I use openwrt 19.07 (last stable) on a netgear R6220.
I use the relay package and followed the tutorial there to relay my main wireless network:
I also configured IPv6 and it's working relatively well, apart from a tiny thing: when I start my router, I wouldn't get IPv6 by default, I need to restart an interface. Now I have the following script as a service and it's enough to indeed get IPv6 working normally.
My question is thus: is it a bug somewhere? I was about to open an issue on the github repo, but I thought I'd ask around for confirmation first.
As you can see on the screenshot, the problem is the "Network device is not present", which is solved by the script I mentioned.
Please run the following commands (copy-paste the whole block) and paste the output here, using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have
uci export network; uci export wireless; \
uci export dhcp; uci export firewall; \
head -n -0 /etc/firewall.user; \
ip -4 addr ; ip -4 ro li tab all ; ip -4 ru; \
ip -6 addr ; ip -6 ro li tab all ; ip -6 ru
package network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fde3:63eb:0903::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth0.1'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.15.1'
config device 'lan_eth0_1_dev'
option name 'eth0.1'
option macaddr 'REDACTED'
config interface 'wan'
option ifname 'eth0.2'
option proto 'dhcp'
config device 'wan_eth0_2_dev'
option name 'eth0.2'
option macaddr 'REDACTED'
config interface 'wan6'
option ifname 'eth0.2'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '0 1 2 3 6t'
option vid '1'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '4 6t'
option vid '2'
config interface 'wwan'
option proto 'dhcp'
config interface 'stabridge'
option proto 'relay'
list network 'lan'
list network 'wwan'
list network 'wwanrep'
config interface 'wwanrep'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '64'
option ipaddr '192.168.16.1'
config interface 'wwan6'
option ifname 'wlan1'
option proto 'dhcpv6'
option reqprefix 'auto'
option reqaddress 'force'
package wireless
config wifi-device 'radio0'
option type 'mac80211'
option hwmode '11g'
option path 'pci0000:00/0000:00:01.0/0000:02:00.0'
option htmode 'HT40'
option channel 'auto'
option legacy_rates '0'
option country 'CH'
config wifi-device 'radio1'
option type 'mac80211'
option hwmode '11a'
option path 'pci0000:00/0000:00:00.0/0000:01:00.0'
option legacy_rates '0'
option channel 'auto'
option htmode 'VHT80'
option country 'CH'
config wifi-iface 'wifinet0'
option ssid 'REDACTED'
option device 'radio1'
option mode 'sta'
option key ''
option network 'wwan'
option encryption 'psk2'
config wifi-iface 'wifinet1'
option ssid 'OpenWrt'
option device 'radio0'
option mode 'ap'
option network 'wwanrep'
option key ''
option encryption 'psk2'
package dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
config dhcp 'lan'
option interface 'lan'
option ignore '1'
option ra 'relay'
option ndp 'relay'
config dhcp 'wan'
option ignore '1'
option interface 'wwan'
option ra 'relay'
option ndp 'relay'
option master '1'
option try '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'wwanrep'
option interface 'wwanrep'
option ignore '1'
option ra 'relay'
option ndp 'relay'
package firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
config zone
option name 'wan'
option output 'ACCEPT'
option masq '1'
option mtu_fix '1'
option network 'wan wan6 wwan'
option input 'ACCEPT'
option forward 'ACCEPT'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config zone
option name 'bridgezone'
option input 'ACCEPT'
option forward 'ACCEPT'
option output 'ACCEPT'
option network 'lan wwan wwanrep'
config redirect
option name 'wg'
option target 'DNAT'
option dest_ip '192.168.1.2'
option dest 'lan'
list proto 'udp'
option src 'bridgezone'
option dest_port '51822'
option src_dport '51822'
option enabled '0'
config rule
option dest 'lan'
option src 'wan'
option name 'all'
option target 'ACCEPT'
config zone
option name 'rep'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config forwarding
option dest 'wan'
option src 'rep'
config rule
option dest 'rep'
option src 'wan'
option name 'all2'
option target 'ACCEPT'
# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.
# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
5: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
inet 192.168.15.1/24 brd 192.168.15.255 scope global br-lan
valid_lft forever preferred_lft forever
8: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
inet 192.168.1.188/24 brd 192.168.1.255 scope global wlan1
valid_lft forever preferred_lft forever
9: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
inet 192.168.16.1/24 brd 192.168.16.255 scope global wlan0
valid_lft forever preferred_lft forever
default via 192.168.1.1 dev wlan1 table 16800
192.168.1.1 dev wlan1 table 16800 scope link
192.168.1.134 dev wlan1 table 16800 scope link
192.168.1.173 dev wlan1 table 16800 scope link
192.168.1.217 dev wlan1 table 16800 scope link
192.168.15.3 dev br-lan table 16800 scope link
192.168.1.141 dev wlan0 table 16801 scope link
192.168.15.3 dev br-lan table 16801 scope link
default via 192.168.1.1 dev wlan1 table 16802
192.168.1.1 dev wlan1 table 16802 scope link
192.168.1.134 dev wlan1 table 16802 scope link
192.168.1.141 dev wlan0 table 16802 scope link
192.168.1.173 dev wlan1 table 16802 scope link
192.168.1.217 dev wlan1 table 16802 scope link
default via 192.168.1.1 dev wlan1 src 192.168.1.188
192.168.1.0/24 dev wlan1 scope link src 192.168.1.188
192.168.15.0/24 dev br-lan scope link src 192.168.15.1
192.168.16.0/24 dev wlan0 scope link src 192.168.16.1
broadcast 127.0.0.0 dev lo table local scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local scope host src 127.0.0.1
local 127.0.0.1 dev lo table local scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local scope link src 127.0.0.1
broadcast 192.168.1.0 dev wlan1 table local scope link src 192.168.1.188
local 192.168.1.188 dev wlan1 table local scope host src 192.168.1.188
broadcast 192.168.1.255 dev wlan1 table local scope link src 192.168.1.188
broadcast 192.168.15.0 dev br-lan table local scope link src 192.168.15.1
local 192.168.15.1 dev br-lan table local scope host src 192.168.15.1
broadcast 192.168.15.255 dev br-lan table local scope link src 192.168.15.1
broadcast 192.168.16.0 dev wlan0 table local scope link src 192.168.16.1
local 192.168.16.1 dev wlan0 table local scope host src 192.168.16.1
broadcast 192.168.16.255 dev wlan0 table local scope link src 192.168.16.1
0: from all lookup local
2: from all iif lo lookup 1
2: from all iif wlan0 lookup 16800
2: from all iif wlan1 lookup 16801
2: from all iif br-lan lookup 16802
32766: from all lookup main
32767: from all lookup default
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UNKNOWN qlen 1000
inet6 fe80::425d:82ff:fedd:8fb0/64 scope link
valid_lft forever preferred_lft forever
5: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 IPV6_REDACTED::1/64 scope global dynamic
valid_lft 3275sec preferred_lft 3275sec
inet6 fde3:63eb:903::1/60 scope global
valid_lft forever preferred_lft forever
inet6 fe80::425d:82ff:fedd:8fb0/64 scope link
valid_lft forever preferred_lft forever
7: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fe80::425d:82ff:fedd:8fb1/64 scope link
valid_lft forever preferred_lft forever
8: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 IPV6_REDACTED:425d:82ff:fedd:8fb4/64 scope global dynamic
valid_lft 7180sec preferred_lft 3580sec
inet6 fdaa:bbcc:ddee:0:425d:82ff:fedd:8fb4/64 scope global
valid_lft forever preferred_lft forever
inet6 IPV6_REDACTED:61a0:d410:9f58:f0ec/128 scope global dynamic
valid_lft 3275sec preferred_lft 3275sec
inet6 fe80::425d:82ff:fedd:8fb4/64 scope link
valid_lft forever preferred_lft forever
9: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fde3:63eb:903:10::1/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::425d:82ff:fedd:8fb0/64 scope link
