Router not available over ipv6

pekkari · April 1, 2020, 11:16am

Hi,

I'm working on the ipv6 config of my netgear D7800, updated to 19.07.2. I'm trying to make it's
dual stack working so that clients can move on to ipv6, as my ISP provides it. This router is
behind a sagecom(ISP provided), and wan6 gets populated. From there to my lan I use prefix
delegation that provides addresses to my final clients. Firewall is set in a simple mode of block
everything from outside unless it's answering something from inside. The setup works, my clients
get ip addresses, both public and ULA, and I can ping external addresses, but if I try to ping, ssh
or resolv names on the router, all connections are answering it's unreachable. Some sanitized pieces
of my config follow:

/etc/config/networks:

config globals 'globals'
        option ula_prefix 'fdb4:fc:9c::/48'

config interface 'lan'
        option proto 'static'
        option ip6assign '64'
        option ipaddr '12.18.0.1'
        option netmask '255.255.255.0'
        option _orig_ifname 'eth1'
        option ifname 'eth1'
        option ip6hint 'b'

/etc/config/dhcp

config odhcpd 'odhcpd'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'

config dhcp 'lan'
        option interface 'lan'
        option leasetime '12h'
        option ra 'server'
        option start '55'
        option limit '5'
        list domain 'mydomain.com'
        option ra_default '1'

ip config:

# ip -6 a s dev eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 2001:4b:ef:3f::1/64 scope global dynamic
       valid_lft 17206sec preferred_lft 10456sec
    inet6 fdb4:fc:9c:b::1/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::b2b9:8aff:fe6d:8029/64 scope link
       valid_lft forever preferred_lft forever

# ip -6 r s
2001:4b:ef:3f0::/64 dev br-wlan  metric 1024      
unreachable 2001:4b:ef:3f0::/60 dev lo  metric 2147483647  error -113
fdb4:fc:9c:b::/64 dev eth1  metric 1024        
fdb4:fc:9c:c::/64 dev br-wlan  metric 1024        
unreachable fdb4:fc:9c::/48 dev lo  metric 2147483647  error -113
fe80::/64 dev eth1  metric 256 
fe80::/64 dev tun0  metric 256 
fe80::/64 dev tun1  metric 256 
fe80::/64 dev wlan1  metric 256 
fe80::/64 dev br-wlan  metric 256 
fe80::/64 dev eth0  metric 256 
anycast 2001:4b:ef:3f0:: dev eth1  metric 0      
anycast 2001:4b:ef:3f3:: dev br-wlan  metric 0      
anycast fdb4:fc:9c:b:: dev eth1  metric 0       
anycast fe80:: dev eth1  metric 0 
anycast fe80:: dev wlan1  metric 0 
anycast fe80:: dev br-wlan  metric 0 
anycast fe80:: dev eth0  metric 0 
ff00::/8 dev eth1  metric 256 
ff00::/8 dev br-wlan  metric 256
ff00::/8 dev wlan1  metric 256
ff00::/8 dev eth0  metric 256

# netstat -nltp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
...
tcp        0      0 fdb4:fc:9c:b::1:53 :::*                    LISTEN      2482/unbound
...

Client ip info:

$ ping -6 google.com
PING google.com(arn09s20-in-x0e.1e100.net (2a00:1450:400f:80d::200e)) 56 data bytes
64 bytes from arn09s20-in-x0e.1e100.net (2a00:1450:400f:80d::200e): icmp_seq=1 ttl=53 time=22.2 ms
64 bytes from arn09s20-in-x0e.1e100.net (2a00:1450:400f:80d::200e): icmp_seq=2 ttl=53 time=18.4 ms
64 bytes from arn09s20-in-x0e.1e100.net (2a00:1450:400f:80d::200e): icmp_seq=3 ttl=53 time=19.3 ms
...
$ ping -6 2001:4b:ef:3f0::1
PING 2001:4b:ef:3f0::1(2001:4b:ef:3f0::1) 56 data bytes
From 2001:4b:ef:3f0:224:67ff:fe35:1074 icmp_seq=1 Destination unreachable: Address unreachable
From 2001:4b:ef:3f0:224:67ff:fe35:1074 icmp_seq=2 Destination unreachable: Address unreachable
From 2001:4b:ef:3f0:224:67ff:fe35:1074 icmp_seq=3 Destination unreachable: Address unreachable
...
$ ping fdb4:fc:9c:b::1
PING fdb4:fc:9c:b::1(fdb4:fc:9c:b::1) 56 data bytes
From fdb4:fc:9c:b:224:67ff:fe35:1074 icmp_seq=1 Destination unreachable: Address unreachable
From fdb4:fc:9c:b:224:67ff:fe35:1074 icmp_seq=2 Destination unreachable: Address unreachable

ip config:

3: enx002467351074: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:24:67:35:10:74 brd ff:ff:ff:ff:ff:ff
    ....
    inet6 fdb4:fc:9c:b:224:67ff:fe35:1074/64 scope global mngtmpaddr noprefixroute     
       valid_lft forever preferred_lft forever
    inet6 2001:4b:ef:3f0:224:67ff:fe35:1074/64 scope global dynamic mngtmpaddr noprefixroute      
       valid_lft 13005sec preferred_lft 6255sec
    inet6 fe80::224:67ff:fe35:1074/64 scope link 
       valid_lft forever preferred_lft forever

$ ip -6 r s
...
2001:4b:ef:3f0::/64 dev enx002467351074 proto ra metric 100 pref medium
fdb4:fc:9c:b::/64 dev enx002467351074 proto ra metric 100 pref medium
...
$ ip -6 neig
fdb4:fc:9c:b::1 dev enx002467351074  FAILED
2001:4b:ef:3f0::1 dev enx002467351074  FAILED
fe80::b2b9:8aff:fe6d:8029 dev enx002467351074 lladdr b0:b9:8a:6d:80:29 router REACHABLE

Any hints or suggestions are appreciated.

