[Solved] How to make nested OpenWrt with IPv6 work?

hgl · December 15, 2022, 6:28am

I have a working dual stack OpenWrt router (let's call it the main router) connected to my ISP, and I also run a OpenWrt VM for experiments that uses bridged network, so it appears as a sub-router in my LAN.

Everything works except IPv6. My LAN machines and the sub-router can successfully access the Internet via IPv6, but not machines behind the sub-router. In those machines, when pinging an IPv6 address, it would fail with Network is unreachable.

The issue seems to stem from the sub-router's routing table, which contains entries like

default from <main router ULA/64> via <main router LAN link-local ip> ...
default from <main router public IPv6 subnet/64> via <main router LAN link-local ip> ...

The machines behind the sub-routers don't get assigned any public IPv6, only link-local IPs and the sub-router's ULA, so I guess the packets from them do not fall in the range specified by the from clause, thus unreachable network?

There seems to be two possible fixes:

Make the sub-router use the main router as the default gateway without any of the from clause.
I wonder if it's the main router or the sub-router that should be configured? What UCI options should I use?
Make the machines behind the sub-router also have public IPv6.
I have no idea why that's not currently the case. Would appreciate some enlightening.

The main router's /etc/config/network

config interface 'lan'
	option proto 'static'
	option device 'br-lan'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

config interface 'wan'
	option device 'eth1'
	option proto 'pppoe'
	option username '...'
	option password '...'
	option ipv6 'auto'

The main router's /etc/config/dhcp

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'
	option ra_default '1'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

The sub-router's /etc/config/network

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.10.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

config interface 'wan'
	option device 'eth1'
	option proto 'dhcp'

config interface 'wan6'
	option device 'eth1'
	option proto 'dhcpv6'

The sub-router's /etc/config/dhcp

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option ra 'server'
	option ra_default '1'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'
	option dhcpv6 'server'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

Thanks in advance.

jow · December 15, 2022, 8:16am

Is the subrouter reporting any delegated prefix with ifstatus wan6 ?

hgl · December 15, 2022, 8:37am

Thanks for the quick reply.

No delegated prefix seems to have been assigned:

	"ipv6-prefix": [

	],
	"ipv6-prefix-assignment": [

	],

LuCI in my main router reports the WAN_6 interface has IPv6-PD .../60, but LuCI in my subrouter reports no such entry for the WAN6 interface. Two IPv6 entries exist though, one for its assigned public IPv6, the other for ULA from the main router.

jow · December 15, 2022, 8:39am

On the main router, ifstatus lan will report a /60 delegated prefix?

hgl · December 15, 2022, 8:51am

Yeah. ipv6-prefix-assignment has two entries, one for the public IPv6 subnet with /60, the other for ULA with /60

jow · December 15, 2022, 8:52am

If you issue ifdown wan6; ifup wan6; logread -f on the subrouter, do you get any DHCPv6/odhcpc related entries in system log? Any eentries on the main router at the same time?

hgl · December 15, 2022, 9:01am

Oh, thanks to your tip, I realized the DHCPv6 packets were actually blocked by the firewall on the main router,. After relaxing it, my subrouter gets assigned /60 PD, and the machines behind it can access the Internet with IPv6.

Thank you very much!

system · December 25, 2022, 9:02am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.