IPv6 through 6rd ISP router subnet

The routing for my OpenWrt setup goes like this:
OpenWRT Router > CenturyLink Router > Internet

The CenturyLink router uses 6rd as its IPv6 mode of connection.
In my OpenWRT router, I use DHCPv6 to connect to the CenturyLink router.
My OpenWRT router has internet access and I can ping IPv6 addresses without problem.
The issue is my OpenWRT LAN devices have IPv6 addresses but are not able to connect to the internet with it.
I've tried:
-relaying (failed)
-bridging (failed)
-PPPoE through bridge (unable to obtain my PPPoE password)
-My own 6rd in my OpenWRT subnet (couldn't figure the configuration out)

I have a dns adblocker and I would like to have a better firewall for my IPv6 through OpenWRT so I would rather have OpenWRT assign IPv6 through the LAN bridge instead of bridging IPv6 to my CenturyLink router.

I've been looking everywhere for answers for several days but none seem to work. As far as looking for information, I found out that my LAN devices do not have any mention of my CenturyLink IPv6 ("2606::") through "ip -6 addr show", only LAN addresses from OpenWRT ("fe80::").

Please run the following commands (copy-paste the whole block) and paste the output here, using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have

ubus call system board; \
uci export network; \
uci export dhcp; uci export firewall; \
ip -6 addr ; ip -6 ro li tab all ; ip -6 ru; \
ifstatus wan6
{
"kernel": "5.10.161",
"hostname": "TP-Link",
"system": "Qualcomm Atheros QCA956X ver 1 rev 0",
"model": "TP-Link Archer A7 v5",
"board_name": "tplink,archer-a7-v5",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "22.03.3",
"revision": "r20028-43d71ad93e",
"target": "ath79/generic",
"description": "OpenWrt 22.03.3 r20028-43d71ad93e"
}
}
package network

config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'

config globals 'globals'
option packet_steering '1'
option ula_prefix 'fd01::/64'

config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0.1'

config interface 'lan'
option device 'br-lan'
option proto 'static'
list ipaddr '192.168.1.1/24'
option gateway '192.168.0.1'
option ip6gw 'fd00::1'

config route6
option interface 'wan'
option target '::/0'
option gateway 'fe80::56e6:fcff:fef4:66f1'
option metric '1'

config device
option name 'eth0.2'
option macaddr 'X:X:X:X:X:X'

config interface 'wan'
option device 'eth0.2'
option proto 'dhcp'
option type 'bridge'
option delegate '0'

config interface 'wan6'
option proto 'dhcpv6'
option device 'eth0.2'
option reqprefix 'auto'
option reqaddress 'force'

config interface 'wan6rd'
option tunlink 'wan'
option proto '6rd'
option ip6prefix '2602::'
option ip6prefixlen '24'
option ip4prefixlen '0'
option peeraddr 'X.X.X.X'
option auto '0'

config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'

config switch_vlan
option device 'switch0'
option vlan '1'
option ports '0t 2 3 4 5'
option vid '1'

config switch_vlan
option device 'switch0'
option vlan '2'
option ports '0t 1'
option vid '2'

config route6
option interface 'lan'
option type 'local'
option target 'fd00::1/128'
option gateway 'fd00::1'

package dhcp

config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option localservice '1'
option ednspacket_max '1232'
option cachesize '2048'
option confdir '/tmp/dnsmasq.d'
option filterwin2k '1'
option nonegcache '1'

config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option force '1'

config dhcp 'wan'
option interface 'wan'
option ignore '1'

config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'

config host
option name 'B350M'
option dns '1'
option mac 'X:X:X:X:X:X'
option ip '192.168.1.10'
option hostid '::10'

config host
option name 'S20FE5G'
option dns '1'
option mac 'X:X:X:X:X:X'
option ip '192.168.1.59'
option hostid '::59'

config dhcp 'wan6'
option interface 'wan6'

package firewall

config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
option drop_invalid '1'

config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'

config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan'
list network 'wan6'
list network 'wan6rd'

config forwarding
option src 'lan'
option dest 'wan'

config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'

config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'

config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'

config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'

config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'

config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'

config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'

config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'

