Problems with IPv6 Relay Telekom Germany

Installing and Using OpenWrt Network and Wireless Configuration
1

Hello,

I just got my hands on a OpenWRT compatible device and did a basic setup and I loved it, so I quickly decided to put it between my Telekom Speedport and my LAN.
I use a Xiaomi AX3600 (which is still experimental), but working flawless. I've forked the experimental Git-Repo and added a few packages via Git Actions (like MWAN3 and Wireguard). For now everything works perfectly fine, I have Telekom Hybrid (DSL+LTE Bonding), which got less reliable in the last time, so I added a LTE mobile Hotspot with Vodafone 5G, which is connect via Wifi to the Xiaomi router.

I have issues with the Telekom IPv6, I get a /64 prefix and it just won't work. Ofcourse I have checked out the forum's topics about this and couldn't solve it that way.

I've made a WAN6 interface with DHCPv6, which is master and Relay's RA/DHCPv6/NDP.
LAN is also relaying it and my clients get IPv6 addresses of that /64 subnet assigned.
Then it gets strange. First I had issues accessing the internet via IPv6 even from the Xiaomi router, I solved it with a new rule in MWAN3 for IPv6 with only wan6 as member, there was no rule containing an interface with IPv6 addresses before existing, so I think this was the reason.
At least the router can access the internet now without issues via IPv6, while the LAN clients with their Telekom IPv6 can't. I had one time success at ipv6-test.com, but after a restart of the Xiaomi router, it didn't work anymore.

I have the following interfaces:
wan - a port for a potential additional WAN, like Starlink (still arguing with myself)
wan2 - Telekom IPv4 static IP in routing network exclusive used by the Xiaomi AX3600 and the Telekom Speedport
lte - static IPv4 address in the Huawei LTE mobile hotspots wifi. The address is outside of the DHCP range of the device, works fine.
wan6 - DHCPv6 Client getting the Telekom prefix and relaying
wg0 - My external wireguard server at a hoster (forwarded to LAN)
wg1 - A wireguard server on the router (with forwarding to LAN, but not wg0)
EP - company IT department wireguard peer

Note about the DHCP. LAN has a pihole as DHCP set up. DNS is handled by two pihole docker containers in LAN.
I played a lot with several options, so maybe there are leftovers in the interfaces/dhcp entries.
wan6 is the default route for ::0/0.

DHCP

root@AX3600:~# uci export dhcp
package dhcp

config dnsmasq
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option ednspacket_max '1232'
	option logqueries '1'
	option domain 'hoffmann.home'
	option localservice '1'
	list server '192.168.255.254'
	list server '192.168.255.2'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config dhcp 'EP'
	option interface 'EP'
	option ignore '1'

config dhcp 'lan'
	option interface 'lan'
	option ignore '1'
	option ra 'relay'
	option dhcpv6 'relay'
	option ndp 'relay'

config dhcp 'wan6'
	option interface 'wan6'
	option master '1'
	option ra 'relay'
	option dhcpv6 'relay'
	option ndp 'relay'

Networks:

root@AX3600:~# uci export network
package network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd45:3283:4385:0001::/64'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth2'
	list ports 'eth3'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	list dns '192.168.255.254'
	list dns '192.168.255.2'
	list dns_search 'my.home'
	list dns_search 'EP.local'
	option delegate '0'
	list ipaddr '192.168.255.1/24'

config interface 'wan'
	option device 'eth0'
	option proto 'dhcp'
	option type 'bridge'
	option peerdns '0'
	list dns '192.168.255.254'
	list dns '192.168.255.2'
	option metric '19'

config interface 'lte'
	option device 'lteradio'
	option proto 'static'
	option ipaddr '192.168.254.254'
	option netmask '255.255.255.0'
	option gateway '192.168.254.1'
	option broadcast '192.168.254.255'
	option metric '20'

config device
	option name 'wlan2'
	option mtu6 '1428'
	option mtu '1428'
	option macaddr '9C:9D:7E:BE:EF:F1'

config device
	option name 'eth1'
	option macaddr '9C:9D:7E:E0:1A:40'
	option mtu6 '1480'

config device
	option name 'eth0'

config interface 'wan2'
	option device 'eth1'
	option proto 'static'
	option ipaddr '192.168.252.2'
	option netmask '255.255.255.0'
	option gateway '192.168.252.1'
	option broadcast '192.168.252.255'
	list dns '1.1.1.1'
	list dns '8.8.8.8'
	list dns_search 'my.inet'
	option metric '10'

config interface 'wg0'
	option proto 'wireguard'
	option private_key 'XXXX'
	list addresses '172.17.0.253'
	option dns_metric '500'
	option metric '30'
	option listen_port '31313'
	option delegate '0'

config wireguard_wg0
	option description 'my.domain'
	option public_key 'XXXX'
	list allowed_ips '172.17.0.0/24'
	option route_allowed_ips '1'
	option endpoint_host '1.2.3.4'
	option endpoint_port '31117'
	option persistent_keepalive '30'


config interface 'EP'
	option proto 'wireguard'
	option private_key 'XXXXXXXX'
	list addresses '192.168.2.23/32'
	option peerdns '0'
	list dns '192.168.1.15'
	list dns '192.168.1.16'
	list dns_search 'EP.local'
	option listen_port '31314'

config wireguard_EP
	option description 'Imported peer configuration'
	option public_key 'XXXXX'
	list allowed_ips '172.18.0.0/24'
	list allowed_ips '192.168.0.0/19'
	list allowed_ips '10.1.1.0/24'
	list allowed_ips '10.112.0.0/16'
	list allowed_ips '10.114.0.0/23'
	list allowed_ips '192.168.50.0/23'
	list allowed_ips '10.113.0.0/16'
	list allowed_ips '192.168.130.0/24'
	list allowed_ips '192.168.100.0/24'
	list allowed_ips '192.168.138.0/24'
	option persistent_keepalive '21'
	option endpoint_host '1.2.3.4'
	option endpoint_port '31114'
	option route_allowed_ips '1'

config interface 'wg1'
	option proto 'wireguard'
	option private_key 'XXXX'
	option listen_port '31117'
	list addresses '172.19.0.1/24'

config wireguard_wg1
	option description 'Imported peer configuration'
	option public_key 'XXX'
	list allowed_ips '172.19.0.3/32'

config wireguard_wg1
	option description 'Imported peer configuration'
	option public_key 'XXXX'
	list allowed_ips '172.19.0.4/32'

config wireguard_wg1
	option description 'Imported peer configuration'
	option public_key 'XXXX'
	list allowed_ips '172.19.0.5/32'

config wireguard_wg1
	option description 'Imported peer configuration'
	option public_key 'XXX'
	list allowed_ips '172.19.0.6/32'

config route
	option interface 'lte'
	option gateway '192.168.254.1'
	option metric '4'
	option target '208.79.209.138/32'
	option disabled '1'

config interface 'wan6'
	option proto 'dhcpv6'
	option device 'eth1'
	option metric '11'
	option peerdns '0'
	list dns '2001:4860:4860::8888'
	option reqaddress 'none'
	option reqprefix 'auto'
	option delegate '0'

config device
	option name 'lteradio'

Anyone got an idea, what the reason could be, that the clients can't reach the internet?

2

I got it sorted out by switching over to the Xiaomi routers DHCP. I did everything exactly the same, but now it works. Enabling the interface in mwan3 was crucial

3

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.