I have been running IPv6 for a while now and im not sure if it was an openwrt update or the ISP has changed something but i am no longer able to ping -6 from the router while i can from the client.
I have noticed that my WAN6 port now has a routable address (2a0e:xxxxx) on the status page where it didnt previously
Can anyone help me out?
Share the output of ifstatus wan6
Thanks Alpha1096 here is the output just hidden the full addresses
ifstatus wan6
{
"up": true,
"pending": false,
"available": true,
"autostart": true,
"dynamic": false,
"uptime": 1097,
"l3_device": "wan",
"proto": "dhcpv6",
"device": "wan",
"metric": 0,
"dns_metric": 0,
"delegation": true,
"ipv4-address": [
],
"ipv6-address": [
{
"address": "2a0e:hidden::1:11",
"mask": 128,
"preferred": 2502,
"valid": 2502
}
],
"ipv6-prefix": [
{
"address": "2a0e:hidden:9700::",
"mask": 56,
"preferred": 2502,
"valid": 2502,
"class": "wan6",
"assigned": {
"lan": {
"address": "2a0e:hidden:9701::",
"mask": 64
},
"IOT": {
"address": "2a0e:hidden:9720::",
"mask": 64
},
"Guest": {
"address": "2a0e:hidden:9730::",
"mask": 64
},
"wg0": {
"address": "2a0e:hidden:9750::",
"mask": 64
}
}
}
],
"ipv6-prefix-assignment": [
],
"route": [
{
"target": "::",
"mask": 0,
"nexthop": "fe80::aa7:41ff:feff:480c",
"metric": 512,
"valid": 8993,
"source": "2a0e:hidden:9700::/56"
},
{
"target": "::",
"mask": 0,
"nexthop": "fe80::aa7:41ff:feff:480c",
"metric": 512,
"valid": 8993,
"source": "2a0e:hidden::1:11/128"
}
],
"dns-server": [
"2606:4700:4700::1113",
"2606:4700:4700::1003"
],
"dns-search": [
],
"neighbors": [
],
"inactive": {
"ipv4-address": [
],
"ipv6-address": [
],
"route": [
],
"dns-server": [
"2001:4860:4860::8888",
"2606:4700::1111"
],
"dns-search": [
],
"neighbors": [
]
},
"data": {
"passthru": "001700202001486048600000000000000000888826064700000000000000000000001111"
}IPv6 is still new to me, but I feel like something is wrong with your config. You're only receiving /128 from your ISP and you've assigned /64 to four separate vlans?
If it did worked for you in the past, and only recently that it stopped working, then it's possible your ISP is now giving you /128 prefix.
Openwrt status page shows a PD of /56
Share output of /etc/config/network and /etc/config/dhcp
wan6 interface address is used as a source in this scenario.
I guess they don't advertise the address block used to build wan connectivity (the /128 is assigned from) to the rest of the world.
Try pinging using explicitly set source address:
ping -6 -I {router LAN IPv6 address} {destination}
cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option packet_steering '1'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
list ports 'lan5'
config device
option name 'lan2'
option macaddr 'mac:addr'
config device
option name 'lan3'
option macaddr 'mac:addr'
config device
option name 'lan4'
option macaddr 'mac:addr'
config device
option name 'lan5'
option macaddr 'mac:addr'
config interface 'lan'
option device 'br-lan.1'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '64'
option ip6hint '1'
option ip6ifaceid '::1'
config device
option name 'wan'
option macaddr 'mac:addr'
config interface 'wan'
option device 'wan'
option proto 'dhcp'
option hostname '*'
option peerdns '0'
list dns '1.1.1.3'
list dns '1.0.0.3'
config interface 'wan6'
option device 'wan'
option proto 'dhcpv6'
option reqaddress 'try'
option reqprefix 'auto'
option peerdns '0'
list dns '2606:4700:4700::1113'
list dns '2606:4700:4700::1003'
config bridge-vlan
option device 'br-lan'
option vlan '1'
list ports 'lan2:u*'
list ports 'lan3:u*'
list ports 'lan4:u*'
list ports 'lan5:u*'
config bridge-vlan
option device 'br-lan'
option vlan '2'
list ports 'lan2:t'
list ports 'lan3:t'
list ports 'lan4:t'
list ports 'lan5:t'
config interface 'Guest'
option proto 'static'
option device 'br-lan.2'
option ipaddr '192.168.2.1'
option ip6assign '64'
option ip6hint '2'
option ip6ifaceid '::1'
option netmask '255.255.255.0'
cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'home.arpa'
