Ipv6 configuration (passthrough or 6RD tunnel ?)

fededim · August 21, 2022, 11:12am

Hi to everybody,

I live in Italy and I have Fastweb as ISP. My current network configuration is:

Internet <--> Fastweb Router <--> OpenWrt Router 21.02.3 (MqMaker Witi 512)

As far as I understood to provide IPV6 connectivity Fastweb uses a 6RD tunnel with an IPV6 prefix 2001:b07:xxxx:yyyy::/64 which should allow transparent connectivity to its LAN devices.

I did a fresh install of Openwrt 21.02.3 today (so I left ipv6 settings as default)...If I connect to Fastweb router's wifi I can navigate accurately to https://ipv6.google.com; if instead I connect to OpenWrt router's wifi I can't.

I am not too much on IPV6, I believed the router would also perform NAT on IPV6 getting a WAN IPV6 address from Fastweb router, assigning internal IPV6 to Openwrt router's LAN devices and NATting the connection between the two routers, but this does not seem to be the case.

Here it follows my /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option packet_steering '1'
        option ula_prefix 'fd0f:6d9b:435a::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '172.17.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'wan'
        option device 'wan'
        option proto 'dhcp'

config interface 'wan6'
        option device 'wan'
        option proto 'dhcpv6'

Can someone help me with the configuration ? Thank to anyone who can help me.

Federico

fededim · August 21, 2022, 12:29pm

Posting some more information.

The interface wan6 comes up with 2 ip addresses

yet using I'm unable to ping them (the OpenWrt router) which instead should be always reachable

C:\Users\dimarco>tracert 2001:b07:5d30:e2ab:200:ff:fe00:1

Tracing route to 2001:b07:5d30:e2ab:200:ff:fe00:1 over a maximum of 30 hops

  1  Destination host unreachable.

Trace complete.

C:\Users\dimarco>tracert 2001:b07:5d30:e2ab::1

Tracing route to 2001:b07:5d30:e2ab::1 over a maximum of 30 hops

  1     *        *        *     Request timed out.
  2     *        *     ^C
C:\Users\dimarco>ping 2001:b07:5d30:e2ab::1

Pinging 2001:b07:5d30:e2ab::1 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 2001:b07:5d30:e2ab::1:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\Users\dimarco>ping 2001:b07:5d30:e2ab:200:ff:fe00:1

Pinging 2001:b07:5d30:e2ab:200:ff:fe00:1 with 32 bytes of data:
Destination host unreachable.
Destination host unreachable.
Destination host unreachable.
Destination host unreachable.

Ping statistics for 2001:b07:5d30:e2ab:200:ff:fe00:1:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\Users\dimarco>

IPv6 Route Table

===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  8    291 ::/0                     fe80::9072:89ff:fe68:3172
  1    331 ::1/128                  On-link
  8    291 2001:b07:5d30:e2ab::/64  On-link
  8    291 2001:b07:5d30:e2ab::149/128
                                    On-link
  8    291 2001:b07:5d30:e2ab:3d93:daed:6270:8c1a/128
                                    On-link
  8    291 2001:b07:5d30:e2ab:e97d:2d57:6c24:958b/128
                                    On-link
  8    291 fd0f:6d9b:435a::/48      fe80::9072:89ff:fe68:3172
  8    291 fd0f:6d9b:435a::/64      On-link
  8    291 fd0f:6d9b:435a::149/128  On-link
  8    291 fd0f:6d9b:435a:0:3d93:daed:6270:8c1a/128
                                    On-link
  8    291 fd0f:6d9b:435a:0:e97d:2d57:6c24:958b/128
                                    On-link
  8    291 fdfb:a307:e88f::/64      On-link
  8    291 fdfb:a307:e88f:0:3d93:daed:6270:8c1a/128
                                    On-link
  8    291 fdfb:a307:e88f:0:e97d:2d57:6c24:958b/128
                                    On-link
 15    291 fe80::/64                On-link
 26    291 fe80::/64                On-link
  8    291 fe80::/64                On-link
 26    291 fe80::84d6:3fe4:437a:710b/128
                                    On-link
 15    291 fe80::ccfa:d05a:b3f1:70d0/128
                                    On-link
  8    291 fe80::e97d:2d57:6c24:958b/128
                                    On-link
  1    331 ff00::/8                 On-link
 15    291 ff00::/8                 On-link
 26    291 ff00::/8                 On-link
  8    291 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

Any idea ?

Pilot6 · August 21, 2022, 12:48pm

Does Windows (you are pinging from it?) have an IPv6 address?

fededim · August 21, 2022, 1:03pm

Yep 2 address are configured.