Thanks!

trendy · April 1, 2020, 12:23pm

Please post here the output of the following command, copy and paste the whole block:

uci export network; uci export dhcp; \
ls -l  /etc/resolv.* /tmp/resolv.*; head -n -0 /etc/resolv.* /tmp/resolv.*

pekkari · April 1, 2020, 12:34pm

Absolutely:

# uci export network; uci export dhcp; \
> ls -l  /etc/resolv.* /tmp/resolv.*; head -n -0 /etc/resolv.* /tmp/resolv.*
package network

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fdb4:fc:9c::/48'

config interface 'lan'
	option proto 'static'
	option ip6assign '64'
	option ipaddr '12.18.0.1'
	option netmask '255.255.255.0'
	option _orig_ifname 'eth1'
	option ifname 'eth1'
	option ip6hint 'b'

config interface 'vpn0'
	option proto 'static'
	option ifname 'tun0'
	option _orig_ifname 'tun0'
	option _orig_bridge 'false'
	option ip6assign '64'
	option netmask '255.255.255.240'
	option ipaddr '12.18.30.241'
	option ip6hint 'd'
	option ip6addr 'fdb4:fc:9c:d::1'

config interface 'vpn1'
	option proto 'static'
	option ifname 'tun1'
	option _orig_ifname 'tun1'
	option _orig_bridge 'false'
	option ip6assign '64'
	option netmask '255.255.255.240'
	option ip6hint 'e'
	option ipaddr '12.18.30.225'
	option ip6addr 'fdb4:fc:9c:e::1'

config interface 'wlan'
	option proto 'static'
	option netmask '255.255.255.240'
	option ip6assign '64'
	option ip6hint 'c'
	option type 'bridge'
	option ipaddr '12.18.3.241'
	option ip6addr 'fdb4:fc:9c:c::1'

config interface 'wan'
	option ifname 'eth0'
	option proto 'dhcp'

config interface 'wan6'
	option ifname 'eth0'
	option proto 'dhcpv6'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '1 2 3 4 6'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '5 0'

package dhcp

config dnsmasq
	option domainneeded '1'
	option rebind_protection '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.auto'
	option localservice '1'
	option nonwildcard '0'
	option local '/mydomain.com/'
	option domain 'mydomain.com'
	option localise_queries '1'
	option port '5353'
	option enable_tftp '1'
	option tftp_root '/mnt/tftp'

config boot 'linux'
	option filename 'boot/grub/x86_64-efi/core.efi'
	option serveraddress 'gw.mydomain.com'
	option servername 'PXE server'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config dhcp 'wan6'
	option interface 'wan6'
	option ignore '1'

config odhcpd 'odhcpd'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'

config dhcp 'wlan'
	option leasetime '12h'
	option interface 'wlan'
	option dhcpv6 'disabled'
	option ra 'server'
	option start '5'
	option limit '10'
	list domain 'mydomain.com'

config dhcp 'vpn0'
	option interface 'vpn0'
	option leasetime '12h'
	option dhcpv6 'disabled'
	option ra 'server'
	option start '5'
	option limit '10'
	list domain 'vpn.mydomain.com'

config dhcp 'vpn1'
	option interface 'vpn1'
	option leasetime '12h'
	option dhcpv6 'disabled'
	option ra 'server'

config dhcp 'lan'
	option interface 'lan'
	option leasetime '12h'
	option ra 'server'
	option start '55'
	option limit '5'
	list domain 'mydomain.com'
	option ra_default '1'

lrwxrwxrwx    1 root     root            16 Feb 27 21:05 /etc/resolv.conf -> /tmp/resolv.conf
-rw-r--r--    1 root     root           125 Apr  1 05:56 /tmp/resolv.conf
-rw-r--r--    1 root     root           193 Apr  1 05:53 /tmp/resolv.conf.auto
==> /etc/resolv.conf <==
# /tmp/resolv.conf generated by Unbound UCI 2020-04-01T05:56:50+0000
nameserver 127.0.0.1
nameserver ::1
search mydomain.com.

==> /tmp/resolv.conf <==
# /tmp/resolv.conf generated by Unbound UCI 2020-04-01T05:56:50+0000
nameserver 127.0.0.1
nameserver ::1
search mydomain.com.

==> /tmp/resolv.conf.auto <==
# Interface wan
nameserver 62.241.198.246
nameserver 62.241.198.245
search bb.dnainternet.fi
# Interface wan6
nameserver 2001:14b8:1000::1
nameserver 2001:14b8:1000::2
search bb.dnainternet.fi

Thanks!

trendy · April 1, 2020, 1:45pm

Are the hosts configured to query NS at 5353?

pekkari · April 1, 2020, 1:48pm

No, there is an unbound configured in 53, dnsmasq acts as a secondary:

