OpenWrt and ipv6 on downstream router

Hello! I have following setup of my home network
OpenWRT - connected to ISP (PPPoE)
Mikrotik router - connected to OpenWRT and to LAN devices.
Connection between both is routed (no NAT)
I have successfully setup ipv6 on OpenWRT, everything is working fine. ISP gave me /56 network

Now I want all my LAN devices, connected to Mikrotik to be able to use ipv6 and here is a problem. I can request ipv6 address in Mikrotik and the box itself can work with ipv6 but devices behind it cannot.

I think that Mikrotik should request prefix not address from Openwrt
But if I try this, OpenWRT does not delegate any prefixes and I see a lot of messages in System log:

Wed Apr  1 20:32:43 2020 daemon.info dnsmasq-dhcp[8618]: DHCPREPLY(br-lan) 00:03:00:01:c4:ad:34:4e:88:1e no addresses available
Wed Apr  1 20:32:43 2020 daemon.info dnsmasq-dhcp[8618]: DHCPSOLICIT(br-lan) 00:03:00:01:c4:ad:34:4e:88:1e

Can somebody guide me how to properly setup ipv6 in my network?

LAN:

image865×239 12.1 KB

DHCP Server

image622×519 17.2 KB

Please post here the output of the following command, copy and paste the whole block:

uci export network; uci export dhcp; uci export firewall; \
ip -4 addr ; ip -4 ro ls tab all ; ip -4 ru; \
ip -6 addr ; ip -6 ro ls tab all ; ip -6 ru; \

Please use "Preformatted text </>" for logs, scripts, configs and general console output.

From a first look:

• You could increase the assignment length in LAN to 60
• Is NDP-Proxy needed?

uci export network

root@OpenWrt:~# uci export network
package network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd0f:dca5:26f0::/48'

config interface 'lan'
        option type 'bridge'
        option proto 'static'
        option netmask '255.255.255.248'
        option ipaddr '10.224.30.233'
        option ifname 'eth0.1'
        option ip6assign '60'

config device 'lan_eth0_1_dev'
        option name 'eth0.1'
        option macaddr '74:83:c2:49:9f:dc'

config interface 'wan'
        option ifname 'eth0.2'
        option proto 'pppoe'
        option password 'pppoe_password'
        option ipv6 'auto'
        option username 'pppoe_login'

config device 'wan_eth0_2_dev'
        option name 'eth0.2'
        option macaddr '74:83:c2:49:9f:dd'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option vid '1'
        option ports '6t 1 2 3'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '6t 0'
        option vid '2'

config route
        option gateway '10.224.30.234'
        option interface 'lan'
        option target '10.224.30.0/26'

config route
        option target '10.224.30.128/27'
        option gateway '10.224.30.234'
        option interface 'lan'

config route
        option target '10.224.31.0/24'
        option gateway '10.224.30.234'
        option interface 'lan'

config switch_vlan
        option device 'switch0'
        option vlan '3'
        option ports '6t 4'
        option vid '5'

config interface 'vpn'
        option proto 'none'
        option ifname 'tap0 eth0.5'
        option type 'bridge'

config switch_vlan
        option device 'switch0'
        option vlan '4'
        option ports '6t 4t'
        option vid '6'

config interface 'zt0'
        option ifname 'ztmjfl3i2y'
        option proto 'none'

config route
        option target '10.224.32.0/26'
        option gateway '10.224.30.234'
        option interface 'lan'

config interface 'modem'
        option ifname 'eth0.2'
        option proto 'dhcp'
        option peerdns '0'
        option defaultroute '0'
        option auto '0'

uci export dhcp

root@OpenWrt:~# uci export dhcp
package dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option ra 'server'
        option dhcpv6 'server'
        option ra_management '1'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

uci export firewall

root@OpenWrt:~# uci export firewall
package firewall

config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option flow_offloading '1'
        option flow_offloading_hw '1'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option network 'lan vpn zt0'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        option network 'wan modem'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config include
        option path '/etc/firewall.user'

config include 'v2ray'
        option type 'script'
        option path '/etc/firewall.v2ray'
        option family 'any'
        option reload '1'

config include 'miniupnpd'
        option type 'script'
        option path '/usr/share/miniupnpd/firewall.include'
        option family 'any'
        option reload '1'

config nat
        option src 'wan'
        option name 'Modem'
        option target 'SNAT'
        option dest_ip '192.168.1.1'
        option snat_ip '192.168.1.40'

ip -4 addr ; ip -4 ro ls tab all ; ip -4 ru;

