IPv6: I have multiple GUA /64 on WAN, how can I have separated LAN with each its own /64 and RA+DHCPv6?
Current situation
My routeur is a Linksys WRT3200ACM, running OpenWRT 23.05.4.
IPv4 and IPv6 are working as expected; using DHCPv4, DHCPv6, and SLAAC.
My ISP is Free (France) and the modem-routeur is a Freebox mini server
, on which I have limited administrative possibilities.
The network connection between the ISP’s box and my OpenWRT routeur is made using DHCPv6 with the prefix 2a01:e34:ec15:6030::/64
.
My ISP provides me several IPv6 prefixes, but I am currently using only one: 2a01:e34:ec15:6031::/64
. I am also using the ULA fd78:cafe:cafe::/48
.
What I want to do
I want to evolve the infrastructure for having two separated networks, lan
and domotique
.
I want to use two IPv6 prefixes, one for each network, and to subnet the ULA prefix by using ca7
and d0d0
(so I have 2 /64
in the /48
).
The resulting topology being:
- bridge
br-lan
:- interfaces:
eth3
,eth4
- GUA:
2a01:e34:ec15:6031::/64
- LUA:
fd78:cafe:cafe:ca7::/64
- interfaces:
- bridge
br-domotique
:- interfaces:
eht1
,eth2
- GUA:
2a01:e34:ec15:6032::/64
- LUA:
fd78:cafe:cafe:d0d0::/64
- interfaces:
- interface
wan
:- interface:
wan
- GUA:
2a01:e34:ec15:6030:6038:e0ff:fec7:7800/64
- interface:
RA+DHCPv6: 2a01:e34:ec15:6032::/64 +--------------+ +-----+ IPv6: 2a01:e34:ec15:6030:6038:e0ff:fec7:7800/64
RA:+DHCPv6 fd78:cafe:cafe:ca7::/64 | br-domotique | | wan | IPv4: 78.193.86.3/23
DHCPv4: 192.168.2.0/24 +--------------+ +-----+
IPv6: 2a01:e34:ec15:6032::1/64 | eth1 |
IPv6: fd78:cafe:cafe:ca7::1/64 | eth2 |
IPv4 192.168.2.1/24 +--------------+
RA+DHCPv6: 2a01:e34:ec15:6031::/64 +--------+
RA:+DHCPv6 fd78:cafe:cafe:d0d0::/64 | br-lan |
DHCPv4: 192.168.1.0/24 +--------+
IPv6: 2a01:e34:ec15:6031::1 | eth3 |
IPv6: fd78:cafe:cafe:d0d0::1 | eth4 |
IPv4 192.168.1.1 +--------+
The virtual switch is configured and seems ok.
No problem on paper for the network definition: gateway, routes, etc.
My problem
I struggle to create the config using uci, especialy in /etc/config/network
and /etc/config/dhcp
.
The wan
interface correctly receive the two /64
prefixes, but I fail to assign them to the correct bridge interfaces. At best, the br-lan
interface is annoucing both of them, but at the cost of loosing IPv4 and IPv6 connectivity on br-domotique
.
It looks like a combined problem of network definition and dnsmasq configuration.
I am adding here the current configuration files, tell me if you need something more.
/etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd78:cafe:cafe::/48'
option packet_steering '1'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan3'
list ports 'lan4'
option acceptlocal '1'
option ip6segmentrouting '1'
option macaddr '60:38:E0:C7:78:00'
option txqueuelen '1000'
option ipv6 '1'
option mtu6 '1500'
option promisc '0'
option sendredirects '1'
option multicast '1'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '64'
option broadcast '192.168.1.255'
option gateway '78.193.87.254'
option ip6hint 'd0d0'
list ip6class 'local'
list ip6class 'wan6'
option ip6ifaceid '::1'
list dns '::1'
list dns '127.0.0.1'
list dns '192.168.1.1'
list dns 'fd78:cafe:cafe:d0d0::1'
list dns_search 'localdomain'
list dns_search 'intranet.clauzel.eu'
config device
option name 'wan'
option macaddr '62:38:e0:c7:78:00'
config interface 'wan'
option device 'wan'
option proto 'dhcp'
option peerdns '0'
list dns '8.8.8.8'
config interface 'wan6'
option device 'wan'
option proto 'dhcpv6'
list ip6prefix '2a01:e34:ec15:6031::/64'
list ip6prefix '2a01:e34:ec15:6032::/64'
option reqaddress 'try'
option reqprefix 'auto'
option peerdns '0'
list dns '8.8.8.8'
config interface 'domotique'
option device 'br-domotique'
option proto 'static'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'
option ip6assign '64'
option broadcast '192.168.2.255'
option gateway '78.193.87.254'
option ip6hint 'ca7'
list ip6class 'local'
list ip6class 'wan6'
option ip6ifaceid '::1'
list dns '::1'
list dns '127.0.0.1'
list dns '192.168.2.1'
list dns 'fd78:cafe:cafe:ca7::1'
list dns_search 'domotique.localdomain'
list dns_search 'domotique.clauzel.eu'
option auto '0'
option force_link '0'
config route6
option interface 'wan6'
option target '2000::/3'
option gateway 'fe80::f6ca:e5ff:fe43:7ef8'
config device
option type 'bridge'
option name 'br-domotique'
list ports 'lan1'
list ports 'lan2'
option mtu '1500'
option macaddr '60:38:E0:C7:78:00'
option ipv6 '1'
option acceptlocal '1'
option sendredirects '1'
option txqueuelen '1000'
option promisc '0'
option ip6segmentrouting '1'
option mtu6 '1500'
option multicast '1'
option bridge_empty '1'
/etc/config/dhcp
config dnsmasq 'bridge_lan'
option domainneeded '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/localdomain/'
option domain 'localdomain'
option cachesize '10000'
option leasefile '/tmp/dhcp_lan.leases'
option localservice '1'
option ednspacket_max '1232'
option localuse '1'
option authoritative '1'
list server '::1#53000'
list server '127.0.0.1#53000'
list server 'fd78:cafe:cafe:d0d0::1#53000'
list server '192.168.1.1#53000'
option noresolv '1'
option strictorder '1'
option dnsseccheckunsigned '0'
option dhcpleasemax '300'
option dnsforwardmax '300'
list notinterface 'wan'
list notinterface 'wan6'
list nointerface 'domotique'
list interface 'lan'
option port '53'
config dhcp 'lan'
option instance 'bridge_lan'
option interface 'lan'
option start '2'
option limit '253'
option force '1'
option ra_default '1'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
option igmp_snooping '1'
list dhcp_option '4,192.168.1.1'
list dhcp_option '6,192.168.1.1'
list dhcp_option '42,192.168.1.1'
option leasetime '1h'
list dns 'fd78:cafe:cafe:d0d0::1'
list dns '192.168.1.1'
option preferred_lifetime '1h'
list domain 'localdomain'
list domain 'intranet.clauzel.eu'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'domotique'
option interface 'domotique'
option instance 'bridge_domotique'
option start '2'
option limit '253'
option leasetime '1h'
option dhcpv4 'server'
list dhcp_option '4,192.168.2.1'
list dhcp_option '6,192.168.2.1'
list dhcp_option '42,192.168.2.1'
list dns 'fd78:cafe:cafe:ca7::1'
list domain 'domotique.clauzel.eu'
list ra_flags 'managed-config'
list ra_flags 'other-config'
option preferred_lifetime '1h'
option ra 'server'
option dhcpv6 'server'
config dnsmasq 'bridge_domotique'
option domainneeded '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/domotique.localdomain/'
option domain 'domotique.localdomain'
option cachesize '10000'
option leasefile '/tmp/dhcp_domotique.leases'
option interface 'domotique'
option localservice '1'
option ednspacket_max '1232'
option localuse '1'
option authoritative '1'
list server '::1#53000'
list server '127.0.0.1#53000'
list server 'fd78:cafe:cafe:ca7::1#53000'
list server '192.168.2.1#53000'
option noresolv '1'
option strictorder '1'
option dnsseccheckunsigned '0'
option dhcpleasemax '300'
option dnsforwardmax '300'
list notinterface 'wan'
list notinterface 'wan6'
list nointerface 'lan'
option port '54'