IPv6 on VLANs not work

Hi guys. I'm learning and deepening my knowledge in IPv6 and I would like to put it in my VLANS. My ISP offers me this IP range. Can I do this?


Your ISP is pretty lame and offers you only a /64 prefix which is good enough to use on only one interface, e.g lan. With the default lan configuration you'll be able to use this prefix on lan. However it is not visible from the screenshots if it works. Better login with ssh and copy paste the following, then copy paste the output here.

Please run the following commands (copy-paste the whole block) and paste the output here, using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have

ubus call system board; \
uci export network; \
uci export dhcp; uci export firewall; \
ip -6 addr ; ip -6 ro li tab all ; ip -6 ru
1 Like

You cannot tell from the image whether their ISP only assigns a /64. Here, my system also shows IPv6-PD: XXXX::/64, however, I actually have a /56.

If you think there is a bug, you may open a ticket.
Apart from that it is not the first time to see an ISP allocating a /64 as delegated prefix.

1I have an IP address on LAN

{
        "kernel": "5.10.176",
        "hostname": "DIR-878",
        "system": "MediaTek MT7621 ver:1 eco:3",
        "model": "D-Link DIR-878 A1",
        "board_name": "dlink,dir-878-a1",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "22.03.5",
                "revision": "r20134-5f15225c1e",
                "target": "ramips/mt7621",
                "description": "OpenWrt 22.03.5 r20134-5f15225c1e"
        }
}
package network
config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'
config globals 'globals'
        option packet_steering '1'
config device
        option name 'br-lan'
        option type 'bridge'
        option igmp_snooping '1'
        option mtu '1500'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option netmask '255.255.255.0'
        option ipaddr '10.4.4.1'
        option ip6assign '64'
config device
        option type 'bridge'
        option name 'br-vlan'
        list ports 'lan4'
        option igmp_snooping '1'
config bridge-vlan
        option device 'br-vlan'
        option vlan '10'
        list ports 'lan4'
config interface 'vlan10'
        option proto 'static'
        option device 'br-vlan.10'
        option ipaddr '10.5.5.1'
        option netmask '255.255.255.0'
config interface 'vpn'
        option proto 'static'
        option netmask '255.255.255.0'
        option type 'bridge'
        option device 'br-vlan.30'
        option ipaddr '10.30.30.1'
config rule
        option in 'vpn'
        option lookup 'wireguard'
        option priority '32765'
        option dest '0.0.0.0/0'
config interface 'wan'
        option proto 'pppoe'
        option device 'wan.120'
        option username '@vinicius.ribeiro'
        option password '1234'
        option ipv6 'auto'
config interface 'wg0'
        option proto 'wireguard'
        list addresses '10.2.0.2/32'
        option private_key 'XXXX'
config wireguard_wg0
        option description 'US-FREE#840005'
        list allowed_ips '0.0.0.0/0'
        option endpoint_host '217.138.206.82'
        option endpoint_port '51820'
        option persistent_keepalive '25'
        option public_key 'xxxxxx'
config route
        option interface 'wg0'
        option target '0.0.0.0/0'
        option table 'wireguard'
config bridge-vlan
        option device 'br-vlan'
        option vlan '20'
config bridge-vlan
        option device 'br-vlan'
        option vlan '30'
package dhcp
config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option ednspacket_max '1232'
        option quietdhcp '1'
        option filterwin2k '1'
        option nonegcache '1'
        option localservice '1'
        list notinterface 'wan.120'
        option rebind_protection '1'
        option cachesize '10000'
config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'
config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'
config dhcp 'vlan10'
        option interface 'vlan10'
        option start '100'
        option limit '150'
        option leasetime '12h'
        list dhcp_option '6,177.126.113.113,177.126.126.126,1.1.1.1'
config dhcp 'vpn'
        option interface 'vpn'
        option start '100'
        option limit '150'
        option leasetime '12h'
        list dhcp_option '6,10.30.30.1'
config domain
        option name 'router.lan'
        option ip '10.4.4.1'
package firewall
config defaults
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option synflood_protect '1'
config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        list network 'lan'
config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        list network 'wan'
config forwarding
        option src 'lan'
        option dest 'wan'
config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'
config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'
config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'
config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'
config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'
config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'
config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'
config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'
config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'
config zone
        option output 'ACCEPT'
        option forward 'REJECT'
        option input 'REJECT'
        option name 'vlan'
        list network 'vlan10'
config forwarding
        option dest 'wan'
        option src 'vlan'
config rule
        list proto 'udp'
        option dest_port '67'
        option target 'ACCEPT'
        option src 'vlan'
        option name 'Allow-DHCP-vlan'
config rule
        option dest_port '53'
        option target 'ACCEPT'
        option src 'vlan'
        option name 'Allow-DNS-vlan'
config zone
        option name 'guest'
        option output 'ACCEPT'
        option forward 'REJECT'
        option input 'REJECT'
config forwarding
        option src 'guest'
        option dest 'wan'
config rule
        option name 'Allow-DHCP-guest'
        list proto 'udp'
        option src 'guest'
        option dest_port '67'
        option target 'ACCEPT'
config rule
        option name 'Allow-DNS-guest'
        option src 'guest'
        option dest_port '53'
        option target 'ACCEPT'
config rule
        option name 'Deny-All-Ports-guest'
        list proto 'all'
        option src 'guest'
        option target 'REJECT'
config zone
        option name 'vpn'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        list network 'vpn'
config zone
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        option input 'REJECT'
        option name 'wg'
        list network 'wg0'
config rule
        option name 'Allow-DHCP-vpn'
        list proto 'udp'
        option src 'vpn'
        option dest_port '67'
        option target 'ACCEPT'
config rule
        option name 'Allow-DNS-vpn'
        option src 'vpn'
        option dest_port '53'
        option target 'ACCEPT'
config rule
        option name 'Deny-All-Ports-vpn'
        list proto 'all'
        option src 'vpn'
        option target 'REJECT'
config rule
        option dest 'vlan'
        option src 'lan'
        option name 'Remote-Access-LAN-to-VLAN'
        option target 'ACCEPT'
config forwarding
        option src 'vpn'
        option dest 'wg'
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1504
state UP qlen 1000
    inet6 fe80::f68c:ebff:feb7:def0/64 scope link
       valid_lft forever preferred_lft forever
7: wan@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fe80::f68c:ebff:feb7:def3/64 scope link
       valid_lft forever preferred_lft forever
15: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 2804:c84:23:822b::1/64 scope global dynamic noprefixroute
       valid_lft 237181sec preferred_lft 211261sec
    inet6 fe80::f68c:ebff:feb7:def0/64 scope link
       valid_lft forever preferred_lft forever
16: br-vlan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fe80::f68c:ebff:feb7:def0/64 scope link
       valid_lft forever preferred_lft forever
17: br-vlan.10@br-vlan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fe80::f68c:ebff:feb7:def0/64 scope link
       valid_lft forever preferred_lft forever
18: br-vlan.30@br-vlan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fe80::f68c:ebff:feb7:def0/64 scope link
       valid_lft forever preferred_lft forever
19: wan.120@wan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fe80::f68c:ebff:feb7:def3/64 scope link
       valid_lft forever preferred_lft forever
21: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fe80::f68c:ebff:feb7:def2/64 scope link
       valid_lft forever preferred_lft forever
