Ipv6 only but internet is ipv4 on the web

Installing and Using OpenWrt Network and Wireless Configuration
1

Hello guys this is my first post and I am having trouble with my network configuration, I have tried several solutions but none have worked.

Initially I followed this guide https://ripe87.ripe.net/wp-content/uploads/presentations/8-IPv6-mostly_on_OpenWRT.pdf, as my intention is to split my network into ipv4-only (which seems to be firewalled by my ISP's router/modem) as I cannot ping the ipv4 address; on the other hand the ipv6 firewall can be deactivated by me, allowing me to access the internet without blocks.

At the moment everything seems to work fine I have a lan with only ipv4's and a lan6 with ipv6 that have been delegated from the ISP modem. I can connect from both lan and lan6 to the internet; the ideal would be that the ipv4 lan would have either an external ipv4 or ipv6, while the lan6 should have an external ipv6 only.

The problem is that both lan and lan6 have an external ipv4 on the internet. If I ping from the lan6 I get a response:

ping -c3 freebsd.org               
PING freebsd.org (96.47.72.84): 56 data bytes
64 bytes from 96.47.72.84: icmp_seq=0 ttl=49 time=107.875 ms
64 bytes from 96.47.72.84: icmp_seq=1 ttl=49 time=112.218 ms
64 bytes from 96.47.72.84: icmp_seq=2 ttl=49 time=112.161 ms

--- freebsd.org ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 107.875/110.751/112.218/2.034 ms

If I ping6 the following happens:

ping6 -c3 freebsd.org
PING6(56=40+8+8 bytes) ipv6 --> 2610:1c1:1:606c::50:15

--- freebsd.org ping6 statistics ---
3 packets transmitted, 0 packets received, 100.0% packet loss

Similarly, for the ipv4 lan network. The net configurations looks as follows, for a client on the lan6:

||inet6 fe80::867:b84:b87b:15c6%en0 prefixlen 64 secured scopeid 0xc |
|---|---|
||inet6 ipv6 prefixlen 64 autoconf secured |
||inet6 ipv6 prefixlen 64 autoconf temporary |
||inet 192.0.0.2 netmask 0xffffffff broadcast 192.0.0.2|
||inet6 ipv6 prefixlen 64 dynamic |
||inet6 ipv6 prefixlen 64 clat46|
||nat64 prefix 64:ff9b:1:fffe:: prefixlen 96|
||nd6 options=201<PERFORMNUD,DAD>|
||media: autoselect|
||status: active|

The network configuration for a client on the ipv4 lan is:

||status: active|
||inet6 fe80::2ecf:67ff:fe59:e2b7%bse0 prefixlen 64 scopeid 0x1|
||inet6 ipv6 prefixlen 64 autoconf pltime 266377 vltime 871177|
||inet6 ipv6 prefixlen 64 autoconf temporary pltime 36195 vltime 140856|
||inet6 ipv6 prefixlen 64 autoconf temporary pltime 38892 vltime 150056|
||inet 192.168.1.194 netmask 0xffffff00 broadcast 192.168.1.255|

My /etc/config/network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option packet_steering '1'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option delegate '0'

config interface 'wan'
	option device 'wan'
	option proto 'dhcp'
	option peerdns '0'
	list dns '127.0.0.1'

config interface 'wan6'
	option device 'wan'
	option proto 'dhcpv6'
	option reqaddress 'try'
	option reqprefix 'auto'
	option peerdns '0'
	list dns '::1'
	option norelease '1'

config device
	option name 'br-lan6'
	option type 'bridge'
	option bridge_empty '1'
	list ports 'lan3'
	list ports 'lan4'

config interface 'lan6'
	option device 'br-lan6'
	option proto 'static'
	option ip6assign '60'
	option ip6hint '60'

config interface 'jool'
	option device 'jool'
	option proto 'static'
	option ip6assign '64'
	option ip6hint '64'
	list ipaddr '192.168.164.1/24'

config route6
	option interface 'jool'
	option target '64:ff9b:1:fffe::/96'
	option gateway 'fe80::64'

