prem2
March 23, 2026, 1:16am
1
hello
i spend few hours to try to put ipv6 on a openwrt router.
Problem : when ipv4 is up and works, ipv6 is not. Even if the modem provides a well working v6 prefix that work with others owrt fine.
here is the situation :
i dont know why, kind of strange
so both ipv4 and ipv6 can work, but not simultaneously.
I comment the lines in conf files to do my tests, as when both v4/v6 are uncommented, only v4 works.
notice that the "device wlan0" is always commented, doesnt affects v4 nor v6, even if both are enabled/disabled on that criteria.
here it is :
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd43:2c8e:db7d::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth0'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.37.1'
#config interface 'wwan'
#option device 'wlan0'
#option proto 'dhcp'
#option peerdns '1'
#config interface 'wan6'
config interface 'wwan'
option proto 'dhcpv6'
option reqaddress 'try'
option reqprefix 'auto'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
list network 'wwan'
list network 'wwan6'
#list network 'wwan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
thanks for your help
Why do they both have the same name commented?
Did you show your complete network config?
mk24
March 24, 2026, 5:36am
3
You need a wwan6 which is aliased to wwan.
config interface 'wwan'
option proto 'dhcp'
config interface 'wwan6'
option device '@wwan'
option proto 'dhcpv6'
Note that the base interface wwan has no Device listed. In /etc/config/wireless use option network 'wwan' in your sta device to make the connection. Don't reference wifi devices in /etc/config/network.
With a dual-stack upstream, this will result in both v4 and v6 addresses being applied directly on the kernel STA device, whatever it is actually named. ifstatus wwan6 will show any prefix that was received.
prem2
March 24, 2026, 2:19pm
4
it looks like this :
:~# cat /etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option channel '11'
option hwmode '11g'
option htmode 'HT20'
option path 'platform/ahb/18100000.wmac'
config wifi-iface
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid 'WIFIAP'
option encryption 'none'
config wifi-iface 'wwan'
option device 'radio0'
option network 'wwan'
option mode 'sta'
option encryption 'psk2'
option key 'wifikeyyyyy'
option ssid 'mywifi'
:~# cat /etc/config/network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd43:2c8e:db7d::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth0'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.37.1'
config interface 'wwan'
option proto 'dhcp'
option peerdns '1'
config interface 'wwan6'
option device '@wwan'
option proto 'dhcpv6'
option reqaddress 'try'
option reqprefix 'auto'
config device
option name 'eth0'
:~# cat /etc/config/firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
list network 'wlan0'
list network 'wwan'
list network 'wwan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option masq6 '1'
config forwarding
option src 'lan'
option dest 'wan'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
#1
config rule
option name 'Allow-DHCPv6-All-Sources' # New name for clarity
option src 'wan' # From WAN zone
option proto 'udp' # Use UDP protocol
option dest_port '546' # DHCPv6 port
option family 'ipv6' # For IPv6 only
option target 'ACCEPT' # Allow the traffic
#1
config include
option path '/etc/firewall.user'
config rule
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config rule
option src 'wan'
option src_ip '192.168.37.224'
option dest 'wan'
# option dest_port '500'
option proto 'all'
option target 'REJECT'
config rule
option src 'wan'
list dest_ip '192.168.37.196'
option dest 'wan'
# option dest_port '500'
option proto 'all'
option target 'REJECT'
config rule
option name 'Drop_outgoing_single_IP'
option family 'ipv4'
option proto 'all'
option src '*'
option dest '*'
option dest_ip '192.168.37.196'
option target 'DROP'
:~#
1 Like
prem2
March 24, 2026, 2:20pm
5
cause i tried to see if it had effects ; it doesnt.
I don't understand you response - given you didn't explain what effects you exptected. Since @mk24 already explained, I'll provide another example:
config interface 'wwan'
option device 'wan'
option proto 'dhcp'
config interface 'wwan6'
option proto 'dhcpv6'
option device '@wwan'
option reqaddress 'try'
option reqprefix 'auto'
option norelease '1'
prem2:
it looks like this :
Did it work ?
Not sure why you have duplicates.
(Also you have 2 rules to drop traffic to 192.168.37.196 - not sure why.)
mk24
March 24, 2026, 2:36pm
7
Take out wlan0. The wifi device is already covered since it is known to UCI as wwan and wwan6.
You probably don't want masq6 either, though that depends on the type of v6 service you can get from upstream.
prem2
March 25, 2026, 1:53am
8
lleachii:
Did it work?
unfortunately, no
Run ip addr show, ifstatus wwan and ifstatus wwan6 to see if addresses and prefixes have been pulled via DHCP.
ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel master br-lan state DOWN group default qlen 1000
link/ether 18:a6:f7:2d:63:2b brd ff:ff:ff:ff:ff:ff
7: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 18:a6:f7:2d:63:2b brd ff:ff:ff:ff:ff:ff
inet 192.168.37.1/24 brd 192.168.37.255 scope global br-lan
valid_lft forever preferred_lft forever
inet6 fd43:2c8e:db7d::1/60 scope global noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::1aa6:f7ff:fe2d:632b/64 scope link
valid_lft forever preferred_lft forever
8: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 18:a6:f7:2d:63:2a brd ff:ff:ff:ff:ff:ff
inet 192.168.1.22/24 brd 192.168.1.255 scope global wlan0
valid_lft forever preferred_lft forever
inet6 fe80::1aa6:f7ff:fe2d:632a/64 scope link
valid_lft forever preferred_lft forever
9: wlan0-1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP group default qlen 1000
link/ether 1a:a6:f7:2d:63:2a brd ff:ff:ff:ff:ff:ff
inet6 fe80::18a6:f7ff:fe2d:632a/64 scope link
valid_lft forever preferred_lft forever
ifstatus wwan6
{
"up": false,
"pending": false,
"available": false,
"autostart": true,
"dynamic": false,
"proto": "dhcpv6",
"data": {
},
"errors": [
{
"subsystem": "interface",
"code": "NO_DEVICE"
}
]
}
Not sure why you have duplicates.
i think it was due to previous tests months ago.
I noticed that this one is added by default when device set up in ap+sta mode
prem2
March 27, 2026, 12:04pm
12
I admit, here, Im a bit.. lost.
Did I made something wrong?
egc
March 27, 2026, 12:37pm
13
Your lan interface typically is not a bridge type.
I do see a br-lan in ip addr show are you not showing the whole /etc/config/network ?
1 Like
mk24
March 27, 2026, 12:40pm
14
More specifically, option type bridge within a config interface block has been deprecated since about version 21. Bridges are now declared separately with a config device block.
1 Like
prem2
March 27, 2026, 3:14pm
15
[quote="egc, post:13, topic:248117"]br-lan in ip addr show are you not showing the whole /etc/config/network ?
Currently, it looks exactly like this one :
it's old device, old owrt release, this device can't get more recent one. I prefer keep it with both ipv4/6 but up to there, i quite need help to have both on that device
thank you in advance for help
prem2
March 27, 2026, 3:20pm
17
egc:
ubus call system board
ubus call system board
{
"kernel": "4.14.275",
"hostname": "TLWA901NDV4",
"system": "Qualcomm Atheros TP9343 rev 0",
"model": "TP-Link TL-WA901ND v4",
"board_name": "tplink,tl-wa901nd-v4",
"release": {
"distribution": "OpenWrt",
"version": "19.07.10",
"revision": "r11427-9ce6aa9d8d",
"target": "ath79/tiny",
"description": "OpenWrt 19.07.10 r11427-9ce6aa9d8d"
}
}
egc
March 27, 2026, 3:23pm
18
That predates the war cannot help you with that
I hope it is not connected to an untrusted network otherwise you run a huge security risk.
2 Likes
I cannot recall if IPv6 implementation was fully completed in version 19. Even if someone did recall, network syntax has significantly changed since then.
prem2:
"target": "ath79/tiny",
Interesting. You may want to test with a device that can use a more current version of OpenWrt.
2 Likes
mk24
March 27, 2026, 5:38pm
20
OpenWrt overall v6 support features have been much improved since then.
Versions that old are no longer safe to connect directly to the Internet.
2 Likes
prem2
March 28, 2026, 2:58pm
21
why openwrt 21+ can handle both ipv4/6, and not older releases?
it's under trash proton account just to do some tests. Keys are now depricated.
i'd like to get v4/v6 both on that specific device
does it means that before 21th, they werent up to use both v4/v6 on the same device?
it's an ap+sta, you guess well it's not directly connected to the internet, there is another router/fw whom the owrt connects to.
My implication was that your device has an old version of OpenWrt. I apologize of that hasn't been made clear by myself (and others).
You may have to troubleshoot with little assistance, trying to review historical Wiki entries, etc. It's common practice in this forum to discourage use of older (unsupported, EoL) versions.
I believe you misunderstood the concern. Just because it's not the demarcation device, doesn't mean it doesn't have access to the Internet. But a (up to date) firewall is a good start.
1 Like
