IPv6 working on wan not lan

plexifyme · December 11, 2024, 5:39am

ip -6 address show; ip -6 route show table all
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
14: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 2409:40d6:29:4c0c:561f:8dff:fe12:6f30/64 scope global dynamic noprefixroute
valid_lft 3281sec preferred_lft 3281sec
inet6 fe80::561f:8dff:fe12:6f30/64 scope link
valid_lft forever preferred_lft forever
16: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fdde:54f1:921d::1/60 scope global noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::dea6:32ff:feaa:5037/64 scope link
valid_lft forever preferred_lft forever
2409:40d6:29:4c0c::/64 dev eth1 proto static metric 256 pref medium
unreachable 2409:40d6:29:4c0c::/64 dev lo proto static metric 2147483647 pref medium
fdde:54f1:921d:0:3c32:ee7c:bd2d:a9ea dev br-lan proto static metric 1024 pref medium
fdde:54f1:921d::/64 dev br-lan proto static metric 1024 pref medium
unreachable fdde:54f1:921d::/48 dev lo proto static metric 2147483647 pref medium
fe80::/64 dev br-lan proto kernel metric 256 pref medium
fe80::/64 dev eth1 proto kernel metric 256 pref medium
default via fe80::561f:8dff:fe12:6d30 dev eth1 proto static metric 384 pref medium
local ::1 dev lo table local proto kernel metric 0 pref medium
anycast 2409:40d6:29:4c0c:: dev eth1 table local proto kernel metric 0 pref medium
local 2409:40d6:29:4c0c:561f:8dff:fe12:6f30 dev eth1 table local proto kernel metric 0 pref medium
anycast fdde:54f1:921d:: dev br-lan table local proto kernel metric 0 pref medium
local fdde:54f1:921d::1 dev br-lan table local proto kernel metric 0 pref medium
anycast fe80:: dev br-lan table local proto kernel metric 0 pref medium
anycast fe80:: dev eth1 table local proto kernel metric 0 pref medium
local fe80::561f:8dff:fe12:6f30 dev eth1 table local proto kernel metric 0 pref medium
local fe80::dea6:32ff:feaa:5037 dev br-lan table local proto kernel metric 0 pref medium
multicast ff00::/8 dev br-lan table local proto kernel metric 256 pref medium
multicast ff00::/8 dev eth1 table local proto kernel metric 256 pref medium

ip -6 rule show; nft list ruleset

0: from all lookup local
32766: from all lookup main
table inet fw4 {
chain input {
type filter hook input priority filter; policy drop;
iifname "lo" accept comment "!fw4: Accept traffic from loopback"
ct state established,related accept comment "!fw4: Allow inbound established and related flows"
tcp flags syn / fin,syn,rst,ack jump syn_flood comment "!fw4: Rate limit TCP syn packets"
iifname "br-lan" jump input_lan comment "!fw4: Handle lan IPv4/IPv6 input traffic"
iifname "eth1" jump input_wan comment "!fw4: Handle wan IPv4/IPv6 input traffic"
jump handle_reject
}

    chain forward {
            type filter hook forward priority filter; policy drop;
            ct state established,related accept comment "!fw4: Allow forwarded established and related flows"
            iifname "br-lan" jump forward_lan comment "!fw4: Handle lan IPv4/IPv6 forward traffic"
            iifname "eth1" jump forward_wan comment "!fw4: Handle wan IPv4/IPv6 forward traffic"
            jump handle_reject
    }

    chain output {
            type filter hook output priority filter; policy accept;
            oifname "lo" accept comment "!fw4: Accept traffic towards loopback"
            ct state established,related accept comment "!fw4: Allow outbound established and related flows"
            oifname "br-lan" jump output_lan comment "!fw4: Handle lan IPv4/IPv6 output traffic"
            oifname "eth1" jump output_wan comment "!fw4: Handle wan IPv4/IPv6 output traffic"
    }

    chain prerouting {
            type filter hook prerouting priority filter; policy accept;
            iifname "br-lan" jump helper_lan comment "!fw4: Handle lan IPv4/IPv6 helper assignment"
    }