config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'

config redirect 'adblock_lan53'
option name 'Adblock DNS (lan, 53)'
option src 'lan'
option proto 'tcp udp'
option src_dport '53'
option dest_port '53'
option target 'DNAT'

config redirect 'adblock_lan853'
option name 'Adblock DNS (lan, 853)'
option src 'lan'
option proto 'tcp udp'
option src_dport '853'
option dest_port '853'
option target 'DNAT'

config redirect 'adblock_lan5353'
option name 'Adblock DNS (lan, 5353)'
option src 'lan'
option proto 'tcp udp'
option src_dport '5353'
option dest_port '5353'
option target 'DNAT'

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fe80::6aff:7bff:fedb:4f0a/64 scope link
valid_lft forever preferred_lft forever
9: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fd00::2/128 scope global noprefixroute
valid_lft forever preferred_lft forever
inet6 2602:X:X:X::X/128 scope global noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::6aff:7bff:fedb:4f0b/64 scope link
valid_lft forever preferred_lft forever
12: 2.4GHz: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fe80::6aff:7bff:fedb:4f0a/64 scope link
valid_lft forever preferred_lft forever
14: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fe80::6aff:7bff:fedb:4f09/64 scope link
valid_lft forever preferred_lft forever
7216: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fe80::6aff:7bff:fedb:4f0a/64 scope link
valid_lft forever preferred_lft forever
default from 2602:X:X:X::X via fe80::a691:b1ff:fe0b:63dc dev eth0.2  metric 512
default from fd00::2 via fe80::a691:b1ff:fe0b:63dc dev eth0.2  metric 512
2602:X:X:X::/56 from 2602:X:X:X::X via fe80::a691:b1ff:fe0b:63dc dev eth0.2  metric 512
2602:X:X:X::/56 from fd00::2 via fe80::a691:b1ff:fe0b:63dc dev eth0.2  metric 512
2602:X:X:X::/64 dev eth0.2  metric 256
fd00::/64 dev eth0.2  metric 256
fd00::/64 via fe80::a691:b1ff:fe0b:63dc dev eth0.2  metric 512
unreachable fd01::/64 dev lo  metric 2147483647
fe80::/64 dev eth0  metric 256
fe80::/64 dev eth0.2  metric 256
fe80::/64 dev wlan0  metric 256
fe80::/64 dev 2.4GHz  metric 256
fe80::/64 dev br-lan  metric 256
default via fe80::56e6:fcff:fef4:66f1 dev eth0.2  metric 1
local ::1 dev lo table local  metric 0
local 2602:X:X:X::X dev eth0.2 table local  metric 0
local fd00::2 dev eth0.2 table local  metric 0
anycast fe80:: dev eth0 table local  metric 0
anycast fe80:: dev eth0.2 table local  metric 0
anycast fe80:: dev wlan0 table local  metric 0
anycast fe80:: dev 2.4GHz table local  metric 0
anycast fe80:: dev br-lan table local  metric 0
local fe80::6aff:7bff:fedb:4f09 dev wlan0 table local  metric 0
local fe80::6aff:7bff:fedb:4f0a dev eth0 table local  metric 0
local fe80::6aff:7bff:fedb:4f0a dev 2.4GHz table local  metric 0
local fe80::6aff:7bff:fedb:4f0a dev br-lan table local  metric 0
local fe80::6aff:7bff:fedb:4f0b dev eth0.2 table local  metric 0
multicast ff00::/8 dev eth0 table local  metric 256
multicast ff00::/8 dev eth0.2 table local  metric 256
multicast ff00::/8 dev wlan0 table local  metric 256
multicast ff00::/8 dev 2.4GHz table local  metric 256
multicast ff00::/8 dev br-lan table local  metric 256
0:      from all lookup local
32766:  from all lookup main
{
"up": true,
"pending": false,
"available": true,
"autostart": true,
"dynamic": false,
"uptime": 121117,
"l3_device": "eth0.2",
"proto": "dhcpv6",
"device": "eth0.2",
"metric": 0,
"dns_metric": 0,
"delegation": true,
"ipv4-address": [

