R7800 as gateway, WAN working correctly but LAN has no internet

I've installed OpenWrt 19.07.4 r11208-ce6496d796 on a Netgear R7800 and I have connected to the WAN using PPPoE (no external modem). From the router, I am able to access the internet, E.g.,

root@OpenWrt:~# ping -c 5 openwrt.org
PING openwrt.org (139.59.209.225): 56 data bytes
64 bytes from 139.59.209.225: seq=0 ttl=47 time=261.693 ms
64 bytes from 139.59.209.225: seq=1 ttl=47 time=256.742 ms
64 bytes from 139.59.209.225: seq=2 ttl=47 time=321.218 ms
64 bytes from 139.59.209.225: seq=3 ttl=47 time=256.867 ms
64 bytes from 139.59.209.225: seq=4 ttl=47 time=256.775 ms

--- openwrt.org ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 256.742/270.659/321.218 ms
root@OpenWrt:~# ping6 -c 5 openwrt.org
PING openwrt.org (2a03:b0c0:3:d0::1af1:1): 56 data bytes
64 bytes from 2a03:b0c0:3:d0::1af1:1: seq=0 ttl=40 time=259.775 ms
64 bytes from 2a03:b0c0:3:d0::1af1:1: seq=1 ttl=40 time=255.511 ms
64 bytes from 2a03:b0c0:3:d0::1af1:1: seq=2 ttl=40 time=255.073 ms
64 bytes from 2a03:b0c0:3:d0::1af1:1: seq=3 ttl=40 time=255.650 ms
64 bytes from 2a03:b0c0:3:d0::1af1:1: seq=4 ttl=40 time=255.178 ms

--- openwrt.org ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 255.073/256.237/259.775 ms

However, clients connected to the LAN (via ethernet or WiFi) are unable to reach the internet. How do I bridge the connections so LAN users have internet access?

/etc/config/network:

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd26:39a6:316c::/48'

config interface 'lan'
        option type 'bridge'
        option ifname 'eth1.1'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'wan'
        option ifname 'eth0.2'
        option proto 'pppoe'
        option password 'redacted'
        option ipv6 'auto'
        option mtu '1454'
        option username 'redacted'

config interface 'wan6'
        option ifname 'eth0.2'
        option proto 'dhcpv6'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '1 2 3 4 6t'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '5 0t'

/etc/config/dhcp:

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv6 'server'
        option ra 'server'
        option ra_management '1'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

/etc/config/firewall

config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option network 'lan'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        option network 'wan6'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config include
        option path '/etc/firewall.user'

Edit: I've added option force '1' under config dhcp 'lan' in /etc/config/network and now LAN clients can connect to the internet via ipv4, but cannot find a similar option for ipv6.

Do you have a competing DHCP server running in another router?
Normally that "force" is not needed, but it might be needed if dnsmasq detects a competing server being active.
What does system log show for dnsmasq / dhcp / odhcpd ?

1 Like

"Clients are unable to reach the internet" is too vague. Did they obtain an IP address? Can they resolve domain names? Does ping by IP address work?

1 Like

Do you have a competing DHCP server running in another router?

Not that I'm aware of. I'm in an apartment building, the router connects via an ethernet cable into a cat5e socket in the wall. Internet connection is not shared within the building, etc (I.e., I had to separately organize it with an ISP)

What does system log show for dnsmasq / dhcp / odhcpd ?

Here's a de-duplicated log from luci (/cgi-bin/luci/admin/status/syslog), filtered using grep -E "(dns|dhcp)"

