Serving DHCPv6 without IPv4

ifup wan6; sleep 10; ifstatus wan6
1 Like

In /etc/config/network:

config interface 'wan6'
        option ifname 'eth1.2'
        option proto 'dhcpv6'
        option peerdns '0'
        option reqaddress 'try'
        option reqprefix '60'

From ifstatus wan6:

        "ipv6-address": [
                {
                        "address": "2601:644:2:7919:fef5:28ff:fed3:5d07",
                        "mask": 64,
                        "preferred": 323541,
                        "valid": 323541
                },
                {
                        "address": "2601:644:2:7919::a9d8",
                        "mask": 128,
                        "preferred": 600538,
                        "valid": 600538
                }
        ],
        "ipv6-prefix": [

        ],
        "ipv6-prefix-assignment": [

        ],
        "route": [
                {
                        "target": "2601:644:2:7919::",
                        "mask": 64,
                        "nexthop": "::",
                        "metric": 256,
                        "valid": 323541,
                        "source": "::\/0"
                },
                {
                        "target": "::",
                        "mask": 0,
                        "nexthop": "fe80::1ab8:1fff:fe47:c70e",
                        "metric": 512,
                        "valid": 176,
                        "source": "2601:644:2:7919:fef5:28ff:fed3:5d07\/64"
                },
                {
                        "target": "::",
                        "mask": 0,
                        "nexthop": "fe80::1ab8:1fff:fe47:c70e",
                        "metric": 512,
                        "valid": 176,
                        "source": "2601:644:2:7919::a9d8\/128"
                }
        ],
uci show network; uci show dhcp
1 Like
root@zyxel:/etc/config# uci show network
network.loopback=interface
network.loopback.ifname='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.globals=globals
network.globals.ula_prefix='fd10:41a8:a3bd::/48'
network.lan=interface
network.lan.type='bridge'
network.lan.ifname='eth0.1'
network.lan.proto='static'
network.lan.ipaddr='10.96.0.253'
network.lan.netmask='255.128.0.0'
network.lan.dns='10.96.0.132'
network.lan.ip6assign='64'
network.wan=interface
network.wan.ifname='eth1.2'
network.wan.proto='dhcp'
network.wan6=interface
network.wan6.ifname='eth1.2'
network.wan6.proto='dhcpv6'
network.wan6.peerdns='0'
network.wan6.reqaddress='try'
network.wan6.reqprefix='60'
network.@switch[0]=switch
network.@switch[0].name='switch0'
network.@switch[0].reset='1'
network.@switch[0].enable_vlan='1'
network.@switch_vlan[0]=switch_vlan
network.@switch_vlan[0].device='switch0'
network.@switch_vlan[0].vlan='1'
network.@switch_vlan[0].ports='1 2 3 4 0t'
network.@switch_vlan[1]=switch_vlan
network.@switch_vlan[1].device='switch0'
network.@switch_vlan[1].vlan='2'
network.@switch_vlan[1].ports='5 6t'
root@zyxel:/etc/config# uci show dhcp
dhcp.@dnsmasq[0]=dnsmasq
dhcp.@dnsmasq[0].domainneeded='1'
dhcp.@dnsmasq[0].boguspriv='1'
dhcp.@dnsmasq[0].filterwin2k='0'
dhcp.@dnsmasq[0].localise_queries='1'
dhcp.@dnsmasq[0].rebind_protection='1'
dhcp.@dnsmasq[0].rebind_localhost='1'
dhcp.@dnsmasq[0].local='/lan/'
dhcp.@dnsmasq[0].domain='lan'
dhcp.@dnsmasq[0].expandhosts='1'
dhcp.@dnsmasq[0].nonegcache='0'
dhcp.@dnsmasq[0].authoritative='1'
dhcp.@dnsmasq[0].readethers='1'
dhcp.@dnsmasq[0].leasefile='/tmp/dhcp.leases'
dhcp.@dnsmasq[0].resolvfile='/tmp/resolv.conf.auto'
dhcp.@dnsmasq[0].nonwildcard='1'
dhcp.@dnsmasq[0].localservice='1'
dhcp.lan=dhcp
dhcp.lan.interface='lan'
dhcp.lan.start='100'
dhcp.lan.limit='150'
dhcp.lan.leasetime='12h'
dhcp.lan.dhcp_option='6,10.96.0.132'
dhcp.lan.ra='relay'
dhcp.lan.dhcpv6='relay'
dhcp.lan.ndp='relay'
dhcp.lan.dns='fe80::200'
dhcp.wan=dhcp
dhcp.wan.interface='wan'
dhcp.wan.ignore='1'
dhcp.odhcpd=odhcpd
dhcp.odhcpd.maindhcp='0'
dhcp.odhcpd.leasefile='/tmp/hosts/odhcpd'
dhcp.odhcpd.leasetrigger='/usr/sbin/odhcpd-update'
dhcp.odhcpd.loglevel='4'
2 Likes

Is your ISP modem in bridge mode?

