I have a Mi Router 3 Pro (Z), flashed with a custom build of OpenWrt, sitting behind a FritzBox (FB). My desktop (DT) is connected to the Mi.
For some reason, I can't access any websites over IPv6.
In particular, ping -6 ipv6.google.com
from DT fails, as does ping6 ipv6.google.com
from Z.
Additionally, running traceroute ipv6.google.com
gives the following (censored a bit):
traceroute to ipv6.google.com (2404:6800:4006:803::200e), 30 hops max, 64 byte packets
1 ???? (XXXX:XXXX:YYYY:fe00:DDDD:DDDD:DDDD:12ce) 1.041 ms 0.517 ms 0.573 ms
2 * * *
I can ping between Z and DT without issue, and can ping to FB from Z and DT - it seems the issue is only outward?
The IPv6 addresses of all relevant devices are included below but censored slightly.
IPv6 Addresses
The patterns in uppercase (e.g. XXXX:XXXX
) are all constants throughout all addresses.
FB is connected via fibre and has both IPv4 and IPv6.
- IPv6 is
XXXX:XXXX:AAAA:AAAA::1
- Prefix is
XXXX:XXXX:YYYY:fe00::/56
Z is connected to FB via ethernet (from FB lan to Z wan).
On wan:
- IPv6 is
XXXX:XXXX:YYYY:fe00:BBBB:BBBB:BBBB:a273/128
- Prefix is
XXXX:XXXX:YYYY:fefc::/62
On lan, there are two IPv6:
- First IPv6 is
fd00:db80::1/60
- Second IPv6 is
XXXX:XXXX:YYYY:fefc::1/62
DT has several IPv6 addresses.
XXXX:XXXX:YYYY:fefc::2
XXXX:XXXX:YYYY:fefc:CCCC:CCCC:CCCC:513e
fd00:db80::2
fd00:db80::CCCC:CCCC:CCCC:513e
My configs are shown below.
/etc/config/dhcp
config dhcp 'lan'
option interface 'lan'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
option ra_management '1'
option dynamicdhcp '1'
option leasetime '12h'
option start '100'
option limit '150'
list dns '10.10.10.1'
list dns 'fd00:db80::1'
list domain 'z'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '1'
option leasefile '/var/lib/odhcpd/dhcp.leases'
option leasetrigger '/usr/lib/unbound/odhcpd.sh'
config host
option name 'dt'
option dns '1'
option ip '10.10.10.2'
option leasetime 'infinite'
option mac '?'
/etc/config/firewall
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option target 'ACCEPT'
option src 'wan'
option proto 'udp'
option dest_port '547'
option name 'Allow DHCPv6 (546-to-547)'
option family 'ipv6'
option src_port '546'
config rule
option target 'ACCEPT'
option src 'wan'
option proto 'udp'
option dest_port '546'
option name 'Allow DHCPv6 (547-to-546)'
option family 'ipv6'
option src_port '547'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config defaults
option output 'ACCEPT'
option forward 'REJECT'
option input 'ACCEPT'
option syn_flood '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
config zone
option name 'wan'
option output 'ACCEPT'
option masq '1'
option mtu_fix '1'
option forward 'REJECT'
option input 'REJECT'
option network 'wan wan6 wwan'
config include
option path '/etc/firewall.user'
config forwarding
option dest 'wan'
option src 'lan'
/etc/config/network
config globals globals
option ula_prefix fd00:db80::/48
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config interface 'lan'
option type 'bridge'
option ifname 'eth0.1'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '10.10.10.1'
option gateway '10.10.10.1'
option broadcast '10.10.10.255'
config device 'lan_dev'
option name 'eth0.1'
option macaddr '?'
config interface 'wan'
option ipv6 1
option ifname 'eth0.2'
option proto 'dhcp'
config interface 'wan6'
option ifname 'eth0.2'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '1 2 3 6t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '4 6t'
config interface 'wwan'
option proto 'dhcp'
Additionally, the following might be helpful.
ifstatus wan6
{
"up": true,
"pending": false,
"available": true,
"autostart": true,
"dynamic": false,
"uptime": 3197,
"l3_device": "eth0.2",
"proto": "dhcpv6",
"device": "eth0.2",
"metric": 0,
"dns_metric": 0,
"delegation": true,
"ipv4-address": [
],
"ipv6-address": [
{
"address": "XXXX:XXXX:YYYY:fe00:BBBB:BBBB:BBBB:a273",
"mask": 128,
"preferred": 2207,
"valid": 5807
}
],
"ipv6-prefix": [
{
"address": "XXXX:XXXX:YYYY:fefc::",
"mask": 62,
"preferred": 2207,
"valid": 5807,
"class": "wan6",
"assigned": {
"lan": {
"address": ""XXXX:XXXX:YYYY:fefc::",
"mask": 62
}
}
}
],
"ipv6-prefix-assignment": [
],
"route": [
{
"target": ""XXXX:XXXX:YYYY:fe00::",
"mask": 64,
"nexthop": "::",
"metric": 256,
"valid": 6837,
"source": "::/0"
},
{
"target": ""XXXX:XXXX:YYYY:fe00::",
"mask": 56,
"nexthop": "fe80::DDDD:DDDD:DDDD:12ce",
"metric": 512,
"valid": 1437,
"source": ""XXXX:XXXX:YYYY:fefc::/62"
},
{
"target": ""XXXX:XXXX:YYYY:fe00::",
"mask": 56,
"nexthop": "fe80::DDDD:DDDD:DDDD:12ce",
"metric": 512,
"valid": 1437,
"source": ""XXXX:XXXX:YYYY:fe00:BBBB:BBBB:BBBB:a273/128"
},
{
"target": "::",
"mask": 0,
"nexthop": "fe80::DDDD:DDDD:DDDD:12ce",
"metric": 512,
"valid": 1437,
"source": ""XXXX:XXXX:YYYY:fefc::/62"
},
{
"target": "::",
"mask": 0,
"nexthop": "fe80::DDDD:DDDD:DDDD:12ce",
"metric": 512,
"valid": 1437,
"source": ""XXXX:XXXX:YYYY:fe00:BBBB:BBBB:BBBB:a273/128"
}
],
"dns-server": [
"fd00::DDDD:DDDD:DDDD:12ce"
],
"dns-search": [
],
"neighbors": [
],
"inactive": {
"ipv4-address": [
],
"ipv6-address": [
],
"route": [
],
"dns-server": [
],
"dns-search": [
],
"neighbors": [
]
},
"data": {
"passthru": "????"
}
}
If you need any more information, just ask!