# cat /etc/config/unbound
config unbound
	option add_extra_dns '0'
	option add_local_fqdn '1'
	option add_wan_fqdn '1'
	option dhcp_link 'odhcpd'
	option dns64 '1'
	option domain 'lan'
	option domain_type 'static'
	option edns_size '1280'
	option extended_luci '0'
	option extended_stats '0'
	option hide_binddata '1'
	option listen_port '53'
	option localservice '1'
	option protocol 'ip6_prefer'
	option rebind_localhost '0'
	option rebind_protection '1'
	option recursion 'default'
	option resource 'default'
	option root_age '9'
	option ttl_min '120'
	option unbound_control '1'
	option validator '0'
	option enabled '1'
	option domain 'mydomain.com'
	option manual_conf '1'
	list trigger_interface 'lan'
	list trigger_interface 'wan'

trendy · April 1, 2020, 2:11pm

Ah, I missed that. As I don't have experience with unbound, I'll let someone else help you.
Just some thoughts:

Documentation mentions to disable dnsmasq, this can be achieved with setting listen port to 0.
Make sure that unbound is configured for the active dhcp server. In the unbound config you have odhcpd, but in dnsmasq config it seems that dnsmasq is enabled.

pekkari · April 1, 2020, 2:20pm

Well, ping and ssh doesn't work either in ipv6, from the top post:

$ ping -6 2001:4b:ef:3f0::1
PING 2001:4b:ef:3f0::1(2001:4b:ef:3f0::1) 56 data bytes
From 2001:4b:ef:3f0:224:67ff:fe35:1074 icmp_seq=1 Destination unreachable: Address unreachable
From 2001:4b:ef:3f0:224:67ff:fe35:1074 icmp_seq=2 Destination unreachable: Address unreachable
From 2001:4b:ef:3f0:224:67ff:fe35:1074 icmp_seq=3 Destination unreachable: Address unreachable
...
$ ping fdb4:fc:9c:b::1
PING fdb4:fc:9c:b::1(fdb4:fc:9c:b::1) 56 data bytes
From fdb4:fc:9c:b:224:67ff:fe35:1074 icmp_seq=1 Destination unreachable: Address unreachable
From fdb4:fc:9c:b:224:67ff:fe35:1074 icmp_seq=2 Destination unreachable: Address unreachable

And ssh:

$ ssh root@fdb4:fc:9c:b::1 # Openssh
ssh: connect to host fdb4:fc:9c:b::1 port 22: No route to host
$ ssh -p 2222 root@fdb4:fc:9c:b::1 # dropbear
ssh: connect to host fdb4:fc:9c:b::1 port 2222: No route to host

And route seems to be there:

$ ip -6 r s
...
fdb4:fc:9c:b::/64 dev enx002467351074 proto ra metric 100 pref medium
...

trendy · April 1, 2020, 2:39pm

Ah I missed that part somehow, maybe I was assured that ip communication works fine and only resolving is malfunctioning.
There doesn't seem to be any default route in OpenWrt. Judging by the fact that you got a response from Google, do I presume correctly that you have some more routing tables? Could you post them along with the rules?

pekkari · April 1, 2020, 3:22pm

Sure, this is the complete routing table of the router, and its rules:

# ip -6 r s
2001:4b:ef:3f0::/64 dev eth1  metric 1024 
2001:4b:ef:3f1::/64 dev tun0  metric 1024 
2001:4b:ef:3f2::/64 dev tun1  metric 1024 
2001:4b:ef:3f3::/64 dev br-wlan  metric 1024 
unreachable 2001:4b:ef:3f0::/60 dev lo  metric 2147483647  error -113 
fdb4:fc:9c:b::/64 dev eth1  metric 1024 
fdb4:fc:9c:c::/64 dev br-wlan  metric 1024 
fdb4:fc:9c:d::/64 dev tun1  metric 256 
fdb4:fc:9c:d::/64 dev tun0  metric 1024 
fdb4:fc:9c:e::/64 dev tun0  metric 256 
fdb4:fc:9c:e::/64 dev tun1  metric 1024 
unreachable fdb4:6fc8:79c2::/48 dev lo  metric 2147483647  error -113
fe80::/64 dev eth1  metric 256
fe80::/64 dev tun0  metric 256
fe80::/64 dev tun1  metric 256
fe80::/64 dev wlan1  metric 256
fe80::/64 dev br-wlan  metric 256
fe80::/64 dev eth0  metric 256
anycast 2001:4b:ef:3f0:: dev eth1  metric 0 
anycast 2001:4b:ef:3f1:: dev tun0  metric 0 
anycast 2001:4b:ef:3f2:: dev tun1  metric 0 
anycast 2001:4b:ef:3f3:: dev br-wlan  metric 0 
anycast fdb4:fc:9c:b:: dev eth1  metric 0 
anycast fdb4:fc:9c:d:: dev tun1  metric 0 
anycast fdb4:fc:9c:e:: dev tun0  metric 0 
anycast fe80:: dev tun0  metric 0
anycast fe80:: dev tun1  metric 0
anycast fe80:: dev eth1  metric 0
anycast fe80:: dev wlan1  metric 0
anycast fe80:: dev br-wlan  metric 0
anycast fe80:: dev eth0  metric 0
ff00::/8 dev eth1  metric 256
ff00::/8 dev br-wlan  metric 256
ff00::/8 dev tun0  metric 256
ff00::/8 dev tun1  metric 256
ff00::/8 dev wlan1  metric 256
ff00::/8 dev eth0  metric 256

# ip -6 rule s 
0:      from all lookup local
32766:  from all lookup main
4200000000:     from 2001:4b:ef:3f0::1/64 iif eth1 lookup unspec unreachable
4200000000:     from 2001:4b:ef:3f1::1/64 iif tun0 lookup unspec unreachable
4200000000:     from 2001:4b:ef:3f2::1/64 iif tun1 lookup unspec unreachable
4200000000:     from 2001:4b:ef:3f3::1/64 iif br-wlan lookup unspec unreachable
4200000001:     from all iif lo lookup unspec 12
4200000002:     from all iif eth0 lookup unspec 12
4200000002:     from all iif eth0 lookup unspec 12
4200000003:     from all iif eth1 lookup unspec 12
4200000007:     from all iif br-wlan lookup unspec 12
4200000009:     from all iif tun0 lookup unspec 12
4200000010:     from all iif tun1 lookup unspec 12

