There is public network ipv6 address with using ifconfig command.But no ipv6 address,when I checked it by http://test-ipv6.com/.I am using the firmware with openwrt 22.03.
And the problem is?
I can't connet ipv6 webs,but there is the ipv6 address for my route and computer.
Does your ISP provide ipv6? Have you ever used it ok?
divide your debugging to two parts:
- First getting connectivity to work from the router console.
- When that works, then work for getting ipv6 for LAN devices
First step is to try ping from router. (you might ping ipv6.google.com because that only answers to ipv6)
Does ping from the router console succeed?
You could also try from the LuCI diagnose page, both IPv6 ping and traceroute to OpenWrt servers.
My ISP provide ipv6.And there is the public network ipv6 (240e:344:........) for my route,but I can't connect any websites (Allow ipv6 connection) with ipv6.
Can you ping some ipv6 FQDN or IP?
No, this is my "IPv6 Upstream"."xxxx" replaces my real address.
Protocol: DHCPv6 client
Prefix Delegated: 240e:346:xxxx:xxxx::/56
Address: 240e:344:5b02:133b:1558xxxx:xxxx:xxxx/64
Gateway: fe80::211:ff:fe22:33
DNS 1: 240e:4e::66
DNS 2: 240e:4e:800::66
Connected: 1d 19h 22m 44s
/etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option packet_steering '1'
option ula_prefix 'fd00:a5d5:d4a6::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.5.1'
option netmask '255.255.255.0'
option ip6assign '64'
config interface 'wan'
option device 'wan'
option username 'XXXXXXXX'
option password 'XXXXXXX'
option metric '40'
option proto 'pppoe'
option ipv6 'auto'
option ip6assign '64'
config interface 'wan6'
option device 'wan'
option proto 'dhcpv6'
/etc/config/dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
option noresolv '0'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
I am not familiar with the pppoe tweaks, but based with basic ipv6 connectivity knowledge, something looks wrong:
lan: ipassign might be 60 instead of 64. (64 is the minimal size, but larger one is better, just in case). You have been given a /56 from ISP, so /60 in lan is ok.
wan: ipassign ???? there should be none. You are not assigning anything from the given address space back towards ISP.
wan: ipv6 auto should also be unnecessary
I read the ipv6 configuration of openwrt from the Internet.And I also don't know why the prefix delegated is 56.I only set both LAN and Wan to automatically obtain ipv6 and assign 64 bit addresses.
ip6assign 64 in lan is fine, as long as there won't be any prefix delegated downstream. In any case you can assign the 60 there and leave room for future expansions.
In wan interface, remove the option ip6assign '64'
.
Remove wan6 interface. You have option ipv6 'auto'
in wan
so the virtual interface wan_6
will be spawned automatically and will handle the ipv6 part.
Still not.
Please run the following commands (copy-paste the whole block) and paste the output here, using the "Preformatted text </>
" button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have
ubus call system board; \
uci export network; \
uci export dhcp; uci export firewall; \
head -n -0 /etc/firewall.user; \
ip -6 addr ; ip -6 ro li tab all ; ip -6 ru; \
ls -l /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/* ; head -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/*
ubus call system board;
{
"kernel": "5.10.143",
"hostname": "OpenWrt",
"system": "MediaTek MT7621 ver:1 eco:3",
"model": "Phicomm K2P",
"board_name": "phicomm,k2p",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "SNAPSHOT",
"revision": "r20698-3cee396bf8",
"target": "ramips/mt7621",
"description": "OpenWrt SNAPSHOT r20698-3cee396bf8"
}
}
uci export network;
package network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option packet_steering '1'
option ula_prefix 'fd00:a5d5:d4a6::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.5.1'
option netmask '255.255.255.0'
option ip6assign '64'
config interface 'wan'
option device 'wan'
option username 'XXXXXXXXXX'
option password 'XXXXXXXX'
option metric '40'
option proto 'pppoe'
option ipv6 'auto'
uci export dhcp; uci export firewall;
package dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
option noresolv '0'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config host
option name 'ubuntu'
option ip '192.168.5.128'
option mac 'XX:XX:XX:XX:XX:XX'
package firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option flow_offloading '1'