valid_lft forever preferred_lft forever
default from IPV6_REDACTED:61a0:d410:9f58:f0ec via fe80::5a90:43ff:feae:55ab dev wlan1 metric 512
default from IPV6_REDACTED::/64 via fe80::5a90:43ff:feae:55ab dev wlan1 metric 512
default from fdaa:bbcc:ddee::/64 via fe80::5a90:43ff:feae:55ab dev wlan1 metric 512
IPV6_REDACTED:107f:290d:ba82:256d dev wlan0 metric 1024
IPV6_REDACTED:3a29:363c:f2e5:ed8e dev br-lan metric 1024
IPV6_REDACTED:55b0:cea2:bc69:f559 dev wlan1 metric 1024
IPV6_REDACTED:961e:b45e:6681:4cb8 dev br-lan metric 1024
IPV6_REDACTED:beef:2df9:7ac9:d358 dev br-lan metric 1024
IPV6_REDACTED::/64 dev wlan1 metric 256
IPV6_REDACTED::/64 via fe80::5a90:43ff:feae:55ab dev wlan1 metric 512
IPV6_REDACTED::/64 dev br-lan metric 1024
unreachable IPV6_REDACTED::/64 dev lo metric 2147483647 error -148
fdaa:bbcc:ddee:0:107f:290d:ba82:256d dev wlan0 metric 1024
fdaa:bbcc:ddee:0:5a90:43ff:feae:55ab dev wlan1 metric 1024
fdaa:bbcc:ddee::/64 dev wlan1 metric 256
fdaa:bbcc:ddee::/64 via fe80::5a90:43ff:feae:55ab dev wlan1 metric 512
fde3:63eb:903::/64 dev br-lan metric 1024
fde3:63eb:903:10::/64 dev wlan0 metric 1024
unreachable fde3:63eb:903::/48 dev lo metric 2147483647 error -148
fe80::/64 dev eth0 metric 256
fe80::/64 dev eth0.2 metric 256
fe80::/64 dev br-lan metric 256
fe80::/64 dev wlan1 metric 256
fe80::/64 dev wlan0 metric 256
local ::1 dev lo table local metric 0
anycast IPV6_REDACTED:: dev wlan1 table local metric 0
anycast IPV6_REDACTED:: dev br-lan table local metric 0
local IPV6_REDACTED::1 dev br-lan table local metric 0
local IPV6_REDACTED:425d:82ff:fedd:8fb4 dev wlan1 table local metric 0
local IPV6_REDACTED:61a0:d410:9f58:f0ec dev wlan1 table local metric 0
anycast fdaa:bbcc:ddee:: dev wlan1 table local metric 0
local fdaa:bbcc:ddee:0:425d:82ff:fedd:8fb4 dev wlan1 table local metric 0
anycast fde3:63eb:903:: dev br-lan table local metric 0
local fde3:63eb:903::1 dev br-lan table local metric 0
anycast fde3:63eb:903:10:: dev wlan0 table local metric 0
local fde3:63eb:903:10::1 dev wlan0 table local metric 0
anycast fe80:: dev eth0.2 table local metric 0
anycast fe80:: dev eth0 table local metric 0
anycast fe80:: dev br-lan table local metric 0
anycast fe80:: dev wlan1 table local metric 0
anycast fe80:: dev wlan0 table local metric 0
local fe80::425d:82ff:fedd:8fb0 dev eth0 table local metric 0
local fe80::425d:82ff:fedd:8fb0 dev br-lan table local metric 0
local fe80::425d:82ff:fedd:8fb0 dev wlan0 table local metric 0
local fe80::425d:82ff:fedd:8fb1 dev eth0.2 table local metric 0
local fe80::425d:82ff:fedd:8fb4 dev wlan1 table local metric 0
ff00::/8 dev eth0 table local metric 256
ff00::/8 dev br-lan table local metric 256
ff00::/8 dev eth0.2 table local metric 256
ff00::/8 dev wlan1 table local metric 256
ff00::/8 dev wlan0 table local metric 256
0: from all lookup local
32766: from all lookup main
4200000000: from IPV6_REDACTED::1/64 iif br-lan lookup unspec unreachable
4200000001: from all iif lo lookup unspec 12
4200000005: from all iif br-lan lookup unspec 12
4200000008: from all iif wlan1 lookup unspec 12
4200000008: from all iif wlan1 lookup unspec 12
4200000009: from all iif wlan0 lookup unspec 12
Edit: I realized there's been a new release since I installed OpenWrt, 19.07.4, I'm gonna try it out and see if I still need the workaround after.
Your settings don't follow the guide: https://openwrt.org/docs/guide-user/network/wifi/relay_configuration#adding_ipv6_support
Use ifname @wwan , Request IPv6 address: disabled
Also you have the firewall zone wrong. wwan and wwan6 must be in lan zone.