My /etc/config/dhcp

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'
	option ra_pref64 '64:ff9b:1:fffe::/96'
	list dhcp_option '108,00:00:07:08'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '1'
	option leasefile '/var/lib/odhcpd/dhcp.leases'
	option leasetrigger '/usr/lib/unbound/odhcpd.sh'
	option loglevel '4'

config dhcp 'lan6'
	option interface 'lan6'
	option ignore '1'
	option dhcpv6 'server'
	option ra 'server'
	list ra_flags 'managed-config'
	option ra_pref64 '64:ff9b:1:fffe::/96'
	option start '100'
	option limit '150'
	option leasetime '12h'

config dhcp 'jool'
	option interface 'jool'
	option ignore '1'
	option ra 'server'
	option ra_default '2'

And my /etc/config/firewall

config defaults
	option syn_flood '1'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'

config zone
	option name 'lan'
	list network 'lan'
	list network 'lan6'
	list network 'jool'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'

config zone
	option name 'wan'
	list network 'wan'
	list network 'wan6'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

Also of importance is that I have replaced dnsmasq with odhcpd and unbound:
/etc/config/unbound

config unbound
	option add_extra_dns '0'
	option add_local_fqdn '1'
	option add_wan_fqdn '1'
	option dhcp_link 'odhcpd'
	option dhcp4_slaac6 '1'
	option dns64 '1'
	option dns64_prefix '64:ff9b:1:fffe::/96'
	option domain 'lan'
	option domain_type 'static'
	option edns_size '1232'
	option extended_stats '0'
	option hide_binddata '1'
	option interface_auto '1'
	option listen_port '53'
	option localservice '1'
	option manual_conf '0'
	option num_threads '1'
	option protocol 'default'
	option query_minimize '0'
	option query_min_strict '0'
	option rate_limit '0'
	option rebind_localhost '0'
	option rebind_protection '1'
	option recursion 'default'
	option resource 'default'
	option root_age '9'
	option ttl_min '120'
	option ttl_neg_max '1000'
	option unbound_control '1'
	option validator '1'
	option validator_ntp '1'
	option verbosity '1'
	list iface_trig 'lan'
	list iface_trig 'wan'
	list iface_wan 'wan'
	list iface_lan 'lan'
	list iface_lan 'lan6'

config zone 'auth_icann'
	option enabled '0'
	option fallback '1'
	option url_dir 'https://www.internic.net/domain/'
	option zone_type 'auth_zone'
	list server 'lax.xfr.dns.icann.org'
	list server 'iad.xfr.dns.icann.org'
	list zone_name '.'
	list zone_name 'arpa.'
	list zone_name 'in-addr.arpa.'
	list zone_name 'ip6.arpa.'

config zone 'fwd_isp'
	option enabled '0'
	option fallback '1'
	option resolv_conf '1'
	option zone_type 'forward_zone'
	list zone_name 'isp-bill.example.com.'
	list zone_name 'isp-mail.example.net.'

config zone 'fwd_google'
	option enabled '0'
	option fallback '1'
	option tls_index 'dns.google'
	option tls_upstream '1'
	option zone_type 'forward_zone'
	list server '8.8.4.4'
	list server '8.8.8.8'
	list server '2001:4860:4860::8844'
	list server '2001:4860:4860::8888'
	list zone_name '.'

config zone 'fwd_cloudflare'
	option enabled '0'
	option fallback '1'
	option tls_index 'cloudflare-dns.com'
	option tls_upstream '1'
	option zone_type 'forward_zone'
	list server '1.1.1.1'
	list server '1.0.0.1'
	list server '2606:4700:4700::1111'
	list server '2606:4700:4700::1001'
	list zone_name '.'

I hope this is not a very long and difficult post, and thanks in advance.

2

Does your ISP support IPv6?

2 Likes
3

Hello thanks for the reply, it seems it does but on a Dual Stack Lite protocol.