22: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fe80::f68c:ebff:feb7:def1/64 scope link
       valid_lft forever preferred_lft forever
23: pppoe-wan: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 state UNKNOWN qlen 3
    inet6 2804:c84:23:7c2:485c:d4de:47f2:85df/64 scope global dynamic noprefixroute
       valid_lft 2591989sec preferred_lft 604789sec
    inet6 fe80::485c:d4de:47f2:85df/128 scope link
       valid_lft forever preferred_lft forever
25: wlan0-1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fe80::f48c:ebff:feb7:def1/64 scope link
       valid_lft forever preferred_lft forever
26: wlan0-2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fe80::f08c:ebff:feb7:def1/64 scope link
       valid_lft forever preferred_lft forever
default from 2804:c84:23:7c2::/64 via fe80::f6:7381
dev pppoe-wan  metric 512
default from 2804:c84:23:822b::/64 via fe80::f6:7381 dev pppoe-wan  metric 512
unreachable 2804:c84:23:7c2::/64 dev lo  metric 2147483647
2804:c84:23:822b::/64 dev br-lan  metric 1024
unreachable 2804:c84:23:822b::/64 dev lo  metric 2147483647
fe80::f6:7381 dev pppoe-wan  metric 256
fe80::485c:d4de:47f2:85df dev pppoe-wan  metric 256
fe80::/64 dev eth0  metric 256
fe80::/64 dev br-vlan  metric 256
fe80::/64 dev br-vlan.10  metric 256
fe80::/64 dev br-vlan.30  metric 256
fe80::/64 dev wan  metric 256
fe80::/64 dev wan.120  metric 256
fe80::/64 dev wlan0  metric 256
fe80::/64 dev br-lan  metric 256
fe80::/64 dev wlan0-1  metric 256
fe80::/64 dev wlan0-2  metric 256
fe80::/64 dev wlan1  metric 256
local ::1 dev lo table local  metric 0
anycast 2804:c84:23:7c2:: dev pppoe-wan table local
 metric 0
local 2804:c84:23:7c2:485c:d4de:47f2:85df dev pppoe-wan table local  metric 0
anycast 2804:c84:23:822b:: dev br-lan table local  metric 0
local 2804:c84:23:822b::1 dev br-lan table local  metric 0
anycast fe80:: dev eth0 table local  metric 0
anycast fe80:: dev br-vlan.10 table local  metric 0
anycast fe80:: dev br-vlan.30 table local  metric 0
anycast fe80:: dev br-vlan table local  metric 0
anycast fe80:: dev wan table local  metric 0
anycast fe80:: dev wan.120 table local  metric 0
anycast fe80:: dev wlan0 table local  metric 0
anycast fe80:: dev br-lan table local  metric 0
anycast fe80:: dev wlan0-1 table local  metric 0
anycast fe80:: dev wlan0-2 table local  metric 0
anycast fe80:: dev wlan1 table local  metric 0
local fe80::485c:d4de:47f2:85df dev pppoe-wan table
local  metric 0
local fe80::f08c:ebff:feb7:def1 dev wlan0-2 table local  metric 0
local fe80::f48c:ebff:feb7:def1 dev wlan0-1 table local  metric 0
local fe80::f68c:ebff:feb7:def0 dev eth0 table local  metric 0
local fe80::f68c:ebff:feb7:def0 dev br-vlan.10 table local  metric 0
local fe80::f68c:ebff:feb7:def0 dev br-vlan.30 table local  metric 0
local fe80::f68c:ebff:feb7:def0 dev br-vlan table local  metric 0
local fe80::f68c:ebff:feb7:def0 dev br-lan table local  metric 0
local fe80::f68c:ebff:feb7:def1 dev wlan0 table local  metric 0
local fe80::f68c:ebff:feb7:def2 dev wlan1 table local  metric 0
local fe80::f68c:ebff:feb7:def3 dev wan table local
 metric 0
local fe80::f68c:ebff:feb7:def3 dev wan.120 table local  metric 0
multicast ff00::/8 dev eth0 table local  metric 256
multicast ff00::/8 dev br-vlan table local  metric 256
multicast ff00::/8 dev br-vlan.10 table local  metric 256
multicast ff00::/8 dev br-vlan.30 table local  metric 256
multicast ff00::/8 dev wan table local  metric 256
multicast ff00::/8 dev wan.120 table local  metric 256
multicast ff00::/8 dev pppoe-wan table local  metric 256
multicast ff00::/8 dev wg0 table local  metric 256
multicast ff00::/8 dev wlan0 table local  metric 256
multicast ff00::/8 dev br-lan table local  metric 256
multicast ff00::/8 dev wlan0-1 table local  metric 256
multicast ff00::/8 dev wlan0-2 table local  metric 256
multicast ff00::/8 dev wlan1 table local  metric 256
BusyBox v1.35.0 (2023-04-27 20:28:15 UTC) multi-call binary.
Usage: ip [OPTIONS] address|route|link|neigh|rule [ARGS]
OPTIONS := -f[amily] inet|inet6|link | -o[neline]
ip addr add|del IFADDR dev IFACE | show|flush [dev IFACE] [to PREFIX]
ip route list|flush|add|del|change|append|replace|test ROUTE
ip link set IFACE [up|down] [arp on|off] [multicast
on|off]
        [promisc on|off] [mtu NUM] [name NAME] [qlen NUM] [address MAC]
        [master IFACE | nomaster] [netns PID]
ip neigh show|flush [to PREFIX] [dev DEV] [nud STATE]
ip rule [list] | add|del SELECTOR ACTION