option flow_offloading_hw '1'
option fullcone '0'
option synflood_protect '1'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config zone
option name 'wan'
option output 'ACCEPT'
option masq '1'
option mtu_fix '1'
option input 'ACCEPT'
option forward 'REJECT'
list network 'wan'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include 'miniupnpd'
option type 'script'
option path '/usr/share/miniupnpd/firewall.include'
config include 'adbyby'
option type 'script'
option path '/var/etc/adbyby.include'
option reload '1'
config rule 'adblock'
option name 'adblock'
option target 'DROP'
option src 'wan'
option proto 'tcp'
option dest_port '8118'
config include 'mia'
option type 'script'
option path '/etc/mia.include'
option reload '1'
config include 'redsocks2'
option type 'script'
option path '/usr/share/redsocks2/firewall.include'
option reload '1'
config include 'shadowsocksr'
option type 'script'
option path '/var/etc/shadowsocksr.include'
option reload '1'
head -n -0 /etc/firewall.user;
head: /etc/firewall.user: No such file or directory
ip -6 addr ; ip -6 ro li tab all ; ip -6 ru;
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1504 state UP qlen 1000
inet6 fe80::6adb:54ff:fe93:44fa/64 scope link
valid_lft forever preferred_lft forever
3: wan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fe80::6adb:54ff:fe93:44f9/64 scope link
valid_lft forever preferred_lft forever
8: ra0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UNKNOWN qlen 1000
inet6 fe80::6adb:54ff:fe93:44fb/64 scope link
valid_lft forever preferred_lft forever
9: rax0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UNKNOWN qlen 1000
inet6 fe80::68db:54ff:fe93:44fb/64 scope link
valid_lft forever preferred_lft forever
14: apcli0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UNKNOWN qlen 1000
inet6 fe80::6ccb:54ff:fe93:44fb/64 scope link
valid_lft forever preferred_lft forever
15: apclix0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UNKNOWN qlen 1000
inet6 fe80::6cdb:54ff:fe93:44fb/64 scope link
valid_lft forever preferred_lft forever
16: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 240e:XXX:XXXX:XXXX::1/64 scope global dynamic noprefixroute
valid_lft 252451sec preferred_lft 166051sec
inet6 240e:XXX:XXXX:XXXX::1/64 scope global deprecated dynamic
valid_lft 439sec preferred_lft 0sec
inet6 fd00:a5d5:d4a6::1/64 scope global noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::6adb:54ff:fe93:44fa/64 scope link
valid_lft forever preferred_lft forever
18: pppoe-wan: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 state UNKNOWN qlen 3
inet6 240e:XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX/64 scope global dynamic noprefixroute
valid_lft 258623sec preferred_lft 172223sec
inet6 fe80::b5c2:e336:4316:e26e peer fe80::211:ff:fe22:33/128 scope link
valid_lft forever preferred_lft forever
default from 240e:XXX:XXXX:XXXX::/64 via fe80::211:ff:fe22:33 dev pppoe-wan proto static metric 512 pref medium
default from 240e:XXX:XXXX:XXXX::/56 via fe80::211:ff:fe22:33 dev pppoe-wan proto static metric 512 pref medium
unreachable 240e:XXX:XXXX:XXXX::/64 dev lo proto static metric 2147483647 pref medium
240e:XXX:XXXX:XXXX::/64 dev br-lan proto kernel metric 256 expires 670sec pref medium
240e:XXX:XXXX:XXXX::/64 dev br-lan proto static metric 1024 pref medium
unreachable 240e:XXX:XXXX:XXXX::/56 dev lo proto static metric 2147483647 pref medium
240e:XXX:XXXX:XXXX::/64 dev br-lan proto kernel metric 256 expires 438sec pref medium
fd00:a5d5:d4a6::/64 dev br-lan proto kernel metric 256 expires 670sec pref medium
fd00:a5d5:d4a6::/64 dev br-lan proto static metric 1024 pref medium
unreachable fd00:a5d5:d4a6::/48 dev lo proto static metric 2147483647 pref medium
fe80::211:ff:fe22:33 dev pppoe-wan proto kernel metric 256 pref medium
fe80::b5c2:e336:4316:e26e dev pppoe-wan proto kernel metric 256 pref medium
fe80::/64 dev ra0 proto kernel metric 256 pref medium
fe80::/64 dev apcli0 proto kernel metric 256 pref medium
fe80::/64 dev rax0 proto kernel metric 256 pref medium
fe80::/64 dev apclix0 proto kernel metric 256 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev br-lan proto kernel metric 256 pref medium
fe80::/64 dev wan proto kernel metric 256 pref medium
local ::1 dev lo table local proto kernel metric 0 pref medium
anycast 240e:XXX:XXXX:XXXX:: dev pppoe-wan table local proto kernel metric 0 pref medium
