My Setup: Internet -> WAN (LTE-Modem) -> Router -> LAN (Clients)
My router got a global unicast address for his wan-side (2a01:598[...]/64
). I think that he got it via router advertisement and SLAAC because i disabled DHCP at the LTE-modem.
From the ssh-shell at the router i`m able to do a dns-request:
dns-request
nslookup openwrt.org
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: openwrt.org
Address 1: 139.59.209.225
Address 2: 2a03:b0c0:3:d0::1af1:1
and a ping to the IPv6-address:
ping to IPv6
ping 2a03:b0c0:3:d0::1af1:1
PING 2a03:b0c0:3:d0::1af1:1 (2a03:b0c0:3:d0::1af1:1): 56 data bytes
64 bytes from 2a03:b0c0:3:d0::1af1:1: seq=0 ttl=48 time=47.528 ms
64 bytes from 2a03:b0c0:3:d0::1af1:1: seq=1 ttl=48 time=38.242 ms
So it looks like there is a router in the wan-side, which performs a router advertisement and distributes the global network prefix.
At the client side (my thinkpad) i only get the link local address (fe80::7d24:27ad:7379:c0b7%12
) and a bunch of (i presume that they are unique local unicast addresses) other addresses:
other client IPv6 addresses
fd18:c585:1ade:1::39
fd18:c585:1ade:1:7d24:27ad:7379:c0b7
fd18:c585:1ade:1:a877:8ccf:c3f:83fa
fd18:c585:1ade:1:e0ad:b02f:922c:b392
However, I do not see a single global unicast address, therefore I don't have IPv6 access to the Internet on the client. For now, my goal is to provide the clients with a global IPv6 address via SLAAC so that they can connect to the Internet.
For me it seems therefore, that the router advertisement is not forwarded from the router to the lan. I'm just not clear yet where exactly to look for the cause. Is this a problem of the settings of the interface/DHCP or the firewall? I'm not an IPv6 expert - I'm just reading up on it so any tips would be extremely appreciated. I have attached my essential configuration files. If someone also finds errors in them apart from the IPv6 problem - please let me know.
network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd18:c585:1ade::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth0.1'
option proto 'static'
option netmask '255.255.255.0'
option igmp_snooping '1'
option ipaddr '192.168.0.2'
list dns '1.0.0.1'
list dns '1.1.1.1'
list dns '8.8.4.4'
list dns '8.8.8.8'
list dns '9.9.9.9'
option gateway '192.168.1.1'
option ip6assign '64'
config device 'lan_eth0_1_dev'
option name 'eth0.1'
option macaddr 'ec:41:18:eb:66:88'
config interface 'wan'
option ifname 'eth0.2'
option proto 'static'
option gateway '192.168.1.1'
option ipaddr '192.168.1.2'
list dns '1.0.0.1'
list dns '1.1.1.1'
list dns '8.8.4.4'
list dns '8.8.8.8'
list dns '9.9.9.9'
option netmask '255.255.255.0'
option ip6assign '64'
config interface 'wan6'
option ifname 'eth0.2'
option proto 'dhcpv6'
option reqaddress 'try'
option reqprefix 'auto'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option vid '1'
option ports '6t 3 2t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '6t 1'
option vid '2'
config switch_vlan
option device 'switch0'
option vlan '3'
option vid '3'
option ports '6t 2t'
config switch_vlan
option device 'switch0'
option vlan '4'
option ports '6t 2t'
option vid '4'
config interface 'gast'
option proto 'static'
option ipaddr '192.168.3.2'
option netmask '255.255.255.0'
option gateway '192.168.1.1'
option ifname 'eth0.3'
list dns '1.0.0.1'
list dns '1.1.1.1'
list dns '8.8.4.4'
list dns '8.8.8.8'
list dns '9.9.9.9'
option ip6assign '64'
option type 'bridge'
dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option localservice '1'
list server '1.0.0.1'
list server '1.1.1.1'
list server '8.8.4.4'
list server '8.8.8.8'
list server '9.9.9.9'
config dhcp 'lan'
option interface 'lan'
option limit '150'
option leasetime '6h'
option start '50'
option force '1'
option ra 'hybrid'
list dns '2606:4700:4700::1001'
list dns '2606:4700:4700::1111'
option ndp 'hybrid'
option dhcpv6 'hybrid'
option ra_management '0'
list dhcp_option '6,1.0.0.1,192.168.0.9'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'gast'
option start '100'
option limit '150'
option interface 'gast'
list dhcp_option '6,1.0.0.1,1.1.1.1'
option leasetime '1h'
firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option masq '1'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config zone
option network 'gast'
option forward 'REJECT'
option name 'gast'
option output 'ACCEPT'
option input 'REJECT'
config forwarding
option dest 'wan'
option src 'gast'
config rule
option dest_port '67-68'
option src 'gast'
option name 'allow-gast-dhcp-router'
option target 'ACCEPT'
config rule
option dest_port '53'
option src 'gast'
option name 'allow-gast-dhcp-dns'
option target 'ACCEPT'