Need some help with static ipv6 wan config

Because I so rarely use ipv6, even in 2024, I still often forget and confuse its nuances compared to ipv4 which I know well. Anyways I am trying to configure a dual stack static ip assignment. The ipv4 addresses and routes are working perfectly but i am not sure if I configured the ipv6 correctly. Normally for dhcpv6 there is a separate wan6 interface configured by default; however, when I switched both wan and wan6 to static I noticed that I could enter both ipv4 and ipv6 address info all in the wan configuration alone. So I did that and deleted the wan6. I am guessing that is ok but I am not sure what else I need to set as far as assignment length, assignment hint, suffix, etc... for the lan interface.

My current config (some irrelevant characters in the addresses were changed for privacy)

config globals 'globals'
	option ula_prefix 'fd87:1ed9:a6f8::/48'
	option packet_steering '1'

config interface 'lan'
	option device 'eth2.10'
	option proto 'static'
	option ipaddr '192.168.152.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

config interface 'wan'
	option device 'eth1.100'
	option proto 'static'
	option ipaddr '18.57.47.250'
	option netmask '255.255.255.252'
	option gateway '18.57.47.249'
	list dns '62.57.126.1'
	list dns '62.57.127.1'
	list dns '2001:4860:4860:0000:8888'
	list dns '2001:4860:4860:0000:8844'
	list ip6addr '2001:1340:0C06:0329:0000:0000:10FA:1953'
	option ip6gw '2001:1340:0C06:0329:0000:0000:3E1A:1953'
	option ip6prefix '2001:1340:C06::329/64'

One thing is that the ip6addr is missing the netmask, which might be misinterpreted by OpenWrt as /128 and this is not something you'd like.
Another problem is that the ip6prefix is the same network as the address and gateway. The ip6prefix is the delegated prefix from your ISP to use in your lan, so it must be different. In terms of IPv4, imagine that the ISP would allocate you a /20 which you would be able to assign in your lan interfaces, e.g /24 in lan, another /24 for guest, /25 for iot etc...

If the ISP is only giving you a /64 prefix, you can't further break it down like a /56 or /48. You can only give one LAN the /64. So the question of LAN delegation is almost moot.

If you did have a larger prefix, then the standard practice is to give LANs that don't have any routers downstream a /64, and larger prefixes to those that do have routers downstream, so the downstream router can make multiple /64s for its LAN(s).

The "hint" process is entirely optional, it is intended to give consistent assignments to multiple LANs. This helps to write firewall rules.

1 Like

Based on your replies then, it seems I would need to make a local ipv6 subnet and NAT them to the public assigned ipv6 address same as with ipv4? The ISP is AT&T Switched Ethernet Service just FYI.

By /128 are you referencing the option ip6assign '60' in the lan config? Sorry I am still trying to learn ipv6. I understand the basic structure of the address space and the concept of having the option to where every device is publicly accessible without NAT but I am still trying to understand assignment length, RA service, SLAAC, and how they all work. Basically I do not need public-accessible addresses in lan. Setting it up just like ipv4 with a local subnet and NAT is preferable. What would I need to set the lan ipv6 settings to? Thanks

Why are you setting a static IP address?

Have you tried the default settings, in /etc/config /network:

config interface 'wan6'
	option device 'eth1.100'
	option proto 'dhcpv6'
	option reqaddress 'try'
	option reqprefix 'auto'
	option peerdns '0'
	list dns '2606:4700::1111'
	list dns '2620:fe::10'
	option norelease '1'

and than do ifstatus wan6 to see address and prefix delegated?

Because that is what my ISP assigned me. It is AT&T Switched Ethernet Service. I was assigned a static ipv4 and ipv6

1 Like

For ipv6 they gave me a wan address, /64 prefix, and a gateway address

It looks like this is what is available so /64 prefix
I assume they have also given you the gateway to use?

As you only have a /64 subnet you have to use relayd for the LAN:
https://openwrt.org/docs/guide-user/network/ipv6/configuration#ipv6_relay

Did they gave you an additional IPv6 network like a /56 or /48?

No, just the WAN address, a gateway address, and the /64 prefix.