Thanks!

trendy · April 1, 2020, 3:37pm

I still don't see the default gateway. According to the network config your wan interface is eth0, but I don't see any routes from that interface.
Furthermore there is something weird in your switch configuration. Both vlans 1 and 2 are untagged to CPUs and ports? Was that the default or did you change that? The default boot shows br-lan eth1.1 and wan eth0.2

pekkari · April 1, 2020, 3:57pm

crap, my fault, sorry, I managed to skip the 2 firsts lines:

default from 2001:4b:ef:300::1 via fe80::dad7:75ff:fe68:a0cc dev eth0  metric 4096 
default from 2001:4b:ef:3f0::/60 via fe80::dad7:75ff:fe68:a0cc dev eth0  metric 4096

About the vlans, it was as is by default, I didn't touch them, it would be too much
of engineering the device, which is not certainly having a simple config any longer...

trendy · April 1, 2020, 7:13pm

Try this and let me know:

uci set network.wan6.sourcerouting=0
uci commit network
ifup wan6

pekkari · April 2, 2020, 4:45am

I'm afraid it didn't make it:

$ ping -6 fdb4:fc:9c:b::1
PING fdb4:fc:9c:b::1(fdb4:fc:9c:b::1) 56 data bytes
From fdb4:fc:9c:b:224:67ff:fe35:1074: icmp_seq=1 Destination unreachable: Address unreachable
From fdb4:fc:9c:b:224:67ff:fe35:1074: icmp_seq=2 Destination unreachable: Address unreachable
From fdb4:fc:9c:b:224:67ff:fe35:1074: icmp_seq=3 Destination unreachable: Address unreachable
From fdb4:fc:9c:b:224:67ff:fe35:1074: icmp_seq=4 Destination unreachable: Address unreachable
From fdb4:fc:9c:b:224:67ff:fe35:1074: icmp_seq=5 Destination unreachable: Address unreachable
From fdb4:fc:9c:b:224:67ff:fe35:1074: icmp_seq=6 Destination unreachable: Address unreachable
From fdb4:fc:9c:b:224:67ff:fe35:1074: icmp_seq=7 Destination unreachable: Address unreachable
From fdb4:fc:9c:b:224:67ff:fe35:1074: icmp_seq=8 Destination unreachable: Address unreachable
From fdb4:fc:9c:b:224:67ff:fe35:1074: icmp_seq=9 Destination unreachable: Address unreachable
^C
--- fdb4:fc:9c:b::1 ping statistics ---
10 packets transmitted, 0 received, +9 errors, 100% packet loss, time 207ms
pipe 4
$ ping 2001:4b:ef:3f0::1
PING 2001:4b:ef:3f0::1(2001:4b:ef:3f0::1) 56 data bytes
From 2001:4b:ef:3f0:224:67ff:fe35:1074: icmp_seq=1 Destination unreachable: Address unreachable
From 2001:4b:ef:3f0:224:67ff:fe35:1074: icmp_seq=2 Destination unreachable: Address unreachable
From 2001:4b:ef:3f0:224:67ff:fe35:1074: icmp_seq=3 Destination unreachable: Address unreachable
From 2001:4b:ef:3f0:224:67ff:fe35:1074: icmp_seq=4 Destination unreachable: Address unreachable
From 2001:4b:ef:3f0:224:67ff:fe35:1074: icmp_seq=5 Destination unreachable: Address unreachable
From 2001:4b:ef:3f0:224:67ff:fe35:1074: icmp_seq=6 Destination unreachable: Address unreachable
^C
--- 2001:4b:ef:3f0::1 ping statistics ---
7 packets transmitted, 0 received, +6 errors, 100% packet loss, time 148ms
pipe 4

Nevertheless thanks for the suggestion!

pekkari · April 2, 2020, 5:58am

waw! This is terribly inconsistent. I rebooted the router, and installed tcpdump,
I started pinging from the laptop to ula prefix, and then went to the router and
started a dump, this is what it happened:

$ ping fdb4:fc:9c:b::1
PING fdb4:fc:9c:b::1(fdb4:fc:9c:b::1) 56 data bytes 
From fdb4:fc:9c:b:224:67ff:fe35:1074: icmp_seq=1 Destination unreachable: Address unreachable
From fdb4:fc:9c:b:224:67ff:fe35:1074: icmp_seq=5 Destination unreachable: Address unreachable
From fdb4:fc:9c:b:224:67ff:fe35:1074: icmp_seq=6 Destination unreachable: Address unreachable
From fdb4:fc:9c:b:224:67ff:fe35:1074: icmp_seq=8 Destination unreachable: Address unreachable
From fdb4:fc:9c:b:224:67ff:fe35:1074: icmp_seq=11 Destination unreachable: Address unreachable
From fdb4:fc:9c:b:224:67ff:fe35:1074: icmp_seq=12 Destination unreachable: Address unreachable
From fdb4:fc:9c:b:224:67ff:fe35:1074: icmp_seq=14 Destination unreachable: Address unreachable
From fdb4:fc:9c:b:224:67ff:fe35:1074: icmp_seq=15 Destination unreachable: Address unreachable
From fdb4:fc:9c:b:224:67ff:fe35:1074: icmp_seq=17 Destination unreachable: Address unreachable
From fdb4:fc:9c:b:224:67ff:fe35:1074: icmp_seq=18 Destination unreachable: Address unreachable
From fdb4:fc:9c:b:224:67ff:fe35:1074: icmp_seq=19 Destination unreachable: Address unreachable
From fdb4:fc:9c:b:224:67ff:fe35:1074: icmp_seq=20 Destination unreachable: Address unreachable
From fdb4:fc:9c:b:224:67ff:fe35:1074: icmp_seq=23 Destination unreachable: Address unreachable
From fdb4:fc:9c:b:224:67ff:fe35:1074: icmp_seq=24 Destination unreachable: Address unreachable
From fdb4:fc:9c:b:224:67ff:fe35:1074: icmp_seq=25 Destination unreachable: Address unreachable
From fdb4:fc:9c:b:224:67ff:fe35:1074: icmp_seq=26 Destination unreachable: Address unreachable
From fdb4:fc:9c:b:224:67ff:fe35:1074: icmp_seq=27 Destination unreachable: Address unreachable
64 bytes from fdb4:fc:9c:b::1: icmp_seq=28 ttl=64 time=2049 ms
64 bytes from fdb4:fc:9c:b::1: icmp_seq=29 ttl=64 time=1025 ms
64 bytes from fdb4:fc:9c:b::1: icmp_seq=30 ttl=64 time=1.14 ms
64 bytes from fdb4:fc:9c:b::1: icmp_seq=31 ttl=64 time=0.762 ms
64 bytes from fdb4:fc:9c:b::1: icmp_seq=32 ttl=64 time=0.745 ms
64 bytes from fdb4:fc:9c:b::1: icmp_seq=33 ttl=64 time=0.732 ms
64 bytes from fdb4:fc:9c:b::1: icmp_seq=34 ttl=64 time=0.716 ms
64 bytes from fdb4:fc:9c:b::1: icmp_seq=35 ttl=64 time=0.706 ms
64 bytes from fdb4:fc:9c:b::1: icmp_seq=36 ttl=64 time=0.701 ms
^C 
--- fdb4:fc:9c:b::1 ping statistics ---
36 packets transmitted, 9 received, +17 errors, 75% packet loss, time 865ms
rtt min/avg/max/mdev = 0.701/342.159/2048.876/682.721 ms, pipe 4

And then:

$ ssh root@fdb4:fc:9c:b::1


BusyBox v1.30.1 () built-in shell (ash)

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt 19.07.2, r10947-65030d81f3
 -----------------------------------------------------
root@gw:~#

and:

$ dig +short @fdb4:fc:9c:b::1 google.com
216.58.211.14

How can this happen?

trendy · April 2, 2020, 8:47am

I am suspecting some combination of connection tracking with source routing and asymmetric routing. There is another thread with the same problems more or less and I am trying to replicate the issues in my lab.

trendy · April 9, 2020, 10:21am

Your setup is slightly different from the other topic we are discussing, so let's continue here.
The firewall rules that I mentioned in the other topic apply on the primary router. In your case it is the Sagem, not another OpenWrt.
So in your case the steps that I followed where to add the always announce default route.

uci set dhcp.lan.ra_default='1'
uci commit dhcp
ifup lan

This might not be needed if the PCs connected on the OpenWrt already have the default route.
In case it doesn't work, post the following from OpenWrt and a PC
ip -6 addr; ip -6 ru; ip -6 ro
Also post once again the configs to have them in one place:

uci export network; uci export dhcp; \
uci export firewall; uci export wireless; \
ifstatus wan6; ifstatus lan

