Hi,
I am having hard time configuring the IPV6 connectivity on LEDE. My ISP is Freebox, I tried the configuation proposed in [https://wiki.openwrt.org/doc/howto/freebox] with no avail. My configuration is as follows:
wan6 is connected and I can ping the modem from the router. The clients can get ipv6 addressing and can ping the modem but not the router. The router cannot ping any ipv6 adsress on the internet, ping6 gives a Permisison Denied message. The firewall has the original configuration with 2 zones lan => wan and wan => reject.
Am I misssing Something? Seems that there is something blocking traffic between lan and wan6, however the ifstatus wan6 has the following route:
Unfortunately the wiki page isn't written in a language that I understand. But I think you need to enable RA and NDP relays in the LAN settings since it seems the IPv6 prefix isn't delegated to your openwrt lede router but is on-link.
Edit: I want to add that this page is quite old and hasn't received any update (apart from link-updates) in the last 3 years. @ffries Time for an overhaul?
The french original can be found in the fr namespace: https://openwrt.org/fr/docs/guide-user/network/ipv6/freebox
According to the post the ipv6 link is : ISP----wan6(eth0.2)----lan----clients. the wan6 is configured in DHCPv6 and using a custom prefix. IPv6 is deleagted but wan6 and lan are on different networks (see comments in code section). To make this work I am adding 2 routes (as per the post) between wan6 and the outside world using the ISP ipv6 as a gateway and another ipv6 route between lan and wan6 according to the follwing:
config route6
option interface 'wan6'
option target '::/0'
option gateway '2a01:e35:87fc:xxx0::1' # wan6 have also and addr. in xxx0
config route6
option interface 'lan'
option target '2a01:e35:87fc:xxx1::/64' # lan have the addr. xxx1::1
Everything works fine and got ipv6 connectivity for all clients till I reboot the router. The ipv6 connectivity is lost, seem that the static routes are being ignored.
Is this linked to interfaces "not ready" on bootting when these routes are called by LEDE? I am looking for a persitent solution, can you please advise / help?
Hi,
Sorry for my late reply; not evident during work hours. The same problem occurs if I restart the network service. Below the output of the requested commands after the router reboots.
The same commands executed in a working configuration reveal the route from wan6 to to the ISP modem which is found to be missing after the reboot (default via 2a01:e35:87xx:yyy0::1 dev eth0.2 metric 1024). However this route appears in Luci. Your help is appreciated.
root@OpenWrt:~# ip -4 a; ip -4 r
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
5: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
valid_lft forever preferred_lft forever
7: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
inet 192.168.61.156/24 brd 192.168.61.255 scope global eth0.2
valid_lft forever preferred_lft forever
default via 192.168.61.1 dev eth0.2 src 192.168.61.156
192.168.1.0/24 dev br-lan scope link src 192.168.1.1
192.168.61.0/24 dev eth0.2 scope link src 192.168.61.156
root@OpenWrt:~# ip -6 a; ip -6 r
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UNKNOWN qlen 1000
inet6 fe80::7aa3:51ff:fe44:ce86/64 scope link
valid_lft forever preferred_lft forever
5: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 2a01:e35:87xx:yyy1::1/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::7aa3:51ff:fe44:ce86/64 scope link
valid_lft forever preferred_lft forever
7: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 2a01:e35:87xx:yyy0::c2b0:adbf/128 scope global dynamic
valid_lft 85508sec preferred_lft 85508sec
inet6 fe80::7aa3:51ff:fe44:ce87/64 scope link
valid_lft forever preferred_lft forever
8: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fe80::7aa3:51ff:fe44:ce84/64 scope link
valid_lft forever preferred_lft forever
9: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fe80::7aa3:51ff:fe44:ce85/64 scope link
valid_lft forever preferred_lft forever
default from 2a01:e35:87xx:yyy0::c2b0:adbf via fe80::f6ca:e5ff:fe5a:694a dev eth0.2 metric 512
2a01:e35:87xx:yyy0::/64 dev eth0.2 metric 256
2a01:e35:87xx:yyy1::/64 dev br-lan metric 1024
unreachable 2a01:e35:87xx:yyy1::/64 dev lo metric 2147483647 error -148
fe80::/64 dev eth0 metric 256