],
"ipv6-address": [
{
"address": "2602:X:X:X::X",
"mask": 128
},
{
"address": "fd00::2",
"mask": 128
}
],
"ipv6-prefix": [

],
"ipv6-prefix-assignment": [

],
"route": [
{
"target": "2602:X:X:X::",
"mask": 64,
"nexthop": "::",
"metric": 256,
"source": "::/0"
},
{
"target": "fd00::",
"mask": 64,
"nexthop": "::",
"metric": 256,
"source": "::/0"
},
{
"target": "fd00::",
"mask": 64,
"nexthop": "fe80::a691:b1ff:fe0b:63dc",
"metric": 512,
"source": "::/0"
},
{
"target": "2602:X:X:X::",
"mask": 56,
"nexthop": "fe80::a691:b1ff:fe0b:63dc",
"metric": 512,
"source": "2602:X:X:X::X/128"
},
{
"target": "2602:X:X:X::",
"mask": 56,
"nexthop": "fe80::a691:b1ff:fe0b:63dc",
"metric": 512,
"source": "fd00::2/128"
},
{
"target": "::",
"mask": 0,
"nexthop": "fe80::a691:b1ff:fe0b:63dc",
"metric": 512,
"valid": 1441,
"source": "2602:X:X:X::X/128"
},
{
"target": "::",
"mask": 0,
"nexthop": "fe80::a691:b1ff:fe0b:63dc",
"metric": 512,
"valid": 1441,
"source": "fd00::2/128"
}
],
"dns-server": [
"2606:4700:4700::1111",
"2606:4700:4700::1001"
],
"dns-search": [
"lan"
],
"neighbors": [

],
"inactive": {
"ipv4-address": [

],
"ipv6-address": [

],
"route": [

],
"dns-server": [

],
"dns-search": [

],
"neighbors": [

]
},
"data": {
"passthru": "00170020260647004700000000000000000011112606470047000000000000000000100100180005036c616e00"
}
}

I managed to get 6rd to create a tunnel in OpenWRT but my LAN devices wouldn't connect nor my router. I ended up reverting to dhcpv6.

It looks like dhcp6 gets you a /56 from the modem's instance of 6rd, so using OpenWrt's default settings as if there is a native dual-stack connection should work.

Your configuration has removed the RA and dhcpv6 servers from lan, leaving only DHCPv4, so devices on the lan are not going to receive any RAs and thus they won't use IPv6.

Also there's no need for ULAs here, remove all of that.

1 Like

both are wrong and especially the ipv6 will not work as there is no ipv6 address there.

This doesn't make any sense.

Currently you have only one address on the wan, which is fine if OpenWrt is to send packets to the internet.

The ISP router should provide OpenWrt router with a delegated prefix. It is evident that it was a /56 from the proivder

There is no point to run a second instance of the 6rd.
Better revert to defaults as you have made a lot of changes. The default configuration can work fine for your case.

1 Like

The default configuration didn't work when I first installed it. I've been looking for answers to why.

fd00::1 and 192.168.0.1 are both my ISP's router address
I can access fd00::2 (which is my OWRT router assigned by my ISP router) with my lan devices but not fd00::1

The only reason for the ULA on the modem is to log in locally and administer it-- which is not strictly necessary here since it also has an IPv4 address. That IP is not the gateway to the Internet. The gateway is the modem's link-local IP6, which dhcpv6 has identified and installed in the routing table.

Go back to default configuration and troubleshoot from there.

1 Like

Okay, defaults fixed everything. But I've also made a change in my ISP router: when assigning addresses, I've changed it from /64 to /56 manually. When I did this, my OpenWRT router recieved a /62 IPv6-PD address when I changed it (even before the wiping to defaults). Before when my ISP router was set to DHCPv6 in /64, OpenWRT did not get assigned a IPv6-PD address and nothing could connect to IPv6 other than the OpenWRT router itself.

Here's a screenshot of my settings in my ISP router.

In the default configuration, OpenWrt will assign lan a /64 prefix in the delegated range, which requires a delegated range to be available. A /64 from upstream does not allow delegation. The /64 setting in the modem would be appropriate if there is no further routing, i.e. all endpoint devices are connected directly to the modem.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.