pekkari · April 9, 2020, 8:50pm

# From router
# ip -6 addr; ip -6 ru; ip -6 ro
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 2001:4b:ef:5300::1/128 scope global dynamic 
       valid_lft 13329sec preferred_lft 6579sec
    inet6 fe80::b2b9:8aff:fe6d:802a/64 scope link 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fdb4:fc:9c:b::1/64 scope global 
       valid_lft forever preferred_lft forever
    inet6 2001:4b:ef:0::1/64 scope global dynamic 
       valid_lft 13330sec preferred_lft 6580sec
    inet6 fe80::b2b9:8aff:fe6d:8029/64 scope link 
       valid_lft forever preferred_lft forever
7: br-wlan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 2001:4b:ef:3::1/64 scope global dynamic 
       valid_lft 13329sec preferred_lft 6579sec
    inet6 fdb4:fc:9c:c::1/128 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::b2b9:8aff:fe6d:802c/64 scope link 
       valid_lft forever preferred_lft forever
8: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fe80::b2b9:8aff:fe6d:802c/64 scope link 
       valid_lft forever preferred_lft forever
9: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 state UNKNOWN qlen 100
    inet6 2001:4b:ef:1::1/64 scope global dynamic 
       valid_lft 13329sec preferred_lft 6579sec
    inet6 fdb4:fc:9c:d::2/64 scope global 
       valid_lft forever preferred_lft forever
    inet6 fdb4:fc:9c:d::1/128 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::10fe:1b13:d7a6:8e39/64 scope link 
       valid_lft forever preferred_lft forever
10: tun1: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 state UNKNOWN qlen 100
    inet6 2001:4b:ef:2::1/64 scope global dynamic 
       valid_lft 13329sec preferred_lft 6579sec
    inet6 fdb4:fc:9c:e::2/64 scope global 
       valid_lft forever preferred_lft forever
    inet6 fdb4:fc:9c:e::1/128 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::d7b8:55cd:8219:ad44/64 scope link 
       valid_lft forever preferred_lft forever
0:      from all lookup local 
32766:  from all lookup main 
4200000000:     from 2001:4b:ef:1::1/64 iif tun0 lookup unspec unreachable
4200000000:     from 2001:4b:ef:2::1/64 iif tun1 lookup unspec unreachable
4200000000:     from 2001:4b:ef:3::1/64 iif br-wlan lookup unspec unreachable
4200000000:     from 2001:4b:ef:0::1/64 iif eth1 lookup unspec unreachable
4200000001:     from all iif lo lookup unspec 12
4200000002:     from all iif eth0 lookup unspec 12
4200000002:     from all iif eth0 lookup unspec 12
4200000003:     from all iif eth1 lookup unspec 12
4200000007:     from all iif br-wlan lookup unspec 12
4200000009:     from all iif tun0 lookup unspec 12
4200000010:     from all iif tun1 lookup unspec 12
default from 2001:4b:ef:5300::1 via fe80::dad7:75ff:fe68:a0cc dev eth0  metric 4096 
default from 2001:4b:ef:0::/60 via fe80::dad7:75ff:fe68:a0cc dev eth0  metric 4096 
2001:4b:ef:0::/64 dev eth1  metric 1024 
2001:4b:ef:1::/64 dev tun0  metric 1024 
2001:4b:ef:2::/64 dev tun1  metric 1024 
2001:4b:ef:3::/64 dev br-wlan  metric 1024 
unreachable 2001:4b:ef:0::/60 dev lo  metric 2147483647  error -113
fdb4:fc:9c:b::/64 dev eth1  metric 1024 
fdb4:fc:9c:c::/64 dev br-wlan  metric 1024 
fdb4:fc:9c:d::/64 dev tun0  metric 256 
fdb4:fc:9c:d::/64 dev tun0  metric 1024 
fdb4:fc:9c:e::/64 dev tun1  metric 256 
fdb4:fc:9c:e::/64 dev tun1  metric 1024 
unreachable fdb4:6fc8:79c2::/48 dev lo  metric 2147483647  error -113
fe80::/64 dev tun0  metric 256 
fe80::/64 dev tun1  metric 256 
fe80::/64 dev wlan1  metric 256 
fe80::/64 dev br-wlan  metric 256 
fe80::/64 dev eth0  metric 256 
fe80::/64 dev eth1  metric 256 
anycast 2001:4b:ef:0:: dev eth1  metric 0 
anycast 2001:4b:ef:1:: dev tun0  metric 0 
anycast 2001:4b:ef:2:: dev tun1  metric 0 
anycast 2001:4b:ef:3:: dev br-wlan  metric 0 
anycast fdb4:fc:9c:b:: dev eth1  metric 0 
anycast fdb4:fc:9c:d:: dev tun0  metric 0 
anycast fdb4:fc:9c:e:: dev tun1  metric 0 
anycast fe80:: dev tun0  metric 0 
anycast fe80:: dev tun1  metric 0 
anycast fe80:: dev br-wlan  metric 0 
anycast fe80:: dev wlan1  metric 0 
anycast fe80:: dev eth0  metric 0 
anycast fe80:: dev eth1  metric 0 
ff00::/8 dev br-wlan  metric 256 
ff00::/8 dev tun0  metric 256 
ff00::/8 dev tun1  metric 256 
ff00::/8 dev wlan1  metric 256 
ff00::/8 dev eth0  metric 256 
ff00::/8 dev eth1  metric 256


# From pc
$ ip -6 addr; ip -6 ru; ip -6 ro
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
3: enp4s0f3u1u4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fdb4:fc:9c:b:224:67ff:fe35:1074/64 scope global dynamic mngtmpaddr
       valid_lft forever preferred_lft forever
    inet6 2001:4b:ef:0:224:67ff:fe35:1074/64 scope global dynamic mngtmpaddr
       valid_lft 13252sec preferred_lft 6502sec
    inet6 fe80::224:67ff:fe35:1074/64 scope link
       valid_lft forever preferred_lft forever
0:      from all lookup local
32766:  from all lookup main
2001:4b:ef:0::/64 dev enp4s0f3u1u4 proto kernel metric 256 expires 13251sec pref medium
fdb4:fc:9c:b::/64 dev enp4s0f3u1u4 proto kernel metric 256 pref medium
fe80::/64 dev enp4s0f3u1u4 proto kernel metric 256 pref medium
default via fe80::b2b9:8aff:fe6d:8029 dev enp4s0f3u1u4 proto ra metric 1024 expires 1637sec hoplimit 64 pref medium

Configs:

package network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fdb4:6fc8:79c2::/48'

config interface 'lan'
        option proto 'static'
        option ip6assign '64'
        option ipaddr '122.118.0.1'
        option netmask '255.255.255.192'
        option _orig_ifname 'eth1'
        option ifname 'eth1'
        option ip6hint 'b'

config interface 'vpn0'
        option proto 'static'
        option ifname 'tun0'
        option _orig_ifname 'tun0'
        option _orig_bridge 'false'
        option ip6assign '64'
        option netmask '255.255.255.240'
        option ipaddr '122.118.30.241'
        option ip6hint 'd'
        option ip6addr 'fdb4:fc:9c:d::1'

config interface 'vpn1'
        option proto 'static'
        option ifname 'tun1'
        option _orig_ifname 'tun1'
        option _orig_bridge 'false'
        option ip6assign '64'
        option netmask '255.255.255.240'
        option ip6hint 'e'
        option ipaddr '122.118.30.225'
        option ip6addr 'fdb4:fc:9c:e::1'