Not in bridged mode. It's Xfinity's Arris modem and its connection status page shows a delegated prefix with a /64. (I hadn't thought to look at the modem's page, as I hadn't needed to mess with it for quite some time.)

BTW, the main reason I have a router after their modem/router is because their web management doesn't let me disable their DHCP function. I notice they have both IPv4 and IPv6 DHCP servers.

I've got the link between modem and router set to 172.24.0.0/24 with the modem as .1 and the ZyXEL as .2.

1 Like

Your ISP modem is handling the PD'd IPv6 subnet.
If possible, switch to bridge mode and let your router be the gateway.

2 Likes

Damn, I didn't think bridge mode was available on their residential connection. It's a switch in the main Gateway At a Glance page. I'll have to try that once the family is done using the Internet for the day.

1 Like

After switching to bridge mode and restoring the router setting to stock, I'm seeing v6 addresses everywhere, so things seem to be mostly working.

I ran the following v6 connectivity test and it tells me that the large packet ICMP isn't getting through, so it can't do PMTUD. I don't know what to do with that.

http://test-ipv6-vm4.comcast.net/index.html.en_US

Under Network/Firewall/Traffic Rules, I can see Allow ICMPv6-Forward is enabled. So I guess something else must be blocking those packets.

Is the MTU option of the ISP modem set to 1500?
On Windows, try pinging Google with maximum length available:
ping -l 1452 -6 www.google.com

I'm in the process of renumbering my network so I can get access back to the Xfinity modem. I think when I switched it to bridge mode, it set the address back from the 172 address I'd given it to 10.0.0.1, and that's in my LAN's address block, so the router won't route to it. I'm squishing my network into 10.96/16 so their address will be outside that and will be on the WAN side of the router.

Meanwhile, here's the ping result:

f:\devel>ping -l 1452 -6 www.google.com

Pinging www.google.com [2607:f8b0:4005:807::2004] with 1452 bytes of data:
Reply from 2607:f8b0:4005:807::2004: time=14ms 
Reply from 2607:f8b0:4005:807::2004: time=15ms 
Reply from 2607:f8b0:4005:807::2004: time=11ms 
Reply from 2607:f8b0:4005:807::2004: time=12ms 

Ping statistics for 2607:f8b0:4005:807::2004:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 11ms, Maximum = 15ms, Average = 13ms

I found that, after switching to bridge mode, the modem had reverted its web administration address to 192.168.100.1, but still accepted my old password. I can't see anything that can be modified now except whether it's in bridge mode. (I don't see a setting which lets me move the admin address, which is annoying, but I can live with that.)

So I think I just have the PMTUD issue now.

I found other sites with the same test setup as the Comcast link and they tell me I'm fine with the big packet test. So that tells me Comcast's test site is broken. So I think I'm golden now.

You can use a non-bridge alias to access it:

It's the address of the Comcast modem I wanted to move, not the address of ZyXEL running OpenWRT. But I don't think I need to do that now. It doesn't conflict with my LAN addresses so I can reach it through the ZyXEL from my Windows box.

1 Like

Judging from the ping result, it's fine. The MTU is already optimal (1500). No need to worry about the PMTUD issue.

1 Like

Hello everybody! I got a Ubiquiti EdgeRouter X SFP and flashed OpenWRT on it.

I'm working on making it do load balancing on 2 ISPs, for IPv4 and IPv6. Both ISPs provide me a /64 global prefix.

I've already set a secondary WAN pair (wan2 and wan26) on port eth1, and both ports are working IPv4 and IPv6 with one modem that's bridged. I haven't installed mwan3 yet, because first I wanna get both modems and WANs working.

I'd like to not bridge the other modem, because I do some tests plugging a laptop on it outside my LAN so I can test my LAN reachability by leaving from this modem and entering from the other.

Is it possible to keep the modem as router, and delegate a prefix from it to OpenWRT?

I'm home now. I retested my IPv6 connectivity with bridged modem and it's still working. I then unplugged it and plugged the routed modem.

Now I don't have IPv6 connectivity anymore. My laptop fails ipv6-test.com and is unable to ping 2620:119:35::35, but OpenWRT pings it.

Is it possible to make it work? Or will I need to set this modem as bridge?

Here are my settings and tests.

