Hello,
Trying to setup IPv6 on LAN side. I've added a WAN6 interface and that gets an IPv6 address from my ISP router absolutely fine. I can ping IPv6 addresses from OpenWRT. When it comes to clients though, they get IPv6 addresses but no Router is set. If I change "Default router" in IPv6 RA Settings to forced, a router is set but IPv6 connectivity still doesn't work on clients. Please let me know what you need in order to help me troubleshoot.
Thanks.
It depends on how much your ISP supports V6. If they give customers a prefix group, the default settings should work. If you only get a single /64 or a single /128 they will not work because the LAN won't be issuing GUA (public) IP6s to lan clients.
So check if the LAN clients have a GUA IP (starts with 2 or 3) and the status of wan6, the netmask size (/64 or /128) and whether or not it has been issued a separate prefix.
Well, the router can ping IPv6 sites so surely it should just work as I've set LAN to masquerade addresses to WAN?
Pinging from the router only depends on the wan6 interface holding a GUA, it doesn't mean anything about the LAN or the routing.
The default setting only masquerades IPv4. IPv6 is intended for direct end to end routing. The only reason to masquerade IPv6 would be if you can only get a 128 from your ISP. Then that is the same poor situation as IPv4 where everything in the house has to be crammed out through a single IP.
I see what you're saying... I can see my ISP router is given a /64 address so how would I setup my OpenWRT router to use the same IPv6 subnet as my ISP router?
First, use ifstatus wan6 to confirm there really is no prefix from the ISP:
"ipv6-prefix": [
],
If that is your case, you'll need to set up relay mode. I use slightly different settings than are in the wiki.
/etc/config/dhcp
config dhcp 'lan'
option interface 'lan'
...
option dhcpv6 'server'
option ra 'relay'
option ndp 'relay'
option ra_dns '1'
list ra_flags 'other-config'
list ra_flags 'managed-config'
config dhcp 'wan6'
option interface 'wan6'
option ra 'relay'
option ndp 'relay'
option master '1'
This should result in LAN clients configuring an IPv6 within the same prefix as wan, but a different last 64 bits, so they are able to route IPv6 to the Internet without NAT (each client has a unique public IP).
Coming back to this again. ifstatus wan6 has no ipv6-prefix set. I tried those settings in /etc/config/dhcp and didn't seem to work. Just to confirm, my ISP router has a /64 prefix but my LAN side still says "undefined/0":
LAN:
WAN:
I don't understand what's happening here. If the OpenWRT router gets a DHCPv6 address from the ISP router why can't it just delegate /64 addresses down to the LAN interface which in turn delegates to clients?
I don't really understand IPv6 at all so I'm finding it very hard to troubleshoot this. What is the Prefix Delegation stuff and why doesn't my ISP do it?
Also can see this in the logs:
Mon Sep 4 19:22:05 2023 daemon.err odhcpd[1862]: Failed to send to ff02::1%lan@br-lan (Network unreachable)
I setup a Hurricane Electric 6-in-4 tunnel and that gets an IPv6. Still nothing on the LAN side though.
You have no ipv6 address on lan. No link local no ULA no nothing. That's why you can not even ping all devices via multicast on the link. ff02::1 is a special purpose address for all devices on a link.
Since the ISP is not offering you a routed prefix, it's not possible to use standard IPv6 configuration where lan has a delegated prefix out of the ISP routes, which is different from the wan prefix. However you do have a /64 IPv6 on wan, which can be used in relay mode. In relay mode the LAN devices will each hold unique IPs but within the same /64 from the ISP.
In relay mode the LAN interface itself does not have a GUA IPv6 but it must hold a link-local (starts with fe80:) address. This link-local IP will be used by lan clients for DNS and also to gateway to the Internet via the router. Checking the IPv6 status on a client should confirm this:
Generally every OpenWrt interface gets a MAC-derived link-local by default unless the IPv6 option in general settings is off. Make sure it is on. Remove the ip6assign setting entirely since delegated assignment will not work in your case.
Thanks for this, setup wan6 to relay designated master and lan to just relay. It works on my phone, so something is working, but on my Mac IPv6 connectivity doesn't work for some reason.
Also, on the main page under DHCPv6 leases, I only see a couple of devices with a DHCP IPv6 address. My phone, which works, isn't listed under there. Is that normal?
Android OS does not use a DHCPv6 client on wan, they always use SLAAC.
I've got a phone.
So just to clarify the way this works: OpenWRT is acting as a DHCPv6(?) relay for my ISP router which is handing out addresses as per its set IPv6 Prefix Delegation?
There is no prefix delegation since the ISP is only allowing a single /64 from the Internet to you.
For relay RA, the router advertises this prefix to LAN devices then they use SLAAC to choose a MAC based or random last 64. The resulting IP is valid on the Internet as a unique public IP (GUA) for each device.
I'm not sure exactly how relay DHCP6 works-- whether requests are passed all the way back to the ISP, or if they are handled locally.
(Please take my post with a huge grain of salt...)
I would not count that an ISP is allowing DHCP delayed packets and/or giving out more then one IP.
As for as I knew the relay option from Openwrt does only proxy/relay the router advertisement. But I'm not really sure because I've never used it...
