IPv6 Connectivity Issue

Installing and Using OpenWrt
1

Hi there,

I am running OpenWrt 22.03.5 r20134-5f15225c1e(fresh install) on Raspberry Pi 4 Model B Rev 1.4 and trying to wrap my head around ipv6 connectivity.

My ISP gives me a /64 ipv6-pd. My clients who are capable of getting ipv6 address do receive it via DHCPv6. I have turned off SLAAC on my LAN interface and have "RA-Service" and DHCPv6-Service" in server mode.

Following are the settings for lan==>advanced settings

  1. Use default gateway = off
  2. Delegate IPv6 prefixes = off
  3. IPv6 assignment length = 64
  4. IPv6 assignment hint = 5
  5. IPv6 suffix = ::1

No changes are made to the firewall traffic rules and everything is just the default values. The issue I am facing is that even though the clients receive the ipv6 address, I am not able to ping ant ipv6 address from the client machine or from the Openwrt router. When I try to ping ipv6 from client machine, I get a message stating "icmp_seq=35 Destination unreachable: No route". Same goes when I try to ping ipv6 from the router; the error message is "PING ipv6.google.com (2404:6800:4007:82b::200e): 56 data bytes
ping: sendto: Network unreachable".

My ISP provides he PPPoE connection via a LAN cable. When this cable is directly connected to my laptop. I get ipv6 and I am able to ping all ipv6 resources. However, as soon as this cable is connected to my Pi4 USB adaptor on eth1 interface, the ipv6 issue resurfaces. I have no issue with ipv4 routing though.

I have tried different builds and even snapshot version but all result in the same issue that I just described. I am quite new to this whole ipv6 world and I am not able to figure out what the issue is even after spending around 2 days and playing with every possible setting that I think could have impacted ipv6 connectivity.

Any help will be highly appreciated.

Thanks and have a nice day.

Cheers!

Edit: When I visit https://test-ipv6.com/ to test my ipv6, the online tool doesn't detect my ipv6 even though I see a valid IPv6 on the wan6 interface on my router labelled as "ipv6-pd".

2

Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

cat /etc/config/network
cat /etc/config/dhcp
cat /etc/config/firewall
3

same thing happening to me also but with openvpn Here

4 
cat /etc/config/network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fddd:d949:d293::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option netmask '255.255.255.0'
	option ipaddr '10.0.0.1'
	list dns '1.1.1.1'
	option defaultroute '0'
	option ip6assign '64'
	option ip6hint '5'
	option ip6ifaceid '::1'
	option delegate '0'

config interface 'wan'
	option proto 'pppoe'
	option device 'eth1'
	option username 'xxxxxxx'
	option password 'xxxxxxxxx'
	option ipv6 '1'

config interface 'wan6'
	option proto 'dhcpv6'
	option device '@wan'
	option reqaddress 'try'
	option reqprefix 'auto'

cat /etc/config/dhcp

config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option localservice '1'
	option ednspacket_max '1232'

config dhcp 'lan'
	option interface 'lan'
	option leasetime '12h'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'
	option start '2'
	option limit '254'
	option ra_slaac '0'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

cat /etc/config/firewall

config defaults
	option syn_flood '1'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'lan'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	list network 'wan'
	list network 'wan6'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'
5

That's sad to learn. Hopefully you will be able to fix it soon enough.

Unfortunately, I am struggling too with ipv6.

Cheers!

6

do you see ipv6 upstream in your overview page??

7

I do. It's just that online ipv6 test or ping for ipv6 doesn't work either from the router or from the pc connected to openwrt router.

8

Remove the line containing defaultroute.
Remove the ip6hint. You have only one IPv6 Network available.

The option defaultroute is only suitable for dhcpv6 interface, i.e. wan6. See for instance https://openwrt.org/docs/guide-user/network/ipv6/configuration

9

I made the suggested changes but still the client is not able to ping ipv6.google.com and the same goes with the router too.

