IPv6 ULA not working on devices below OpenWrt

Installing and Using OpenWrt Network and Wireless Configuration
1

Hello friends! I'm almost completing to setup my LAN, here's a diagram of it.

lan
lan683×669 41.8 KB

Now I'm trying to fix IPv6 on my VMs. I'm unable to delegate GUA prefix for their router because my ISPs give me only /64, but ULA is being delegated and it should work on the LAN. After I get everything working I'm gonna setup NAT6 so mwan3 works with IPv6 and VMs reach Internet.

From VMRouterWRT I'm able to ping all LAN devices, but LixVM says they are unreachable.

First, some info for VMRouterWRT:

cat /etc/config/network

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd96:f77d:613d::/48'

config interface 'lan'
	option type 'bridge'
	option ifname 'eth2'
	option proto 'static'
	option ipaddr '192.168.211.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

config interface 'wan'
	option ifname 'eth0'
	option proto 'dhcp'
	option hostname 'VMRouterWRT'

config interface 'wan6'
	option ifname 'eth0'
	option proto 'dhcpv6'
	option reqaddress 'try'
	option reqprefix 'auto'

cat /etc/config/dhcp

config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'vm'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.auto'
	option localservice '1'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '1h'
	option dhcpv6 'server'
	option ra 'server'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config host
	option mac '00:0C:29:0E:4C:28'
	option leasetime '3600'
	option dns '1'
	option name 'LixVM'
	option hostid '101'
	option duid '00044d88d6e0386a42f1949ee386c50ca460'
	option ip '192.168.211.101'

config host
	option mac '00:0C:29:AB:4D:32'
	option leasetime '600'
	option dns '1'
	option name 'LixLive'
	option hostid '103'
	option duid '0004e273459766c8af9b1e31889cc9268ae4'
	option ip '192.168.211.103'

ip a show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:50:56:2a:4c:3e brd ff:ff:ff:ff:ff:ff
    inet 192.168.49.31/24 brd 192.168.49.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fdfa::250:56ff:fe2a:4c3e/64 scope global noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 2804:1b2:xxxx:xxxx:250:56ff:fe2a:4c3e/64 scope global dynamic noprefixroute 
       valid_lft 39744sec preferred_lft 39744sec
    inet6 2804:14c:yyyy:yyyy:250:56ff:fe2a:4c3e/64 scope global dynamic noprefixroute 
       valid_lft 54142sec preferred_lft 39742sec
    inet6 fdfa::31/128 scope global dynamic noprefixroute 
       valid_lft 3600sec preferred_lft 3600sec
    inet6 2804:1b2:xxxx:xxxx::31/128 scope global dynamic noprefixroute 
       valid_lft 3600sec preferred_lft 3600sec
    inet6 2804:14c:yyyy:yyyy::31/128 scope global dynamic noprefixroute 
       valid_lft 3600sec preferred_lft 3600sec
    inet6 fe80::250:56ff:fe2a:4c3e/64 scope link 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 00:50:56:39:61:36 brd ff:ff:ff:ff:ff:ff
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br-lan state UP group default qlen 1000
    link/ether 00:50:56:39:5c:ad brd ff:ff:ff:ff:ff:ff
5: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 00:50:56:39:5c:ad brd ff:ff:ff:ff:ff:ff
    inet 192.168.211.1/24 brd 192.168.211.255 scope global br-lan
       valid_lft forever preferred_lft forever
    inet6 fdfa:0:0:8::1/62 scope global dynamic noprefixroute 
       valid_lft 3600sec preferred_lft 3600sec
    inet6 fd96:f77d:613d::1/60 scope global noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fe39:5cad/64 scope link 
       valid_lft forever preferred_lft forever

ip route show
default via 192.168.49.1 dev eth0 proto static src 192.168.49.31 
192.168.49.0/24 dev eth0 proto kernel scope link src 192.168.49.31 
192.168.211.0/24 dev br-lan proto kernel scope link src 192.168.211.1 



