IPv6 DHCPv6 server and relay mode for different interfaces?

I've got two WAN interfaces with both IPv4 and IPv6 which look like this:

  • WAN - Native IPv4 only from ISP
  • WAN6 - 6in4 from Hurricane Electric.

WANB is a VLAN I created (eth0.3) as a second WAN interface.

  • WANB - 4G mobile broadband from another modem (Static route configured under 192.168.2.0/24)
  • WANB6 - 4G mobile broadband from another modem (DHCPv6)

WAN6 and WANB6 are virtual interfaces because I've needed to split them for mwan3 usage.

All interfaces work fine I can ping, traceroute all that good stuff, I did have issues with the IPv6 side of things but discovered it was related to source address behaviour in OpenWrt and have managed to resolve those issues.

However, the problem I'm finding is I believe because WANB is mobile broadband I'm not routed any prefix other than a /64, I have tried configuring specific prefix sizes on the WANB6 interface, but only a /64 and /128 address is configured no matter I try. This leads me to think there's no chance of anything like a /56 or /60 etc. I've yet to confirm this with the provider, but given it's mobile broadband, I very much doubt they are routing such prefix sizes to customers.

This is what the ifstatus looks like:

{
	"up": true,
	"pending": false,
	"available": true,
	"autostart": true,
	"dynamic": false,
	"uptime": 5313,
	"l3_device": "eth0.3",
	"proto": "dhcpv6",
	"device": "eth0.3",
	"metric": 2,
	"dns_metric": 0,
	"delegation": true,
	"ipv4-address": [
		
	],
	"ipv6-address": [
		{
			"address": "2a01:4c8:c50:cf10:xxxx:xxx:xxx:xxxx",
			"mask": 64
		},
		{
			"address": "2a01:4c8:c50:cf10:xxxx:xxxx:x:xxx",
			"mask": 128,
			"preferred": 84690,
			"valid": 84690
		}
	],
	"ipv6-prefix": [
		
	],
	"ipv6-prefix-assignment": [
		
	],
	"route": [
		{
			"target": "::",
			"mask": 0,
			"nexthop": "fe80::8a9e:33ff:fef6:7954",
			"source": "::/0"
		},
		{
			"target": "2a01:4c8:c50:cf10::",
			"mask": 64,
			"nexthop": "::",
			"metric": 256,
			"source": "::/0"
		},
		{
			"target": "::",
			"mask": 0,
			"nexthop": "fe80::8a9e:33ff:fef6:7954",
			"metric": 512,
			"valid": 60220,
			"source": "2a01:4c8:c50:cf10:xxxx:xxx:xxxx:xxxx/64"
		},
		{
			"target": "::",
			"mask": 0,
			"nexthop": "fe80::8a9e:33ff:fef6:7954",
			"metric": 512,
			"valid": 60220,
			"source": "2a01:4c8:c50:cf10:1415:9dff:0:86a/128"
		}
	],
	"dns-server": [
		"2a01:4c8:f000:1::1",
		"2a01:4c8:f000:1::2"
	],
	"dns-search": [
		"lan"
	],
	"neighbors": [
		
	],
	"inactive": {
		"ipv4-address": [
			
		],
		"ipv6-address": [
			
		],
		"route": [
			
		],
		"dns-server": [
			
		],
		"dns-search": [
			
		],
		"neighbors": [
			
		]
	},
	"data": {
		"passthru": "001700202a0104c8f000000100000000000000012a0104c8f0000001000000000000000200180005036c616e00"
	}
}

I'm aware that in the case of only being provided a /64, you can relay this across. However, because I am already using server mode for DHCPv6/RA because of my fixed /48 prefix from Hurricane Electric on my LAN as below, is it even possible to have a combination of a server and relay type configuration?

image

I don't know if what I'm trying to achieve is possible, but in order to have IPv6 working from the second WAN interface, it would be my understanding that the br-lan interface must have some form of IPv6 address space from WANB6 to provide to clients otherwise the traffic will have no where to go. Even though the router itself has connectivity from WANB6 it needs to be provided to clients I'd of thought?

Any advice/guidance welcome!

Thank you!

There is instruction in wiki for the relay.
Since you want to mix, I would try my luck with the hybrid option for RA, DHCP and NDP.

Thanks I tried setting hybrid mode across the LAN but it won't pick anything from the WANB6 interface, because there is no PD provided. I'm not sure I can get the WANB6 /64 relayed over in a mix like this.

I have never come across this case before, so it's trial and error.

Yeah, it's pretty uncommon!

What I have found is hybrid/relay mode does seem to actually do something, while I didn't see an IPv6 address added to the LAN interface in LuCI. I noticed that a LAN DHCP client suddenly had IPv6 addresses from the /64 from the other WAN, but it broke IPv6 connectivity quite badly, so I think there might be further areas to explore.

What concerns me is from ifstatus there is no ipv6-prefix at all, not even a /64, so I'm not even sure it's going to work. I get a /64 address and /128 address, through the DHCPv6 client, but I don't think that's enough.

I don't think you'll see anything there. This is the delegated prefix and in your case you don't have any. It is using the /64 that you have in the ipv6-address field.

Seems that way. Unless the provider of the second WAN wants to be good guy ISP and just allocate a prefix, but I highly doubt it, as it's 4G mobile broadband. More testing and researching needed if what I'm trying to do is even possible I think!

The slight irony is the second WAN is coming from a device that's running also running a variant of OpenWrt, it's just locked down by the ISP, it used to have SSH access available, before it was shut off because it was hard coded root credentials, those could have been handy for this though!

Maybe if you ask them, otherwise if they don't expect a whole lan to be connected they won't delegate a prefix.

I have inquired about it, awaiting a response, but could take a bit of time due to current world events.

1 Like

Interestingly, hybrid mode does appear to work! So score there, I seem to be able to keep my IPv6 through 6in4 working alongside, which is nice.

It would appear my troubles lie within mwan3 and IPv6 once again. If I disable mwan3, the IPv6 connectivity on the /64 being relayed works fine, as soon as mwan3 is enabled, it get's broke. Looking at traceroute, my router appears as the first hop then the traffic dies, I assume it's either a specific firewall entry or routing config mwan3 is doing that's breaking it, but good to know hybrid mode does appear to be doing it's job at least!

Update: Hybrid mode for RA, seems to prevent IPv6 addresses being allocated from my 6in4, as fully disconnecting a LAN client and reconnecting no 6in4 prefix address gets assigned. However I since found that NDP in relay mode alone seems to work without having to change RA or DHCPv6 mode from server, so the two WAN interfaces can co-exist, maybe partly by chance or luck that NDP alone is enough for the second WAN v6 prefix to be relayed across.

I then defined this config for DHCP for the second interface:

config dhcp 'wanb6'
        option dhcpv6 'relay'
        option ra 'relay'
        option ndp 'relay'
        option master '1'

That's all that's needed.

1 Like