Once guest network is set, lan no longer has public IPv6 address

I set up a guest network following the doc, and it works perfectly. But the issue is, once its set up. My br-lan interface no longer has a public IPv6 address. It only has the link local address and ULA address. My guest interface does correctly have the two addresses plus the public IPv6 address.

My wan has a /64 address, and the IPv6 routing tables contains two default routes:

default from <public IPv6 address>/64 via <pppoe peer IPv6 address> ...
default from <another similar public IPv6 address>/60 via <pppoe peer IPv6 address> ...

I'm not well versed in IPv6, I wonder if I missed some config or it's a limitation of the /60 PD that only one interface can have a public IPv6 address?

My lan config:

/etc/config/network

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'
        list ports 'eth2'
        list ports 'eth3'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

/etc/config/dhcp

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'

/etc/config/firewall

config zone
        option name 'lan'
        list network 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'

My guest config:

/etc/config/network

config device 'guestlan_device'
        option name 'br-guestlan'
        option type 'bridge'
        # my lan uses port eth0, so by default, 
        # guest and lan interfaces use the same mac addresss,
        # I specify a different one here.
        option macaddr '02:00:00:00:00:01'
        list ports 'eth0.2'

config interface 'guestlan'
        option device 'br-guestlan'
        option proto 'static'
        option ipaddr '192.168.2.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

/etc/config/dhcp

config dhcp 'guestlan'
        option interface 'guestlan'
        option start '100'
        option limit '150'
        option leastime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'
        option leasetime '12h'

/etc/config/firewall

config forwarding 'guestlan_forwarding'
        option src 'guestlan'
        option dest 'wan'

config rule 'guestlan_dns'
        option name 'Allow-guestlan-DNS'
        option src 'guestlan'
        option dest_port '53'
        option target 'ACCEPT'

config rule 'guestlan_dhcp'
        option name 'Allow-guestlan-DHCP'
        option src 'guestlan'
        option src_port '68'
        option dest_port '67'
        option family 'ipv4'
        list proto 'udp'
        option target 'ACCEPT'

config rule 'guestlan_icmp'
        option name 'Allow-guestlan-Ping'
        option src 'guestlan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule 'guestlan_icmp6'
        option name 'Allow-guestlan-ICMPv6-Input'
        option src 'guestlan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option family 'ipv6'
        option target 'ACCEPT'

config rule 'guestlan_dhcp6'
        option name 'Allow-guestlan-DHCPv6'
        option src 'guestlan'
        option src_port '546'
        option dest_port '547'
        option family 'ipv6'
        list proto 'udp'
        option target 'ACCEPT'

Thanks for Paul Fertser's help, I found out the cause was that guest being /60 got all of the PD.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.