ip -6 route show
default from 2804:14c:yyyy:yyyy::31 via fe80::a236:9fff:feaa:4b68 dev eth0 proto static metric 512 pref medium
default from 2804:14c:yyyy:yyyy::/64 via fe80::a236:9fff:feaa:4b68 dev eth0 proto static metric 512 pref medium
default from 2804:1b2:xxxx:xxxx::31 via fe80::a236:9fff:feaa:4b68 dev eth0 proto static metric 512 pref medium
default from 2804:1b2:xxxx:xxxx::/64 via fe80::a236:9fff:feaa:4b68 dev eth0 proto static metric 512 pref medium
default from fdfa::31 via fe80::a236:9fff:feaa:4b68 dev eth0 proto static metric 512 pref medium
default from fdfa::/64 via fe80::a236:9fff:feaa:4b68 dev eth0 proto static metric 512 pref medium
default from fdfa:0:0:8::/62 via fe80::a236:9fff:feaa:4b68 dev eth0 proto static metric 512 pref medium
2804:14c:658b:5858::/62 from 2804:14c:yyyy:yyyy::31 via fe80::a236:9fff:feaa:4b68 dev eth0 proto static metric 512 pref medium
2804:14c:658b:5858::/62 from 2804:14c:yyyy:yyyy::/64 via fe80::a236:9fff:feaa:4b68 dev eth0 proto static metric 512 pref medium
2804:14c:658b:5858::/62 from 2804:1b2:xxxx:xxxx::31 via fe80::a236:9fff:feaa:4b68 dev eth0 proto static metric 512 pref medium
2804:14c:658b:5858::/62 from 2804:1b2:xxxx:xxxx::/64 via fe80::a236:9fff:feaa:4b68 dev eth0 proto static metric 512 pref medium
2804:14c:658b:5858::/62 from fdfa::31 via fe80::a236:9fff:feaa:4b68 dev eth0 proto static metric 512 pref medium
2804:14c:658b:5858::/62 from fdfa::/64 via fe80::a236:9fff:feaa:4b68 dev eth0 proto static metric 512 pref medium
2804:14c:658b:5858::/62 from fdfa:0:0:8::/62 via fe80::a236:9fff:feaa:4b68 dev eth0 proto static metric 512 pref medium
2804:14c:yyyy:yyyy::/64 dev eth0 proto static metric 256 pref medium
unreachable 2804:14c:yyyy:yyyy::/64 dev lo proto static metric 2147483647 error 4294967183 pref medium
2804:1b2:182:f3a4::/62 from 2804:14c:yyyy:yyyy::31 via fe80::a236:9fff:feaa:4b68 dev eth0 proto static metric 512 pref medium
2804:1b2:182:f3a4::/62 from 2804:14c:yyyy:yyyy::/64 via fe80::a236:9fff:feaa:4b68 dev eth0 proto static metric 512 pref medium
2804:1b2:182:f3a4::/62 from 2804:1b2:xxxx:xxxx::31 via fe80::a236:9fff:feaa:4b68 dev eth0 proto static metric 512 pref medium
2804:1b2:182:f3a4::/62 from 2804:1b2:xxxx:xxxx::/64 via fe80::a236:9fff:feaa:4b68 dev eth0 proto static metric 512 pref medium
2804:1b2:182:f3a4::/62 from fdfa::31 via fe80::a236:9fff:feaa:4b68 dev eth0 proto static metric 512 pref medium
2804:1b2:182:f3a4::/62 from fdfa::/64 via fe80::a236:9fff:feaa:4b68 dev eth0 proto static metric 512 pref medium
2804:1b2:182:f3a4::/62 from fdfa:0:0:8::/62 via fe80::a236:9fff:feaa:4b68 dev eth0 proto static metric 512 pref medium
2804:1b2:xxxx:xxxx::/64 dev eth0 proto static metric 256 pref medium
unreachable 2804:1b2:xxxx:xxxx::/64 dev lo proto static metric 2147483647 error 4294967183 pref medium
fd96:f77d:613d::/64 dev br-lan proto static metric 1024 pref medium
unreachable fd96:f77d:613d::/48 dev lo proto static metric 2147483647 error 4294967183 pref medium
fdfa::/48 from 2804:14c:yyyy:yyyy::31 via fe80::a236:9fff:feaa:4b68 dev eth0 proto static metric 512 pref medium
fdfa::/48 from 2804:14c:yyyy:yyyy::/64 via fe80::a236:9fff:feaa:4b68 dev eth0 proto static metric 512 pref medium
fdfa::/48 from 2804:1b2:xxxx:xxxx::31 via fe80::a236:9fff:feaa:4b68 dev eth0 proto static metric 512 pref medium
fdfa::/48 from 2804:1b2:xxxx:xxxx::/64 via fe80::a236:9fff:feaa:4b68 dev eth0 proto static metric 512 pref medium
fdfa::/48 from fdfa::31 via fe80::a236:9fff:feaa:4b68 dev eth0 proto static metric 512 pref medium
fdfa::/48 from fdfa::/64 via fe80::a236:9fff:feaa:4b68 dev eth0 proto static metric 512 pref medium
fdfa::/48 from fdfa:0:0:8::/62 via fe80::a236:9fff:feaa:4b68 dev eth0 proto static metric 512 pref medium
fdfa::/64 dev eth0 proto static metric 256 pref medium
unreachable fdfa::/64 dev lo proto static metric 2147483647 error 4294967183 pref medium
fdfa:0:0:8::/64 dev br-lan proto static metric 1024 pref medium
unreachable fdfa:0:0:8::/62 dev lo proto static metric 2147483647 error 4294967183 pref medium
fe80::/64 dev br-lan proto kernel metric 256 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium

All pings for ULA are working, even Android:

ping -c 1 fdfa::8:fe93:3699:566:926 LixVM
PING fdfa::8:fe93:3699:566:926 (fdfa::8:fe93:3699:566:926): 56 data bytes
64 bytes from fdfa::8:fe93:3699:566:926: seq=0 ttl=64 time=0.195 ms

--- fdfa::8:fe93:3699:566:926 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.195/0.195/0.195 ms



ping -c 1 fdfa::ddf5:e4e1:a173:4e2a Main
PING fdfa::ddf5:e4e1:a173:4e2a (fdfa::ddf5:e4e1:a173:4e2a): 56 data bytes
64 bytes from fdfa::ddf5:e4e1:a173:4e2a: seq=0 ttl=64 time=0.185 ms

--- fdfa::ddf5:e4e1:a173:4e2a ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.185/0.185/0.185 ms



ping -c 1 fdfa::3b7 Pikitito
PING fdfa::3b7 (fdfa::3b7): 56 data bytes
64 bytes from fdfa::3b7: seq=0 ttl=64 time=1.515 ms

--- fdfa::3b7 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 1.515/1.515/1.515 ms



ping -c 1 fdfa::4 Urubu4
PING fdfa::4 (fdfa::4): 56 data bytes
64 bytes from fdfa::4: seq=0 ttl=64 time=0.385 ms

--- fdfa::4 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.385/0.385/0.385 ms



ping -c 1 fdfa::1 RyzenWRT
PING fdfa::1 (fdfa::1): 56 data bytes
64 bytes from fdfa::1: seq=0 ttl=64 time=0.903 ms

--- fdfa::1 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.903/0.903/0.903 ms



ping -c 1 fdfa::3 WiFi
PING fdfa::3 (fdfa::3): 56 data bytes
64 bytes from fdfa::3: seq=0 ttl=64 time=1.054 ms

--- fdfa::3 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 1.054/1.054/1.054 ms



ping -c 1 fdfa::d8be:d533:ab8d:6323 Note9
PING fdfa::d8be:d533:ab8d:6323 (fdfa::d8be:d533:ab8d:6323): 56 data bytes
64 bytes from fdfa::d8be:d533:ab8d:6323: seq=0 ttl=64 time=184.350 ms

--- fdfa::d8be:d533:ab8d:6323 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 184.350/184.350/184.350 ms

Now info for LixVM:

cat /etc/netplan/01-network-manager-all.yaml

network:
  version: 2
  renderer: NetworkManager


ip a show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 1000
    link/ether 00:0c:29:0e:4c:28 brd ff:ff:ff:ff:ff:ff
    altname enp2s1
    inet 192.168.211.101/24 brd 192.168.211.255 scope global dynamic noprefixroute ens33
       valid_lft 3378sec preferred_lft 3378sec
    inet6 fd96:f77d:613d::92c/128 scope global noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 fd96:f77d:613d:0:6442:1003:193:981d/64 scope global temporary dynamic 
       valid_lft 541981sec preferred_lft 23194sec
    inet6 fd96:f77d:613d:0:9eb:adfb:9f85:d932/64 scope global mngtmpaddr noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 fdfa::8:fe93:3699:566:926/64 scope global temporary dynamic 
       valid_lft 3591sec preferred_lft 3591sec
    inet6 fdfa::8:ffc3:86ce:3a6a:17ed/64 scope global dynamic mngtmpaddr noprefixroute 
       valid_lft 3591sec preferred_lft 3591sec
    inet6 fe80::97e0:522f:6630:5a88/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

ip route show
default via 192.168.211.1 dev ens33 proto dhcp metric 100 
169.254.0.0/16 dev ens33 scope link metric 1000 
192.168.211.0/24 dev ens33 proto kernel scope link src 192.168.211.101 metric 100 