Run ifstatus wan6 to see the size of prefix received from the ISP.

Interfaces like guest which serve users in their own network but will not have an additional router downstream should have ip6assign set to 64.

1 Like
{
        "up": true,
        "pending": false,
        "available": true,
        "autostart": true,
        "dynamic": false,
        "uptime": 10014,
        "l3_device": "pppoe-wan",
        "proto": "dhcpv6",
        "device": "pppoe-wan",
        "updated": [
                "prefixes"
        ],
        "metric": 0,
        "dns_metric": 0,
        "delegation": true,
        "ipv4-address": [
        ],
        "ipv6-address": [
                {
                        "address": "2804:c84:23:7c2:485c:d4de:47f2:85df",
                        "mask": 64,
                        "preferred": 604494,
                        "valid": 2591694
                }
        ],
        "ipv6-prefix": [
                {
                        "address": "2804:c84:23:822b::",
                        "mask": 64,
                        "preferred": 223267,
                        "valid": 249187,
                        "class": "wan_6",
                        "assigned": {
                                "lan": {
                                        "address": "2804:c84:23:822b::",
                                        "mask": 64
                                }
                        }
                }
        ],
        "ipv6-prefix-assignment": [
        ],
        "route": [
                {
                        "target": "::",
                        "mask": 0,
                        "nexthop": "fe80::f6:7381",
                        "metric": 512,
                        "valid": 1494,
                        "source": "2804:c84:23:7c2:485c:d4de:47f2:85df/64"
                },
                {
                        "target": "::",
                        "mask": 0,
                        "nexthop": "fe80::f6:7381",
                        "metric": 512,
                        "valid": 1494,
                        "source": "2804:c84:23:822b::/64"
                }
        ],
        "dns-server": [
                "2001:4860:4860::8888",
                "2606:4700:4700::1111"
        ],
        "dns-search": [
        ],
        "neighbors": [
        ],
        "inactive": {
                "ipv4-address": [
                ],
                "ipv6-address": [
                ],
                "route": [
                ],
                "dns-server": [
                ],
                "dns-search": [
                ],
                "neighbors": [
                ]
        },
        "data": {
                "zone": "wan",
                "passthru": "001700202001486048600000000000000000888826064700470000000000000000001111"
        }

As mentioned before, your ISP delegated you a /64 prefix, which is pretty lame, because you can use it in only one network. Luckily you are using it already in lan, so everything is working fine. Unfortunately you cannot use it in the other networks, but judging by the vpns, it wouldn't be any good.

1 Like

Damn. Ty again

Yes I'm not sure how it works with pppoe but as it is now you need a larger prefix from the ISP, which may require configuring your router to request it.

Do I need to request this from them?

First of all verify with your ISP that they indeed offer longer prefixes than /64. Your OpenWrt is asking for any delegated prefix, not some specific one. One would expect that the ISP should give the /56 or /60 even when they are not specifically requested.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.