aj78
November 4, 2017, 11:04am
1
Hi,
I've been using LEDE for a month or so now on a BT Homehub 5a, and mostly have it configured to my satisfaction. However there is one aspect I haven't managed to get working, and haven't managed to find the answer using google: IPV6. I have set up a 6in4 tunnel to HE, and it is working - from the router, 'ping6 ipv6.he.net ' works. However, from any of the clients attaching to the router, I don't seem to have any ipv6 connectivity. If anyone could help me sort it out I would be most grateful!
I'll post the config details and symptoms in a second as it's preventing me posting more than 2 links in a post as I'm a new user. Hang on....
aj78
November 4, 2017, 11:08am
2
Urgh, it's still preventing me posting my config as it's interpreting something in there as links. Any idea how long the restriction on new users posting more than 2 links in a post lasts?
mikma
November 4, 2017, 12:36pm
3
Have you configured your /64 or /48 prefix? (I recommend /48 since /64 will only be enough for one network.) And are the clients getting IPv6 addresses?
Also as a step one, be sure to allow ping from the HE tunnel check server. They provide its IP on the page where you set your endpoint address.
If the HE server can't ping your WAN, the setting of your IPv4 endpoint IP address won't work.
aj78
November 4, 2017, 2:09pm
5
I think I've set the prefix up properly (I copied the config across from what HE provided as an OpenWRT config.) This is what HE says on the tunnel info page:
Tunnel ID: 440668
This is the relevant part of /etc/config/network:
config interface 'henet'
option proto '6in4'
option peeraddr '216.66.80.26'
option ip6addr '2001:470:1f08:2a3::2/64'
option ip6prefix '2001:470:1f09:2a3::/64'
option _orig_ifname 'wan'
option _orig_bridge 'false'
option tunnelid '440668'
option username 'xxxxxxx'
option password 'xxxxxxx'
aj78
November 4, 2017, 2:11pm
6
Here are more parts of my config:
cat dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option nonwildcard '0'
option localservice '0'
list server '127.0.0.1#5353'
list server '127.0.0.1#5454'
list server '/pool.ntp.org/208.67.222.222'
option authoritative '1'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option ra 'server'
option dhcpv6 'server'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'guest'
option interface 'guest'
option start '100'
option leasetime '12h'
option limit '150'
option dhcpv6 'server'
option ra 'server'
cat firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'wan henet'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config zone 'guestzone'
option name 'guestzone'
option network 'guest'
option forward 'REJECT'
option output 'ACCEPT'
option input 'REJECT'
config forwarding 'guestzone_fwd'
option src 'guestzone'
option dest 'wan'
config rule 'guestzone_dhcp'
option name 'guestzone_DHCP'
option src 'guestzone'
option target 'ACCEPT'
option proto 'udp'
option dest_port '67-68'
config rule 'guestzone_dns'
option name 'guestzone_DNS'
option src 'guestzone'
option target 'ACCEPT'
option proto 'tcp udp'
option dest_port '53'
config rule 'Allow_OpenVPN_Inbound'
option target 'ACCEPT'
option src '*'
option proto 'udp'
option dest_port '1194'
config zone 'vpn'
option name 'vpn'
option network 'vpn0'
option input 'ACCEPT'
option forward 'REJECT'
option output 'ACCEPT'
option masq '1'
config forwarding 'vpn_forwarding_lan_in'
option src 'vpn'
option dest 'lan'
config forwarding 'vpn_forwarding_lan_out'
option src 'lan'
option dest 'vpn'
config forwarding 'vpn_forwarding_wan'
option src 'vpn'
option dest 'wan'
config redirect 'adblock_dns'
option name 'Adblock DNS'
option src 'lan'
option proto 'tcp udp'
option src_dport '53'
option dest_port '53'
option target 'DNAT'
option enabled '0'
hnyman
November 4, 2017, 3:08pm
7
aj78:
Routed IPv6 PrefixesRouted /64: 2001:470:1f09:2a3::/64 Routed /48: 2001:470:69d6::/48 [X]
This is the relevant part of /etc/config/network:
config interface 'henet'option ip6prefix '2001:470:1f09:2a3::/64'
You might be better off by assigning the routable /48 prefix instead of the /64 prefix. Your dhcp config seems to be assigning ipv6 addresses for both lan and guest interfaces, and your need a /64 for both of them, so just one /64 from he.net will likely not be enough.
You did not show the lan (and guest) interface config. It needs the "ip6assign" option like this so that odhcpd knows that you want to distribute ipv6 addresses for this interface:
config interface 'lan'
option type 'bridge'
option ifname 'eth1.1'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
aj78
November 4, 2017, 10:21pm
8
Thanks - changing the ip6prefix to the one from the config page fixed everything!