fe80::/64 dev eth0.2 metric 256
fe80::/64 dev br-lan metric 256
fe80::/64 dev wlan1 metric 256
fe80::/64 dev wlan0 metric 256
anycast 2a01:e35:87xx:yyy1:: dev br-lan metric 0
anycast fe80:: dev eth0 metric 0
anycast fe80:: dev eth0.2 metric 0
anycast fe80:: dev br-lan metric 0
anycast fe80:: dev wlan1 metric 0
anycast fe80:: dev wlan0 metric 0
ff00::/8 dev eth0 metric 256
ff00::/8 dev eth0.2 metric 256
ff00::/8 dev br-lan metric 256
ff00::/8 dev wlan1 metric 256
ff00::/8 dev wlan0 metric 256
root@OpenWrt:~# uci show network
network.loopback=interface
network.loopback.ifname='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.globals=globals
network.globals.ula_prefix='fd24:5b4d:bfc0::'
network.lan=interface
network.lan.type='bridge'
network.lan.ifname='eth0.1'
network.lan.proto='static'
network.lan.ipaddr='192.168.1.1'
network.lan.netmask='255.255.255.0'
network.lan.ip6assign='64'
network.lan_dev=device
network.lan_dev.name='eth0.1'
network.lan_dev.macaddr='78:a3:51:44:ce:86'
network.wan=interface
network.wan.ifname='eth0.2'
network.wan.proto='dhcp'
network.wan_dev=device
network.wan_dev.name='eth0.2'
network.wan_dev.macaddr='78:a3:51:44:ce:87'
network.wan6=interface
network.wan6.ifname='eth0.2'
network.wan6.proto='dhcpv6'
network.wan6.reqaddress='try'
network.wan6.reqprefix='auto'
network.wan6.ip6prefix='2a01:e35:87xx:yyy1::/64'
network.@switch[0]=switch
network.@switch[0].name='switch0'
network.@switch[0].reset='1'
network.@switch[0].enable_vlan='1'
network.@switch_vlan[0]=switch_vlan
network.@switch_vlan[0].device='switch0'
network.@switch_vlan[0].vlan='1'
network.@switch_vlan[0].ports='0 1 2 3 6t'
network.@switch_vlan[1]=switch_vlan
network.@switch_vlan[1].device='switch0'
network.@switch_vlan[1].vlan='2'
network.@switch_vlan[1].ports='4 6t'
network.@route6[0]=route6
network.@route6[0].interface='wan6'
network.@route6[0].target='::/0'
network.@route6[0].gateway='2a01:e35:87xx:yyy0::1'
network.@route6[1]=route6
network.@route6[1].interface='lan'
network.@route6[1].target='2a01:e35:87xx:yyy1::/64'
root@OpenWrt:~# uci show dhcp
dhcp.@dnsmasq[0]=dnsmasq
dhcp.@dnsmasq[0].domainneeded='1'
dhcp.@dnsmasq[0].boguspriv='1'
dhcp.@dnsmasq[0].filterwin2k='0'
dhcp.@dnsmasq[0].localise_queries='1'
dhcp.@dnsmasq[0].rebind_protection='1'
dhcp.@dnsmasq[0].rebind_localhost='1'
dhcp.@dnsmasq[0].local='/lan/'
dhcp.@dnsmasq[0].domain='lan'
dhcp.@dnsmasq[0].expandhosts='1'
dhcp.@dnsmasq[0].nonegcache='0'
dhcp.@dnsmasq[0].authoritative='1'
dhcp.@dnsmasq[0].readethers='1'
dhcp.@dnsmasq[0].leasefile='/tmp/dhcp.leases'
dhcp.@dnsmasq[0].resolvfile='/tmp/resolv.conf.auto'
dhcp.@dnsmasq[0].nonwildcard='1'
dhcp.@dnsmasq[0].localservice='1'
dhcp.lan=dhcp
dhcp.lan.interface='lan'
dhcp.lan.start='100'
dhcp.lan.limit='150'
dhcp.lan.leasetime='12h'
dhcp.lan.ra='server'
dhcp.lan.ra_default='1'
dhcp.wan=dhcp
dhcp.wan.interface='wan'
dhcp.wan.ignore='1'
dhcp.odhcpd=odhcpd
dhcp.odhcpd.maindhcp='0'
dhcp.odhcpd.leasefile='/tmp/hosts/odhcpd'
dhcp.odhcpd.leasetrigger='/usr/sbin/odhcpd-update'
dhcp.odhcpd.loglevel='4'
dhcp.family=tag
dhcp.family.dhcp_option='6,185.228.168.168,185.228.168.169'
dhcp.@host[0]=host
dhcp.@host[0].name='ipad_mini'
dhcp.@host[0].mac='a8:86:dd:b6:d2:6a'
dhcp.@host[0].tag='family'
dhcp.@host[1]=host
dhcp.@host[1].name='lenovo_x1'
dhcp.@host[1].mac='00:24:d7:ce:4e:b0'
dhcp.@host[1].tag='family'
Hi,
I changed the prefix and deleted the routes as per your recommendations. I still have no IPv6 connection. The result is here:
root@OpenWrt:~# ip -6 r
default from 2a01:e35:87xx:yyy0::c2b0:adbf via fe80::f6ca:e5ff:fe5a:694a dev eth0.2 metric 512
2a01:e35:87xx:yyy0::/64 dev eth0.2 metric 256
2a01:e35:87xx:yyy1::/64 dev br-lan metric 1024
unreachable 2a01:e35:87xx:yyy1::/64 dev lo metric 2147483647 error -148
fe80::/64 dev eth0 metric 256
fe80::/64 dev eth0.2 metric 256
fe80::/64 dev br-lan metric 256
fe80::/64 dev wlan1 metric 256
fe80::/64 dev wlan0 metric 256
anycast 2a01:e35:87xx:yyy1:: dev br-lan metric 0
anycast fe80:: dev eth0.2 metric 0
anycast fe80:: dev eth0 metric 0
anycast fe80:: dev br-lan metric 0
anycast fe80:: dev wlan1 metric 0
anycast fe80:: dev wlan0 metric 0
ff00::/8 dev eth0 metric 256
ff00::/8 dev eth0.2 metric 256
ff00::/8 dev br-lan metric 256
ff00::/8 dev wlan1 metric 256
ff00::/8 dev wlan0 metric 256
I changed also the ip6hint without success.
