No ipv6 gateway / prefix on my lan and vlan

Installing and Using OpenWrt
1

Raspberry Pi 4 Model B Rev 1.2
OpenWrt 21.02.3 r16554-1d4dea6d4f / LuCI openwrt-21.02 branch git-22.213.35964-87836ca

Somehow, I don’t get an ip6 address from my isp (I think)

I’ve got the following error in my system log;


Sun Sep  4 11:44:10 2022 daemon.warn odhcpd[1315]: A default route is present but there is no public prefix on ziggo_lan thus we don't announce a default route!
Sun Sep  4 11:44:11 2022 daemon.warn odhcp6c[1619]: Server returned IA_PD status 'Not On Link (This address is not on link)'

I had the first one in the past, this was because a missing/wrong ipv6 prefix, but I think I didn’t edit that.

Ip link;


root@Router:~# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether dc:a6:32:9e:b7:80 brd ff:ff:ff:ff:ff:ff
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DORMANT group default qlen 1000
    link/ether dc:a6:32:9e:b7:81 brd ff:ff:ff:ff:ff:ff
6: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether dc:a6:32:9e:b7:80 brd ff:ff:ff:ff:ff:ff
7: eth0.20@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP mode DEFAULT group default qlen 1000
    link/ether dc:a6:32:9e:b7:80 brd ff:ff:ff:ff:ff:ff
9: eth0.10@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether dc:a6:32:9e:b7:80 brd ff:ff:ff:ff:ff:ff
10: eth0.30@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether dc:a6:32:9e:b7:80 brd ff:ff:ff:ff:ff:ff
14: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/none
15: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN mode DEFAULT group default qlen 500
    link/none
17: tun1: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN mode DEFAULT group default qlen 500
    link/none
root@Router:~#

ip -6 addr;

root@Router:~# ip -6 addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fe80::dea6:32ff:fe9e:b780/64 scope link
       valid_lft forever preferred_lft forever
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fe80::dea6:32ff:fe9e:b781/64 scope link
       valid_lft forever preferred_lft forever
6: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fdad:b459:8594::1/62 scope global noprefixroute
       valid_lft forever preferred_lft forever
    inet6 fe80::dea6:32ff:fe9e:b780/64 scope link
       valid_lft forever preferred_lft forever
9: eth0.10@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 2001:1c04:131e:6300:dea6:32ff:fe9e:b780/64 scope global dynamic noprefixroute
       valid_lft 1209599sec preferred_lft 604799sec
    inet6 fe80::dea6:32ff:fe9e:b780/64 scope link
       valid_lft forever preferred_lft forever
10: eth0.30@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fdad:b459:8594:4::1/62 scope global noprefixroute
       valid_lft forever preferred_lft forever
    inet6 fe80::dea6:32ff:fe9e:b780/64 scope link
       valid_lft forever preferred_lft forever
15: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 state UNKNOWN qlen 500
    inet6 fe80::cbe5:be04:7e8f:d83a/64 scope link stable-privacy
       valid_lft forever preferred_lft forever
17: tun1: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 state UNKNOWN qlen 500
    inet6 fe80::2e4d:d3df:f442:2a92/64 scope link stable-privacy
       valid_lft forever preferred_lft forever
root@Router:~#

my /etc/config/network file


config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fdad:b459:8594::/48'

config interface 'lan'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option device 'br-lan'
	option ip6assign '62'

config interface 'wan'
	option proto 'dhcp'
	option device 'eth0.10'
	option metric '10'
	option peerdns '0'
	list dns '84.200.69.80'
	list dns '84.200.70.40'

config interface 'wan6'
	option proto 'dhcpv6'
	option reqaddress 'try'
	option peerdns '0'
	list dns '2001:1608:10:25::1c04:b12f'
	list dns '2001:1608:10:25::9249:d69b'
	option device 'eth0.10'
	option reqprefix 'auto'

config interface 'vpnclient'
	option proto 'none'
	option device 'tun1'

config interface 'vpnserver'
	option proto 'none'
	option device 'tun0'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0.20'

config interface 'ziggo_lan'
	option proto 'static'
	option device 'eth0.30'
	list ipaddr '192.168.180.1/24'
	option ip6assign '62'

config interface 'RECOVERY'
	option proto 'static'
	option device 'eth0'
	option ipaddr '10.0.10.1'
	option netmask '255.255.255.0'