config interface 'wlan'
        option proto 'static'
        option netmask '255.255.255.240'
        option ip6assign '64'
        option ip6hint 'c'
        option type 'bridge'
        option ipaddr '122.118.3.241'
        option ip6addr 'fdb4:fc:9c:c::1'

config interface 'wan'
        option ifname 'eth0'
        option proto 'dhcp'

config interface 'wan6'
        option ifname 'eth0'
        option proto 'dhcpv6'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '1 2 3 4 6'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '5 0'

config route
        option interface 'lan'
        option target '122.118.0.61'
        option netmask '255.255.255.192'
        option gateway '122.118.0.1'

config route
        option interface 'lan'
        option target '122.118.0.60'
        option netmask '255.255.255.192'
        option gateway '122.118.0.1'

config route
        option interface 'lan'
        option target '122.118.0.59'
        option netmask '255.255.255.192'
        option gateway '122.118.0.1'

package dhcp

config dnsmasq
        option domainneeded '1'
        option rebind_protection '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.auto'
        option localservice '1'
        option nonwildcard '0'
        option local '/mydomain.com/'
        option domain 'mydomain.com'
        option localise_queries '1'
        option port '5353'
        option enable_tftp '1'
        option tftp_root '/mnt/tftp'

config boot 'linux'
        option filename 'boot/grub/x86_64-efi/core.efi'
        option serveraddress 'gw.mydomain.com'
        option servername 'PXE server'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config dhcp 'wan6'
        option interface 'wan6'
        option ignore '1'

config odhcpd 'odhcpd'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'

config dhcp 'wlan'
        option leasetime '12h'
        option interface 'wlan'
        option dhcpv6 'disabled'
        option ra 'server'
        option start '5'
        option limit '10'
        list domain 'mydomain.com'

config dhcp 'vpn0'
        option interface 'vpn0'
        option leasetime '12h'
        option dhcpv6 'disabled'
        option ra 'server'
        option start '5'
        option limit '10'
        list domain 'vpn.mydomain.com'

config dhcp 'vpn1'
        option interface 'vpn1'
        option leasetime '12h'
        option dhcpv6 'disabled'
        option ra 'server'

config dhcp 'lan'
        option interface 'lan'
        option leasetime '12h'
        option ra 'server'
        option start '55'
        option limit '5'
        list domain 'mydomain.com'
        option ra_default '1'

package firewall

config defaults
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option syn_flood '1'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option network 'lan'
        option forward 'REJECT'
        option masq '1'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        option network 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config include
        option path '/etc/firewall.user'

config rule 'Allow_OpenVPN_Inbound'
        option target 'ACCEPT'
        option src '*'
        option dest_port '1194'
        option name 'VPN'
        option proto 'tcp udp'

config zone 'vpn'
        option name 'vpn'
        option input 'ACCEPT'
        option forward 'REJECT'
        option output 'ACCEPT'
        option masq '1'
        option network 'vpn0 vpn1'

config zone
        option input 'ACCEPT'
        option output 'ACCEPT'
        option name 'wlan'
        option network 'wlan'
        option forward 'REJECT'
        option masq '1'

config forwarding
        option dest 'wan'
        option src 'wlan'

config zone
        option forward 'REJECT'
        option name 'wan6'
        option input 'REJECT'
        option masq '1'
        option network 'wan6'
        option output 'ACCEPT'
        option mtu_fix '1'

config forwarding
        option dest 'wan6'
        option src 'wlan'

config forwarding
        option dest 'wan'
        option src 'lan'

config forwarding
        option dest 'wan6'
        option src 'lan'

config forwarding
        option dest 'wan'
        option src 'vpn'

config forwarding
        option dest 'wan6'
        option src 'vpn'

package wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option hwmode '11a'
        option path 'soc/1b500000.pci/pci0000:00/0000:00:00.0/0000:01:00.0'
        option htmode 'HT20'
        option country 'US'
        option legacy_rates '1'
        option channel 'auto'
        option disabled '1'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option mode 'ap'
        option network 'wlan'
        option key 'SuperSecretPasswd'
        option disabled '1'
        option ssid 'LEDE'
        option encryption 'none'

config wifi-device 'radio1'
        option type 'mac80211'
        option hwmode '11g'
        option path 'soc/1b700000.pci/pci0001:00/0001:00:00.0/0001:01:00.0'
        option htmode 'HT20'
        option country 'US'
        option legacy_rates '1'
        option channel '4'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option mode 'ap'
        option ssid 'Caverna'
        option hidden '1'
        option encryption 'psk2+tkip+ccmp'
        option key 'SuperSecretPasswd2'
        option isolate '1'
        option network 'wlan'

{
        "up": true,
        "pending": false,
        "available": true,
        "autostart": true,
        "dynamic": false,
        "uptime": 657874,
        "l3_device": "eth0",
        "proto": "dhcpv6",
        "device": "eth0",
        "updated": [
                "prefixes"
        ],
        "metric": 0,
        "dns_metric": 0,
        "delegation": true,
        "ipv4-address": [

