Mwan3 feedback on IPv6 and missing features

#1

Hello openWrt community,

I am the maintainer of the mwan3 package https://github.com/openwrt/packages/tree/master/net/mwan3 .

I want to know the experience if anyone is using mwan3 in a IPv6 only and in a IPv6/IPv4 mixed environment. What are the Problems to get mwan3 working on IPv6. Also I want to get an overview who is using mwan3 and what are the problems and missing feature are.

Thanks

0 Likes

OpenVpn client not working with mwan3
#2

Hi,

I'm trying to get mwan3 working with two dual stack internet connections. IPv4 seems to work but my wanb6 interface is always offline. I get IPv6 addresses from both connection on my client, is this correct? How does the client decide which address to use?

Ping6 for wan6 (this one works):

# ping6 -c 1 -I eth0.1 www.google.com
PING www.google.com (2a00:1450:4001:816::2004): 56 data bytes
ping6: sendto: Permission denied

Ping6 for wanb6 (this one doesn't work):

# ping6 -c 1 -I eth0.2 www.google.com
PING www.google.com (2a00:1450:4001:816::2004): 56 data bytes
64 bytes from 2a00:1450:4001:816::2004: seq=0 ttl=57 time=33.391 ms

--- www.google.com ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 33.391/33.391/33.391 ms
# mwan3 status
Interface status:
 interface wan is online and tracking is active
 interface wan6 is online and tracking is active
 interface wanb is online and tracking is active
 interface wanb6 is offline and tracking is active

Current ipv4 policies:
balanced:
 wanb (40%)
 wan (60%)

wan_only:
 wan (100%)

wan_wanb:
 wan (100%)

wanb_only:
 wanb (100%)

wanb_wan:
 wanb (100%)


Current ipv6 policies:
balanced:
 wan6 (100%)

wan_only:
 wan6 (100%)

wan_wanb:
 wan6 (100%)

wanb_only:
 unreachable

wanb_wan:
 wan6 (100%)


Directly connected ipv4 networks:
 224.0.0.0/3
 10.0.0.255
 127.0.0.0
 127.255.255.255
 10.0.0.0
 10.0.0.1
 192.168.179.0/24
 192.168.178.184
 192.168.178.255
 192.168.179.0
 192.168.179.255
 127.0.0.0/8
 10.0.0.0/24
 127.0.0.1
 192.168.179.25
 192.168.178.0
 192.168.178.0/24

Directly connected ipv6 networks:
 prefix:of:wanb6:address::/64
 prefix:of:wan6:address::/56
 prefix:of:wanb6:address::/56
 fe80::/64
 prefix:of:wanb6:pd::/64
 fd8b:1382:bd9::/64
 pfrefix:of:wan6:pd::/64
 prefix:of:wan6:address::/64

Active ipv4 user rules:
    2   100 S https  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport sports 0:65535 multiport dports 443 
    0     0 - balanced  all  --  *      *       0.0.0.0/0            0.0.0.0/0            

Active ipv6 user rules:
    0     0 S https  tcp      *      *       ::/0                 ::/0                 multiport sports 0:65535 multiport dports 443 
    0     0 - balanced  all      *      *       ::/0                 ::/0                 

Running openwrt 18.06.2 on x86_64. Didn't touch the default configuration except enabling the interfaces. Both interfaces have an IPv6 address in a /64 and a deligated prefix of /58.

I would appreciate your help!

EDIT: Just installed the latest snapshot and switched wan and wanb. Now wan6 doesn't work, so it seems to be related to the router which connects to the ISP. Those are both FRITZ!boxes (different models) but the relevant configuration should be the same.

0 Likes

#3

Thinking about the issue with multiple wans and ipv6. Based on which IP address is selected by the originator of the traffic, the traffic can only traverse the WAN associated with that prefix. There's not much that mwan3 can do other than trying to get fancy and use NPT6 in some tricky way that would probably cause fragility.

Anyone else have thoughts?

0 Likes

#4

This situation would usually be solved by the ISP (both) accepting packets from both prefixes, but this is generally only an option for (higher end) business contracts - for consumer contracts the ISP won't even consider this request.

1 Like

#5

Those were my thoughts too.

  • On ipv4 we have a dedicated network address which will get NATed anyway on the wan interfaces.

  • On ipv6 we have no dedicated network address so we have to use NAT66 or NPT6 on the wan interfaces.

0 Likes

#6

Since much traffic comes from web access another option is to use a proxy and tell the proxy to use different source IPs for different connections explicitly

0 Likes