config interface 'wwan'
	option proto 'dhcp'
	option metric '20'

config interface 'wg0'
	option proto 'wireguard'
	option private_key 'KI9m2aM2X0Nxxxxxxxxxxx'
	list addresses '10.2.0.2/32'

config wireguard_wg0
	option public_key '+veOJwVuUpP9QAx4q3krdxxxxxxxxxx'
	option route_allowed_ips '0'
	list allowed_ips '0.0.0.0/0'
	option persistent_keepalive '25'
	option description 'WG'
	option endpoint_host '185.xxx.xxx.xxx'
	option endpoint_port '51820'

ifstatus wan6

root@Router:~# ifstatus wan6
{
	"up": true,
	"pending": false,
	"available": true,
	"autostart": true,
	"dynamic": false,
	"uptime": 1827,
	"l3_device": "eth0.10",
	"proto": "dhcpv6",
	"device": "eth0.10",
	"metric": 0,
	"dns_metric": 0,
	"delegation": true,
	"ipv4-address": [
		
	],
	"ipv6-address": [
		{
			"address": "2001:1c04:131e:6300:dea6:32ff:fe9e:b780",
			"mask": 64,
			"preferred": 604798,
			"valid": 1209598
		}
	],
	"ipv6-prefix": [
		
	],
	"ipv6-prefix-assignment": [
		
	],
	"route": [
		{
			"target": "2001:1c04:131e:6300::",
			"mask": 64,
			"nexthop": "::",
			"metric": 256,
			"valid": 1209598,
			"source": "::/0"
		},
		{
			"target": "2001:1c04:131e:6300::",
			"mask": 56,
			"nexthop": "fe80::aef8:ccff:fe8f:9efa",
			"metric": 512,
			"valid": 1209598,
			"source": "2001:1c04:131e:6300:dea6:32ff:fe9e:b780/64"
		},
		{
			"target": "::",
			"mask": 0,
			"nexthop": "fe80::aef8:ccff:fe8f:9efa",
			"metric": 512,
			"valid": 1798,
			"source": "2001:1c04:131e:6300:dea6:32ff:fe9e:b780/64"
		}
	],
	"dns-server": [
		"2001:1608:10:25::1c04:b12f",
		"2001:1608:10:25::9249:d69b"
	],
	"dns-search": [
		
	],
	"neighbors": [
		
	],
	"inactive": {
		"ipv4-address": [
			
		],
		"ipv6-address": [
			
		],
		"route": [
			
		],
		"dns-server": [
			"2001:b88:1002::10",
			"2001:b88:1202::10",
			"2001:730:3e42:1000::53"
		],
		"dns-search": [
			
		],
		"neighbors": [
			
		]
	},
	"data": {
		"passthru": "0017003020010b8810020000000000000000001020010b88120200000000000000000010200107303e4210000000000000000053"
	}
}
root@Router:~#
2

I tried the release candidate 6 to see if the problem remains, but sadly it does.

So somehow I’dd probably changed something that creates this problem.

If I connect direct on the ips modem/router whit my notebook I do get an ipv4 and ipv6 address.

On my wan6 interface I see the ipv6 from my isp. But on my lan only the one from the openwrt router itself.

Anyone an idea?

3

Looks like you need to use ipv6 relay setup like I do : https://openwrt.org/docs/guide-user/network/ipv6/configuration

4

I'll will give it a try.

The thing is that is has always worked. So I probably did something to break it.

5

Looked at it, already have that configuration. ;-(

6

My /etc/config/dhcp actually looks a bit different than that example. I'm also using Pi4 and wwan is a 4G usb modem

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option ra 'relay'
        option dhcpv6 'relay'
        option ndp 'relay'

config dhcp 'wwan'
        option interface 'wwan'
        option ignore '1'
        option master '1'
        option ra 'relay'
        option dhcpv6 'relay'
7

I think you relay al your dhcp from your isp modem/router to your openwrt router. I'm not.
My LAN has a static ip and is the dhcp server, so I think a totally different config.

Thanks for your help off-course!

I just made a blank install, without any fuss, same problem. So I think it's my ips modem...

8

Is it possible that it happend because I installed wireguard (vpn client)?

9

No, that is not the problem. Have no idea where to look further..

