Hi there! New user of OpenWrt here.
I'm having some trouble setting up an internet connection in my new apartment.
My OpenWrt router seem to be delegated an /59
ipv6 prefix from my ISP via DHCPv6, but I am unable to get internet connectivity and ping anything outside my own network.
The setup:
ISP -- [Technicolor TC4400-EU cable modem] -- [Ubiquiti Edgerouter X SFP with OpenWrt 22.03] -- LAN
My cable ISP provides an ipv6-only connection and only supports ipv4 through DS-Lite, by tunneling ipv4 in ipv6. Since OpenWrt seem to be one of the only distros/router firmwares with good support of DS-Lite (through the ds-lite
package) with auto-configuration, I decided to give it a try.
However, as far as I understand, before DS-Lite can be configured, I need a working native ipv6 connection. This is where I am struggling right now.
I am using a pretty much factory-default installation of OpenWrt 22.03. Only changes I have made is an attempt to sub-delegate my /59
prefix to the LAN as a /64
subnet, using this video as reference.
However, I seem to not be able to reach the internet, not from the router itself nor from any computer connected to it.
root@OpenWrt:~# ping6 -c 5 google.com
ping6: bad address 'google.com'
root@OpenWrt:~# ping6 -c 5 2001:4860:4860::8888
PING 2001:4860:4860::8888 (2001:4860:4860::8888): 56 data bytes
--- 2001:4860:4860::8888 ping statistics ---
5 packets transmitted, 0 packets received, 100% packet loss
root@OpenWrt:~# nslookup google.com
;; connection timed out; no servers could be reached
root@OpenWrt:~# ip -6 route get 2001:4860:4860::8888
ip: RTNETLINK answers: Network unreachable
This is my /etc/config/network
:
root@OpenWrt:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option packet_steering '1'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth1'
list ports 'eth2'
list ports 'eth3'
list ports 'eth4'
list ports 'eth5'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option defaultroute '0'
option delegate '0'
option ip6assign '64'
option ip6ifaceid '::1'
option ip6hint '0'
config interface 'wan'
option device 'eth0'
option proto 'dhcp'
config interface 'wan6'
option device 'eth0'
option proto 'dhcpv6'
Firewall config:
root@OpenWrt:~# cat /etc/config/firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
Ifstatus on wan6:
root@OpenWrt:~# ifstatus wan6
{
"up": true,
"pending": false,
"available": true,
"autostart": true,
"dynamic": false,
"uptime": 991,
"l3_device": "eth0",
"proto": "dhcpv6",
"device": "eth0",
"metric": 0,
"dns_metric": 0,
"delegation": true,
"ipv4-address": [
],
"ipv6-address": [
{
"address": "2xxx:3xxx:80xx:8xxx::xxxx",
"mask": 128,
"preferred": 85408,
"valid": 85408
},
{
"address": "2xxx:3xxx:80xx:0xxx:xxxx:xxxx:fe16:xxxx",
"mask": 64,
"preferred": 604796,
"valid": 2591996
},
{
"address": "2xxx:8xxx:xxxx:xxxx:xxxx:xxxx:fe16:xxxx",
"mask": 64,
"preferred": 604800,
"valid": 2592000
},
{
"address": "2xxx:3xxx:80xx:8xxx:xxxx:xxxx:fe16:xxxx",
"mask": 64,
"preferred": 604800,
"valid": 2592000
}
],
"ipv6-prefix": [
{
"address": "2xxx:3xxx:84xx:xxxx::",
"mask": 59,
"preferred": 85408,
"valid": 85408,
"class": "wan6",
"assigned": {
"lan": {
"address": "2xxx:3xxx:84xx:xxxx::",
"mask": 64
}
}
}
],
"ipv6-prefix-assignment": [
],
"route": [
{
"target": "2xxx:3xxx:80xx:0xxx::",
"mask": 64,
"nexthop": "::",
"metric": 256,
"valid": 2591996,
"source": "::/0"
},
{
"target": "2xxx:3xxx:80xx:8xxx::",
"mask": 64,
"nexthop": "::",
"metric": 256,
"valid": 2592000,
"source": "::/0"
},
{
"target": "2xxx:8xxx:xxxx::",
"mask": 64,
"nexthop": "::",
"metric": 256,
"valid": 2592000,
"source": "::/0"
},
{
"target": "::",
"mask": 0,
"nexthop": "fe80::xxxx:xxxx:30a7:xxxx",
"metric": 512,
"valid": 12,
"source": "2xxx:3xxx:84xx:xxxx::/59"
},
{
"target": "::",
"mask": 0,
"nexthop": "fe80::xxxx:xxxx:30a7:xxxx",
"metric": 512,
"valid": 12,
"source": "2xxx:3xxx:80xx:0xxx:xxxx:xxxx:fe16:xxxx/64"
},
{
"target": "::",
"mask": 0,
"nexthop": "fe80::xxxx:xxxx:30a7:xxxx",
"metric": 512,
"valid": 12,
"source": "2xxx:3xxx:80xx:8xxx:xxxx:xxxx:fe16:xxxx/64"
},
{
"target": "::",
"mask": 0,
"nexthop": "fe80::xxxx:xxxx:30a7:xxxx",
"metric": 512,
"valid": 12,
"source": "2xxx:8xxx:xxxx:xxxx:xxxx:xxxx:fe16:xxxx/64"
},
{
"target": "::",
"mask": 0,
"nexthop": "fe80::xxxx:xxxx:30a7:xxxx",
"metric": 512,
"valid": 12,
"source": "2xxx:3xxx:80xx:8xxx::xxxx/128"
}
],
"dns-server": [
"2xxx:xxxx::530",
"2xxx:xxxx::531"
],
"dns-search": [
],
"neighbors": [
],
"inactive": {
"ipv4-address": [
],
"ipv6-address": [
],
"route": [
],
"dns-server": [
],
"dns-search": [
],
"neighbors": [
]
},
"data": {
"passthru": "001700202a010c300000000000000000000005302a010c300000000000000000000005310038001b00030017036e7470036273720a74656c65666f6e69636102646500"
}
}
Any help would be much appreciated.