With a clean install of OpenWrt I'm trying to perform a local test :
eth0 setup as WAN static IP6 = 2000:0:0:0::1/64
eth1 setup as LAN static IP6 = 2000:0:0:1::1/64
cell phone on same network as eth0 static IP6 = 2000:0:0:0::2/64 gateway = 2000:0:0:0::1
my PC on same network as eth1 static IP6 = 2000:0:0:1::2/64 gateway = 2000:0.0.1::1
(note that none of this has any internet facing interfaces, it's just a local test using internet IPs)
OpenWrt can ping all IPs
cell phone can ping every IP except the PC (request timed out)
PC can ping every IP except the phone. (request timed out)
Both the PC and cell phone are set to respond to pings from everywhere.
Firewall rules are completely open, everything is allowed. LAN>WAN and WAN>LAN
What's stopping the forwarding between the subnets?
This should require no additional routes, packet forwarding should be doing it.
- Please explain how the PC and cell get their xxx::2 IPv6 address (it matters)
- (I don't wanna assume - If this is related to your other thread about [properly] assigning IPs from WAN6 and the routes you were making - you might wish to note that -again, it matters)
I won't inquire more on the needed IPv6 protools since your client IPv6 assignment description will probably clarify this and you say it's open, which should be OK.
The cell and PC's IPs and gateways were statically (manually) assigned. But my apologies for not returning here sooner, but I got it work. The crazy setup and bizarre circumstances I am in would have been a nightmare to explain in detail. It boils down to my ISP's router which is also a VoIP box and you HAVE to use it in order to get the VoIP service meaning my OpenWrt box became useless. But I still wanted to use it, so i was messing around for hours trying to figure out how to route the delegated IPv6 prefix that was assigned to the ISP router to another physical network. I eventually had to write a script to extract the IP data from the router's config page. Then assign the WAN interface a :/128 address from that range, add the PD :/56. Then setup ndppd to respond to the ISP router's neighbor discovery on that range. Outgoing packets from the LAN will be routed through the ISP router normally, On an incoming packet to the ISP router it will attempt to neighbor discover the IP, ndppd will repond causing the packet to arrive on the WAN interface, but seeing as that's a :/128 address with no other possible IPs on the same subnet it gets shunted to packet forwarding which then matches it to the lan interface and routes it there. It was a complete nightmare, but it's now finally working.
Here's the script to anyone who's interested.
#!/bin/ash
ip -6 route del default
service ndppd stop
while [ -z "$WOE" ]; do
WOE=$(wget -q -O - http://admin:<password>@192.168.0.1/sky_router_status.html | grep '::/56' | cut -d "'" -f 2)
done
GW=$(echo $WOE | cut -d '_' -f 16 | cut -d '/' -f 0)
PD=$(echo $WOE | cut -d '_' -f 15)
WIP=$(echo $PD | sed 's/....$//')ffff:ffff:ffff:ffff/128
uci set network.WAN6.ip6addr=$WIP
uci set network.WAN6.ip6prefix=$PD
uci commit network.WAN6
/etc/init.d/network restart
ERR=1
while [ $ERR -ne 0 ]; do
ip -6 route add default via $GW dev br-wan metric 512
ERR=$?
done
/usr/sbin/ndppd -p /var/run/ndppd.pid -d > /dev/null
The lan interface can just be setup as normal. 64 assignment, with a ::2 suffix (because the ISP router is ::1). In fact on further thinking and experimentation, I don't even need the :/128 address on the WAN6.
1 Like