The link you listed has option dhcpv6 relay for the protocol. Would that still work if i was assigned a static ip? Also, it looks to only have ipv6 options listed in the lan settings. This is a dual stack setup. I am primarily using ipv4 addressing I just want to have the ipv6 stuff at least working for anyone that wants it. Finally, does this mean I need to recreate a wan6 interface? Wen you select static for the interface protocol it has form entries for both ipv4 and ipv6 info. If they are mutually exclusive than perhaps there needs to be a separate static6 option and separate the form entries. Ive got both ipv4 and ipv6 on the same wan interface currently and it seems to correctly assign both; however, I can not ping google ipv6 dns from the router.

Also here is my updated config, still does not seem to be working:

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option dhcpv6 'hybrid'
	option ra 'hybrid'
	option ndp 'hybrid'
	option ra_slaac '0'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'

and network:

config interface 'lan'
	option device 'eth2.10'
	option proto 'static'
	option ipaddr '192.168.***.***'
	option netmask '255.255.255.0'
	option ip6assign '64'
	list ip6class 'wan'

config interface 'wan'
	option device 'eth1.100'
	option proto 'static'
	option ipaddr '12.94.***.***'
	option netmask '255.255.255.252'
	option gateway '12.94.***.***'
	list dns '68.94.156.1'
	list dns '68.94.157.1'
	list dns '2001:4860:4860:0000:8888'
	list dns '2001:4860:4860:0000:8844'
	list ip6addr '2001:1890:****:****:0000:0000:111A:1953'
	option ip6gw '2001:1890:****:****:0000:0000:EE1A:1953'
	option ip6prefix '2001:1890:***::***/64'

It's not working because it's still the same as the first post.
You haven't assigned a mask in ip6addr. You keep on using the wan prefix as delegated prefix and on top of that there is partial configuration for relay.

No, it's quite clear when I mention that the ip6addr is missing the netmask.
list ip6addr '2001:1340:0C06:0329:0000:0000:10FA:1953/???'

This isn't how IPv6 works and while possible to do NAT6, it's quite a procedure. The firewall is setup to limit the flow of traffic from wan to lan.

As mentioned earlier, you only need to set it for the relay.

1 Like

Ok I got you. I am used to seeing a netmask form entry in Luci instead of it just expecting CIDR notation so I was not thinking of that when you mentioned it. I didn't know if you were talking about the /64 in the prefix or what. Like I said I am still tying to learn ipv6.

Edit: I still don't think I understand you. The information I got from my ISP does not list any netmask with the wan address. Just the /64 on the WAN prefix.

Ok I will ditch the NAT idea I think the concept is just more familiar to me. Ive been reading some guides on ipv6 and think I am starting to get it but basically all lan ipv6 addresses will have the same prefix that my isp gave me and then each will have a unique interface suffix? Is this correct?

Another thing. do I need to setup a stateful dhcpv6 server on the lan interface or assign it as a designated master or anything? Wouldn't a relay configuration imply that the upstream router is offering dhcpv6 services? I assumed that since I was assigned a static address that this was not the case.

Then use the /64 as mask for the ipv6 address. :wink:

All that you ask is answered in the relay wiki page. Relay is the mode in lan and wan, master is the wan.

1 Like

Ok that makes sense. Also I was confused on the wiki link because I misread the configuration options. I thought those were options set in /etc/config/network instead of /etc/config/dhcp and it was throwing me all off. Thanks.

1 Like

Hey sorry but one more question. What if I have multiple lan interfaces/subnets that I want to have ipv6 addresses (lan,guest)? If I set the config options as you suggested in relay mode, it seems only one of the interfaces gets assigned a ipv6 address (lan). I suppose this makes sense if I am understanding the whole relay idea correctly but can this be done?

No, that is why a good ISP will handout a /56 or /48 prefix

2 Likes

Yes, @thermochromic_net should ask the ISP for an allocation of the size 48 or at least 56.

Then you can assign each of your subnets an individual prefix within that allocation. Your wan setup will be not affected and has not to be changed. And you can skip all that relay and nat shizzle.

2 Likes