        ],
        "ipv6-address": [
                {
                        "address": "2001:4b:ef:5300::1",
                        "mask": 128,
                        "preferred": 6085,
                        "valid": 12835
                }
        ],
        "ipv6-prefix": [
                {
                        "address": "2001:4b:ef:0::",
                        "mask": 60,
                        "preferred": 6085,
                        "valid": 12835,
                        "class": "wan6",
                        "assigned": {
                                "lan": {
                                        "address": "2001:4b:ef:0::",
                                        "mask": 64
                                },
                                "vpn0": {
                                        "address": "2001:4b:ef:1::",
                                        "mask": 64
                                },
                                "vpn1": {
                                        "address": "2001:4b:ef:2::",
                                        "mask": 64
                                },
                                "wlan": {
                                        "address": "2001:4b:ef:3::",
                                        "mask": 64
                                }
                        }
                }
        ],
        "ipv6-prefix-assignment": [

        ],
        "route": [
                {
                        "target": "::",
                        "mask": 0,
                        "nexthop": "fe80::dad7:75ff:fe68:a0cc",
                        "metric": 4096,
                        "valid": 12835,
                        "source": "2001:4b:ef:0::/60"
                },
                {
                        "target": "::",
                        "mask": 0,
                        "nexthop": "fe80::dad7:75ff:fe68:a0cc",
                        "metric": 4096,
                        "valid": 12835,
                        "source": "2001:4b:ef:5300::1/128"
                }
        ],
        "dns-server": [
                "2001:14b8:1000::1",
                "2001:14b8:1000::2"
        ],
        "dns-search": [
                "bb.dnainternet.fi"
        ],
        "neighbors": [

        ],
        "inactive": {
                "ipv4-address": [

                ],
                "ipv6-address": [

                ],
                "route": [

                ],
                "dns-server": [

                ],
                "dns-search": [

                ],
                "neighbors": [

                ]
        },
        "data": {
                "passthru": "00170020200114b8100000000000000000000001200114b8100000000000000000000002001800130262620b646e61696e7465726e657402666900"
        }
}
{
        "up": true,
        "pending": false,
        "available": true,
        "autostart": true,
        "dynamic": false,
        "uptime": 582,
        "l3_device": "eth1",
        "proto": "static",
        "device": "eth1",
        "updated": [
                "addresses",
                "routes"
        ],
        "metric": 0,
        "dns_metric": 0,
        "delegation": true,
        "ipv4-address": [
                {
                        "address": "122.118.0.1",
                        "mask": 26
                }
        ],
        "ipv6-address": [

        ],
        "ipv6-prefix": [

        ],
        "ipv6-prefix-assignment": [
                {
                        "address": "2001:4b:ef:0::",
                        "mask": 64,
                        "preferred": 6085,
                        "valid": 12835,
                        "local-address": {
                                "address": "2001:4b:ef:0::1",
                                "mask": 64
                        }
                },
                {
                        "address": "fdb4:fc:9c:b::",
                        "mask": 64,
                        "local-address": {
                                "address": "fdb4:fc:9c:b::1",
                                "mask": 64
                        }
                }
        ],
        "route": [
                {
                        "target": "122.118.0.59",
                        "mask": 26,
                        "nexthop": "122.118.0.1",
                        "source": "0.0.0.0/0"
                },
                {
                        "target": "122.118.0.60",
                        "mask": 26,
                        "nexthop": "122.118.0.1",
                        "source": "0.0.0.0/0"
                },
                {
                        "target": "122.118.0.61",
                        "mask": 26,
                        "nexthop": "122.118.0.1",
                        "source": "0.0.0.0/0"
                }
        ],
        "dns-server": [

        ],
        "dns-search": [

        ],
        "neighbors": [

        ],
        "inactive": {
                "ipv4-address": [

                ],
                "ipv6-address": [

                ],
                "route": [

                ],
                "dns-server": [

                ],
                "dns-search": [

                ],
                "neighbors": [

                ]
        },
        "data": {

        }
}

Thanks for the patience and perseverance!

trendy · April 9, 2020, 10:03pm

First of all the fdb4 address is ULA, which is private address, something like 192.168 in IPv4. So there is no point to redact in every post of yours the characters. This has local significance on OpenWrt, as the Sagem doesn't seem to delegate a ULA prefix, only the GUA.
Second the PC doesn't have all the necessary routes. It should have one for fdb4:6fc8:79c2::/48, not just the /64
Third, add option ip6addr 'fdb4:6fc8:79c2:b::1' in lan interface and don't let it decide which IP to use.
Fourth the static routes you have are pointless and invalid as all 3 addresses belong to the lan subnet.
Fifth add option ra_management '0' in dhcp/lan since you are using only SLAAC.
Sixth remove masquerade from lan if you don't need it. In general you are masquerading everywhere and I don't see the reason.
Also you have created a wan6 zone in firewall and you are masquerading there too.
There is quite a mess there, if it doesn't get fixed after all these I think it is a waste of time to troubleshoot any further. You'd better reset it to default, verify that it works (which I am sure it will even with defaults) and only add the vpns and the wifi related configurations.

pekkari · April 10, 2020, 6:37am

All valid points, specially the masquerading one, with these kind of misconfig one
wonders why everything goes so slow...

wan6 I don't remember to have created it, since this router was installed back
in times of LEDE, and upgraded, so maybe in a former version the PD created
it and now is no longer needed.

Is ULA only possible if you use dhcpv6? Since disabling ra_management I don't
see the ula prefix in my laptop.

Thanks for the great hints!

trendy · April 10, 2020, 7:09am

If you kept the settings while upgrading from previous major releases of Lede/OpenWrt, e.g from 17->18, then I suggest that you take a backup of the important settings, reset the OpenWrt to defaults and start adding them manually.
I am pretty sure that by the time you reset it everything will be working fine in terms of internet and internal connectivity.

It is possible with both, but you don't have dhcp6 enabled anyway. Most likely another bad config carried over.