    chain handle_reject {
            meta l4proto tcp reject with tcp reset comment "!fw4: Reject TCP traffic"
            reject comment "!fw4: Reject any other traffic"
    }

    chain syn_flood {
            limit rate 25/second burst 50 packets return comment "!fw4: Accept SYN packets below rate-limit"
            drop comment "!fw4: Drop excess packets"
    }

    chain input_lan {
            jump accept_from_lan
    }

    chain output_lan {
            jump accept_to_lan
    }

    chain forward_lan {
            jump accept_to_wan comment "!fw4: Accept lan to wan forwarding"
            jump accept_to_lan
    }

    chain helper_lan {
    }

    chain accept_from_lan {
            iifname "br-lan" counter packets 314 bytes 20616 accept comment "!fw4: accept lan IPv4/IPv6 traffic"
    }

    chain accept_to_lan {
            oifname "br-lan" counter packets 49 bytes 4176 accept comment "!fw4: accept lan IPv4/IPv6 traffic"
    }

    chain input_wan {
            meta nfproto ipv4 udp dport 68 counter packets 0 bytes 0 accept comment "!fw4: Allow-DHCP-Renew"
            icmp type echo-request counter packets 0 bytes 0 accept comment "!fw4: Allow-Ping"
            meta nfproto ipv4 meta l4proto igmp counter packets 0 bytes 0 accept comment "!fw4: Allow-IGMP"
            meta nfproto ipv6 udp dport 546 counter packets 0 bytes 0 accept comment "!fw4: Allow-DHCPv6"
            ip6 saddr fe80::/10 icmpv6 type . icmpv6 code { mld-listener-query . no-route, mld-listener-report . no-route, mld-listener-done . no-route, mld2-listener-report . no-route } counter packets 0 bytes 0 accept comment "!fw4: Allow-MLD"
            icmpv6 type { destination-unreachable, time-exceeded, echo-request, echo-reply, nd-router-solicit, nd-router-advert } limit rate 1000/second counter packets 3 bytes 240 accept comment "!fw4: Allow-ICMPv6-Input"
            icmpv6 type . icmpv6 code { packet-too-big . no-route, parameter-problem . no-route, nd-neighbor-solicit . no-route, nd-neighbor-advert . no-route, parameter-problem . admin-prohibited } limit rate 1000/second counter packets 52 bytes 3608 accept comment "!fw4: Allow-ICMPv6-Input"
            jump reject_from_wan
    }

    chain output_wan {
            jump accept_to_wan
    }

    chain forward_wan {
            icmpv6 type { destination-unreachable, time-exceeded, echo-request, echo-reply } limit rate 1000/second counter packets 0 bytes 0 accept comment "!fw4: Allow-ICMPv6-Forward"
            icmpv6 type . icmpv6 code { packet-too-big . no-route, parameter-problem . no-route, parameter-problem . admin-prohibited } limit rate 1000/second counter packets 0 bytes 0 accept comment "!fw4: Allow-ICMPv6-Forward"
            meta l4proto esp counter packets 0 bytes 0 jump accept_to_lan comment "!fw4: Allow-IPSec-ESP"
            udp dport 500 counter packets 0 bytes 0 jump accept_to_lan comment "!fw4: Allow-ISAKMP"
            jump reject_to_wan
    }

    chain accept_to_wan {
            oifname "eth1" ct state invalid counter packets 107 bytes 4320 drop comment "!fw4: Prevent NAT leakage"
            oifname "eth1" counter packets 759 bytes 234040 accept comment "!fw4: accept wan IPv4/IPv6 traffic"
    }

    chain reject_from_wan {
            iifname "eth1" counter packets 16 bytes 895 jump handle_reject comment "!fw4: reject wan IPv4/IPv6 traffic"
    }

    chain reject_to_wan {
            oifname "eth1" counter packets 0 bytes 0 jump handle_reject comment "!fw4: reject wan IPv4/IPv6 traffic"
    }

    chain dstnat {
            type nat hook prerouting priority dstnat; policy accept;
    }