Since there are a lot of mistakes, I suggest you reset to defaults and start from scratch the configuration following the guide to the letter and then adding the extras that you want.
I've followed the tutorial again (with another device but exactly the same model). I have the same problem, and the same script "solves" it. Attached is the output of your command.
package network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdcb:f984:b6c3::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth0.1'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.10.1'
option gateway '192.168.1.1'
list dns '192.168.1.1'
config device 'lan_eth0_1_dev'
option name 'eth0.1'
option macaddr 'REDACTED'
config interface 'wan'
option ifname 'eth0.2'
option proto 'dhcp'
config device 'wan_eth0_2_dev'
option name 'eth0.2'
option macaddr 'REDACTED'
config interface 'wan6'
option ifname 'eth0.2'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '0 1 2 3 6t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '4 6t'
config interface 'wwan'
option proto 'dhcp'
config interface 'repeater_bridge'
option proto 'relay'
list network 'lan'
list network 'wwan'
option ipaddr '192.168.1.228'
config interface 'wwan6'
option ifname 'wlan1'
option proto 'dhcpv6'
option reqprefix 'auto'
option reqaddress 'none'
package wireless
config wifi-device 'radio0'
option type 'mac80211'
option hwmode '11g'
option path 'pci0000:00/0000:00:01.0/0000:02:00.0'
option htmode 'HT40'
option channel 'auto'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option key 'REDACTED'
option encryption 'psk2'
option ssid 'OpenWrt2'
config wifi-device 'radio1'
option type 'mac80211'
option channel '36'
option hwmode '11a'
option path 'pci0000:00/0000:00:00.0/0000:01:00.0'
option htmode 'VHT80'
config wifi-iface 'wifinet2'
option key 'REDACTED'
option ssid 'REDACTED'
option device 'radio1'
option mode 'sta'
option bssid 'REDACTED'
option network 'wwan'
option encryption 'psk2'
package dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
config dhcp 'lan'
option interface 'lan'
option ignore '1'
option ra 'relay'
option ndp 'relay'
config dhcp 'wan'
option ignore '1'
option interface 'wwan'
option ra 'relay'
option ndp 'relay'
option master '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
package firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan wwan repeater_bridge wwan6'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'wan wan6'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.
# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
5: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
inet 192.168.10.1/24 brd 192.168.10.255 scope global br-lan
valid_lft forever preferred_lft forever
8: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
inet 192.168.1.228/24 brd 192.168.1.255 scope global wlan1
valid_lft forever preferred_lft forever
192.168.1.2 dev br-lan table 16800 scope link src 192.168.1.228
192.168.1.2 dev br-lan table 16801 scope link
default via 192.168.1.1 dev wlan1 src 192.168.1.228
192.168.1.0/24 dev wlan1 scope link src 192.168.1.228
192.168.10.0/24 dev br-lan scope link src 192.168.10.1
broadcast 127.0.0.0 dev lo table local scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local scope host src 127.0.0.1
local 127.0.0.1 dev lo table local scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local scope link src 127.0.0.1
broadcast 192.168.1.0 dev wlan1 table local scope link src 192.168.1.228
local 192.168.1.228 dev wlan1 table local scope host src 192.168.1.228
broadcast 192.168.1.255 dev wlan1 table local scope link src 192.168.1.228
broadcast 192.168.10.0 dev br-lan table local scope link src 192.168.10.1
local 192.168.10.1 dev br-lan table local scope host src 192.168.10.1
broadcast 192.168.10.255 dev br-lan table local scope link src 192.168.10.1
0: from all lookup local
2: from all iif lo lookup 16800
2: from all iif wlan1 lookup 16801
2: from all iif br-lan lookup 16802
32766: from all lookup main
