Provider switched to IPv6 PPPoE, Connection at WAN is up, LAN doesn't get Internet

Hi again, now for my third question in two weeks... but you guys helped me with my other issues so my hopes are high :smiley:

I have upgraded my VDSL plan, today was the change and it turns out they also switched me from IPv4 to IPv6 PPPoE. I managed to get dialled in and I have an internet connection at the router, but all connected devices are offline.

I don't think I've made many changes to the default configuration, but I'm also stupid so maybe I have. Typing from my mobile hotspot at the moment so I can't just copy-paste the config, but I'll post it later. I went through the IPv6 PPPoE Wiki article and set wan - Obtain IPv6 Address to Automatic, and lan - IPv6 assignment length to 64 (tried 60 as well).

So now wan has a /128 address, wan_6- has a different /56 PD-address, and lan has two IPv6 addresses, one is the same as wan_6, but /64, the other one is a unique one. It also has the static IPv4 that I gave it.

In case you didn't notice: I'm bad with networking, and literally clueless with IPv6, but I'm guessing it's something with the /128, /56 etc..?

Thanks again in advance!!

Hi, we will need to see your configuration in order to assist.

Please paste the output of:

typubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

into a preformatted text box. ( highighted below)

image

1 Like

Ok, to make things easier I've reset the router and only applied minimal changes. Same symptoms, internet for the router, but not for devices.

Here the current config. Excluded the WiFi, don't think it's relevant as I'm plugged in via cable.

ubus call system board
{
        "kernel": "5.15.137",
        "hostname": "OpenWrt",
        "system": "ARMv8 Processor rev 4",
        "model": "Cudy WR3000 v1",
        "board_name": "cudy,wr3000-v1",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "23.05.2",
                "revision": "r23630-842932a63d",
                "target": "mediatek/filogic",
                "description": "OpenWrt 23.05.2 r23630-842932a63d"
        }
}

cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'xxx::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'wan6'
        option device 'wan'
        option proto 'dhcpv6'

config interface 'wan'
        option proto 'pppoe'
        option device 'wan'
        option username 'xxx'
        option password 'xxx'
        option ipv6 'auto'
cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option cachesize '1000'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'
        option ednspacket_max '1232'
        option filter_aaaa '0'
        option filter_a '0'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        option ra_slaac '1'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'
cat /etc/config/firewall

config defaults
        option syn_flood '1'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'lan'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        list network 'wan6'
        list network 'wan'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

Please also show the output of ifstatus wan6
Feel free to mask some information there but not too much )

1 Like

My confusion grows. I went for a walk with my dog, and when I came back I had internet.. somewhat. Some sites (speedtest.net) don't work. Google does. I have no idea how and why.

Also, my devices now get an IPv4 and IPv6 address--can I disable IPv6 for LAN completely without messing up my PPPoE connection?

Here's the ifstatus wan6:

ifstatus wan6
{
        "up": false,
        "pending": true,
        "available": true,
        "autostart": true,
        "dynamic": false,
        "proto": "dhcpv6",
        "device": "wan",
        "data": {

        }
}

Interesting... Do you have a better output with ifstatus wan and ifstatus wan_6 ?

1 Like

Looks like I can only reach IPv6-enabled sites at the moment. Even ping v4 from OpenWrt Diagnostic doesn't work.

Here's the other ifstatus outputs.

ifstatus wan
{
        "up": true,
        "pending": false,
        "available": true,
        "autostart": true,
        "dynamic": false,
        "uptime": 4416,
        "l3_device": "pppoe-wan",
        "proto": "pppoe",
        "device": "wan",
        "updated": [
                "addresses"
        ],
        "metric": 0,
        "dns_metric": 0,
        "delegation": true,
        "ipv4-address": [
        ],
        "ipv6-address": [
                {
                        "address": "xxx",
                        "mask": 128
                }
        ],
        "ipv6-prefix": [
        ],
        "ipv6-prefix-assignment": [
        ],
        "route": [
        ],
        "dns-server": [
        ],
        "dns-search": [
        ],
        "neighbors": [
        ],
        "inactive": {
                "ipv4-address": [
                ],
                "ipv6-address": [
                ],
                "route": [
                ],
                "dns-server": [
                ],
                "dns-search": [
                ],
                "neighbors": [
                ]
        },
        "data": {
        }
}