/etc/config/network

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fdfa:fe7d:a419::/48'

config interface 'lan'
	option type 'bridge'
	option ifname 'eth0.1'
	option proto 'static'
	option ipaddr '192.168.49.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

config device 'lan_dev'
	option name 'eth0.1'
	option macaddr '80:2a:a8:5d:79:d7'

config interface 'wan'
	option ifname 'eth0.2'
	option proto 'dhcp'

config device 'wan_dev'
	option name 'eth0.2'
	option macaddr '80:2a:a8:5d:79:d8'

config interface 'wan6'
	option ifname 'eth0.2'
	option proto 'dhcpv6'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '2 3 4 6t'
	option vid '1'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '0 6t'
	option vid '2'

config switch_vlan
	option device 'switch0'
	option vlan '3'
	option vid '3'
	option ports '1 6t'

config interface 'wan2'
	option proto 'dhcp'
	option ifname 'eth0.3'

config interface 'wan26'
	option proto 'dhcpv6'
	option ifname 'eth0.3'
	option reqaddress 'try'
	option reqprefix 'auto'

config interface 'self'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '192.168.49.1'
	option netmask '255.255.255.255'
	option gateway '192.168.49.1'

ifstatus wan6

{
	"up": true,
	"pending": false,
	"available": true,
	"autostart": true,
	"dynamic": false,
	"uptime": 796,
	"l3_device": "eth0.2",
	"proto": "dhcpv6",
	"device": "eth0.2",
	"metric": 0,
	"dns_metric": 0,
	"delegation": true,
	"ipv4-address": [
		
	],
	"ipv6-address": [
		{
			"address": "2804:1b2:181:2683:822a:a8ff:fe5d:79d8",
			"mask": 64,
			"preferred": 43195,
			"valid": 43195
		}
	],
	"ipv6-prefix": [
		
	],
	"ipv6-prefix-assignment": [
		
	],
	"route": [
		{
			"target": "2804:1b2:181:2683::",
			"mask": 64,
			"nexthop": "::",
			"metric": 256,
			"valid": 43195,
			"source": "::\/0"
		},
		{
			"target": "2804:1b2:181:2683::",
			"mask": 64,
			"nexthop": "fe80::c23d:d9ff:fe38:94c0",
			"metric": 384,
			"valid": 55,
			"source": "::\/0"
		},
		{
			"target": "::",
			"mask": 0,
			"nexthop": "fe80::c23d:d9ff:fe38:94c0",
			"metric": 384,
			"valid": 55,
			"source": "2804:1b2:181:2683:822a:a8ff:fe5d:79d8\/64"
		}
	],
	"dns-server": [
		"2804:7f4:2002:1005::98",
		"2804:7f4:2002:1005::99"
	],
	"dns-search": [
		
	],
	"inactive": {
		"ipv4-address": [
			
		],
		"ipv6-address": [
			
		],
		"route": [
			
		],
		"dns-server": [
			
		],
		"dns-search": [
			
		]
	},
	"data": {
		"passthru": "00170020280407f4200210050000000000000098280407f4200210050000000000000099"
	}
}

uci show network

network.loopback=interface
network.loopback.ifname='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.globals=globals
network.globals.ula_prefix='fdfa:fe7d:a419::/48'
network.lan=interface
network.lan.type='bridge'
network.lan.ifname='eth0.1'
network.lan.proto='static'
network.lan.ipaddr='192.168.49.1'
network.lan.netmask='255.255.255.0'
network.lan.ip6assign='60'
network.lan_dev=device
network.lan_dev.name='eth0.1'
network.lan_dev.macaddr='80:2a:a8:5d:79:d7'
network.wan=interface
network.wan.ifname='eth0.2'
network.wan.proto='dhcp'
network.wan_dev=device
network.wan_dev.name='eth0.2'
network.wan_dev.macaddr='80:2a:a8:5d:79:d8'
network.wan6=interface
network.wan6.ifname='eth0.2'
network.wan6.proto='dhcpv6'
network.@switch[0]=switch
network.@switch[0].name='switch0'
network.@switch[0].reset='1'
network.@switch[0].enable_vlan='1'
network.@switch_vlan[0]=switch_vlan
network.@switch_vlan[0].device='switch0'
network.@switch_vlan[0].vlan='1'
network.@switch_vlan[0].ports='2 3 4 6t'
network.@switch_vlan[0].vid='1'
network.@switch_vlan[1]=switch_vlan
network.@switch_vlan[1].device='switch0'
network.@switch_vlan[1].vlan='2'
network.@switch_vlan[1].ports='0 6t'
network.@switch_vlan[1].vid='2'
network.@switch_vlan[2]=switch_vlan
network.@switch_vlan[2].device='switch0'
network.@switch_vlan[2].vlan='3'
network.@switch_vlan[2].vid='3'
network.@switch_vlan[2].ports='1 6t'
network.wan2=interface
network.wan2.proto='dhcp'
network.wan2.ifname='eth0.3'
network.wan26=interface
network.wan26.proto='dhcpv6'
network.wan26.ifname='eth0.3'
network.wan26.reqaddress='try'
network.wan26.reqprefix='auto'
network.self=interface
network.self.ifname='lo'
network.self.proto='static'
network.self.ipaddr='192.168.49.1'
network.self.netmask='255.255.255.255'
network.self.gateway='192.168.49.1'

