        list network 'broadband'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'
        option enabled '0'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'
        option enabled '0'

root@OpenWrt:~# head -n -0 /etc/firewall.user
head: /etc/firewall.user: No such file or directory
root@OpenWrt:~# ifstatus lan
{
        "up": true,
        "pending": false,
        "available": true,
        "autostart": true,
        "dynamic": false,
        "uptime": 74,
        "l3_device": "br-lan",
        "proto": "static",
        "device": "br-lan",
        "updated": [
                "addresses",
                "routes"
        ],
        "metric": 0,
        "dns_metric": 0,
        "delegation": true,
        "ipv4-address": [
                {
                        "address": "192.168.1.1",
                        "mask": 24
                }
        ],
        "ipv6-address": [

        ],
        "ipv6-prefix": [

        ],
        "ipv6-prefix-assignment": [

        ],
        "route": [

        ],
        "dns-server": [

        ],
        "dns-search": [

        ],
        "neighbors": [

        ],
        "inactive": {
                "ipv4-address": [

                ],
                "ipv6-address": [

                ],
                "route": [

                ],
                "dns-server": [

                ],
                "dns-search": [

                ],
                "neighbors": [

                ]
        },
        "data": {

        }
}
root@OpenWrt:~# ifstatus wan6
Interface wan6 not found
root@OpenWrt:~# ifstatus wwan
Interface wwan not found
root@OpenWrt:~# ifstatus wwan6
Interface wwan6 not found
root@OpenWrt:~# ifstatus broadband
{
        "up": true,
        "pending": false,
        "available": true,
        "autostart": true,
        "dynamic": false,
        "uptime": 898,
        "l3_device": "wwan0",
        "proto": "modemmanager",
        "updated": [
                "addresses",
                "routes",
                "prefixes"
        ],
        "metric": 0,
        "dns_metric": 0,
        "delegation": true,
        "ipv4-address": [
                {
                        "address": "10.158.54.XXX",
                        "mask": 30
                }
        ],
        "ipv6-address": [
                {
                        "address": "2a01:598:b107:XXXX:XXXX:XXXX:XXXX:XXXX",
                        "mask": 128
                }
        ],
        "ipv6-prefix": [
                {
                        "address": "2a01:598:b107:XXXX::",
                        "mask": 64,
                        "class": "broadband",
                        "assigned": {

                        }
                }
        ],
        "ipv6-prefix-assignment": [

        ],
        "route": [
                {
                        "target": "2a01:598:b107:XXXX:XXXX:XXXX:XXXX:XXXX",
                        "mask": 128,
                        "nexthop": "::",
                        "source": "::/0"
                },
                {
                        "target": "::",
                        "mask": 0,
                        "nexthop": "2a01:598:b107:XXXX:XXXX:XXXX:XXXX:XXXX",
                        "source": "2a01:598:b107:XXXX:XXXX:XXXX:XXXX:XXXX/64"
                },
                {
                        "target": "0.0.0.0",
                        "mask": 0,
                        "nexthop": "10.158.54.XXX",
                        "source": "10.158.54.XXX/32"
                }
        ],
        "dns-server": [
                "10.74.210.210",
                "10.74.210.211",
                "2a01:598:7ff:0:10:74:210:210",
                "2a01:598:7ff:0:10:74:210:211"
        ],
        "dns-search": [

        ],
        "neighbors": [

        ],
        "inactive": {
                "ipv4-address": [

                ],
                "ipv6-address": [

                ],
                "route": [

                ],
                "dns-server": [

                ],
                "dns-search": [

                ],
                "neighbors": [

                ]
        },
        "data": {

        }
}
root@OpenWrt:~#
#5 
uci set network.lan.ip6assign='64'
uci commit network
ifup lan
#6

oh, that was easy. Thank you very much!

Wouldn't OpenWRT normally try to get another prefix for internal purposes? But maybe, the mobile carrier really only provides a single /64.

#7

You're welcome! This is the default by the way, so maybe at some point you disabled it.
OpenWrt tries to get as big prefix as the ISP will allocate, usually a /56 or /60 is common for residential customers.

#8

The router is new and configured from scratch. I did not change any IPv6 settings. So i guess that mobile carrier (T-Mobile Germany) does only allocate a single /64. At least for that APN.

Thank you for you quick help :slight_smile:

#9

If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.

#10 
Go to the very top of your topic, i.e. to your first posting
Click the pencil behind the topic

Doesn't work. The pencil button next to the topic line isn't there.
However, i marked your comment as solution.

#11

No worries, it is mentioned right below that it might not be there.

#12

i should have read the whole page... -.-

1 Like
#13

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.