root@OpenWrt:~# ip -6 r
default from 2a01:e35:87xx:yyy0::c2b0:adbf via fe80::f6ca:e5ff:fe5a:694a dev eth0.2 metric 512
2a01:e35:87xx:yyy0::/64 dev eth0.2 metric 256
2a01:e35:87xx:yyy1::/64 dev br-lan metric 1024
unreachable 2a01:e35:87xx:yyy1::/64 dev lo metric 2147483647 error -148
fe80::/64 dev eth0 metric 256
fe80::/64 dev eth0.2 metric 256
fe80::/64 dev br-lan metric 256
fe80::/64 dev wlan1 metric 256
fe80::/64 dev wlan0 metric 256
anycast 2a01:e35:87xx:yyy1:: dev br-lan metric 0
anycast fe80:: dev eth0 metric 0
anycast fe80:: dev eth0.2 metric 0
anycast fe80:: dev br-lan metric 0
anycast fe80:: dev wlan1 metric 0
anycast fe80:: dev wlan0 metric 0
ff00::/8 dev eth0 metric 256
ff00::/8 dev eth0.2 metric 256
ff00::/8 dev br-lan metric 256
ff00::/8 dev wlan1 metric 256
ff00::/8 dev wlan0 metric 256
Can you tell me according to your analysis what is the problem? and expose the 3 possible solutions. Please suggest!
Method 2 seems to be working without issues. I restared the newtork and rebooted the router, in both cases the ipv6 connectivity is working. I did not test method 3 (scirpt fix) since method 2 is working (will come back here if I face new issue).
Thanks for your precious help, I will publish on my site the necessary information to get a working IPv6 configuration with Freebox (France ISP) and link to these discussions to whom it may concern.
Just to inform you that solution 2 worked definitely. But the clients do not have an IPv6 for the DNS servers. In the IPv6 settings of the LAN network I am referring to Google DNS servers as custom IPv6 DNS servers. Although, RA is in server mode and DHCv6 is disabled. Do you know why the clients are not receiving the DNS servers? Shoudn't this happen automatically? Or does this need to activate the DHCPv6 server forcibly?Or shall I put RA in relay mode?
Is it possible to get the link to your web page? Something must not be correct in my setting. All client PCs get an IPv6. But the ping6 and the IPV6 test fail.
thank you in advance
Hello,
Thank you for the link. Is it essential that the Freebox server is in bridge mode? I prefer to leave the Freebox as a router and put the Netgear WNDR3700 router in DMZ. This allows me to enjoy all the features of the Freebox.
ip -6 r
default from 2a01:e34:eexx:yyy0::/64 via fe80::6aa3:78ff:zzzz:zzz5 dev eth1 metric 512
2a01:e34:eexx:yyy0::/64 dev eth1 metric 256
2a01:e34:eexx:yyy1::/64 dev br-lan metric 1024
unreachable 2a01:e34:eexx:yyy1::/64 dev lo metric 2147483647 error -148
2000::/3 via fe80::6aa3:78ff:zzzz:zzz5 dev eth1 metric 1024
fdd7:dad8:e463::/64 dev br-lan metric 1024
unreachable fdd7:dad8:e463::/48 dev lo metric 2147483647 error -148
fe80::/64 dev eth0 metric 256
fe80::/64 dev br-lan metric 256
fe80::/64 dev eth1 metric 256
fe80::/64 dev br-fbx metric 256
fe80::/64 dev wlan1 metric 256
fe80::/64 dev wlan0 metric 256
unreachable default dev lo metric -1 error -128
ff00::/8 dev eth0 metric 256
ff00::/8 dev br-lan metric 256
ff00::/8 dev eth1 metric 256
ff00::/8 dev br-fbx metric 256
ff00::/8 dev wlan1 metric 256
ff00::/8 dev wlan0 metric 256
unreachable default dev lo metric -1 error -128
It should and it works for me on OpenWrt 18.06.1 with default DHCP-configuration.
Clients receive both DNS-server IPv4+IPv6-addresses which are LAN-interface IP-addresses.
In your case the cause could be related to this custom option: