ISP Telekom IPv6 only (no IPv4)

Make sure that v6 is fully working before continuing. The test site (neverssl.com) is also reachable on native v6 with an IP that starts with 2600:1f13... use your DNS.

I would think that wan_6 and wan_6_4 need to be in the wan firewall zone if they aren't automatically added. Check the ifstatus on both of those.

1 Like

Ohkay... now I don't understand anything anymore.

I just restarted the router, tested something else (your suggestion earlier about whether PPPoE is even necessary) and have now set PPPoE to WAN and DHCPv6 to WAN6 again and now it works...

I have the silly fear that the fault was that I had not set VLAN7 on WAN6. So I changed the setting there to "WAN" and not "wan.7" - I can't remember if I had done that earlier.

Or could it have been because the DS-Lite and 464XLAT packages were only active after a reboot?

At this point, a huge thank you to you all and your active support! I am glad to have finally joined this forum and hope that I can also help in the future.

Please share the final version of your /etc/config/network

The VLAN tag applies only to the "outer" PPPoE encapsulated packets going from the router to the modem. So it is applied directly to the Ethernet port that the pppoe driver uses. The "inner" traffic-- your IPv4 and IPv6 packets, is not tagged.

DTAG uses vlan 7 (tagged). And PPPoE on the IPv4 interface, and DHCPv6 on the IPv6 interface.
Nothing more. nothing less.
No translation. No nothing, besides PPPoE and plain and standard IPv4 and IPv6.

On pre-DSA the device and interface config looks like:

config switch_vlan
    option  device          'switch0'
    option  ports           '1t 0t'
    option  vlan            '7'

config device
    option  name            'eth0.7'


config interface            'wan'
    option  device          'eth0.7'
    option  proto           'pppoe'
    option  username        '<Anschlusskennung-24-digits>@t-online.de'
    option  password        '<8-digits-password>'
    option  ipv6            'auto'

config interface            'wan6'
    option  device          'eth0.7'
    option  proto           'dhcpv6'
    option  reqaddress      'try'
    option  reqprefix       '56'

I can not speak for their fiber installations, but everything which is DSL and has a somehow "new" contract (>2010 IIRC) aka "Magenta", gives you normal and plain IPv4 and IPv6 on PPPoE with Prefix-Delegation (/56). No CGNAT, no 464 translation shizzle or other. Just plain IPv4 and IPv6. (Site note: ifstatus wan does not show you something all the time. Use ip [-4|-6] addr and ip [-4|-6] route)

root@cpe:~# ip -br addr show dev pppoe-wan
pppoe-wan        UNKNOWN        93.206.x.x peer 62.155.247.65/32 2003:e4:bfff:XXXX:x:x:x:x/64 fe80::x:x:x:x/128

root@cpe:~# ip route show dev pppoe-wan
default via 62.155.247.65 proto static
62.155.247.65 proto kernel scope link src 93.206.2.225
62.155.247.65 proto bird scope link metric 32

root@cpe:~# ip -6 route show dev pppoe-wan
default from 2003:e4:bf30:XX00::/56 via fe80::x:x:x:x proto static metric 512 pref medium
default from 2003:e4:bfff:XXXX::/64 via fe80::x:x:x:x proto static metric 512 pref medium
2003:e4:bfff:XXXX::/64 proto bird metric 32 pref medium
fe80::x:x:x:x proto kernel metric 256 pref medium
fe80::x:x:x:x metric 1 pref medium
root@cpe:~# ping -4 -c2 heise.de
PING heise.de (193.99.144.80): 56 data bytes
64 bytes from 193.99.144.80: seq=0 ttl=249 time=12.342 ms
64 bytes from 193.99.144.80: seq=1 ttl=249 time=13.086 ms

--- heise.de ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 12.342/12.714/13.086 ms

root@cpe:~# ping -6 -c2 heise.de
PING heise.de (2a02:2e0:3fe:1001:302::): 56 data bytes
64 bytes from 2a02:2e0:3fe:1001:302::: seq=0 ttl=58 time=13.870 ms
64 bytes from 2a02:2e0:3fe:1001:302::: seq=1 ttl=58 time=13.170 ms

--- heise.de ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 13.170/13.520/13.870 ms

The OP uses Vodadone as DSL-ISP. As far as I know Vodafone opted for L2-BSA (not sure whether the switch is completed yet as they started with L3-BSA IIRC), that is they hand-over in the ~900 BNG locations and hence are not forced to use PPPoE at all, they can do what ever they please. That however also means that there can be screw ups...

uh? What have I missed? Thanks for pointing out.

Edit. Spelling.

It was a bit hidden:

1 Like

Congratulations on getting it working. However, the result is that it works "somehow," and it is not clear which of the three packages (464xlat, ds-lite, map) was actually needed. Could you please share the output of ip addr and ip route (don't forget to censor any public IP addresses to the first two octets)?

Hey folks,

sorry for the late feedback, I only got time to update and completely rebuild everything today.

The package "DS-LITE" was important - unfortunately a restart of the interface wasn't enough for me, so I didn't notice it in the evening. Only after restarting the router did I see that ds-lite was being used.
I also have to say that I may not have paid attention to the tagged vlan on WAN6 (which of course must also be the case on WAN) as the interface.

The initial working network config looks like this:

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'XXXXXXXXXXXXXXXX/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.2.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

config device
	option name 'wan'
	option macaddr 'XXXXXXXXXXXXXXXX'

config interface 'wan'
	option device 'wan.7'
	option proto 'pppoe'
	option username 'XXXXXXXXXXXXXXXX'
	option password 'XXXXXXXXXXXXXXXX'
	option ipv6 'auto'

config interface 'wan6'
	option device 'wan.7'
	option proto 'dhcpv6'
	option reqaddress 'try'
	option reqprefix 'auto'

config device
	option type '8021q'
	option ifname 'wan'
	option vid '7'
	option name 'wan.7'

Steps I have to take to make it work:

  1. DS-LITE must be installed as a package.
  2. a vlan 802.1q must be created (under "Network -> Devices") for the interface "wan" with the tag 7.
  3. this vlan must be set as interface to the WAN and WAN6 interface.
  4. set up PPPoE on WAN and DHCP6 on WAN6.

I hope this information will help someone. :slight_smile:
Thanks again to all!

I'm currently stuck on creating a port forwarding for my NAS, I read that ishould use PBR? I already use PBR but to route different devices over a VPN. Do you have any tips? Otherwise, I would keep trying for now and open a separate thread.

With ds-lite there typically is no public IPv4 address, so you will need to use IPv6

I don't see where Dslite would be used and your current config looks really just as a default config for deutsche Telekom... I'm confused

Look at the picture below. Something like this is also displayed in the dashboard. This was done automatically after I configured it as I described.

IPv6 is honestly a mystery to me. I don't really understand it and I'm not able to give my Synology NAS a v6 DHCP address, let alone a static one.

I can't speak on how to do it with Luci but I would assume it can be configured. Or just use an address outside of the dhcpv6 pool and configure the static address on the server.

You've received a /56 prefix over PPP, which has caused the pppoe process to spawn a the wan_6 interface. A /60 out of that /56 has been delegated to the lan, thus lan connectivity is native IPv6. The DHCP wan6 interface is not doing anything here. I think that @_bernd said the DHCPv6 connection should be sent to the modem untagged. If your ISP and modem can serve v6 over IPoE, that is generally better than pppoe since PPP at high speed uses quite a bit of router CPU wrapping and unwrapping every packet going to the Internet.

A lan resource like an NAS can be configured with a ULA (IP starts with fd). The advantage of that is a ULA prefix is stable within your network while global (GUA) prefixes supplied by the ISP are subject to change. If your only network within the house is a single LAN you could also access the NAS via link-local.

Afaik because I use s native DTAG connection, booth needs to be tagged vlan7. I use several vlans in my lan but don't care about addresses because we have DNS :wink: I think name resolution prefers GUA.
At least with 100 Mbit down and 50 Mbit up I don't see any performance issues here :person_shrugging: regarding the pppoe overhead

I'll be honest, I don't really understand the whole thing.
I have now set the interface from WAN6 back to the normal wan (i.e. not to the vlan with tag7) - it still works. I would leave it as it is.
But when I try to switch from PPPoE to PPP, I don't understand what I have to set, I have to specify a "modem device" and I fail. My modem is not in the router, what should this setting do?
I currently have 500Down and 100Up - could I really get into performance problems? Especially considering that I want to run VPN on the device?

Regardless, I understand much less about the IPv6 issue. My mobile phone, for example, gets a v6 address directly via wifi and v4 assigned to individual PCs in the network as well - but where I seem to need it (on the NAS) I only get a v4.
IPv6 is really new territory for me... :frowning:

You should be able to delete "wan6" entirely, as your screenshot shows the auto-generated "wan_6" being used.

PPPoE means PPP over Ethernet, so it is the right choice to use with the Ethernet WAN port.

As others mentioned, it would be preferable to get rid of PPPoE, and instead do DHCPv6 on the device wan.7 directly. This would lower the CPU usage on the router. However, the ISP actually needs to support it, which is probably not the case.

Have you checked the configuration of the NAS? As long as it is configured to use either SLAAC or DHCPv6, it should work with an OpenWrt router in the default configuration.