root@OpenWrt:~# ip -4 addr ; ip -4 ro ls tab all ; ip -4 ru;
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
3: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    inet 10.224.30.233/29 brd 10.224.30.239 scope global br-lan
       valid_lft forever preferred_lft forever
8: pppoe-wan: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc fq_codel state UNKNOWN group default qlen 3
    inet 100.64.23.23 peer 100.64.0.1/32 scope global pppoe-wan
       valid_lft forever preferred_lft forever
9: ztmjfl3i2y: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 2800 qdisc fq_codel state UNKNOWN group default qlen 1000
    inet 10.224.30.249/29 brd 10.224.30.255 scope global ztmjfl3i2y
       valid_lft forever preferred_lft forever
local default dev lo table 100 scope host
default via 100.64.0.1 dev pppoe-wan proto static
10.224.30.0/26 via 10.224.30.234 dev br-lan proto static
10.224.30.128/27 via 10.224.30.234 dev br-lan proto static
10.224.30.232/29 dev br-lan proto kernel scope link src 10.224.30.233
10.224.30.248/29 dev ztmjfl3i2y proto kernel scope link src 10.224.30.249
10.224.31.0/24 via 10.224.30.234 dev br-lan proto static
10.224.32.0/26 via 10.224.30.234 dev br-lan proto static
100.64.0.1 dev pppoe-wan proto kernel scope link src 100.64.23.23
broadcast 10.224.30.232 dev br-lan table local proto kernel scope link src 10.224.30.233
local 10.224.30.233 dev br-lan table local proto kernel scope host src 10.224.30.233
broadcast 10.224.30.239 dev br-lan table local proto kernel scope link src 10.224.30.233
broadcast 10.224.30.248 dev ztmjfl3i2y table local proto kernel scope link src 10.224.30.249
local 10.224.30.249 dev ztmjfl3i2y table local proto kernel scope host src 10.224.30.249
broadcast 10.224.30.255 dev ztmjfl3i2y table local proto kernel scope link src 10.224.30.249
local 100.64.23.23 dev pppoe-wan table local proto kernel scope host src 100.64.23.23
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
0:      from all lookup local
32765:  from all fwmark 0x1 lookup 100
32766:  from all lookup main
32767:  from all lookup default

ip -6 addr ; ip -6 ro ls tab all ; ip -6 ru;

root@OpenWrt:~# ip -6 addr ; ip -6 ro ls tab all ; ip -6 ru;
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UNKNOWN qlen 1000
    inet6 fe80::7683:c2ff:fe49:9fdc/64 scope link
       valid_lft forever preferred_lft forever
3: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 240e:xx:yyyy:8b00::1/63 scope global dynamic noprefixroute
       valid_lft 2639sec preferred_lft 2639sec
    inet6 fd0f:dca5:26f0::1/63 scope global noprefixroute
       valid_lft forever preferred_lft forever
    inet6 fe80::7683:c2ff:fe49:9fdc/64 scope link
       valid_lft forever preferred_lft forever
5: br-vpn: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fe80::7683:c2ff:fe49:9fdc/64 scope link
       valid_lft forever preferred_lft forever
7: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fe80::7683:c2ff:fe49:9fdd/64 scope link
       valid_lft forever preferred_lft forever
8: pppoe-wan: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 state UNKNOWN qlen 3
    inet6 240e:zz:ww:54b:7683:c265:9449:9fdd/64 scope global dynamic noprefixroute
       valid_lft 2591639sec preferred_lft 604439sec
    inet6 fe80::7683:c265:9449:9fdd/10 scope link
       valid_lft forever preferred_lft forever
9: ztmjfl3i2y: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 2800 state UNKNOWN qlen 1000
    inet6 fe80::b4bf:e2ff:fe74:67de/64 scope link
       valid_lft forever preferred_lft forever
default from 240e:zz:ww:54b::/64 via fe80::7244:ff:fe7a:ff2a dev pppoe-wan proto static metric 512 pref medium
default from 240e:xx:yyyy:8b00::/56 via fe80::7244:ff:fe7a:ff2a dev pppoe-wan proto static metric 512 pref medium
240e:zz:ww:54b::/64 dev pppoe-wan proto static metric 256 pref medium
240e:xx:yyyy:8b00::/64 dev br-lan proto static metric 1024 pref medium
unreachable 240e:xx:yyyy:8b00::/56 dev lo proto static metric 2147483647 error 4294967148 pref medium
fd0f:dca5:26f0::/64 dev br-lan proto static metric 1024 pref medium
unreachable fd0f:dca5:26f0::/48 dev lo proto static metric 2147483647 error 4294967148 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev br-vpn proto kernel metric 256 pref medium
fe80::/64 dev eth0.2 proto kernel metric 256 pref medium
fe80::/64 dev br-lan proto kernel metric 256 pref medium
fe80::/64 dev ztmjfl3i2y proto kernel metric 256 pref medium
fe80::/10 dev pppoe-wan metric 1 pref medium
fe80::/10 dev pppoe-wan proto kernel metric 256 pref medium
local ::1 dev lo table local proto kernel metric 0 pref medium
anycast 240e:zz:ww:54b:: dev pppoe-wan table local proto kernel metric 0 pref medium
local 240e:zz:ww:54b:7683:c265:9449:9fdd dev pppoe-wan table local proto kernel metric 0 pref medium
anycast 240e:xx:yyyy:8b00:: dev br-lan table local proto kernel metric 0 pref medium
local 240e:xx:yyyy:8b00::1 dev br-lan table local proto kernel metric 0 pref medium
anycast fd0f:dca5:26f0:: dev br-lan table local proto kernel metric 0 pref medium
local fd0f:dca5:26f0::1 dev br-lan table local proto kernel metric 0 pref medium
anycast fe80:: dev br-vpn table local proto kernel metric 0 pref medium
anycast fe80:: dev eth0 table local proto kernel metric 0 pref medium
anycast fe80:: dev eth0.2 table local proto kernel metric 0 pref medium
anycast fe80:: dev pppoe-wan table local proto kernel metric 0 pref medium
anycast fe80:: dev br-lan table local proto kernel metric 0 pref medium
anycast fe80:: dev ztmjfl3i2y table local proto kernel metric 0 pref medium
local fe80::7683:c265:9449:9fdd dev pppoe-wan table local proto kernel metric 0 pref medium
local fe80::7683:c2ff:fe49:9fdc dev br-vpn table local proto kernel metric 0 pref medium
local fe80::7683:c2ff:fe49:9fdc dev eth0 table local proto kernel metric 0 pref medium
local fe80::7683:c2ff:fe49:9fdc dev br-lan table local proto kernel metric 0 pref medium
local fe80::7683:c2ff:fe49:9fdd dev eth0.2 table local proto kernel metric 0 pref medium
local fe80::b4bf:e2ff:fe74:67de dev ztmjfl3i2y table local proto kernel metric 0 pref medium
ff00::/8 dev eth0 table local metric 256 pref medium
ff00::/8 dev br-lan table local metric 256 pref medium
ff00::/8 dev br-vpn table local metric 256 pref medium
ff00::/8 dev eth0.2 table local metric 256 pref medium
ff00::/8 dev pppoe-wan table local metric 256 pref medium
ff00::/8 dev ztmjfl3i2y table local metric 256 pref medium
0:      from all lookup local
32766:  from all lookup main
4200000000:     from 240e:xx:yyyy:8b00::1/60 iif br-lan unreachable
4200000001:     from all iif lo failed_policy
4200000003:     from all iif br-lan failed_policy
4200000005:     from all iif br-vpn failed_policy
4200000008:     from all iif pppoe-wan failed_policy
4200000008:     from all iif pppoe-wan failed_policy
4200000009:     from all iif ztmjfl3i2y failed_policy

Tried that, same problem

I'm not sure that I understand its purpose ))
The goal is to give mikrotik ipv6 prefix so it can distribute ipv6 into the network and all devices can communicate via ipv6

You need to restart networking, it still has the old value.

To relay IPv6 upstream, but since you get prefix delegated it's not needed.

Just verify the prefix is delegated properly:
ifstatus wan6; ifstatus lan

This is ULA prefix. I tried to remove it but still no luck
Same error - no addresses available

I was referring to mask 63, while it should be 60 with the new settings.

Anyway, it didn't help. Seems that dnsmasq is unable to delegate a prefix. I solved this problem by installing odhcpd-ipv6 and now my mikrotik recieves /62 prefix. Still need to figure how to properly setup odhcpd

dnsmasq is for IPv4 only.
For IPv6 there is odhcpd installed already.

Not entirely true. dnsmasq-full works with IPv6 but it cannot delegate prefixes, only addresses

Again not entirely true )) I deleted mine, because I was using dnsmasq-full

It helps troubleshooting if you mention from the beginning what have you done in comparison to a default installation. How are we supposed to know all these things?

It was in first post, look at the posted logs

dnsmasq-dhcp[8618]: DHCPREPLY(br-lan)

I can confirm that when OpenWrt as another OpenWrt's dhcpv6 client, prefix is handled as expected, but it can not update immediately when upstream router reboot or reconnect.

Yes it was there. The mistake is that you are expecting everyone to notice it and interpret it correctly. This is not always the case. It is important to let others know important details beforehand.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.