I don't know exactly when it stopped working. I did change internet providers recently and it may have been related. However,

• I can DNS and ping via IPv6 from my computer if I am connected directly to the modem.
• I can DNS and ping via IPv6 from the router interface.
• I cannot DNS or ping via IPv6 from my computer through the router (OpenWrt)

ping -6 google.com
Ping request could not find host google.com. Please check the name and try again.

ping 2607:f8b0:4005:814::200e

Pinging 2607:f8b0:4005:814::200e with 32 bytes of data:
PING: transmit failed. General failure.
PING: transmit failed. General failure.
PING: transmit failed. General failure.
PING: transmit failed. General failure.

Ping statistics for 2607:f8b0:4005:814::200e:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss)

Any assistance is much appreciated. Here are my network settings:

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd9e:a0b4:b810::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option ipaddr '10.10.1.1'
        option delegate '0'
        list ip6class 'local'

config interface 'wan'
        option device 'wan'
        option proto 'dhcp'
        option peerdns '0'

config interface 'wan6'
        option device 'wan'
        option proto 'dhcpv6'
        option reqaddress 'try'
        option reqprefix 'auto'
        option peerdns '0'

Here are my dhcp settings:

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'kkhome'
        option expandhosts '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option localservice '1'
        option ednspacket_max '1232'
        option noresolv '1'
        option confdir '/tmp/dnsmasq.d'
        option authoritative '1'
        option localuse '1'
        option cachesize '0'
        list server '192.168.12.1'
        list interface 'lan'
        list notinterface 'wan'
        list notinterface 'wan6'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'
        option strictorder '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

Here are my firewall settings:

config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        list network 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'

config zone
        option name 'wan'
        list network 'wan'
        list network 'wan6'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'
        option enabled '0'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config rule
        option name 'Support-UDP-Traceroute'
        option src 'wan'
        option dest_port '33434:33689'
        option proto 'udp'
        option family 'ipv4'
        option target 'REJECT'
        option enabled '0'

config include
        option path '/etc/firewall.user'

config redirect
        option dest 'lan'
        option target 'DNAT'
        option name 'Divert-DNS, port 53'
        option src 'wan'
        option src_dport '53'
        option dest_port '53'

config rule
        option name 'Reject-DoT,port 853'
        list proto 'tcp'
        option src 'lan'
        option dest 'wan'
        option dest_port '853'
        option target 'REJECT'

config redirect
        option dest 'lan'
        option target 'DNAT'
        option name 'Divert-DNS, port 5353'
        option src 'lan'
        option src_dport '5353'
        option dest_port '53'

To verify, I just updated to the latest nightly build:

|Version|23.05.4 r24012-d8dd03c46f|
|---|---|
|SHA256|6cb95e3a1dd3001c6b9edefec727c12608ce35d1e81dff103dab89826e89327e|
|Profile|linksys_e8450-ubi|
|Target|mediatek/mt7622|
|Build Date|2024-07-15T22:14:18.000000Z|
|Filename|openwrt-23.05.4-06f683be89ef-mediatek-mt7622-linksys_e8450-ubi-squashfs-sysupgrade.itb|
|Filesystem|squashfs|

You have opted not to use the peer advertised DNS (option 0), but haven't specified what DNS servers you would like instead?

Instead, your configuration should look somewhat like this:

config interface 'wan6'
	option device '@wan'
	option proto 'dhcpv6'
	option reqaddress 'try'
	option reqprefix 'auto'
	option peerdns '0'
	list dns '2620:fe::fe'
	list dns '2620:fe::9'

Where the appended in list dns options you specifiy your preferred IPv6 DNS server in IPv6 address format.

Remove the last two options : option delegate '0' , list ip6class 'local'

Maybe I overlooked but the following firewall rule seems missing, you might need to add it:

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

Reboot and test again

The problem may be in Windows. There is some CLI command to reset the networking in case of "General Failure." I don't use Windows much but a friend recently experienced that.

Or try a different LAN endpoint device. Check the network status of the LAN device to be sure it received proper configuration from the router.

There are commands, run as an administrator, to nuke all networks settings if that is what you mean?
netsh winsock reset, netsh int ip reset, netsh advfirewall reset, ipconfig / flushdns, ipconfig / release, ipconfig / renew.
Reboot.

But nuke they will.

I want to thank you for the feed back. I have made the changes suggested but still not working.

