I've been having issues setting up IPv6 on my RPi-4 running OpenWrt 23.05.0. I've been trying to get dual stack mode to work for a while now, but unfortunately unsuccessfully.
I know there have been a lot of posts about IPv6, and I went through as many as I can trying all the advice, but with no luck.
Setup
- RPi-4 running
23.05.0
(but wasn't working on previous versions either) - RPi-4 is configured as router on a stick
- Fiber cable/wan is connected straight to my switch and available via eth0.10
- Most lan clients are connected via separate AP
- wan6 interface is getting
/56
IPv6 PD, but no "IA_NA"- ISP does not offer
IA_NA
- ISP does not offer
Prefix delegation seems to be working and LAN clients are getting 2001:*
addresses, but none of my clients are able to ping IPv6 addresses.
Successful ping6 from router
Unsuccessful ping6 from macos lan client (just freezes)
Unsuccessful ping6 from linux lan client
wan6 is getting /56 PD
lan is getting /60 assignment
/etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fddd::/48'
option packet_steering 'true'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '10.0.0.1'
option netmask '255.255.248.0'
option ip6assign '60'
option peerdns '0'
config interface 'guest'
option device 'eth0.2'
option proto 'static'
option ip6assign '60'
option ipaddr '10.0.20.1'
option netmask '255.255.255.0'
option peerdns '0'
config interface 'isolated'
option device 'eth0.4'
option proto 'static'
option ip6assign '60'
option ipaddr '10.0.50.1'
option netmask '255.255.255.0'
option peerdns '0'
config interface 'wan'
option device 'eth0.10'
option proto 'dhcp'
option metric '10'
option peerdns '0'
list dns '127.0.0.1'
config interface 'wan6'
option device 'eth0.10'
option proto 'dhcpv6'
option metric '10'
option peerdns '0'
list dns '127.0.0.1'
# And a bunch of other unrelated interfaces for wireguard/openvpn/tor/tethering/etc, but should be unrelated
/etc/config/dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option cachesize '1000'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option localservice '1'
option ednspacket_max '1232'
list server '/mask.icloud.com/'
list server '/mask-h2.icloud.com/'
list server '/use-application-dns.net/'
list server '127.0.0.1#5053'
list notinterface 'eth0.3'
list notinterface 'tor'
option confdir '/tmp/dnsmasq.d'
option doh_backup_noresolv '-1'
option noresolv '1'
list doh_backup_server '/mask.icloud.com/'
list doh_backup_server '/mask-h2.icloud.com/'
list doh_backup_server '/use-application-dns.net/'
list doh_backup_server '127.0.0.1#5053'
list doh_server '127.0.0.1#5053'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '2h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
option ra_slaac '1'
list ra_flags 'managed-config'
list ra_flags 'other-config'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'guest'
option interface 'guest'
option start '100'
option limit '150'
option leasetime '2h'
config dhcp 'isolated'
option interface 'isolated'
option start '100'
option limit '150'
option leasetime '2h'
# Config for tor
config dnsmasq
option boguspriv '0'
option rebind_protection '0'
option noresolv '1'
list server '127.0.0.1#9053'
list server '::1#9053'
option localservice '0'
list interface 'eth0.3'
list interface 'tor'
config dhcp 'tor'
option interface 'tor'
option start '100'
option limit '150'
option leasetime '2h'
/etc/config/firewall
config defaults
option syn_flood '1'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
list network 'lan'
list network 'wg'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
list network 'wan'
list network 'wan6'
list network 'tethering'
list network 'qmi'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config zone
option name 'guest'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'guest'
config zone
option name 'isolated'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'isolated'
config forwarding
option src 'guest'
option dest 'wan'
config forwarding
option src 'isolated'
option dest 'wan'
config zone
option name 'tor'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'tor'
config zone
option name 'openvpn'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option device 'tun+'