Wireless LAN adapter Wi-Fi:

 Connection-specific DNS Suffix  . : lan
   Description . . . . . . . . . . . : Intel(R) Wireless-AC 9560 160MHz
   Physical Address. . . . . . . . . : 6C-6A-77-AE-E3-2C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:b07:5d30:e2ab::149(Preferred)
   Lease Obtained. . . . . . . . . . : domenica 21 agosto 2022 18:05:03
   Lease Expires . . . . . . . . . . : lunedì 22 agosto 2022 02:04:46
   IPv6 Address. . . . . . . . . . . : 2001:b07:5d30:e2ab:e97d:2d57:6c24:958b(Preferred)
   IPv6 Address. . . . . . . . . . . : fd0f:6d9b:435a::149(Preferred)
   Lease Obtained. . . . . . . . . . : domenica 21 agosto 2022 18:05:04
   Lease Expires . . . . . . . . . . : lunedì 22 agosto 2022 06:05:02
   IPv6 Address. . . . . . . . . . . : fd0f:6d9b:435a:0:e97d:2d57:6c24:958b(Preferred)
   Temporary IPv6 Address. . . . . . : 2001:b07:5d30:e2ab:3d93:daed:6270:8c1a(Preferred)
   Temporary IPv6 Address. . . . . . : fd0f:6d9b:435a:0:3d93:daed:6270:8c1a(Preferred)
   Temporary IPv6 Address. . . . . . : fdfb:a307:e88f:0:3d93:daed:6270:8c1a(Deprecated)
   IPv6 Address. . . . . . . . . . . : fdfb:a307:e88f:0:e97d:2d57:6c24:958b(Deprecated)
   Link-local IPv6 Address . . . . . : fe80::e97d:2d57:6c24:958b%8(Preferred)
   IPv4 Address. . . . . . . . . . . : 172.17.1.141(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : domenica 21 agosto 2022 17:49:55
   Lease Expires . . . . . . . . . . : lunedì 22 agosto 2022 06:11:50
   Default Gateway . . . . . . . . . : fe80::9072:89ff:fe68:3172%8
                                       172.17.1.1
   DHCP Server . . . . . . . . . . . : 172.17.1.1
   DHCPv6 IAID . . . . . . . . . . . : 90991223
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-27-50-25-AB-CC-48-3A-AA-A3-BD
   DNS Servers . . . . . . . . . . . : fd0f:6d9b:435a::1
                                       172.17.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

I can ping my own ipv6 addresses

C:\Users\dimarco>ping 2001:b07:5d30:e2ab::149

Pinging 2001:b07:5d30:e2ab::149 with 32 bytes of data:
Reply from 2001:b07:5d30:e2ab::149: time<1ms
Reply from 2001:b07:5d30:e2ab::149: time<1ms
Reply from 2001:b07:5d30:e2ab::149: time<1ms
Reply from 2001:b07:5d30:e2ab::149: time<1ms

Ping statistics for 2001:b07:5d30:e2ab::149:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\Users\dimarco>
C:\Users\dimarco>ping fd0f:6d9b:435a::149

Pinging fd0f:6d9b:435a::149 with 32 bytes of data:
Reply from fd0f:6d9b:435a::149: time<1ms
Reply from fd0f:6d9b:435a::149: time<1ms
Reply from fd0f:6d9b:435a::149: time<1ms
Reply from fd0f:6d9b:435a::149: time<1ms

Ping statistics for fd0f:6d9b:435a::149:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

fededim · August 21, 2022, 2:16pm

Just another info...if I ssh to my OpenWrt router and I try to ping Google ipv6 address it works..so basically the issue is present only when using Wifi or Ethernet connections

root@xxxx:~# ping ipv6.google.com
PING ipv6.google.com (2a00:1450:4002:404::200e): 56 data bytes
64 bytes from 2a00:1450:4002:404::200e: seq=0 ttl=118 time=11.861 ms
64 bytes from 2a00:1450:4002:404::200e: seq=1 ttl=118 time=11.178 ms
64 bytes from 2a00:1450:4002:404::200e: seq=2 ttl=118 time=11.151 ms
64 bytes from 2a00:1450:4002:404::200e: seq=3 ttl=118 time=11.197 ms
64 bytes from 2a00:1450:4002:404::200e: seq=4 ttl=118 time=11.218 ms
64 bytes from 2a00:1450:4002:404::200e: seq=5 ttl=118 time=11.238 ms
64 bytes from 2a00:1450:4002:404::200e: seq=6 ttl=118 time=11.726 ms
64 bytes from 2a00:1450:4002:404::200e: seq=7 ttl=118 time=11.179 ms
64 bytes from 2a00:1450:4002:404::200e: seq=8 ttl=118 time=11.495 ms
64 bytes from 2a00:1450:4002:404::200e: seq=9 ttl=118 time=11.698 ms

trendy · August 21, 2022, 9:17pm

The delegated prefix, the one that LAN is using, is the same as wan, so it will not work. You could try to configure ipv6 relay.

fededim · August 22, 2022, 6:26pm

Boom configured ipv6 relay and it works perfectly. Thank you for the hint

But a question remains...in this way I am not NATted when using ipv6 right ? Every device on the lan of my Openwrt router has an ipv6 which will be visible outside right ? If I would like to perform NATting what should I configure ?

trendy · August 22, 2022, 10:01pm

right

routable yes, visible not (with the default firewall)

Don't do that.

system · September 1, 2022, 10:01pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.