Thu Sep 10 06:13:01 2020 daemon.info dnsmasq-dhcp[1776]: DHCPREQUEST(br-lan) 192.168.1.215 a4:83:e7:7f:09:3f
Thu Sep 10 06:13:01 2020 daemon.info dnsmasq-dhcp[1776]: DHCPACK(br-lan) 192.168.1.215 a4:83:e7:7f:09:3f P63632
Thu Sep 10 06:13:02 2020 daemon.warn odhcpd[894]: A default route is present but there is no public prefix on lan thus we don't announce a default route!
Thu Sep 10 06:56:15 2020 daemon.info dnsmasq[1776]: read /etc/hosts - 4 addresses
Thu Sep 10 06:56:15 2020 daemon.info dnsmasq[1776]: read /tmp/hosts/odhcpd - 1 addresses
Thu Sep 10 06:56:15 2020 daemon.info dnsmasq[1776]: read /tmp/hosts/dhcp.cfg01411c - 2 addresses
Thu Sep 10 06:56:15 2020 daemon.info dnsmasq-dhcp[1776]: read /etc/ethers - 0 addresses
Thu Sep 10 07:00:08 2020 daemon.info dnsmasq[1776]: reading /tmp/resolv.conf.auto
Thu Sep 10 07:00:08 2020 daemon.info dnsmasq[1776]: using local addresses only for domain test
Thu Sep 10 07:00:08 2020 daemon.info dnsmasq[1776]: using local addresses only for domain onion
Thu Sep 10 07:00:08 2020 daemon.info dnsmasq[1776]: using local addresses only for domain localhost
Thu Sep 10 07:00:08 2020 daemon.info dnsmasq[1776]: using local addresses only for domain local
Thu Sep 10 07:00:08 2020 daemon.info dnsmasq[1776]: using local addresses only for domain invalid
Thu Sep 10 07:00:08 2020 daemon.info dnsmasq[1776]: using local addresses only for domain bind
Thu Sep 10 07:00:08 2020 daemon.info dnsmasq[1776]: using local addresses only for domain lan
Thu Sep 10 07:00:08 2020 daemon.info dnsmasq[1776]: using nameserver 202.224.32.1#53
Thu Sep 10 07:00:08 2020 daemon.info dnsmasq[1776]: using nameserver 202.224.32.2#53
Thu Sep 10 07:00:41 2020 daemon.info dnsmasq[1776]: using nameserver 2404:1a8:7f01:b::3#53
Thu Sep 10 07:00:41 2020 daemon.info dnsmasq[1776]: using nameserver 2404:1a8:7f01:a::3#53
Thu Sep 10 07:01:43 2020 daemon.info dnsmasq-dhcp[1776]: DHCPREQUEST(br-lan) 192.168.1.120 34:97:f6:9c:83:0a
Thu Sep 10 07:01:43 2020 daemon.info dnsmasq-dhcp[1776]: DHCPACK(br-lan) 192.168.1.120 34:97:f6:9c:83:0a redacted
Thu Sep 10 07:02:48 2020 daemon.info dnsmasq-dhcp[1776]: DHCPDISCOVER(br-lan) a4:83:e7:7f:09:3f
Thu Sep 10 07:02:48 2020 daemon.info dnsmasq-dhcp[1776]: DHCPOFFER(br-lan) 192.168.1.215 a4:83:e7:7f:09:3f
Thu Sep 10 07:02:49 2020 daemon.info dnsmasq-dhcp[1776]: DHCPREQUEST(br-lan) 192.168.1.215 a4:83:e7:7f:09:3f
Thu Sep 10 07:02:49 2020 daemon.info dnsmasq-dhcp[1776]: DHCPACK(br-lan) 192.168.1.215 a4:83:e7:7f:09:3f P63632

Did they obtain an IP address?

Yes, both ipv4 and ipv6. Connectivity with the router itself is/was working fine.

Can they resolve domain names?

I can't replicate the broken ipv4 state now (after removing "force" and clearing dhcp lease from client, ipv4 keeps working). When I tested the client machines I suspect I would have just used 1.1.1.1 instead of a domain though, so I'm not sure of the answer here, sorry.

Edit: just performed a "factory" reset (flash operations > perform reset via luci), set the PPPoE settings (change protocol, set user/password) and then tried the connection from a new machine (not used with this router before) and now ipv4 works (without setting "force") but ipv6 still does not.

Does ping by IP address work?

No (E.g., wasn't able to ping 1.1.1.1).

uci -q delete firewall.@zone[1].network
uci add_list firewall.@zone[1].network="wan"
uci add_list firewall.@zone[1].network="wan6"
uci commit firewall
/etc/init.d/firewall restart
1 Like

wan interface is missing from wan zone.

1 Like

I've upgraded to @hnyman's R7800-specific builds ( Build for Netgear R7800 - OpenWrt SNAPSHOT r14389-920d975cab ), and ensured that the newly generated config has both wan and wan6 in the wan zone (thanks @vgaetera and @trendy ), but without success.