10

some info, maybe it helps.

ip a

root@Router:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether dc:a6:32:9e:b7:80 brd ff:ff:ff:ff:ff:ff
    inet 10.0.10.1/24 brd 10.0.10.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::dea6:32ff:fe9e:b780/64 scope link 
       valid_lft forever preferred_lft forever
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether dc:a6:32:9e:b7:81 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.101/24 brd 192.168.0.255 scope global wlan0
       valid_lft forever preferred_lft forever
    inet6 fe80::dea6:32ff:fe9e:b781/64 scope link 
       valid_lft forever preferred_lft forever
15: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 500
    link/none 
    inet6 fe80::750c:98fc:c62f:e009/64 scope link stable-privacy 
       valid_lft forever preferred_lft forever
20: tun1: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 500
    link/none 
    inet6 fe80::7d02:949a:72a0:83ad/64 scope link stable-privacy 
       valid_lft forever preferred_lft forever
27: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether dc:a6:32:9e:b7:80 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
       valid_lft forever preferred_lft forever
    inet6 fdad:b459:8594::1/62 scope global noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 fe80::dea6:32ff:fe9e:b780/64 scope link 
       valid_lft forever preferred_lft forever
28: eth0.20@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP group default qlen 1000
    link/ether dc:a6:32:9e:b7:80 brd ff:ff:ff:ff:ff:ff
29: eth0.10@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether dc:a6:32:9e:b7:80 brd ff:ff:ff:ff:ff:ff
    inet 192.168.178.22/24 brd 192.168.178.255 scope global eth0.10
       valid_lft forever preferred_lft forever
    inet6 2001:1c04:131e:6300:dea6:32ff:fe9e:b780/64 scope global dynamic noprefixroute 
       valid_lft 1209056sec preferred_lft 604256sec
    inet6 fe80::dea6:32ff:fe9e:b780/64 scope link 
       valid_lft forever preferred_lft forever
32: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
    link/none 
    inet 10.2.0.2/32 brd 255.255.255.255 scope global wg0
       valid_lft forever preferred_lft forever
33: eth0.30@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether dc:a6:32:9e:b7:80 brd ff:ff:ff:ff:ff:ff
    inet 192.168.180.1/24 brd 192.168.180.255 scope global eth0.30
       valid_lft forever preferred_lft forever
    inet6 fdad:b459:8594:4::1/62 scope global noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 fe80::dea6:32ff:fe9e:b780/64 scope link 
       valid_lft forever preferred_lft forever
root@Router:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether dc:a6:32:9e:b7:80 brd ff:ff:ff:ff:ff:ff
    inet 10.0.10.1/24 brd 10.0.10.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::dea6:32ff:fe9e:b780/64 scope link 
       valid_lft forever preferred_lft forever
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether dc:a6:32:9e:b7:81 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.101/24 brd 192.168.0.255 scope global wlan0
       valid_lft forever preferred_lft forever
    inet6 fe80::dea6:32ff:fe9e:b781/64 scope link 
       valid_lft forever preferred_lft forever
15: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 500
    link/none 
    inet6 fe80::750c:98fc:c62f:e009/64 scope link stable-privacy 
       valid_lft forever preferred_lft forever
20: tun1: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 500
    link/none 
    inet6 fe80::7d02:949a:72a0:83ad/64 scope link stable-privacy 
       valid_lft forever preferred_lft forever
27: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether dc:a6:32:9e:b7:80 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
       valid_lft forever preferred_lft forever
    inet6 fdad:b459:8594::1/62 scope global noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 fe80::dea6:32ff:fe9e:b780/64 scope link 
       valid_lft forever preferred_lft forever
28: eth0.20@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP group default qlen 1000
    link/ether dc:a6:32:9e:b7:80 brd ff:ff:ff:ff:ff:ff
29: eth0.10@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether dc:a6:32:9e:b7:80 brd ff:ff:ff:ff:ff:ff
    inet 192.168.178.22/24 brd 192.168.178.255 scope global eth0.10
       valid_lft forever preferred_lft forever
    inet6 2001:1c04:131e:6300:dea6:32ff:fe9e:b780/64 scope global dynamic noprefixroute 
       valid_lft 1209056sec preferred_lft 604256sec
    inet6 fe80::dea6:32ff:fe9e:b780/64 scope link 
       valid_lft forever preferred_lft forever
32: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
    link/none 
    inet 10.2.0.2/32 brd 255.255.255.255 scope global wg0
       valid_lft forever preferred_lft forever
33: eth0.30@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether dc:a6:32:9e:b7:80 brd ff:ff:ff:ff:ff:ff
    inet 192.168.180.1/24 brd 192.168.180.255 scope global eth0.30
       valid_lft forever preferred_lft forever
    inet6 fdad:b459:8594:4::1/62 scope global noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 fe80::dea6:32ff:fe9e:b780/64 scope link 
       valid_lft forever preferred_lft forever
root@Router:~#