    chain srcnat {
            type nat hook postrouting priority srcnat; policy accept;
            oifname "eth1" jump srcnat_wan comment "!fw4: Handle wan IPv4/IPv6 srcnat traffic"
    }

    chain srcnat_wan {
            meta nfproto ipv4 masquerade comment "!fw4: Masquerade IPv4 wan traffic"
            meta nfproto ipv6 masquerade comment "!fw4: Masquerade IPv6 wan traffic"
    }

    chain raw_prerouting {
            type filter hook prerouting priority raw; policy accept;
    }

    chain raw_output {
            type filter hook output priority raw; policy accept;
    }

    chain mangle_prerouting {
            type filter hook prerouting priority mangle; policy accept;
            jump pbr_prerouting comment "Jump into pbr prerouting chain"
    }

    chain mangle_postrouting {
            type filter hook postrouting priority mangle; policy accept;
            jump pbr_postrouting comment "Jump into pbr postrouting chain"
    }

    chain mangle_input {
            type filter hook input priority mangle; policy accept;
            jump pbr_input comment "Jump into pbr input chain"
    }

    chain mangle_output {
            type route hook output priority mangle; policy accept;
            jump pbr_output comment "Jump into pbr output chain"
    }

    chain mangle_forward {
            type filter hook forward priority mangle; policy accept;
            iifname "eth1" tcp flags syn tcp option maxseg size set rt mtu comment "!fw4: Zone wan IPv4/IPv6 ingress MTU fixing"
            oifname "eth1" tcp flags syn tcp option maxseg size set rt mtu comment "!fw4: Zone wan IPv4/IPv6 egress MTU fixing"
            jump pbr_forward comment "Jump into pbr forward chain"
    }

    chain pbr_forward {
    }

    chain pbr_input {
    }

    chain pbr_output {
    }

    chain pbr_prerouting {
    }

    chain pbr_postrouting {
    }

}

ping ipv6.google.com

Pinging ipv6.l.google.com [2404:6800:4002:814::200e] with 32 bytes of data:
Reply from 2404:6800:4002:814::200e: time=24ms
Reply from 2404:6800:4002:814::200e: time=33ms
Reply from 2404:6800:4002:814::200e: time=29ms
Reply from 2404:6800:4002:814::200e: time=34ms

Ping statistics for 2404:6800:4002:814::200e:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 24ms, Maximum = 34ms, Average = 30ms

Our tests show that you will have a broken or misconfigured IPv6 setup, and this will cause problems as web sites enable IPv6.
No IPv6 address detected [more info]

some sites with ipv6 wont work while other work fine
wan obtains ipv6 address in openwrt however lan devices are not working

/etc/config/network
login as: root
root@192.168.1.1's password:

BusyBox v1.36.1 (2023-12-19 02:55:03 UTC) built-in shell (ash)

@@@@@@ @@@@@@@ @@@@@@@@ @@@ @@@ @@@ @@@ @@@ @@@@@@@ @@@@@@@
@@! @@@ @@! @@@ @@! @@!@!@@@ @@! @@! @@! @@! @@@ @@!
@!@ !@! @!@@!@! @!!!:! @!@@!!@! @!! !!@ @!@ @!@!!@! @!!
!!: !!! !!: !!: !!: !!! !: !!: !! !!: :!! !!:
: :. : : : :: ::: :: : ::.: ::: : : : :
##################################### sysinfo-msgs 20241211-0538
throttled=0x50000 [one-undervolt+throttle] #20241211-0538
rpi4-dca632aa50 4ModelBRev1.2 bl:2022/01/2514:30:41 vl805:000138c0 4B 1.2 4GB Sony_UK c03112
3.0.6-37 r23630 ssh 23.05.2 192.168.1.201 62848 22 /dev/pts/0
root:sda2:01242034-02 boot:sda1 cmdL:PARTUUID=01242034-02
t:2024-12-11 05:38:14 l:0.11,0.12,0.09 @up00:14:43
rootfs:943.7MB/28.7% boot:383.8MB/5.0% mem:3.7GB/134.3MB
(eth1:wan6) 2409:40d6:29:4c0c:561f:8dff:fe12:6f30/64 gw:fe80::561f:8dff:fe12:6 d30 prot:dhcpv6/273.7MB/9.7MB
(eth1:Wan) 192.168.0.177/24 gw:192.168.0.1 prot:dhcp/273.7MB/9.7MB
dns:192.168.0.1
LAN: 192.168.1.1/24(br-lan), dhcp: 192.168.1.100-249, dhcp.leases: 0
wan6route: 0 dst:2409:40d6:29:4c0c:: src:::/0 gw:::
wan6route: 1 dst::: src:::/0 gw:fe80::561f:8dff:fe12:6d30
1c:bf:ce:26:00:be unknown dhcp6[no] dhcp4[192.168.1.201RBT]
54:1f:8d:12:6f:30 unknown dhcp6[no] dhcp4[n]static:no
release [newer-major] 3.1.5-5(3.0.6-37) https://raw.github.com/wulfy23/rpi4/m aster/builds/rpi-4_23.05.3_3.1.5-5_r23809_extra
[root@dca632 / 39°]# nano /etc/config/network
[root@dca632 / 39°]# nano /etc/config/network
GNU nano 7.2 /etc/config/network

config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'

config globals 'globals'
option ula_prefix 'fdde:54f1:921d::/48'

config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0'

config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'

config interface 'Wan'
option proto 'dhcp'
option device 'eth1'

config interface 'wan6'
option proto 'dhcpv6'
option device 'eth1'
option reqaddress 'try'
option reqprefix 'auto'
option sourcefilter '0'

psherman · December 11, 2024, 6:00am

Let's take a look at the following output:

ubus call system board

And also, it's really hard to read your post... Please ensure that you have a description of the issue in the body of the post and also use the "Preformatted text </>" button for logs, scripts, configs and general console output.

Please edit your post accordingly. Thank you!

plexifyme · December 11, 2024, 6:31am

ip -6 address show; ip -6 route show table all

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
14: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 2409:40d6:29:4c0c:561f:8dff:fe12:6f30/64 scope global dynamic noprefixroute
       valid_lft 3281sec preferred_lft 3281sec
    inet6 fe80::561f:8dff:fe12:6f30/64 scope link
       valid_lft forever preferred_lft forever
16: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fdde:54f1:921d::1/60 scope global noprefixroute
       valid_lft forever preferred_lft forever
    inet6 fe80::dea6:32ff:feaa:5037/64 scope link
       valid_lft forever preferred_lft forever
2409:40d6:29:4c0c::/64 dev eth1 proto static metric 256 pref medium
unreachable 2409:40d6:29:4c0c::/64 dev lo proto static metric 2147483647 pref medium
fdde:54f1:921d:0:3c32:ee7c:bd2d:a9ea dev br-lan proto static metric 1024 pref medium
fdde:54f1:921d::/64 dev br-lan proto static metric 1024 pref medium
unreachable fdde:54f1:921d::/48 dev lo proto static metric 2147483647 pref medium
fe80::/64 dev br-lan proto kernel metric 256 pref medium
fe80::/64 dev eth1 proto kernel metric 256 pref medium
default via fe80::561f:8dff:fe12:6d30 dev eth1 proto static metric 384 pref medium
local ::1 dev lo table local proto kernel metric 0 pref medium
anycast 2409:40d6:29:4c0c:: dev eth1 table local proto kernel metric 0 pref medium
local 2409:40d6:29:4c0c:561f:8dff:fe12:6f30 dev eth1 table local proto kernel metric 0 pref medium
anycast fdde:54f1:921d:: dev br-lan table local proto kernel metric 0 pref medium
local fdde:54f1:921d::1 dev br-lan table local proto kernel metric 0 pref medium
anycast fe80:: dev br-lan table local proto kernel metric 0 pref medium
anycast fe80:: dev eth1 table local proto kernel metric 0 pref medium
local fe80::561f:8dff:fe12:6f30 dev eth1 table local proto kernel metric 0 pref medium
local fe80::dea6:32ff:feaa:5037 dev br-lan table local proto kernel metric 0 pref medium
multicast ff00::/8 dev br-lan table local proto kernel metric 256 pref medium
multicast ff00::/8 dev eth1 table local proto kernel metric 256 pref medium

ip -6 rule show; nft list ruleset

0:      from all lookup local
32766:  from all lookup main
table inet fw4 {
        chain input {
                type filter hook input priority filter; policy drop;
                iifname "lo" accept comment "!fw4: Accept traffic from loopback"
                ct state established,related accept comment "!fw4: Allow inbound established and related flows"
                tcp flags syn / fin,syn,rst,ack jump syn_flood comment "!fw4: Rate limit TCP syn packets"
                iifname "br-lan" jump input_lan comment "!fw4: Handle lan IPv4/IPv6 input traffic"
                iifname "eth1" jump input_wan comment "!fw4: Handle wan IPv4/IPv6 input traffic"
                jump handle_reject
        }

        chain forward {
                type filter hook forward priority filter; policy drop;
                ct state established,related accept comment "!fw4: Allow forwarded established and related flows"
                iifname "br-lan" jump forward_lan comment "!fw4: Handle lan IPv4/IPv6 forward traffic"
                iifname "eth1" jump forward_wan comment "!fw4: Handle wan IPv4/IPv6 forward traffic"
                jump handle_reject
        }

        chain output {
                type filter hook output priority filter; policy accept;
                oifname "lo" accept comment "!fw4: Accept traffic towards loopback"
                ct state established,related accept comment "!fw4: Allow outbound established and related flows"
                oifname "br-lan" jump output_lan comment "!fw4: Handle lan IPv4/IPv6 output traffic"
                oifname "eth1" jump output_wan comment "!fw4: Handle wan IPv4/IPv6 output traffic"
        }

        chain prerouting {
                type filter hook prerouting priority filter; policy accept;
                iifname "br-lan" jump helper_lan comment "!fw4: Handle lan IPv4/IPv6 helper assignment"
        }

        chain handle_reject {
                meta l4proto tcp reject with tcp reset comment "!fw4: Reject TCP traffic"
                reject comment "!fw4: Reject any other traffic"
        }

        chain syn_flood {
                limit rate 25/second burst 50 packets return comment "!fw4: Accept SYN packets below rate-limit"
                drop comment "!fw4: Drop excess packets"
        }

        chain input_lan {
                jump accept_from_lan
        }

        chain output_lan {
                jump accept_to_lan
        }

        chain forward_lan {
                jump accept_to_wan comment "!fw4: Accept lan to wan forwarding"
                jump accept_to_lan
        }

        chain helper_lan {
        }

        chain accept_from_lan {
                iifname "br-lan" counter packets 314 bytes 20616 accept comment "!fw4: accept lan IPv4/IPv6 traffic"
        }

        chain accept_to_lan {
                oifname "br-lan" counter packets 49 bytes 4176 accept comment "!fw4: accept lan IPv4/IPv6 traffic"
        }

        chain input_wan {
                meta nfproto ipv4 udp dport 68 counter packets 0 bytes 0 accept comment "!fw4: Allow-DHCP-Renew"
                icmp type echo-request counter packets 0 bytes 0 accept comment "!fw4: Allow-Ping"
                meta nfproto ipv4 meta l4proto igmp counter packets 0 bytes 0 accept comment "!fw4: Allow-IGMP"
                meta nfproto ipv6 udp dport 546 counter packets 0 bytes 0 accept comment "!fw4: Allow-DHCPv6"
                ip6 saddr fe80::/10 icmpv6 type . icmpv6 code { mld-listener-query . no-route, mld-listener-report . no-route, mld-listener-done . no-route, mld2-listener-report . no-route } counter packets 0 bytes 0 accept comment "!fw4: Allow-MLD"
                icmpv6 type { destination-unreachable, time-exceeded, echo-request, echo-reply, nd-router-solicit, nd-router-advert } limit rate 1000/second counter packets 3 bytes 240 accept comment "!fw4: Allow-ICMPv6-Input"
                icmpv6 type . icmpv6 code { packet-too-big . no-route, parameter-problem . no-route, nd-neighbor-solicit . no-route, nd-neighbor-advert . no-route, parameter-problem . admin-prohibited } limit rate 1000/second counter packets 52 bytes 3608 accept comment "!fw4: Allow-ICMPv6-Input"
                jump reject_from_wan
        }

        chain output_wan {
                jump accept_to_wan
        }

        chain forward_wan {
                icmpv6 type { destination-unreachable, time-exceeded, echo-request, echo-reply } limit rate 1000/second counter packets 0 bytes 0 accept comment "!fw4: Allow-ICMPv6-Forward"
                icmpv6 type . icmpv6 code { packet-too-big . no-route, parameter-problem . no-route, parameter-problem . admin-prohibited } limit rate 1000/second counter packets 0 bytes 0 accept comment "!fw4: Allow-ICMPv6-Forward"
                meta l4proto esp counter packets 0 bytes 0 jump accept_to_lan comment "!fw4: Allow-IPSec-ESP"
                udp dport 500 counter packets 0 bytes 0 jump accept_to_lan comment "!fw4: Allow-ISAKMP"
                jump reject_to_wan
        }

        chain accept_to_wan {
                oifname "eth1" ct state invalid counter packets 107 bytes 4320 drop comment "!fw4: Prevent NAT leakage"
                oifname "eth1" counter packets 759 bytes 234040 accept comment "!fw4: accept wan IPv4/IPv6 traffic"
        }

        chain reject_from_wan {
                iifname "eth1" counter packets 16 bytes 895 jump handle_reject comment "!fw4: reject wan IPv4/IPv6 traffic"
        }

        chain reject_to_wan {
                oifname "eth1" counter packets 0 bytes 0 jump handle_reject comment "!fw4: reject wan IPv4/IPv6 traffic"
        }

        chain dstnat {
                type nat hook prerouting priority dstnat; policy accept;
        }

        chain srcnat {
                type nat hook postrouting priority srcnat; policy accept;
                oifname "eth1" jump srcnat_wan comment "!fw4: Handle wan IPv4/IPv6 srcnat traffic"
        }

        chain srcnat_wan {
                meta nfproto ipv4 masquerade comment "!fw4: Masquerade IPv4 wan traffic"
                meta nfproto ipv6 masquerade comment "!fw4: Masquerade IPv6 wan traffic"
        }

        chain raw_prerouting {
                type filter hook prerouting priority raw; policy accept;
        }

        chain raw_output {
                type filter hook output priority raw; policy accept;
        }

        chain mangle_prerouting {
                type filter hook prerouting priority mangle; policy accept;
                jump pbr_prerouting comment "Jump into pbr prerouting chain"
        }

        chain mangle_postrouting {
                type filter hook postrouting priority mangle; policy accept;
                jump pbr_postrouting comment "Jump into pbr postrouting chain"
        }

        chain mangle_input {
                type filter hook input priority mangle; policy accept;
                jump pbr_input comment "Jump into pbr input chain"
        }

        chain mangle_output {
                type route hook output priority mangle; policy accept;
                jump pbr_output comment "Jump into pbr output chain"
        }

        chain mangle_forward {
                type filter hook forward priority mangle; policy accept;
                iifname "eth1" tcp flags syn tcp option maxseg size set rt mtu comment "!fw4: Zone wan IPv4/IPv6 ingress MTU fixing"
                oifname "eth1" tcp flags syn tcp option maxseg size set rt mtu comment "!fw4: Zone wan IPv4/IPv6 egress MTU fixing"
                jump pbr_forward comment "Jump into pbr forward chain"
        }

        chain pbr_forward {
        }

        chain pbr_input {
        }

        chain pbr_output {
        }

        chain pbr_prerouting {
        }

        chain pbr_postrouting {
        }
}

ping ipv6.google.com

Pinging ipv6.l.google.com [2404:6800:4002:814::200e] with 32 bytes of data:
Reply from 2404:6800:4002:814::200e: time=24ms
Reply from 2404:6800:4002:814::200e: time=33ms
Reply from 2404:6800:4002:814::200e: time=29ms
Reply from 2404:6800:4002:814::200e: time=34ms

Ping statistics for 2404:6800:4002:814::200e:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 24ms, Maximum = 34ms, Average = 30ms

Our tests show that you will have a broken or misconfigured IPv6 setup, and this will cause problems as web sites enable IPv6.
No IPv6 address detected [more info]

some sites with ipv6 wont work while other work fine
wan obtains ipv6 address in openwrt however lan devices are not working

/etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fdde:54f1:921d::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'Wan'
        option proto 'dhcp'
        option device 'eth1'

config interface 'wan6'
        option proto 'dhcpv6'
        option device 'eth1'
        option reqaddress 'try'
        option reqprefix 'auto'
        option sourcefilter '0'

plexifyme · December 11, 2024, 6:32am


{
        "kernel": "5.15.137",
        "hostname": "rpi4-dca632aa50",
        "system": "ARMv8 Processor rev 3",
        "model": "Raspberry Pi 4 Model B Rev 1.2",
        "board_name": "raspberrypi,4-model-b",
        "rootfs_type": "ext4",
        "release": {
                "distribution": "OpenWrt",
                "version": "23.05.2",
                "revision": "r23630-842932a63d",
                "target": "bcm27xx/bcm2711",
                "description": "OpenWrt 23.05.2 r23630-842932a63d"
        }

eduperez · December 11, 2024, 6:45am

Your ISP is issuing you a /64 network, but you are trying to use a (larger) /60 network for your LAN. Try to change "ip6assign" to "64" on LAN.

plexifyme · December 11, 2024, 7:40am

Thanks for response
I tried doing that still no success

plexifyme · December 11, 2024, 7:47am

In LAN
IPv6 RA Settings

if i change Default router to forced my devices get ipv6 address however sites do not work
if i switch to automatic i don't get public ipv6 address in my devices ipv6 router shows blank

any way to set 5g modem as router?
Maybe that will fix issues

My connection is

5g modem --->Openwrt router raspberry pi ----->My devices

plexifyme · December 11, 2024, 8:05am

Is it possible to relay everything so every connected device goes to 5g modem to obtain ip

mk24 · December 11, 2024, 10:33am

Yes with LTE you will have to use relay mode. The convention is that each customer has only one /64 routed to their modem. I don't know of any LTE companies routing additional prefixes to customers.

In relay mode the LAN interface does not hold a GUA, but each lan endpoint gets a unique GUA within the /64 that exists on wan. When the endpoint does NDP, its addess is snooped and used to install a /128 route via lan.

The default firewall and no PBR will work for the relay mode use case.

plexifyme · December 11, 2024, 1:09pm

can you please guide me on how to do that

13en · December 11, 2024, 5:57pm

Check the post below, if your ISP gives /64 you need to use relay in order to get IPV6 on your LAN

plexifyme · December 12, 2024, 3:44am

Tried that it works fine for few hours after that it reverts back to same problem

ipv6 just stops working
the only option to get it working again was to restore backup i made
reboot would not fix the issue

Test with Dual Stack DNS record		ok (0.873s) using ipv6
Test for Dual Stack DNS and large packet		timeout (15.014s)
Test IPv6 large packet		timeout (15.009s)
Test if your ISP's DNS server uses IPv6		ok (0.412s) using ipv6
Find IPv4 Service Provider		ok (1.403s) using ipv4 ASN 55836
Find IPv6 Service Provider		timeout (15.004s)

mk24 · December 12, 2024, 9:16am

It could be because the ISP changed your IP but the endpoints hold on to the old one which is now in the wrong prefix. Restarting the router will not fix that.

Disable DHCPv6 and run the network as RA only may help to propagate changes more quickly. DHCPv6 has no "push" provision to tell the endpoint it needs a new IP.

plexifyme · December 13, 2024, 2:42am

tried that did not work still same issue

plexifyme · December 13, 2024, 5:09am

Should i disable dhcp v6 on wan6 or lan or both?

mk24 · December 13, 2024, 10:05am

On lan.

The "DHCPv6" proto on a wan activates both a dhcp client and an ra client. Probably the modem is only offering RA anyway..

plexifyme · December 15, 2024, 4:53am

i am trying to copy this config for my device
can someone guide me on how to bridge lan and wan or alternatively how to get nat working properly