I can ping the router's IPv6 address:

Pinging fd9e:a0b4:b810::1 with 32 bytes of data:
Reply from fd9e:a0b4:b810::1: time<1ms
Reply from fd9e:a0b4:b810::1: time<1ms
Reply from fd9e:a0b4:b810::1: time<1ms
Reply from fd9e:a0b4:b810::1: time<1ms

But I can not ping my modem's IPv6 address:

Pinging fe80::1aa5:ffff:fe39:ad4 with 32 bytes of data:
Destination host unreachable.
Destination host unreachable.
Destination host unreachable.
Destination host unreachable.

Or Google's DNS:

Pinging 2001:4860:4860::8844 with 32 bytes of data:
PING: transmit failed. General failure.
PING: transmit failed. General failure.
PING: transmit failed. General failure.
PING: transmit failed. General failure.

Here is the updated network config:

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd9e:a0b4:b810::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option ipaddr '10.10.1.1'

config interface 'wan'
        option device 'wan'
        option proto 'dhcp'
        option peerdns '0'

config interface 'wan6'
        option device '@wan'
        option proto 'dhcpv6'
        option reqaddress 'try'
        option reqprefix 'auto'
        option peerdns '0'
        list dns '2001:4860:4860::8888'
        list dns '2001:4860:4860::8844'

Updated firewall:

config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        list network 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'

config zone
        option name 'wan'
        list network 'wan'
        list network 'wan6'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'
        option enabled '0'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config rule
        option name 'Support-UDP-Traceroute'
        option src 'wan'
        option dest_port '33434:33689'
        option proto 'udp'
        option family 'ipv4'
        option target 'REJECT'
        option enabled '0'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config include
        option path '/etc/firewall.user'

config redirect
        option dest 'lan'
        option target 'DNAT'
        option name 'Divert-DNS, port 53'
        option src 'wan'
        option src_dport '53'
        option dest_port '53'

config rule
        option name 'Reject-DoT,port 853'
        list proto 'tcp'
        option src 'lan'
        option dest 'wan'
        option dest_port '853'
        option target 'REJECT'

config redirect
        option dest 'lan'
        option target 'DNAT'
        option name 'Divert-DNS, port 5353'
        option src 'lan'
        option src_dport '5353'
        option dest_port '53'

I can replicate these on both my desktop and laptop. Since I can ping the router, I doubt it is a Windows issue. However, it is possible a default route issue.

Here is my Windows route table:

route print -6

Interface List
6...d4 5d 64 50 d2 61 ......Realtek PCIe GbE Family Controller #2
1...........................Software Loopback Interface 1

IPv6 Route Table

Active Routes:
If Metric Network Destination Gateway
1 331 ::1/128 On-link
6 281 fd9e:a0b4:b810::/48 fe80::ea9f:80ff:fedf:50ea
6 281 fd9e:a0b4:b810::/64 On-link
6 281 fd9e:a0b4:b810::101/128 On-link
6 281 fd9e:a0b4:b810:0:54a3:1d73:6f19:eac8/128
On-link
6 281 fd9e:a0b4:b810:0:b0f0:996b:3480:4cf7/128
On-link
6 281 fe80::/64 On-link
6 281 fe80::c990:833f:e9f9:b1d/128
On-link
1 331 ff00::/8 On-link
6 281 ff00::/8 On-link

Persistent Routes:
None

Here is my Ipconfig

ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : DESKTOP
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home

Ethernet adapter Ethernet 2:

Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Realtek PCIe GbE Family Controller #2
Physical Address. . . . . . . . . : D4-5D-64-50-XX-XX
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : fd9e:a0b4:b810::101(Preferred)
Lease Obtained. . . . . . . . . . : Monday, January 20, 2025 5:04:50 PM
Lease Expires . . . . . . . . . . : Tuesday, January 21, 2025 5:04:49 AM
IPv6 Address. . . . . . . . . . . : fd9e:a0b4:b810:0:b0f0:996b:3480:4cf7(Preferred)
Temporary IPv6 Address. . . . . . : fd9e:a0b4:b810:0:54a3:1d73:6f19:eac8(Preferred)
Link-local IPv6 Address . . . . . : fe80::c990:833f:e9f9:b1d%6(Preferred)
IPv4 Address. . . . . . . . . . . : 10.10.1.101(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, January 20, 2025 5:33:06 PM
Lease Expires . . . . . . . . . . : Tuesday, January 21, 2025 5:33:05 AM
Default Gateway . . . . . . . . . : 10.10.1.1
DHCP Server . . . . . . . . . . . : 10.10.1.1
DHCPv6 IAID . . . . . . . . . . . : 349461860
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-2B-41-4E-8C-D4-5D-64-50-D2-61
DNS Servers . . . . . . . . . . . : fd9e:a0b4:b810::1
10.10.1.1
fd9e:a0b4:b810::1
NetBIOS over Tcpip. . . . . . . . : Enabled

Thank you

There is no GUA address (starts with 2 or 3) on the Windows machine. It will not try to reach the v6 Internet without it.

