In trying to troubleshoot an Apple TV that is hell-bent on connecting to an IPv6 address, I’m wondering if it’s feasible to have a single interface configured on a single VLAN for both IPv6 and IPv4 and the remaining interfaces/VLANs just pure IPv4. The WAN connection is pure IPv4 as well.
Yes, it is possible. Create a new interface and assign it to a dedicated physical interface. But this is not necessary, you can just enable the IPv6 on the main interface. The default settings will work fine and will advertise a ULA address, which is private and is not able to access the internet.
1 Like
What is the main interface? I have several currently using just IPv4. Can I simply edit one adding IPv6 and be good?
I was referring to LAN interface as main. The default settings will advertise IPv6 from the ULA prefix that is randomly generated for your router. I cannot comment if that will be good for the Apple TV, but this is one thing you can try easily.
I my case it is a guest interface but we’re talking semantics at this point, right? Lan or guest or foo interface shouldn’t matter right?
So I added IPv6 to the "guest" interface but I do not think I correctly.
For one, when I connect to the interface on my phone, I see the following, is it correct to no have an entry for the IPv6 router?
Can someone please review my settings and comment? I do see an IPv6 entry for the interface:
/etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd1d:692b:58dc::/48'
option packet_steering '1'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0'
option ipv6 '0'
config bridge-vlan
option device 'br-lan'
option vlan '3'
list ports 'eth0:t'
config bridge-vlan
option device 'br-lan'
option vlan '4'
list ports 'eth0:t'
config bridge-vlan
option device 'br-lan'
option vlan '5'
list ports 'eth0:t'
config bridge-vlan
option device 'br-lan'
option vlan '10'
list ports 'eth0:t'
config device
option type 'bridge'
option name 'lxcbr0'
option ipv6 '0'
option bridge_empty '1'
config interface 'wan'
option device 'eth1'
option proto 'dhcp'
option peerdns '0'
list dns '9.9.9.9'
list dns '149.112.112.112'
config interface 'lan'
option device 'br-lan.10'
option proto 'static'
option ipaddr '10.9.8.1'
option netmask '255.255.255.0'
option delegate '0'
config interface 'lxc'
option device 'lxcbr0'
option proto 'static'
option ipaddr '10.0.4.1'
option netmask '255.255.255.0'
config interface 'guest'
option device 'br-lan.3'
option proto 'static'
option ipaddr '10.9.7.1'
option netmask '255.255.255.0'
option ip6assign '64'
config interface 'homeoffice'
option device 'br-lan.4'
option proto 'static'
option ipaddr '10.9.6.1'
option netmask '255.255.255.0'
config interface 'iot'
option device 'br-lan.5'
option proto 'static'
option ipaddr '10.9.5.1'
option netmask '255.255.255.0'
config device
option name 'br-lan.3'
option type '8021q'
option ifname 'br-lan'
option vid '3'
option ipv6 '1'
config device
option name 'br-lan.4'
option type '8021q'
option ifname 'br-lan'
option vid '4'
option ipv6 '0'
config device
option name 'br-lan.5'
option type '8021q'
option ifname 'br-lan'
option vid '5'
option ipv6 '0'
config device
option name 'br-lan.10'
option type '8021q'
option ifname 'br-lan'
option vid '10'
option ipv6 '0'
config device
option name 'eth1'
option ipv6 '0'
config device
option name 'vethUQwLDo'
option ipv6 '0'
config device
option name 'wg0'
option ipv6 '0'
config interface 'wg0'
option proto 'wireguard'
...
/etc/config/dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option cachesize '1000'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option localservice '1'
option ednspacket_max '1232'
option port '53'
config tag 'tag1'
option dhcp_option '6,9.9.9.9,149.112.112.112'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
option start '100'
option limit '150'
option leasetime '12h'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
list dhcp_option '6,10.0.4.250'
config dhcp 'guest'
option interface 'guest'
option start '100'
option limit '150'
option leasetime '12h'
list dhcp_option '6,10.0.4.250'
option ra 'server'
option dhcpv6 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
config dhcp 'homeoffice'
option interface 'homeoffice'
option start '100'
option limit '150'
option leasetime '12h'
list dhcp_option '6,9.9.9.9,149.112.112.112'
config dhcp 'iot'
option interface 'iot'
option start '100'
option limit '150'
option leasetime '12h'
list dhcp_option '6,10.0.4.250'
Why are you adding an ipv6 prefix to that interface? It does not work like that. Usually you should receive a prefix from your isp, then you can delegate that downstream to your network. If not, then openwrt will start distributing ula prefix on your network.
Correct.
It is, the router doesn't have any public prefix so it is not advertising the default gateway.
It is correct as it is, without the ip6assign it won't assign any prefix to the interface, including the ULA.
1 Like
Thank you both for the replies. The issue I am trying to troubleshoot is an AppleTV sending 40,000+ requests per day even when it is sleeping. A suggestion was that this behavior could be due to RFC 8880 and to try to enable IPv6 on the router to see if that fixes it.
This has nothing to do with what you are trying to achieve. You already have IPv4 working.
I don't understand exactly how is appletv sending ipv6 requests. Remove the 'ip6assign' line. Also if you think it's getting the idea due to some dns aaaa record, then enable "Filter IPv6 AAAA records" in dhcp, as you're not using ipv6 anyway. Either you do ipv6 properly, with requesting a prefix, distributing it downstream, writing proper firewall rules etc, or you don't do it at all.