hi does anyone have any ideas where i’m going wrong with the IPv6 config on mwan3 it works great on the IPv4 interfaces but fails on the IPv6’s see screenshot
are the FTTP1_V6 alias supposed to have dns weights or metrics, I tried adding the virtual dynamic interface to the mwan3 config instead of the alias and that made no difference.
I could see the cloudflare one.one.one.one over IPv6 before setting up mwan3 but now I cant resolve it, since dropping the config and creating the fresh setup with mwan3, its as if it tries to resolve the ipv6 addresses over IPv4 and fails so cant resolve them and says they are down
root@FIREWALL:~# cat /etc/config/mwan3
config globals 'globals'
option mmx_mask '0x3F00'
option logging '1'
option loglevel 'info'
config interface 'FTTP1'
option enabled '1'
list track_ip '1.0.0.1'
list track_ip '1.1.1.1'
list track_ip '208.67.222.222'
list track_ip '208.67.220.220'
option family 'ipv4'
option reliability '2'
config interface 'FTTP1_V6'
option enabled '1'
list track_ip '2606:4700:4700::1001'
list track_ip '2606:4700:4700::1111'
list track_ip '2620:0:ccd::2'
list track_ip '2620:0:ccc::2'
option family 'ipv6'
option reliability '2'
config interface 'FTTP2'
list track_ip '1.0.0.1'
list track_ip '1.1.1.1'
list track_ip '208.67.222.222'
list track_ip '208.67.220.220'
option family 'ipv4'
option reliability '1'
option initial_state 'online'
option track_method 'ping'
option count '1'
option size '56'
option max_ttl '60'
option timeout '4'
option interval '10'
option failure_interval '5'
option recovery_interval '5'
option down '5'
option up '5'
option enabled '1'
config interface 'FTTP2_V6'
option enabled '1'
list track_ip '2606:4700:4700::1001'
list track_ip '2606:4700:4700::1111'
list track_ip '2620:0:ccd::2'
list track_ip '2620:0:ccc::2'
option family 'ipv6'
option reliability '1'
option initial_state 'online'
option track_method 'ping'
option count '1'
option size '56'
option max_ttl '60'
option timeout '4'
option interval '10'
option failure_interval '5'
option recovery_interval '5'
option down '5'
option up '5'
config member 'wan_m1_w3'
option interface 'FTTP1'
option metric '1'
option weight '3'
config member 'wan_m2_w3'
option interface 'FTTP1'
option metric '2'
option weight '3'
config member 'wanb_m1_w2'
option interface 'FTTP2'
option metric '1'
option weight '2'
config member 'wanb_m1_w3'
option interface 'FTTP2'
option metric '1'
option weight '3'
config member 'wanb_m2_w2'
option interface 'FTTP2'
option metric '2'
option weight '2'
config member 'wan6_m1_w3'
option interface 'FTTP1_V6'
option metric '1'
option weight '3'
config member 'wan6_m2_w3'
option interface 'FTTP1_V6'
option metric '2'
option weight '3'
config member 'wanb6_m1_w2'
option interface 'FTTP2_V6'
option metric '1'
option weight '2'
config member 'wanb6_m1_w3'
option interface 'FTTP2_V6'
option metric '1'
option weight '3'
config member 'wanb6_m2_w2'
option interface 'FTTP2_V6'
option metric '2'
option weight '2'
config policy 'wan_only'
list use_member 'wan_m1_w3'
list use_member 'wan6_m1_w3'
config policy 'wanb_only'
list use_member 'wanb_m1_w2'
list use_member 'wanb6_m1_w2'
config policy 'balanced'
list use_member 'wan_m1_w3'
list use_member 'wanb_m1_w3'
list use_member 'wan6_m1_w3'
list use_member 'wanb6_m1_w3'
config policy 'wan_wanb'
list use_member 'wan_m1_w3'
list use_member 'wanb_m2_w2'
list use_member 'wan6_m1_w3'
list use_member 'wanb6_m2_w2'
config policy 'wanb_wan'
list use_member 'wan_m2_w3'
list use_member 'wanb_m1_w2'
list use_member 'wan6_m2_w3'
list use_member 'wanb6_m1_w2'
config rule 'https'
option sticky '1'
option dest_port '443'
option proto 'tcp'
option use_policy 'balanced'
config rule 'default_rule_v4'
option dest_ip '0.0.0.0/0'
option use_policy 'balanced'
option family 'ipv4'
config rule 'default_rule_v6'
option dest_ip '::/0'
option use_policy 'balanced'
option family 'ipv6'
root@FIREWALL:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd49:faa8:2dbd::/48'
option packet_steering '1'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '10.0.0.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'configuration'
option device 'eth1'
option proto 'static'
option ipaddr '192.168.1.250'
option netmask '255.255.255.0'
config interface 'FTTP1'
option proto 'pppoe'
option device 'eth2'
option ipv6 'auto'
option username 'username'
option password 'password'
option peerdns '0'
option metric '1'
config interface 'FTTP2'
option proto 'pppoe'
option device 'eth3'
option ipv6 'auto'
option username 'username'
option password 'password'
option metric '2'
config interface 'FTTP1_V6'
option proto 'dhcpv6'
option device '@FTTP1_6'
option reqaddress 'force'
option reqprefix 'auto'
option norelease '1'
config interface 'FTTP2_V6'
option proto 'dhcpv6'
option device '@FTTP2_6'
option reqaddress 'force'
option reqprefix 'auto'
option norelease '1'
I haven’t really done anything to the firewall other than assign an wan and lan side
root@FIREWALL:~# cat /etc/config/firewall
config defaults
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'cofiguration'
list network 'configuration'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'FTTP1'
list network 'FTTP1_V6'
list network 'FTTP2'
list network 'FTTP2_V6'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'