uci show dhcp

dhcp.@dnsmasq[0]=dnsmasq
dhcp.@dnsmasq[0].domainneeded='1'
dhcp.@dnsmasq[0].localise_queries='1'
dhcp.@dnsmasq[0].rebind_protection='1'
dhcp.@dnsmasq[0].rebind_localhost='1'
dhcp.@dnsmasq[0].expandhosts='1'
dhcp.@dnsmasq[0].authoritative='1'
dhcp.@dnsmasq[0].readethers='1'
dhcp.@dnsmasq[0].leasefile='/tmp/dhcp.leases'
dhcp.@dnsmasq[0].resolvfile='/tmp/resolv.conf.auto'
dhcp.@dnsmasq[0].local='/home.hikarinet.info/'
dhcp.@dnsmasq[0].domain='home.hikarinet.info'
dhcp.@dnsmasq[0].nonwildcard='0'
dhcp.@dnsmasq[0].server='127.0.0.1#54' 'fdfa:fe7d:a419::1#54'
dhcp.@dnsmasq[0].localservice='0'
dhcp.lan=dhcp
dhcp.lan.interface='lan'
dhcp.lan.dhcpv6='server'
dhcp.lan.ra='server'
dhcp.lan.start='150'
dhcp.lan.limit='199'
dhcp.lan.leasetime='1h'
dhcp.lan.ra_management='1'
dhcp.wan=dhcp
dhcp.wan.interface='wan'
dhcp.wan.ignore='1'
dhcp.odhcpd=odhcpd
dhcp.odhcpd.maindhcp='0'
dhcp.odhcpd.leasefile='/tmp/hosts/odhcpd'
dhcp.odhcpd.leasetrigger='/usr/sbin/odhcpd-update'
dhcp.odhcpd.loglevel='4'
dhcp.@host[0]=host
dhcp.@host[0].name='main2'
dhcp.@host[0].dns='1'
dhcp.@host[0].mac='74:D4:35:1C:B1:F6'
dhcp.@host[0].leasetime='20min'
dhcp.@host[0].hostid='109'
dhcp.@host[0].duid='000100011bcf662374d4351cb1f6'
dhcp.@host[0].ip='192.168.49.109'
dhcp.@domain[0]=domain
dhcp.@host[1]=host
dhcp.@host[1].name='router'
dhcp.@host[1].dns='1'
dhcp.@host[1].mac='80:2A:A8:5D:79:D7'
dhcp.@host[1].ip='192.168.49.1'
dhcp.@host[1].hostid='1'
dhcp.@host[1].leasetime='20min'
dhcp.@host[2]=host
dhcp.@host[2].name='S400CA'
dhcp.@host[2].dns='1'
dhcp.@host[2].mac='D8:50:E6:9E:D8:83'
dhcp.@host[2].ip='192.168.49.154'
dhcp.@host[2].leasetime='20min'
dhcp.@host[2].hostid='154'
dhcp.@host[2].duid='000100011a511926d850e69ed883'
dhcp.@host[3]=host

ping -c 4 -6 www.google.com

PING www.google.com (2800:3f0:4001:809::2004): 56 data bytes
64 bytes from 2800:3f0:4001:809::2004: seq=0 ttl=54 time=17.948 ms
64 bytes from 2800:3f0:4001:809::2004: seq=1 ttl=54 time=18.557 ms
64 bytes from 2800:3f0:4001:809::2004: seq=2 ttl=54 time=20.522 ms
64 bytes from 2800:3f0:4001:809::2004: seq=3 ttl=54 time=17.699 ms

--- www.google.com ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 17.699/18.681/20.522 ms

Looks like OpenWRT itself has IPv6 connectivity, but its DHCP isn't receiving global prefix delegation and is unable to advertise it to LAN devices.

In case it helps, here are modem's settings pages.

It depends on your modem's feature.
Maybe there is an option to enable DHCPv6-PD server on your modem. If no, you have to set your modem to bridge mode, or configure odhcpd to relay NDP between wan and lan, or create a IPv6-only bridge between wan and lan.

For the "LAN reachability" thing, don't forget you can create another VLAN on your router.

2 Likes

Thanks. Indeed it seems the modem doesn't have option to delegate DHCP-PD to a DHCPv6 server or another WAN on its VLAN.

I also don't see on Luci an option to do that on OpenWRT. Do you know if OpenWRT is capable of doing that? If it's not on Luci, maybe there's an option on dnsmasq txt config?