option expandhosts '1'
option cachesize '1000'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option localservice '1'
option ednspacket_max '1232'
option confdir '/tmp/dnsmasq.d'
option sequential_ip '1'
list server '127.0.0.1#5054'
list server '/mask.icloud.com/'
list server '/mask-h2.icloud.com/'
list server '/use-application-dns.net/'
list server '127.0.0.1#5053'
option doh_backup_noresolv '-1'
option noresolv '1'
list doh_backup_server '127.0.0.1#5054'
list doh_backup_server '/mask.icloud.com/'
list doh_backup_server '/mask-h2.icloud.com/'
list doh_backup_server '/use-application-dns.net/'
list doh_backup_server '127.0.0.1#5053'
list doh_server '127.0.0.1#5053'
list doh_server '127.0.0.1#5054'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '100'
option leasetime '1d'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
option ra_useleasetime '1'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'Guest'
option interface 'Guest'
option start '100'
option limit '10'
option leasetime '12h'
option ra 'server'
option ra_useleasetime '1'
option dhcpv6 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
I have configured VLANs does it matter that br-lan and br-lan.1@br-lan and br-lan.2@br-lan have the same fe80 address?
br-lan: inet6 fe80::hidden:adb2/64 scope link
ping -6 -I fe80::hidden:adb2 google.com
ping: bind: Invalid argument
br-lan.1@br-lan
inet6 2a0e:hidden::1/64 scope global dynamic noprefixroute
inet6 fe80::hidden:adb2/64 scope link
ping -6 -I 2a0e:hidden:01::1 google.com
PING google.com (2a00:1450:4009:818::200e) from 2a0e:hidden:01::1: 56 data bytes
64 bytes from 2a00:1450:4009:818::200e: seq=0 ttl=59 time=8.430 ms
ping -6 -I fe80::hidden:adb2 google.com
PING google.com (2a00:1450:4009:822::200e) from fe80::hidden:adb2: 56 data bytes
ping: bind: Invalid argument
You need to use a public address (GUA) for the test, like here:
so is it considered normal not to be able to ping from openwrt console without specifying the interface or use the diagnostics page on luci?
Definitely not.
From my perspective that has nothing to do with OpenWrt. What you observe is a result of [mis]configuration on the ISP side. I suspect the address block in question is either filtered on their side or not advertised to their uplinks.
I'm sure they do this for your convenience 
They probably see it as a security measure protecting CPEs. I could be wrong though. Feel free to use any Looking Glass service available on Internet and run BGP route lookup and/or a traceroute to your WAN IP. If I'm correct you will see that the entire subnet is not reachable. You can always run the same tests against your delegated subnet and compare results.
yep tried a ping from a web site to the address on the WAN6 status page and it failed how ever i am able to get to my server hosted on ipv6 on the lan side. i will try and raise this with the ISP to see if its a "security measure" or not.
thanks AndrewZ and Alpha1096 for your replies
This looks like a conventional, correct setup. The ISP routes each customer a /128 for the customer's router and a separate /56 block for LANs. Your router has assigned /64s out of the 56 to each lan, and that all works.
If the ISP is not routing the /128 to your house that is a problem on their side. A workaround would be to use another /64 out of the /56 for the wan interface itself, but I'm not sure how to configure that in OpenWrt.
no response to the ::1:11 address from outside
The ISP routes each customer a /128 within its network and you see no response to the ::1:11 address when you check from outside of this network. Think about boundaries
The "direct" IP is supposed to route to the Internet. For example a laptop connected directly to the modem (NOT recommended, except for testing) would not consider the /56 prefixes. It would use only the /128 to reach the Internet.
Fixed it by setting the WAN6 interface option
Request IPv6-address to disabled.
Still get PD and IPv6 on LAN
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.