# on router
root@OpenWrt:~# ping -c2 openwrt.org
PING openwrt.org (139.59.209.225): 56 data bytes
64 bytes from 139.59.209.225: seq=0 ttl=47 time=299.155 ms
64 bytes from 139.59.209.225: seq=1 ttl=47 time=261.898 ms

--- openwrt.org ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 261.898/280.526/299.155 ms

root@OpenWrt:~# ping6 -c2 openwrt.org
PING openwrt.org (2a03:b0c0:3:d0::1af1:1): 56 data bytes
64 bytes from 2a03:b0c0:3:d0::1af1:1: seq=0 ttl=40 time=259.040 ms
64 bytes from 2a03:b0c0:3:d0::1af1:1: seq=1 ttl=40 time=254.167 ms

--- openwrt.org ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 254.167/256.603/259.040 ms
# on LAN client

$ curl -4 openwrt.org
<html>
...
</html>

$ ping -4 -c2 openwrt.org
PING openwrt.org (139.59.209.225) 56(84) bytes of data.
64 bytes from wiki-01.infra.openwrt.org (139.59.209.225): icmp_seq=1 ttl=46 time=286 ms
64 bytes from wiki-01.infra.openwrt.org (139.59.209.225): icmp_seq=2 ttl=46 time=266 ms

--- openwrt.org ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 266.449/276.047/285.645/9.598 ms

$ curl -6 openwrt.org
curl: (7) Couldn't connect to server

$ ping -6 -c2 openwrt.org
ping: connect: Network is unreachable

New configuration files:
/etc/config/dhcp:


config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option filterwin2k '0'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option cachesize '1000'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option nonwildcard '1'
	option localservice '1'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv6 'server'
	option ra 'server'
	option ra_slaac '1'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

/etc/config/firewall/:


config defaults
	option syn_flood '1'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'

config zone
	option name 'lan'
	list network 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	list network 'wan'
	list network 'wan6'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fc00::/6'
	option dest_ip 'fc00::/6'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config rule
	option name 'Support-UDP-Traceroute'
	option src 'wan'
	option dest_port '33434:33689'
	option proto 'udp'
	option family 'ipv4'
	option target 'REJECT'
	option enabled 'false'

config include
	option path '/etc/firewall.user'

config include 'miniupnpd'
	option type 'script'
	option path '/usr/share/miniupnpd/firewall.include'
	option family 'any'
	option reload '1'

config include 'bcp38'
	option type 'script'
	option path '/usr/lib/bcp38/run.sh'
	option family 'IPv4'
	option reload '1'

and /etc/config/network:


config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd69:4c0e:df8e::/48'

config interface 'lan'
	option type 'bridge'
	option ifname 'eth1.1'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

config interface 'wan'
	option ifname 'eth0.2'
	option proto 'pppoe'
	option username 'redacted'
	option password 'redacted'
	option ipv6 'auto'

config interface 'wan6'
	option ifname 'eth0.2'
	option proto 'dhcpv6'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '1 2 3 4 6t'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '5 0t'

Your IPv4 is working fine.
The IPv6 is not responding. You have both option ipv6 'auto' in wan and a wan6 interface. The first option will spawn a wan_6 interface which will negotiate dhcpv6. Either make the option 1 (or manual in Luci) or delete the wan6.
After that verify that it gets settings correctly: ifstatus wan6 or ifstatus wan_6

Your IPv4 is working fine.

Sorry, yes.

I've updated the wan config:

root@OpenWrt:~# cat /etc/config/network | grep -A6 "interface 'wan'"
config interface 'wan'
        option ifname 'eth0.2'
        option proto 'pppoe'
        option username 'redacted'
        option password 'redacted'
        option ipv6 '1'

Confirmed there is no wan_6:

root@OpenWrt:~# ifstatus wan_6
Interface wan_6 not found

And rebooted the router and client machines. However, clients are still unable to connect to the internet via ipv6.

root@OpenWrt:~# ifstatus wan6
{
        "up": true,
        "pending": false,
        "available": true,
        "autostart": true,
        "dynamic": false,
        "uptime": 205,
        "l3_device": "eth0.2",
        "proto": "dhcpv6",
        "device": "eth0.2",
        "updated": [
                "addresses",
                "routes"
        ],
        "metric": 0,
        "dns_metric": 0,
        "delegation": true,
        "ipv4-address": [

