[Solved] Has anyone connected two ULA subnets?

I created a new guest interface on my AP and IPv4 works fine between two subnets but IPv6 ULA does not work. Regular AP wifi works fine since devices gets the ULA of main router it is just the guest interface on AP.

Main router - fd11::/64
AP guest interface - fd22::/64

Has anyone tried to create a connection between two ULA? I tried creating a route but getting errors.

It is not a serious problem since I can use IPv4 to allow guest to connect to printers etc, just wanted to know if guest can also connect to Main router devices using IPv6.


it is very basic task for routers :slight_smile:
using it everyday
principes are the same as v4
devices on both network need to have OWRT as GW
you don't need anything special, only one firewall rule to allow lan -> guest

1 Like

I could not get it to work, tested it with a different router.
Rule I created
Forwarded IPv6
From lan, IP fd33::/64
To wan, IP fd11::/64
Accept forward.

I even played around with static IPv6 routes with no success.
Interface lan. Target fd11::/64 Gateway fd11::8 Table main.

Looks like ULA interconnect is getting a little confusing. For right now IPv4 is working fine for me. Maybe in the future someone can come back and write a step by step tutorial on how to connect to IPv6 ULA subnets on different routers.

This is the route on the Guest AP, did you make the inverse static route on the main router as well?

  • I assume you meant fd22?
  • Why does your route say interface LAN if your firewall rule says that fd11::/64 is in WAN?

You don't provide enough clear information for us to assist you.

I'm thinking it's just a learning curve on interfaces and routing - then add IPv6 to it. It can be frustrating. Can you provide the network configs for us to see?

cat /etc/config/network

Additionally, can you explain/verify the physical connection of the main router and guest AP:

As described in firewall rule:



As described by your route (the default firewall LAN Forward will allow this):



How to do that exactly?
Should I put the the same ULA prefix from the main router on the secondary router?
I thought I read ULA prefixes should be auto-generated, can I use the same ULA prefix in several devices if they are all part of the same internal network?
Or maybe just delete the auto-generated ULA prefix from the second router, leaving it empty, and configure the secondary to get it from the main router?

1 Like

After I read that you are using the WAN interface for the interconnect @openwrtforever I have an idea...

Yes I'm principal you just need a route and a firewall rule. But: ULA is somehow special, and is defined as not intended for WAN/Internet. It is not "global reachable", see https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml

Therefore you have two options:

  1. Just make a clean network design/topology and configure everything as a local network, which it is as I assume. Use LAN ports and stick with the Openwrt default assumptions about stuff like security and good behaviour, like: "do not push ULA traffic out the WAN to the Internet..."; OR
  2. You have to configure an ip route which explicit allows the routing of such packets:
    ip route fc00::/7 from fc00::/7 dev <wan>

Edit: PS: Your ULA prefixes are not randomly choosen. This is shitty because in the long run when everyone is trying to do the same stupid stuff as back in the days with IPv4, we will end up with a lots of conflicting IP space again, and people have more issues and work to do to clean up there networks when they start to interconnect them.
Use a random prefix as the RFC recommends it. For a good reason.
Also, in your case, you should just be fine with a single /48. A /48 is 256 /56 subnets. Or like: You could have 256 homes/SOHO/AirBnB-flats/etc with each 256 subnets... all under a single logical prefix/admin-domain.

I think I have to play with this, since the guest router fd22 is connected to the main router via WAN.

Finally got it working!

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.