list network 'tun0'
list network 'tun1'
list network 'tun2'
list network 'tun3'
list network 'tun4'
list network 'tun5'
list network 'tun6'
list network 'tun7'
list network 'tun8'
config forwarding
option src 'lan'
option dest 'openvpn'
config rule
option name 'Allow-WireGuard'
option src 'wan'
option dest_port '51820'
option proto 'udp'
option target 'ACCEPT'
config zone
option name 'wireguard'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option device 'tun+'
list network 'vpn_van'
config forwarding
option src 'lan'
option dest 'wireguard'
ifstatus wan6
{
"up": true,
"pending": false,
"available": true,
"autostart": true,
"dynamic": false,
"uptime": 50526,
"l3_device": "eth0.10",
"proto": "dhcpv6",
"device": "eth0.10",
"updated": [
"prefixes"
],
"metric": 10,
"dns_metric": 0,
"delegation": true,
"ipv4-address": [
],
"ipv6-address": [
],
"ipv6-prefix": [
{
"address": "2001:569:*:*::",
"mask": 56,
"preferred": 14289,
"valid": 14589,
"class": "wan6",
"assigned": {
"guest": {
"address": "2001:569:*:*::",
"mask": 60
},
"isolated": {
"address": "2001:569:*:*::",
"mask": 60
},
"lan": {
"address": "2001:569:*:*::",
"mask": 60
},
"tor": {
"address": "2001:569:*:*::",
"mask": 60
}
}
}
],
"ipv6-prefix-assignment": [
],
"route": [
{
"target": "::",
"mask": 0,
"nexthop": "fe80::2621:*:623f",
"metric": 512,
"valid": 3667,
"source": "2001:569:*::/56"
}
],
"dns-server": [
"127.0.0.1"
],
"dns-search": [
],
"neighbors": [
],
"inactive": {
"ipv4-address": [
],
"ipv6-address": [
],
"route": [
],
"dns-server": [
"2001:568:*::68",
"2001:568:*::124"
],
"dns-search": [
],
"neighbors": [
]
},
"data": {
"passthru": "00170020200*"
}
ip -6 route on router
default from 2001:569:*:*::/56 via fe80::2621:24ff:*:* dev eth0.10 proto static metric 512 pref medium
2001:569:7e91:*::/64 dev eth0.2 proto static metric 1024 pref medium
2001:569:7e91:*::/64 dev eth0.4 proto static metric 1024 pref medium
2001:569:7e91:*::/64 dev br-lan proto static metric 1024 pref medium
2001:569:7e91:*::/62 via fe80::106d:a3e:48a6:* dev br-lan proto static metric 1024 pref medium
2001:569:7e91:*::/64 dev eth0.3 proto static metric 1024 pref medium
unreachable 2001:569:7e91:*::/56 dev lo proto static metric 2147483647 pref medium
fddd::/64 dev eth0.2 proto static metric 1024 pref medium
fddd:0:0:10::/64 dev eth0.4 proto static metric 1024 pref medium
fddd:0:0:20::/64 dev br-lan proto static metric 1024 pref medium
fddd:0:0:24::/62 via fe80::106d:a3e:48a6:f95a dev br-lan proto static metric 1024 pref medium
fddd:0:0:30::/64 dev eth0.3 proto static metric 1024 pref medium
unreachable fddd::/48 dev lo proto static metric 2147483647 pref medium
fdf1:e8a1:8d3f:9::/64 dev wg proto kernel metric 256 pref medium
fe80::/64 dev br-lan proto kernel metric 256 pref medium
fe80::/64 dev eth0.2 proto kernel metric 256 pref medium
fe80::/64 dev eth0.4 proto kernel metric 256 pref medium
fe80::/64 dev eth0.3 proto kernel metric 256 pref medium
fe80::/64 dev eth0.10 proto kernel metric 256 pref medium
fe80::/64 dev ifb4br-lan proto kernel metric 256 pref medium
ip -6 route on lan client
::1 dev lo proto kernel metric 256 pref medium
2001:569:7e91:*::* dev eth0 proto kernel metric 256 pref medium
2001:569:7e91:*::/64 dev eth0 proto kernel metric 256 expires 14139sec pref medium
fd25:1028:6f4:*::/64 dev eth0 proto kernel metric 256 expires 1742sec pref medium
fddd:0:0:20::100 dev eth0 proto kernel metric 256 pref medium
fddd:0:0:20::/64 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
default via fe80::dea6:32ff:fee2:4ec6 dev eth0 proto ra metric 1024 expires 1667sec hoplimit 64 pref medium
It feels like there is no default route set for clients... But I'm unsure how I can debug this
I have also tried to set this up with a fresh clean slate of 23.05.0
and no additional packages/networks/etc, but no luck
I remember it had worked in the past, but it suddenly stopped working and at this point I have spent days on this..
I'm almost questioning if it's something with the ISP implementation of IPv6, but I have seen articles from people getting it to work on pfSense with the same ISP.
So I'm at a loss! Any advice/input would be greatly appreciated!