ip -6 route show
::1 dev lo proto kernel metric 256 pref medium
fd96:f77d:613d::92c dev ens33 proto kernel metric 100 pref medium
fd96:f77d:613d::/64 dev ens33 proto ra metric 100 pref medium
fd96:f77d:613d::/48 via fe80::250:56ff:fe39:5cad dev ens33 proto ra metric 100 pref medium
fdfa:0:0:8::92c dev ens33 proto kernel metric 100 pref medium
fdfa:0:0:8::/64 dev ens33 proto ra metric 100 pref medium
fdfa:0:0:8::/62 via fe80::250:56ff:fe39:5cad dev ens33 proto ra metric 100 pref medium
fe80::/64 dev ens33 proto kernel metric 100 pref medium

And it's able to ping only VMRouterWRT's link-local and outbound ULA:

ping -c 1 fe80::250:56ff:fe39:5cad%ens33 VMRouterWRT
PING fe80::250:56ff:fe39:5cad%ens33(fe80::250:56ff:fe39:5cad%ens33) 56 data bytes
64 bytes from fe80::250:56ff:fe39:5cad%ens33: icmp_seq=1 ttl=64 time=0.183 ms

--- fe80::250:56ff:fe39:5cad%ens33 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.183/0.183/0.183/0.000 ms


ping -c 1 fdfa:0:0:8::1 VMRouterWRT
PING fdfa:0:0:8::1(fdfa:0:0:8::1) 56 data bytes
64 bytes from fdfa:0:0:8::1: icmp_seq=1 ttl=64 time=0.120 ms

--- fdfa:0:0:8::1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.120/0.120/0.120/0.000 ms


ping -c 1 fdfa::31 VMRouterWRT
ping: connect: Network is unreachable


ping -c 1 fdfa::ddf5:e4e1:a173:4e2a Main
ping: connect: Network is unreachable


ping -c 1 fdfa::3b7 Pikitito
ping: connect: Network is unreachable


ping -c 1 fdfa::4 Urubu4
ping: connect: Network is unreachable


ping -c 1 fdfa::1 RyzenWRT
ping: connect: Network is unreachable


ping -c 1 fdfa::3 WiFi
ping: connect: Network is unreachable


ping -c 1 fdfa::d8be:d533:ab8d:6323 Note9
ping: connect: Network is unreachable

I have no idea why IPv6 isn't working, if it's receiving ULA PD and leasing it to its devices.

2

Ugh NO... lobby your ISP to hand out at least the minimum size prefix /56

3

Just for my understanding (because ifconfig is different to your picture, or I do not understand either): Your Internet Service Provider advertises a ULA prefix (in its IPv6 Router Advertisements)? In that case, I remove all network.globals.ula_prefix on my OpenWrt (because they might conflict) and disable all DHCPv6 servers but enable DHCPv6 clients in my home network like explained in the dump Wi-Fi access point scenario. Or do you mean, that your dial-in router gets just a global /64 prefix and that router advertises a ULA prefix then?

1 Like
4

Both ISP delegate only 1 /64, so I don't have GUA prefix to delegate to VMs router, but it receives ULA prefix fdfa:0:0:8::/62.

The issue on this thread is to be able to reach LAN from VMs using their ULA. My WiFi is alrdy on bridge and Android is receiving ULA and GUA addresses.

Once I have ULA working on whole LAN I can setup NAT6 then GUA won't be used anymore. But why do u say ifconfig is different from my diagram? I took addresses from working pings.

5

I'll state the obvious, the LixVM doesn't have a route for anything more than the fdfa:0:0:8::/62
First of all you may want to remove the option ula_prefix 'fd96:f77d:613d::/48' from VMRouterWRT.
Second run:

uci set dhcp.lan.ra_default='1'
uci commit dhcp
service odhcpd restart
2 Likes
6

it worked! What do they do? I read ra_default description but didn't understand it :-x

7

Default router lifetime in the RA message will be set if default route is present and a global IPv6 address (0) or if default route is present but no global IPv6 address (1) or neither of both conditions (2)

1 Like
8

Yeah that's what I read and I didn't understand it...

9

The default option 0 will advertise a default route in the RA only if there is a global address (there isn't in your case) and the router has a default route itself. You select option 1 to advertise the default route when ULA are used.

1 Like
10

I think I got it. So if it's set to 2 it will never advertise a default route?

11

Nope, if it is set to 2 it will advertise a default route even if 1) there isn't a global address and 2) there isn't a default route.

2 Likes
12

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.