My ISP provides a fortigate 40F which cannot be removed, and my router sits behind the firewall the router gets a LAN ip from the firewall and maybe I'm missing something when it comes to ipv6
here's my config:
config interface 'wan6'
option proto 'dhcpv6'
option device 'eth0.2'
option force_link '1'
option ip6assign '64'
option reqaddress 'force'
option reqprefix '64'
Try using an address from the prefix:
IPv6 works from LAN but not the router - #8 by vgaetera
Didn't work. also is there something wrong with my config that makes both wan and wan6 have the same Bandwidth usage
Check the configs:
uci show network; uci show dhcp; uci show firewall
ifstatus wan6; ifstatus lan
Traffic is counted per device, i.e. eth0.2 in your case.
One device can be used by multiple logical interfaces.
uci show network
network.loopback=interface
network.loopback.device='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.globals=globals
network.globals.ula_prefix='fdfe:f61a:002a::/48'
network.@device[0]=device
network.@device[0].name='br-lan'
network.@device[0].type='bridge'
network.@device[0].ports='eth0.1'
network.lan=interface
network.lan.device='br-lan'
network.lan.proto='static'
network.lan.netmask='255.255.255.0'
network.lan.ip6assign='60'
network.lan.ipaddr='192.168.0.1'
network.lan.dns='1.1.1.1' '1.0.0.1' '8.8.8.8'
network.@device[1]=device
network.@device[1].name='eth0.2'
network.@device[1].macaddr='e8:48:b8:e1:54:c6'
network.@device[1].ipv6='1'
network.wan=interface
network.wan.device='eth0.2'
network.wan.type='bridge'
network.wan.proto='dhcp'
network.@switch[0]=switch
network.@switch[0].name='switch0'
network.@switch[0].reset='1'
network.@switch[0].enable_vlan='1'
network.@switch_vlan[0]=switch_vlan
network.@switch_vlan[0].device='switch0'
network.@switch_vlan[0].vlan='1'
network.@switch_vlan[0].vid='1'
network.@switch_vlan[0].ports='0t 3 4 5'
network.@switch_vlan[0].description='lan'
network.@switch_vlan[1]=switch_vlan
network.@switch_vlan[1].device='switch0'
network.@switch_vlan[1].vlan='2'
network.@switch_vlan[1].ports='0t 1'
network.@switch_vlan[1].vid='2'
network.@switch_vlan[1].description='wan'
network.@switch_vlan[2]=switch_vlan
network.@switch_vlan[2].device='switch0'
network.@switch_vlan[2].vlan='3'
network.@switch_vlan[2].vid='3'
network.@switch_vlan[2].ports='0t 2'
network.@switch_vlan[2].description='wanb'
network.wanb=interface
network.wanb.proto='dhcp'
network.wanb.device='eth0.3'
network.wanb6=interface
network.wanb6.proto='dhcpv6'
network.wanb6.device='eth0.3'
network.wanb6.reqaddress='try'
network.wanb6.reqprefix='auto'
network.@device[2]=device
network.@device[2].name='eth0.3'
network.@device[2].type='8021q'
network.@device[2].ifname='eth0'
network.@device[2].vid='3'
network.@device[2].ipv6='1'
network.wan6=interface
network.wan6.proto='dhcpv6'
network.wan6.device='eth0.2'
network.wan6.force_link='1'
network.wan6.ip6assign='64'
network.wan6.reqaddress='none'
network.wan6.reqprefix='no'
uci show firewall
firewall.@defaults[0]=defaults
firewall.@defaults[0].input='ACCEPT'
firewall.@defaults[0].output='ACCEPT'
firewall.@defaults[0].forward='REJECT'
firewall.@defaults[0].synflood_protect='1'
firewall.@zone[0]=zone
firewall.@zone[0].name='lan'
firewall.@zone[0].input='ACCEPT'
firewall.@zone[0].output='ACCEPT'
firewall.@zone[0].forward='ACCEPT'
firewall.@zone[0].network='lan'
firewall.@zone[1]=zone
firewall.@zone[1].name='wan'
firewall.@zone[1].input='REJECT'
firewall.@zone[1].output='ACCEPT'
firewall.@zone[1].forward='REJECT'
firewall.@zone[1].masq='1'
firewall.@zone[1].mtu_fix='1'
firewall.@zone[1].network='wan' 'wan6'
firewall.@forwarding[0]=forwarding
firewall.@forwarding[0].src='lan'
firewall.@forwarding[0].dest='wan'
firewall.@rule[0]=rule
firewall.@rule[0].name='Allow-DHCP-Renew'
firewall.@rule[0].src='wan'
firewall.@rule[0].proto='udp'
firewall.@rule[0].dest_port='68'
firewall.@rule[0].target='ACCEPT'
firewall.@rule[0].family='ipv4'
firewall.@rule[1]=rule
firewall.@rule[1].name='Allow-Ping'
firewall.@rule[1].src='wan'
firewall.@rule[1].proto='icmp'
firewall.@rule[1].icmp_type='echo-request'
firewall.@rule[1].family='ipv4'
