Hi everyone !
I am running OpenWrt 22.03 on my router.
I have a "LAN" interface (VLAN 1) and a "DMZ" interface (VLAN 4).
I want my router to assign IPv6 addresses :
- On "LAN" : only a local address.
- On "DMZ" : both a local AND a public address.
My configuration is :
$ cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd15:xxxx:yyyy::/48'
config interface 'wan'
option device 'eth0.2'
option proto 'dhcp'
config interface 'wan6'
option device 'eth0.2'
option proto 'static'
list ip6addr '2a01:aaaa:bbbb:7e00::254'
option ip6gw 'fe80::dc00:b0ff:xxxx:xxxx'
option ip6prefix '2a01:aaaa:bbbb:7e00::/64'
option reqprefix 'auto'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth1.1'
config interface 'lan'
option device 'br-lan'
option proto 'static'
list ipaddr '10.22.22.254/24'
option ip6assign '64'
option ip6hint '7e01'
option ip6ifaceid '::254'
list ip6class 'local'
option defaultroute '0'
config interface 'DMZ'
option device 'eth1.4'
option proto 'static'
option ipaddr '10.80.80.254'
option netmask '255.255.255.0'
option ip6assign '64'
option ip6hint '7e00'
option ip6ifaceid '::254'
option ip6ula_prefix 'fd00::/48'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option vid '1'
option description 'TLAN'
option ports '1 2 3 4 6t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '0t 5'
option vid '2'
option description 'WAN'
config switch_vlan
option device 'switch0'
option vlan '4'
option vid '4'
option description 'DMZ'
option ports '1t 6t'
config device
option name 'eth1.1'
option type '8021q'
option ifname 'eth1'
option vid '1'
config route6
option interface 'wan6'
option target '2000::/3'
option gateway 'fe80::dc00:xxxx:yyyy:zzzz'
config device
option name 'wlan0'
config device
option name 'wlan1-1'
option ipv6 '0'
config route6
option interface 'DMZ'
option target '2a01:aaaa:bbbb:7e00::/64'
option gateway 'fe80::dc00:xxxx:yyyy:zzzz'
$ cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option localservice '1'
option ednspacket_max '1232'
option domain 'mydomain'
list server '1.1.1.1'
list server '8.8.8.8'
list interface 'lan'
list interface 'DMZ'
list notinterface 'WAN'
config dhcp 'lan'
option interface 'lan'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
option ra_management '1'
option start '100'
option limit '150'
option leasetime '12h'
config dhcp 'DMZ'
option interface 'DMZ'
option dhcpv6 'server'
option ra 'server'
option ra_management '1'
option start '100'
option limit '150'
option leasetime '12h'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
option start '100'
option limit '150'
option leasetime '12h'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
My router gets :
- A
2a01:aaaa:bbbb:7e00::254/64address on the DMZ interface
I can ping this address from the Internet. - A
fd15:xxxx:yyyy:7e00::254/64address on the DMZ interface - A
fd15:xxxx:yyyy:7e01::254/64address on the LAN interface
On my network "LAN", all devices get assigned (at least) an IPv6 addresses in fd15:xxxx:yyyy:7e01::x/64. I can ping fd15:xxxx:yyyy:7e01::254 from them.
BUT on my "DMZ" network, I get NO IPv6 address.
I must add :
- I only have one server on the DMZ network.
- In fact it is both on the DMZ and on the LAN network. Both interfaces are on the same physical interface :
$ cat /etc/netplan/00-installer-config.yaml
network:
version: 2
ethernets:
eno1:
dhcp4: no
dhcp6: yes
addresses:
- 10.22.22.22/24
gateway4: 10.22.22.254
nameservers:
addresses:
- 10.22.22.254
- 1.1.1.1
vlans:
dmz:
id: 4
link: eno1
dhcp4: no
dhcp6: yes
addresses:
- 10.80.80.22/24
$ ip a
...
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether XXXXXXX brd ff:ff:ff:ff:ff:ff
altname enp0s31f6
inet 10.22.22.22/24 brd 10.22.22.255 scope global eno1
valid_lft forever preferred_lft forever
inet6 fd15:xxxx:yyyy:7e01::x/64 scope global mngtmpaddr noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::x/64 scope link
valid_lft forever preferred_lft forever
4: dmz@eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether XXXXXXX brd ff:ff:ff:ff:ff:ff
inet 10.80.80.22/24 brd 10.80.80.255 scope global dmz
valid_lft forever preferred_lft forever
inet6 fe80::x/64 scope link
valid_lft forever preferred_lft forever
...
Maybe the fact that both interfaces share a MAC address would be problematic ?
Thanks for your help !