ip -6 route

root@Router:~# ip -6 route
2001:1c04:131e:6300::/64 dev eth0.10 proto static metric 256 pref medium
unreachable 2001:1c04:131e:6300::/64 dev lo proto static metric 2147483647 pref medium
2001:1c04:131e:6300::/56 via fe80::aef8:ccff:fe8f:9efa dev eth0.10 proto static metric 512 pref medium
fdad:b459:8594::/64 dev br-lan proto static metric 1024 pref medium
fdad:b459:8594:4::/64 dev eth0.30 proto static metric 1024 pref medium
unreachable fdad:b459:8594::/48 dev lo proto static metric 2147483647 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev tun1 proto kernel metric 256 pref medium
fe80::/64 dev tun0 proto kernel metric 256 pref medium
fe80::/64 dev eth0.10 proto kernel metric 256 pref medium
fe80::/64 dev br-lan proto kernel metric 256 pref medium
fe80::/64 dev wlan0 proto kernel metric 256 pref medium
fe80::/64 dev eth0.30 proto kernel metric 256 pref medium
default via fe80::aef8:ccff:fe8f:9efa dev eth0.10 proto static metric 512 pref medium
root@Router:~#

ifstatus wan6

root@Router:~# ifstatus wan6
{
	"up": true,
	"pending": false,
	"available": true,
	"autostart": true,
	"dynamic": false,
	"uptime": 469,
	"l3_device": "eth0.10",
	"proto": "dhcpv6",
	"device": "eth0.10",
	"metric": 0,
	"dns_metric": 0,
	"delegation": true,
	"ipv4-address": [
		
	],
	"ipv6-address": [
		{
			"address": "2001:1c04:131e:6300:dea6:32ff:fe9e:b780",
			"mask": 64,
			"preferred": 604252,
			"valid": 1209052
		}
	],
	"ipv6-prefix": [
		
	],
	"ipv6-prefix-assignment": [
		
	],
	"route": [
		{
			"target": "2001:1c04:131e:6300::",
			"mask": 64,
			"nexthop": "::",
			"metric": 256,
			"valid": 1209052,
			"source": "::/0"
		},
		{
			"target": "2001:1c04:131e:6300::",
			"mask": 56,
			"nexthop": "fe80::aef8:ccff:fe8f:9efa",
			"metric": 512,
			"valid": 1209052,
			"source": "::/0"
		},
		{
			"target": "::",
			"mask": 0,
			"nexthop": "fe80::aef8:ccff:fe8f:9efa",
			"metric": 512,
			"valid": 1797,
			"source": "::/0"
		}
	],
	"dns-server": [
		"2001:1608:10:25::1c04:b12f",
		"2001:1608:10:25::9249:d69b"
	],
	"dns-search": [
		
	],
	"neighbors": [
		
	],
	"inactive": {
		"ipv4-address": [
			
		],
		"ipv6-address": [
			
		],
		"route": [
			
		],
		"dns-server": [
			"2001:b88:1002::10",
			"2001:b88:1202::10",
			"2001:730:3e42:1000::53"
		],
		"dns-search": [
			
		],
		"neighbors": [
			
		]
	},
	"data": {
		"passthru": "0017003020010b8810020000000000000000001020010b88120200000000000000000010200107303e4210000000000000000053"
	}
}
root@Router:~#