firewall.@rule[1].target='ACCEPT'
firewall.@rule[2]=rule
firewall.@rule[2].name='Allow-IGMP'
firewall.@rule[2].src='wan'
firewall.@rule[2].proto='igmp'
firewall.@rule[2].family='ipv4'
firewall.@rule[2].target='ACCEPT'
firewall.@rule[3]=rule
firewall.@rule[3].name='Allow-DHCPv6'
firewall.@rule[3].src='wan'
firewall.@rule[3].proto='udp'
firewall.@rule[3].dest_port='546'
firewall.@rule[3].family='ipv6'
firewall.@rule[3].target='ACCEPT'
firewall.@rule[4]=rule
firewall.@rule[4].name='Allow-MLD'
firewall.@rule[4].src='wan'
firewall.@rule[4].proto='icmp'
firewall.@rule[4].src_ip='fe80::/10'
firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
firewall.@rule[4].family='ipv6'
firewall.@rule[4].target='ACCEPT'
firewall.@rule[5]=rule
firewall.@rule[5].name='Allow-ICMPv6-Input'
firewall.@rule[5].src='wan'
firewall.@rule[5].proto='icmp'
firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
firewall.@rule[5].limit='1000/sec'
firewall.@rule[5].family='ipv6'
firewall.@rule[5].target='ACCEPT'
firewall.@rule[6]=rule
firewall.@rule[6].name='Allow-ICMPv6-Forward'
firewall.@rule[6].src='wan'
firewall.@rule[6].dest='*'
firewall.@rule[6].proto='icmp'
firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
firewall.@rule[6].limit='1000/sec'
firewall.@rule[6].family='ipv6'
firewall.@rule[6].target='ACCEPT'
firewall.@rule[7]=rule
firewall.@rule[7].name='Allow-IPSec-ESP'
firewall.@rule[7].src='wan'
firewall.@rule[7].dest='lan'
firewall.@rule[7].proto='esp'
firewall.@rule[7].target='ACCEPT'
firewall.@rule[8]=rule
firewall.@rule[8].name='Allow-ISAKMP'
firewall.@rule[8].src='wan'
firewall.@rule[8].dest='lan'
firewall.@rule[8].dest_port='500'
firewall.@rule[8].proto='udp'
firewall.@rule[8].target='ACCEPT'
firewall.@zone[2]=zone
firewall.@zone[2].name='wanb'
firewall.@zone[2].output='ACCEPT'
firewall.@zone[2].forward='REJECT'
firewall.@zone[2].network='wanb' 'wanb6'
firewall.@zone[2].input='REJECT'
firewall.@zone[2].masq='1'
ifstatus wan6
{
"up": false,
"pending": true,
"available": true,
"autostart": true,
"dynamic": false,
"proto": "dhcpv6",
"device": "eth0.2",
"data": {
}
}
ifstatus lan
{
"up": true,
"pending": false,
"available": true,
"autostart": true,
"dynamic": false,
"uptime": 1464,
"l3_device": "br-lan",
"proto": "static",
"device": "br-lan",
"updated": [
"addresses"
],
"metric": 0,
"dns_metric": 0,
"delegation": true,
"ipv4-address": [
{
"address": "192.168.0.1",
"mask": 24
}
],
"ipv6-address": [
],
"ipv6-prefix": [
],
"ipv6-prefix-assignment": [
{
"address": "fdfe:f61a:2a::",
"mask": 60,
"local-address": {
"address": "fdfe:f61a:2a::1",
"mask": 60
}
}
],
"route": [
],
"dns-server": [
"1.1.1.1",
"1.0.0.1",
"8.8.8.8"
],
"dns-search": [
],
"neighbors": [
],
"inactive": {
"ipv4-address": [
],
"ipv6-address": [
],
"route": [
],
"dns-server": [
],
"dns-search": [
],
"neighbors": [
]
},
"data": {
}
}
I left everything in the lan config as default only changed the IPv4 router IP and DNS servers
LAN clients are getting IPv6
The scope of the ULA is limited to your LAN, it is not globally routable over the Internet.
Request a GUA prefix from your ISP if you want to reach IPv6 beyond the LAN.
How do I do that? Because IPv6 worked on the crappy router my ISP provided
You don't request an address nor a prefix.
You may have something misconfigured because the default have these enabled.
Take out everything except proto and device, which is the default configuration.
config interface 'wan6'
option proto 'dhcpv6'
option device 'eth0.2'In particular, reqaddr force will force only DHCPv6 to be accepted, if your ISP only supports RA/SLAAC, you won't get any address. reqprefix 64 prevents a prefix larger than 64 from being obtained, if you leave that out you usually get the largest prefix the ISP is offering. ip6assign is meaningless on a wan. force_link is probably doing neither harm or good here.
I'm not getting the IP's from my ISP there's a local firewall that's installed by the ISP that I cannot Remove and it gets the wan IP's from the fiber gateway, I can only get ULA addresses from the firewall to my router at least that's how it works on the IPv4 side