IPv6 connectivity for guests?

Firstly, my ISP only provides a /64 prefix for IPv6 and it's entirely used up by my LAN network. I wanted to know what other alternatives do I have in this scenario to setup for my guest network to have IPv6 connectivity.

Secondly, I've configured my guest network using this guide: https://serverfault.com/questions/1142774/ipv6-guest-network-on-openwrt-but-isp-only-delegates-one-64-subnet

My client device receives an IPv6 address along fd00::/64 subnet but when checking on test-ipv6 it says I have no ipv6 connectivity and all other websites report the same. Could this be because it's an ULA and not GUA?

If you only get a single /64 from your ISP (and can't convince them to give you more than that (reqprefix), a /56 is supposed to be provided to endusers), I personally would omit IPv6 connectivity from the guest network (unless you have strong reasons to do otherwise). After all it's s scarce resource ('thanks' to your ISP) and more important for your lan, than to waste it on temporary visitors checking their mail, whatsapp, facebook, etc.

NAT64 and similar approaches are possible, but complicated and nasty, so unless you have a convincing need to do otherwise, I'd take the pragmatic approach of keeping the guest network IPv4-only. But let your ISP know that you're disappointed about their IPv6 prefix length.

EDIT: the above obviously assumes a private/ home environment, providing free internet as a courtesy to family and close friends visiting casually. The situation obviously changes in more commercial environments (be it an office with frequent visitors who are supposed to get things done on your premises or even starting with things like operating a bed & breakfast, holiday home or similar), where your visitors have a genuine expectation of getting internet services. However under these circumstance you would have a strong incentive to have a stern talk with your ISP first, respectively more motivation to spend your time on NAT64 and similar.

--
Disclaimer: I am using IPv6 actively (cgNAT) and do provide it on my guest network, but I get a semi-static /56 from my ISP, so doing so is easy.

1 Like

Thanks for confirming one of my lingering thoughts about IPv6 access for guest networks :grin: even I was debating whether it's worth so much trouble just so that the guests could have some convenience.

I guess I'll just avoid IPv6 altogether for guest networks and thanks for raising a point regarding ISPs being greedy with prefix delegations, I tried forcing all the other prefixes and even confirmed it with wireshark but it looks like I'm always assigned the 64 prefix delegation. Will definitely raise a complaint against this.

Don't get me wrong, I'm a strong proponent for IPv6 - mostly because I depend on it (cgNAT…) to get into my home home network via VPN and all the related reasons. If I don't get IPv6 connectivity (which is commonly the case with 'hotspots' and commercial networks), I do need to use my phone and 4g/ 5g with its IPv6 support to use my road-warrior style VPN.

But I certainly wouldn't spend too much thought about this for a courtesy guest network under your circumstances, even less before your guests raise the question themselves.

1 Like

I actually followed that guide myself just to test and see if it works and it worked even though I get a /56 from my ISP. Just make sure you made a new ULA fd01::/64 for the guest interface.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.