ifstatus wan_6
{
        "up": true,
        "pending": false,
        "available": true,
        "autostart": true,
        "dynamic": true,
        "uptime": 4482,
        "l3_device": "pppoe-wan",
        "proto": "dhcpv6",
        "device": "pppoe-wan",
        "updated": [
                "prefixes"
        ],
        "metric": 0,
        "dns_metric": 0,
        "delegation": true,
        "ipv4-address": [
        ],
        "ipv6-address": [
        ],
        "ipv6-prefix": [
                {
                        "address": "xxx::",
                        "mask": 56,
                        "preferred": 2722,
                        "valid": 6322,
                        "class": "wan_6",
                        "assigned": {
                                "lan": {
                                        "address": "xxx::",
                                        "mask": 56
                                }
                        }
                }
        ],
        "ipv6-prefix-assignment": [
        ],
        "route": [
                {
                        "target": "::",
                        "mask": 0,
                        "nexthop": "xxx",
                        "metric": 512,
                        "valid": 3340,
                        "source": "xxx:/56"
                }
        ],
        "dns-server": [
                "2a01:860::53",
                "2a01:860::153"
        ],
        "dns-search": [
        ],
        "neighbors": [
        ],
        "inactive": {
                "ipv4-address": [
                ],
                "ipv6-address": [
                ],
                "route": [
                ],
                "dns-server": [
                ],
                "dns-search": [
                ],
                "neighbors": [
                ]
        },
        "data": {
                "zone": "wan",
                "passthru": "001700202a0108600000000000000000000000532a01086xxx",
                "zone": "wan"
        }
}

Also my current Interfaces setup. I'm a bit confused that there's both the auto-spawned wan_6 and the default wan6. Should I delete the latter?

ALSO thanks a ton for helping me out!

Looks good. Delete wan6. Check from the router:

nslookup ipv4only.arpa.
nslookup openwrt.de.
ping 64:ff9b::40be:3f6f
1 Like

Deleted wan6, internet is still up :slight_smile:
And I found the problem with IPv4, apparently it's a DS-lite line, so installing the ds-lite package resolved that issue.

Okay, then I think the only thing remaining for now is how I can safely disable IPv6 for LAN? Or shouldn't I? Somehow seems wrong and unnecessary to give clients both a v4 and a v6 address, or am I on the wrong path here?

I don't think ds-lite is needed and still want to see what I asked for.

1 Like

No problem, I removed ds-lite again. Happy to get it working without ds-lite as it seems like it will cause me further headaches when it comes to reaching servers from outside.
Just noting that speedtest.net did work with ds-lite installed, and stopped working again after removing it.

root@OpenWrt:~# nslookup ipv4only.arpa
Server:         127.0.0.1
Address:        127.0.0.1:53

Non-authoritative answer:
Name:   ipv4only.arpa
Address: 192.0.0.171
Name:   ipv4only.arpa
Address: 192.0.0.170

Non-authoritative answer:
root@OpenWrt:~# nslookup openwrt.de
Server:         127.0.0.1
Address:        127.0.0.1:53

Non-authoritative answer:
Name:   openwrt.de
Address: 64.190.63.222

Non-authoritative answer:

The ping doesn't receive any answer.

root@OpenWrt:~# ping 64:ff9b::40be:3f6f
PING 64:ff9b::40be:3f6f (64:ff9b::40be:3f6f): 56 data bytes

Thank you for checking. It shows no NAT64 and DNS64 on the provider side, no Pref64 discovery for 464xlat. If ds-lite works for you - then use it.

1 Like

Thanks so much for walking me through this! I'll stick with ds-lite for now and call my ISP tomorrow to get it confirmed and/or changed to double stack.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.