You can remove the ULA Prefix (starts with fd) from Openwrt. There is no need for ULAs in this use case and they are just causing clutter.

Does the LAN on OpenWrt have a GUA?

I am not able to find anything with a GUA. I must admit I am more apt to IPv4, a little help would be appreciative on the IPv6 side.

Run ifstatus lan on OpenWrt and confirm a GUA is present. It should then be advertised to lan clients by RA and DHCPv6.

I removed the ULA and here is the ifstatus

ifstatus lan
{
"up": true,
"pending": false,
"available": true,
"autostart": true,
"dynamic": false,
"uptime": 103,
"l3_device": "br-lan",
"proto": "static",
"device": "br-lan",
"updated": [
"addresses"
],
"metric": 0,
"dns_metric": 0,
"delegation": true,
"ipv4-address": [
{
"address": "10.10.1.1",
"mask": 24
}
],
"ipv6-address": [

    ],
    "ipv6-prefix": [

    ],
    "ipv6-prefix-assignment": [

    ],
    "route": [

    ],
    "dns-server": [

    ],
    "dns-search": [

    ],
    "neighbors": [

    ],
    "inactive": {
            "ipv4-address": [

            ],
            "ipv6-address": [

            ],
            "route": [

            ],
            "dns-server": [

            ],
            "dns-search": [

            ],
            "neighbors": [

            ]
    },
    "data": {

    }

}

I contacted the NEW ISP and they do not support Ipv6/64 (including 48 or 56) addresses for devices behind a router. They assign a 128-bit IPv6 to the devices directly and it changes every time for security reasons. I will have to have an internal IPv6 network and route it to the assigned WAN address.

This explains why it used to work and now it doesn't. Does anyone have any suggestions?

It appears I was able to resolve it as I am now able to DNS and Ping IPv6.

ping -6 google.com

Pinging google.com [2607:f8b0:4005:802::200e] with 32 bytes of data:
Reply from 2607:f8b0:4005:802::200e: time=26ms
Reply from 2607:f8b0:4005:802::200e: time=23ms
Reply from 2607:f8b0:4005:802::200e: time=25ms
Reply from 2607:f8b0:4005:802::200e: time=27ms

Network Config:

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'dd9e:a0b4:b810::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option ipaddr '10.10.1.1'

config interface 'wan'
        option device 'wan'
        option proto 'dhcp'
        option peerdns '0'

config interface 'wan6'
        option device 'wan'
        option proto 'dhcpv6'
        option reqaddress 'try'
        option reqprefix 'no'
        option peerdns '0'
        option sourcefilter '0'

DHCP Config:

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'kkhome'
        option expandhosts '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option localservice '1'
        option ednspacket_max '1232'
        option noresolv '1'
        option confdir '/tmp/dnsmasq.d'
        option authoritative '1'
        option localuse '1'
        option cachesize '0'
        list server '192.168.12.1'
        list interface 'lan'
        list notinterface 'wan'
        list notinterface 'wan6'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        option ra_default '1'
        list ra_flags 'other-config'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'
        option strictorder '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '3'

Firewall Config:

config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        list network 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'

config zone
        option name 'wan'
        list network 'wan'
        list network 'wan6'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        option masq6 '1'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'
        option enabled '0'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config rule
        option name 'Support-UDP-Traceroute'
        option src 'wan'
        option dest_port '33434:33689'
        option proto 'udp'
        option family 'ipv4'
        option target 'REJECT'
        option enabled '0'

config include
        option path '/etc/firewall.user'

config redirect
        option dest 'lan'
        option target 'DNAT'
        option name 'Divert-DNS, port 53'
        option src 'wan'
        option src_dport '53'
        option dest_port '53'

config rule
        option name 'Reject-DoT,port 853'
        list proto 'tcp'
        option src 'lan'
        option dest 'wan'
        option dest_port '853'
        option target 'REJECT'

config redirect
        option dest 'lan'
        option target 'DNAT'
        option name 'Divert-DNS, port 5353'
        option src 'lan'
        option src_dport '5353'
        option dest_port '53'

I might need to clean it up a bit, but at least it is now working.

Thank you everyone for your help!

This latest config doesn't even ask the ISP for a prefix so of course you don't have one. Also several wrong things have crept in. Suggest resetting to default config then run ifstatus wan6 to see exactly what the ISP is providing.

Sometimes you have to change reqprefix from auto to a specific number like 48, 56 or 60 to get the ISP to issue a prefix.

I turned the prefix req off since the ISP stated they don't offer/provide it. They said I can request one through the business side but not worth it at this time.