        ],
        "ipv6-address": [
                {
                        "address": "2405:6580:32e0:3e00:a36:c9ff:fe21:14f6",
                        "mask": 64,
                        "preferred": 604793,
                        "valid": 2591993
                }
        ],
        "ipv6-prefix": [

        ],
        "ipv6-prefix-assignment": [

        ],
        "route": [
                {
                        "target": "2405:6580:32e0:3e00::",
                        "mask": 64,
                        "nexthop": "::",
                        "metric": 256,
                        "valid": 2591993,
                        "source": "::/0"
                },
                {
                        "target": "::",
                        "mask": 0,
                        "nexthop": "fe80::207:7dff:fe56:60ca",
                        "metric": 512,
                        "valid": 1793,
                        "source": "2405:6580:32e0:3e00:a36:c9ff:fe21:14f6/64"
                }
        ],
        "dns-server": [
                "2404:1a8:7f01:b::3",
                "2404:1a8:7f01:a::3"
        ],
        "dns-search": [
                "flets-east.jp",
                "iptvf.jp"
        ],
        "neighbors": [

        ],
        "inactive": {
                "ipv4-address": [

                ],
                "ipv6-address": [

                ],
                "route": [

                ],
                "dns-server": [

                ],
                "dns-search": [

                ],
                "neighbors": [

                ]
        },
        "data": {
                "passthru": "00170020240401a87f01000b0000000000000003240401a87f01000a0000000000000003001800190a666c6574732d65617374026a7000056970747666026a7000001f0020240401a811020000000000000000000b240401a811020
000000000000000000a"
        }
}

View from the client:

$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp4s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 34:97:f6:9c:83:0a brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.123/24 brd 192.168.1.255 scope global dynamic noprefixroute enp4s0
       valid_lft 42933sec preferred_lft 42933sec
    inet6 fd69:4c0e:df8e::af5/128 scope global dynamic noprefixroute
       valid_lft 42934sec preferred_lft 42934sec
    inet6 fd69:4c0e:df8e:0:c503:2e21:7b4d:e451/64 scope global noprefixroute
       valid_lft forever preferred_lft forever
    inet6 fe80::3210:de83:3d60:aeb0/64 scope link noprefixroute
       valid_lft forever preferred_lft forever

You have an IPv6 on the wan6, but no prefix delegated to distribute to your lan hosts.
Check with your ISP if that is correct. We can provide a solution accordingly.

1 Like

Spoke with my ISP today, they are saying the configuration they are giving is correct, and that I should be using the prefix 2405:6580:32e0:3e00.

If the ISP gives out only one /64, it is possible to use the "relay" IPv6 config in OpenWrt. Then the router can use the same /64 also for LAN.
See the relay example in wiki:
https://openwrt.org/docs/guide-user/network/ipv6/start#router_advertisement_dhcpv6

3 Likes

Is that a /64 prefix?

ISP support agent didn't know the size, said the only information they had available relating to a prefix was that.

You cannot use a /64 prefix for LAN because it matches your WAN6 address.
Unless you are going to utilize NAT6.

Followed the instructions from the docs, with the following changes:

  • Some of the given sed scripts din't produce results for me, so has to use uci show to get the correct index to use with uci set
  • My network.globals.ula_prefix was already set to a letter-prefixed value, but I changed it to be the value given by my ISP above (but changed the first character to a d)

And now the LAN clients are able to communicate with the internet via IPv6!

Thanks everyone.

Edit: @hnyman I'll backup my settings and try the "relay" mode tonight and report back.

2 Likes

If the ISP gives out only one /64, it is possible to use the "relay" IPv6 config in OpenWrt. Then the router can use the same /64 also for LAN.

Following that linked guide, I was able to get it to work in relay mode.

In addition to what was written in the guide, I also updated the network.globals.ula_prefix as I did for the nat6 config and had to reboot and wait a few minutes.

Thanks again, everyone.

1 Like

Nope, ULA should start from fc or fd. The fd00::/8 is defined for /48 prefrixes, so you could prefer that one.

2 Likes

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.