IPv6 SLAAC while tethering from iPhone via USB

i set up my travel router with USB tethering to my iPhone following the Wiki. I set up NAT66, because the DHCPv6 interface gets only a /64 assigned (forcing /56 or /60 does not work). When i connect devices directly to the iPhone (Personal Hotspot), they get a real IPv6 via SLAAC, so my provider (Vodafone DE) is giving me a bigger prefix, but the iPhone is not passing it through to OpenWRT. Is there any way to get "real" IPv6 connectivity for clients working on the travel router?

Just like my ISP, only offering /64 prefix, and then relay "RA/NDP/DHCPv6" + learn route on WAN6/LAN side, client should be able to get the v6 address without using NAT66

1 Like

Thanks for the hint, but i can not get it to work. My devices get IPv6 adresses via SLAAC, but connection via IPv6 is not possible (e.g. ping6).

Here is my current conf. Am I missing anything?

cat /etc/config/network:

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr ''
	option netmask ''

config globals 'globals'
	option ula_prefix 'fd07:a601:928b::/48'
	option packet_steering '1'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr ''
	option netmask ''
	option ip6assign '60'

config interface 'wan'
	option device 'eth1'
	option proto 'dhcp'

config interface 'wan6'
	option device '@wan'
	option proto 'dhcpv6'
	option reqaddress 'try'
	option reqprefix 'auto'

cat /etc/config/dhcp:

config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option filterwin2k '0'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option cachesize '1000'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option nonwildcard '1'
	option localservice '1'
	option ednspacket_max '1232'
	option filter_aaaa '0'
	option filter_a '0'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option dhcpv6 'relay'
	option ra 'relay'
	option ndp 'relay'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config dhcp 'wan6'
	option interface 'wan6'
	option master '1'
	option ra 'relay'
	option dhcpv6 'relay'
	option ndp 'relay'

Your clients able to get IPv6 address from ISP but not able to PING?

Yes, clients get public IPv6 (2a00:20::XXX) with same prefix as router, but can not ping (ping6 2620:fe::fe). Ping from router is possible.

Did you enable the "learn route" option for both WAN6/LAN?

Yes, I did that.

Did you get "no route to host" or other error during PING?
Also, I see that your DHCP config is setting WAN6 as "designated master", in my setup WAN6 doesn't have this, instead LAN side is having "designated master".

Strange. If i set "designated master" at the LAN side, clients get no IPv6.
Ping gets no response.

Did the log say anything about the LAN side IPv6?

Just that wan6 is up.

So i did some more testing. Seems like the route is not advertised to the client. With sudo tcpdump -i en0 -evn 'icmp6 && ip6[40] == 134' i can see the prefix advertised, but not the route.

When i connect this travel router to my main router, the travel router gets a /64 prefix and relays it correctly to clients. Maybe this is a problem specifically with iPhone-Tethering...

First of all, I can confirm that each client seems to get its own IPv6 address from the iPhone hotspot, whether via WiFi or USB, so I agree with you about the IPv6 prefix from the provider. The iPhone seems to get such a prefix but does not pass it on, so an OpenWRT router behind it could at most do IPv6-NAT so that all clients end up using the same IPv6 address.

I tried to set up a NAT like this and I think these settings made it work:

Screenshot 2024-04-17 at 18.48.35
(additionally to the steps described in https://openwrt.org/docs/guide-user/network/ipv6/ipv6.nat6)

Now every client is showing the same address when browsing whatismyip.com and also ipv6.google.com works.