Greetings.
My ISP is providing dual-stack. I am connecting to internet via ISP's optic router (GPON).
Router assigns internal IPv4 adresses to subnet and delegates a IPv6 subnet of /64.
I do not trust ISP's equipment and separate it's network from my devices using
Asus RT-N16 router under OpenWRT 18.06.2
To summarize:
(Internet)
|
[ISP infrastructure]
|
[ISP router]
|
[RT-N16]
|
[16 ports gigabit switch]
|
(my home subnet)
ISP router has it's web-interface but it is rather informative than administrative
(dispite access user is named 'admin')
It's info can be summarized as follows:
It received these adresses from ISP infrastructure:
10.130.234.173 default route via 10.130.0.1
2a00:1370:801b:xxxx:xxxx:xxxx:xxxx:1ea9
Local network is configured as 192.168.1.0/24 with ISP's router ip .254
Now to the OpenWRT part.
IPv4 part is working like a charm, my home subnet is 192.168.23.0/24, NATed by OpenWRT.
RT-N16 is delegated with a /64 prefix and assigns these addresses:
2a00:1370:811b:af67:xxxx:xxxx:xxxx:367d/128 to eth0.1 (wan6) interface
2a00:1370:811b:af67::1/64 to br-lan interface
I've configured wan6 interface and dhcp options as SLAAC alone, using this guide:
https://openwrt.org/docs/guide-user/network/ipv6/start
I'm running a bunch of Archlinux machines on home subnet, they all assign
adresses like 2a00:1370:811b:af67:xxxx:xxxx:xxxx:xxxx/64
But I can't access IPv6 resources from any machine in my subnet (including
OpenWRT router). ping -6 google.com does not work, even from router.
machines on subnet can not ping router, no pings from router to local machines either.
Surprisingly, machines can ping6 each other using global IPv6 adresses. They are all connected to 16-port gigabit switch.
I think problem is somewhere in firewall/ip6tables, but can't figure out how to fix it.
Here are my configs: