Setting up IPv6 configuration in relay mode

Hi all you helpful folks!
I have an almost vanilla 22.03 installation on a Netgear R7800, where I have only tweaked the Wifi SSID and security settings. I am running this router behind my ISP (Vodafone Germany, Cable) Router.

I vaguely remember doing this years ago by setting everything into relay mode, so I tried to set the DHCP settings like described here.

Now, my wan6 interface is getting an IPv6 address from the ISP router (an actual single, /128 address, no subnet), but neither wan nor lan nor the clients are getting any. Did I forget to set anything for the lan or wan interfaces? Here are my /etc/config/dhcp and /etc/config/network:

config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option filterwin2k '0'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/'
	option nonwildcard '1'
	option localservice '1'
	option ednspacket_max '1232'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option dhcpv6 'relay'
	option ra 'relay'
	option ndp 'relay'
	option ra_slaac '1'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config dhcp 'wan6'
	option dhcpv6 relay
	option ra relay
	option ndp relay
	option master 1
	option interface wan6
config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr ''
	option netmask ''

config globals 'globals'
	option ula_prefix 'fd92:3fac:1d22::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth1.1'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr ''
	option netmask ''
	option ip6assign '64'

config interface 'wan'
	option device 'eth0.2'
	option proto 'dhcp'
	option ipv6 auto

config interface 'wan6'
	option device 'eth0.2'
	option proto 'dhcpv6'
	option reqaddress 'try'
	option reqprefix 'auto'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '1 2 3 4 6t'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '5 0t'

What is also weird is that I am seeing significant traffic on the WAN6 interface (e.g. hundreds of megabytes) but none of my clients seem to get a non-local IPv6 address (one that does not start with fe80).

It is correct that wan and lan don't get an IPv6.
Remove ipv6 option from wan.
Remove from lan

The rest looks fine.

That is normal as both wan and wan6 share the same physical interface eth0.2 and you see the aggregate traffic.

I did what you said but my clients are still not getting an IPv6. Also, my lan interface DOES have an IPv6 but its a ULA (I think): IPv6: fd92:3fac:1d22::1/60

So now my wan6 has a /128 like before, and if I renew my dhcp on my notebook with dhcpcd I get this:

dhcpcd-9.4.1 starting
dev: loaded udev
dhcp6_openudp: Address already in use
ps_inet_startcb: dhcp6_open: Address already in use
DUID 00:04:4c:4c:45:44:00:30:37:10:80:31:c3:c0:4f:4d:43:32
wlp1s0: connected to Access Point: Bergernetz5Ghz
enp0s31f6: waiting for carrier
wlp1s0: IAID 71:b6:ff:c1
wwp0s20f0u10: waiting for carrier
wwp0s20f0u10: carrier acquired
wwp0s20f0u10: IAID aa:00:23:2d
wwp0s20f0u10: adding address fe80::5e95:8c96:b1c3:bef6
wlp1s0: soliciting an IPv6 router
wlp1s0: Router Advertisement from fe80::46a5:6eff:fe47:36af
wlp1s0: no global addresses for default route
wlp1s0: soliciting a DHCPv6 lease
wwp0s20f0u10: soliciting an IPv6 router
wwp0s20f0u10: soliciting a DHCP lease
wlp1s0: soliciting a DHCP lease
wlp1s0: offered from
wlp1s0: probing address
wlp1s0: leased for 43200 seconds
wlp1s0: adding route to
wlp1s0: adding default route via
forked to background, child pid 8924

When I connect to the ISPs router via ethernet I get assigned a /128 from the same prefix as the address the wan6 gets.

Yes, that is expected since you have the ULA prefix in global settings.
Could you run a packet capture to verify that the router is receiving and forwarding the dhcp6 solicitations?
opkg update; opkg install tcpdump; tcpdump -i any -vn icmp6 or udp port 547
After you run it, try to get an IPv6 from your lan host, then kill it with ctrl-c and post here the output.

There is a huge amount of packets captured by tcpdump, in fact, it is so much that I am not allowed to post it here because forum posts are limited to 32000 characters. I created a pastebin:

There was only one attempt to acquire dhcp6, the rest is not so important.

09:40:27.697532 IP6 (flowlabel 0x2e22e, hlim 1, next-header UDP (17) payload length: 93) fe80::4cf1:fe97:c5e3:3417.546 > ff02::1:2.547: [udp sum ok] dhcp6 solicit (xid=3790ff (rapid-commit) (IA_NA IAID:267704053 T1:0 T2:0) (Client-FQDN) (option-request DNS-server DNS-search-list SNTP-servers NTP-server opt_82) (client-ID type 4) (elapsed-time 12023))
09:40:27.698731 IP6 (flowlabel 0xdff15, hlim 32, next-header UDP (17) payload length: 139) 2a02:908:1082:e540::51c2.547 > ff05::1:3.547: [udp sum ok] dhcp6 relay-fwd (linkaddr=fd92:3fac:1d22::1 peeraddr=fe80::4cf1:fe97:c5e3:3417 (interface-ID 07000000...) (relay-message (dhcp6 solicit (xid=3790ff (rapid-commit) (IA_NA IAID:267704053 T1:0 T2:0) (Client-FQDN) (option-request DNS-server DNS-search-list SNTP-servers NTP-server opt_82) (client-ID type 4) (elapsed-time 12023))))

I can see here that the solicitation is relayed, but there is no answer. I am not sure what can be the issue here.
From one hand the ISP router might not listen on the ff05::1:3.547 for relay forwards.
On the other hand maybe the ISP router never listened to that address and it was implemented differently on the previous OpenWrt version you were using.

Is it possible that a firewall rule is prohibiting this? I have not changed them from default.

I can not ping this address (without the .547 which I assume is IPv6 notation for the port?) from the router, is there any way I can find out where this address comes from? My ISP issued global addresses all start with 2a02.

For whatever reason, my wan6 interface now has two IPv6 addresses, one /128 and one /64:
IPv6: 2a02:908:1082:e540::51c2/128
IPv6: 2a02:908:1082:e540:46a5:6eff:fe47:36b0/64
I am utterly confused.

The IPv6 address ff05::1:3 is the multicast request address for DHCPv6 - to reach a server. 547 is the port number.

It won't respond to ping.

Ok so I keep reading up on ipv6, and I tried to ping ff02::2 which is supposed to give me a response from all routers in my network. I do get an answer from one address, which is an fe80 address that belongs to my br-lan interface.

1 Like

I'm not sure why you're concerned about the infrastructure IPv6 addresses, but yes your router should respond to the "all routers" address at the interface your client is connected to/facing.

That's good.