/etc/config/firewall

root@Router:~# cat /etc/config/firewall

config defaults
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'

config zone 'lan'
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'lan'
	list network 'RECOVERY'
	list network 'vpnserver'

config zone
	option name 'ziggo_lan'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option input 'ACCEPT'
	list network 'ziggo_lan'

config zone 'wan'
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	list network 'wan'
	list network 'wan6'

config zone
	option name 'vpnclient'
	option output 'ACCEPT'
	option forward 'REJECT'
	option input 'REJECT'
	option masq '1'
	list network 'tun1'
	list network 'vpnclient'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option dest '*'
	option src '*'
	option target 'REJECT'
	option name 'Block google DNS'
	option proto 'all'
	list dest_ip '8.8.8.8'
	list dest_ip '8.8.4.4'
	list dest_ip '2001:4860:4860::8888'
	list dest_ip '2001:4860:4860::8844'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option proto 'udp'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'
	list src_ip 'fc00::/6'
	list dest_ip 'fc00::/6'
	option src 'wan'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config rule
	option name 'Support-UDP-Traceroute'
	option src 'wan'
	option dest_port '33434:33689'
	option proto 'udp'
	option family 'ipv4'
	option target 'REJECT'
	option enabled '0'

config include
	option path '/etc/firewall.user'

config redirect
	option target 'DNAT'
	option name 'http'
	option src 'wan'
	option src_dport '80'
	option dest 'lan'
	option dest_port '80'
	option dest_ip '192.168.1.30'

config redirect
	option target 'DNAT'
	option name 'NAS https'
	option src 'wan'
	option src_dport '443'
	option dest 'lan'
	option dest_port '443'
	option dest_ip '192.168.1.30'

config forwarding
	option src 'lan'
	option dest 'vpnclient'

config nat
	option name 'Prevents hardcoded DNS clients error'
	list proto 'tcp'
	list proto 'udp'
	option src 'lan'
	option dest_port '53'
	option target 'MASQUERADE'
	option enabled '0'
	option dest_ip '192.168.1.30'

config redirect
	option target 'DNAT'
	option name 'Mailserver '
	option src 'wan'
	option src_dport '25'
	option dest 'lan'
	option dest_port '25'
	option dest_ip '192.168.1.30'

config redirect
	option target 'DNAT'
	option name 'Mailserver'
	option src 'wan'
	option src_dport '465'
	option dest 'lan'
	option dest_port '465'
	option dest_ip '192.168.1.30'

config redirect
	option target 'DNAT'
	option name 'Mailserver'
	option src 'wan'
	option src_dport '587'
	option dest 'lan'
	option dest_port '587'
	option dest_ip '192.168.1.30'

config redirect
	option target 'DNAT'
	option name 'Mailserver'
	option src 'wan'
	option src_dport '995'
	option dest 'lan'
	option dest_port '995'
	option dest_ip '192.168.1.30'
	option enabled '0'

config redirect
	option target 'DNAT'
	option name 'Mailserver'
	option src 'wan'
	option src_dport '993'
	option dest 'lan'
	option dest_port '993'
	option dest_ip '192.168.1.30'

config rule 'ovpn'
	option name 'Allow-OpenVPN'
	option src 'wan'
	option dest_port '1194'
	option proto 'udp'
	option target 'ACCEPT'

config forwarding
	option src 'ziggo_lan'
	option dest 'wan'

config rule
	option name 'dhcp vlan ziggo'
	option src 'ziggo_lan'
	option dest_port '67-68'
	option target 'ACCEPT'
	list proto 'udp'

config redirect
	option dest 'lan'
	option target 'DNAT'
	option name 'NAS Admin port'
	option src 'wan'
	option src_dport '5051'
	option dest_ip '192.168.1.30'
	option dest_port '5051'

config redirect
	option dest 'lan'
	option target 'DNAT'
	option name 'Replicatie server'
	option src 'wan'
	option src_dport '5566'
	option dest_ip '192.168.1.30'
	option dest_port '5566'

config redirect 'adblock_lan53'
	option name 'Adblock DNS (lan, 53)'
	option src 'lan'
	option proto 'tcp udp'
	option src_dport '53'
	option dest_port '53'
	option target 'DNAT'

config zone
	option name 'Wwan'
	option output 'ACCEPT'
	option forward 'REJECT'
	list network 'wwan'
	option input 'REJECT'
	option masq '1'

config forwarding
	option src 'lan'
	option dest 'Wwan'

config forwarding
	option src 'ziggo_lan'
	option dest 'Wwan'

config zone
	option name 'wireguard'
	option output 'ACCEPT'
	option forward 'REJECT'
	option input 'REJECT'
	option masq '1'
	list network 'wg0'

config forwarding
	option src 'lan'
	option dest 'wireguard'
11

Followup in this threat

https://forum.openwrt.org/t/server-returned-ia-pd-status-not-on-link-this-address-is-not-on-link/136298/21

12

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.