Is there anything else I need to change to get ipv6 to work?

Thanks

10

Do this settings. It will work.

11

I will give it a try and see what happens.

Thanks!

12

I just tried on my AP then it worked for me.
Try and send me the config.

13

you can do all these settings from luci too. Go to DHCP server of respective interface and you will find these settings.

14

Do I have to follow all of the steps in there or anything in specific in order to fix the "Destination unreachable: no route" issue while pinging ipv6 address?

Would you mind sharing your config for cross reference?

15

I just restore back to my openvpn config. Now I am not using directly wan. It will take time to reset and do from start for me.
What you can do is go and reset your router from scratch. Set your everything. And when only ipv4 works, set those settings.

16

If still you can't make it work. Ping me. I will send config from start.

17 
package network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd4e:424f:5ca4::/48'
        option packet_steering '1'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ip6assign '60'
        option ipaddr '10.0.0.1'
        option netmask '255.0.0.0'
        list ip6class 'local'

config interface 'wwan'
        option proto 'dhcp'
        option device 'wlan0'

config interface 'opvpn'
        option proto 'none'
        option device 'tun0'

config interface 'wwan6'
        option device '@wwan'
        option proto 'dhcpv6'
        option reqaddress 'try'
        option reqprefix 'auto'

package dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'
        option ednspacket_max '1232'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'
        option ra_default '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

package firewall

config defaults
        option input 'ACCEPT'
        option output 'ACCEPT'
        option synflood_protect '1'
        option forward 'ACCEPT'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option masq '1'
        list network 'lan'

config zone
        option name 'wan'
        option output 'ACCEPT'
        option masq '1'
        option mtu_fix '1'
        option input 'ACCEPT'
        option forward 'ACCEPT'
        list network 'wwan'
        list network 'wwan6'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config zone
        option name 'ovpn'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option masq '1'
        option mtu_fix '1'
        list network 'opvpn'
        option forward 'ACCEPT'
        option masq6 '1'

config forwarding
        option src 'lan'
        option dest 'ovpn'

This is my current config. Works without relay. Try to set like this. Ignore ovpn and opvpn.

18

For prefix delegation to work, the WAN IP has to be in a different prefix than the LAN. The WAN IP could be a /64 in a separate prefix for each customer, or a /128 in a /64 that is shared with other customers. The delegated prefix is different, either a completely separate one or a prefix larger than /64 with the WAN using a /64 within that larger prefix.

If the ISP works this way (as recommended by standards), traffic returning to the router itself (e.g. a NTP exchange to set the internal clock, or a forwarded DNS request) uses the WAN prefix/IP, and in addition the ISP will route the delegated prefix from the Internet to your house so that your router can route it to a LAN.

If the ISP has your "delegated /64 prefix" be the same as the prefix they assign for your WAN interface, you don't actually have a delegated prefix, and you'll need to use relay assignment to put LAN devices in the same prefix as the WAN since this is the only prefix that the ISP can route to your house.

3 Likes
19

I matched your config and still cannot ping ipv6 from local machine and from the router.

On wan6 interface on the router I can see 2 address-

IPv6:xxxx:xxxx:xx:xxxx::1/128

IPv6-PD:xxxx:xxxx:xx:xxxx::/64

On lan interface I can see the following address-

IPv6: fddd:xxxx:xx:xxxx::1/60

IPv6: xxxx:xxxx:xx:xxxx::1/64 (this is same as my wan6 ipv6 address)

On my wan interface I can see my static IP and the following ipv6 address-

IPv6:xxxx:xxxx:xx:xxxx::xxx/128

IPv6 is driving me nuts. I guess I have to just shut it off and forget abt it as I am just not able to get it to work with Openwrt. Surprisingly the direct cable from my ISP when hooked to my laptop gives an ip address and all test pass successfully and I am also able to ping all ipv6 sites/addresses.

20

Then try relay method as @mk24 explained. This method worked for me too.
Do after resetting your router to new