local 240e:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX dev pppoe-wan table local proto kernel metric 0 pref medium
anycast 240e:XXX:XXXX:XXXX:: dev br-lan table local proto kernel metric 0 pref medium
local 240e:XXX:XXXX:XXXX::1 dev br-lan table local proto kernel metric 0 pref medium
anycast 240e:XXX:XXXX:XXXX:: dev br-lan table local proto kernel metric 0 pref medium
local 240e:XXX:XXXX:XXXX::1 dev br-lan table local proto kernel metric 0 pref medium
anycast fd00:a5d5:d4a6:: dev br-lan table local proto kernel metric 0 pref medium
local fd00:a5d5:d4a6::1 dev br-lan table local proto kernel metric 0 pref medium
anycast fe80:: dev ra0 table local proto kernel metric 0 pref medium
anycast fe80:: dev apcli0 table local proto kernel metric 0 pref medium
anycast fe80:: dev rax0 table local proto kernel metric 0 pref medium
anycast fe80:: dev eth0 table local proto kernel metric 0 pref medium
anycast fe80:: dev br-lan table local proto kernel metric 0 pref medium
anycast fe80:: dev apclix0 table local proto kernel metric 0 pref medium
anycast fe80:: dev wan table local proto kernel metric 0 pref medium
local fe80::68db:54ff:fe93:44fb dev rax0 table local proto kernel metric 0 pref medium
local fe80::6adb:54ff:fe93:44f9 dev wan table local proto kernel metric 0 pref medium
local fe80::6adb:54ff:fe93:44fa dev eth0 table local proto kernel metric 0 pref medium
local fe80::6adb:54ff:fe93:44fa dev br-lan table local proto kernel metric 0 pref medium
local fe80::6adb:54ff:fe93:44fb dev ra0 table local proto kernel metric 0 pref medium
local fe80::6ccb:54ff:fe93:44fb dev apcli0 table local proto kernel metric 0 pref medium
local fe80::6cdb:54ff:fe93:44fb dev apclix0 table local proto kernel metric 0 pref medium
local fe80::b5c2:e336:4316:e26e dev pppoe-wan table local proto kernel metric 0 pref medium
multicast ff00::/8 dev ra0 table local proto kernel metric 256 pref medium
multicast ff00::/8 dev apcli0 table local proto kernel metric 256 pref medium
multicast ff00::/8 dev rax0 table local proto kernel metric 256 pref medium
multicast ff00::/8 dev apclix0 table local proto kernel metric 256 pref medium
multicast ff00::/8 dev eth0 table local proto kernel metric 256 pref medium
multicast ff00::/8 dev br-lan table local proto kernel metric 256 pref medium
multicast ff00::/8 dev wan table local proto kernel metric 256 pref medium
multicast ff00::/8 dev pppoe-wan table local proto kernel metric 256 pref medium
0: from all lookup local
2061: from all fwmark 0x3d00/0x3f00 blackhole
2062: from all fwmark 0x3e00/0x3f00 unreachable
32766: from all lookup main
4200000000: from 240e:XXX:XXXX:XXXX::1/64 iif br-lan unreachable
ls -l /etc/resolv.* /tmp/resolv.* /tmp/resolv./ ; head -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv./
lrwxrwxrwx 1 root root 16 Sep 20 11:33 /etc/resolv.conf -> /tmp/resolv.conf
-rw-r--r-- 1 root root 47 Nov 16 17:15 /tmp/resolv.conf
-rw-r--r-- 1 root root 132 Nov 16 17:07 /tmp/resolv.conf.d/resolv.conf.auto
-rw-r--r-- 1 root root 48 Nov 16 17:07 /tmp/resolv.conf.ppp
/tmp/resolv.conf.d:
-rw-r--r-- 1 root root 132 Nov 16 17:07 resolv.conf.auto
==> /etc/resolv.conf <==
search lan
nameserver 127.0.0.1
nameserver ::1
==> /tmp/resolv.conf <==
search lan
nameserver 127.0.0.1
nameserver ::1
==> /tmp/resolv.conf.d <==
head: /tmp/resolv.conf.d: I/O error
==> /tmp/resolv.conf.ppp <==
nameserver 21X.XXX.XX.XXX
nameserver 21X.XXX.XX.XXX
==> /tmp/resolv.conf.d/resolv.conf.auto <==
# Interface wan_6
nameserver 240e:XX::XX
nameserver 240e:XX:XXX:XX
# Interface wan
nameserver 21X.XXX.XX.XXX
nameserver 21X.XXX.XX.XXX
OpenWrt looks fine.
Verify that the lan host is getting the IPv6 settings and try to ping ipv6.google.com
Can't connect ipv6.
PING ipv6.ustb.edu.cn(2001:da8:208:10::14 (2001:da8:208:10::14)) 56 data bytes
From 240e:346:XXXX:XXXX::1 (240e:346:XXXX:XXXX::1) icmp_seq=1 Destination unreachable: No route
From 240e:346:XXXX:XXXX::1 (240e:346:XXXX:XXXX::1) icmp_seq=2 Destination unreachable: No route
Can you ping it from the OpenWrt cli?
From the computer instead of openwrt.
Can you ping this ipv6 address when you are in the cli of OpenWrt?
I suppose the failed attempt earlier is from the cli of your computer. Can you confirm that?
Ping from openwrt cli.
root@OpenWrt:~# ping ipv6.ustb.edu.cn
PING ipv6.ustb.edu.cn (2001:da8:208:10::14): 56 data bytes
ping: sendto: Network unreachable