32767: from all lookup default
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UNKNOWN qlen 1000
inet6 fe80::2e30:33ff:fe3a:958/64 scope link
valid_lft forever preferred_lft forever
5: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 REDACTED scope global dynamic
valid_lft 2135sec preferred_lft 2135sec
inet6 fdcb:f984:b6c3::1/60 scope global
valid_lft forever preferred_lft forever
inet6 fe80::2e30:33ff:fe3a:958/64 scope link
valid_lft forever preferred_lft forever
7: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fe80::2e30:33ff:fe3a:959/64 scope link
valid_lft forever preferred_lft forever
8: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 REDACTED scope global dynamic
valid_lft 7172sec preferred_lft 3572sec
inet6 fdaa:bbcc:ddee:0:2e30:33ff:fe3a:95c/64 scope global
valid_lft forever preferred_lft forever
inet6 REDACTED scope global dynamic
valid_lft 2136sec preferred_lft 2136sec
inet6 fe80::2e30:33ff:fe3a:95c/64 scope link
valid_lft forever preferred_lft forever
9: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fe80::2e30:33ff:fe3a:958/64 scope link
valid_lft forever preferred_lft forever
default from REDACTED via fe80::5a90:43ff:feae:55ab dev wlan1 metric 512
default from REDACTED via fe80::5a90:43ff:feae:55ab dev wlan1 metric 512
default from fdaa:bbcc:ddee::/64 via fe80::5a90:43ff:feae:55ab dev wlan1 metric 512
REDACTED dev br-lan metric 1024
REDACTED dev wlan1 metric 1024
REDACTED dev br-lan metric 1024
REDACTED dev br-lan metric 1024
REDACTED dev br-lan metric 1024
REDACTED dev wlan1 metric 256
REDACTED via fe80::5a90:43ff:feae:55ab dev wlan1 metric 512
REDACTED dev br-lan metric 1024
unreachable REDACTED dev lo metric 2147483647 error -148
fdaa:bbcc:ddee:0:5a90:43ff:feae:55ab dev wlan1 metric 1024
fdaa:bbcc:ddee:0:ec68:697a:e133:d3af dev br-lan metric 1024
fdaa:bbcc:ddee::/64 dev wlan1 metric 256
fdaa:bbcc:ddee::/64 via fe80::5a90:43ff:feae:55ab dev wlan1 metric 512
fdcb:f984:b6c3::/64 dev br-lan metric 1024
unreachable fdcb:f984:b6c3::/48 dev lo metric 2147483647 error -148
fe80::/64 dev eth0 metric 256
fe80::/64 dev eth0.2 metric 256
fe80::/64 dev br-lan metric 256
fe80::/64 dev wlan1 metric 256
fe80::/64 dev wlan0 metric 256
local ::1 dev lo table local metric 0
anycast REDACTED dev br-lan table local metric 0
anycast REDACTED dev wlan1 table local metric 0
local REDACTED dev br-lan table local metric 0
local REDACTED dev wlan1 table local metric 0
local REDACTED dev wlan1 table local metric 0
anycast fdaa:bbcc:ddee:: dev wlan1 table local metric 0
local fdaa:bbcc:ddee:0:2e30:33ff:fe3a:95c dev wlan1 table local metric 0
anycast fdcb:f984:b6c3:: dev br-lan table local metric 0
local fdcb:f984:b6c3::1 dev br-lan table local metric 0
anycast fe80:: dev eth0 table local metric 0
anycast fe80:: dev eth0.2 table local metric 0
anycast fe80:: dev br-lan table local metric 0
anycast fe80:: dev wlan1 table local metric 0
anycast fe80:: dev wlan0 table local metric 0
local fe80::2e30:33ff:fe3a:958 dev eth0 table local metric 0
local fe80::2e30:33ff:fe3a:958 dev br-lan table local metric 0
local fe80::2e30:33ff:fe3a:958 dev wlan0 table local metric 0
local fe80::2e30:33ff:fe3a:959 dev eth0.2 table local metric 0
local fe80::2e30:33ff:fe3a:95c dev wlan1 table local metric 0
ff00::/8 dev eth0 table local metric 256
ff00::/8 dev br-lan table local metric 256
ff00::/8 dev eth0.2 table local metric 256
ff00::/8 dev wlan1 table local metric 256
ff00::/8 dev wlan0 table local metric 256
0: from all lookup local
32766: from all lookup main
4200000000: from REDACTED iif br-lan lookup unspec unreachable
4200000001: from all iif lo lookup unspec 12
4200000005: from all iif br-lan lookup unspec 12
4200000008: from all iif wlan1 lookup unspec 12
4200000008: from all iif wlan1 lookup unspec 12
Ok it seems to work with @wwan as the interface, thanks! For your comment regarding the possible typo, I'm not sure what you referred to, and since it seems to be working I guess I'll leave it like this.