diff --git a/target/linux/ipq40xx/config-5.4 b/target/linux/ipq40xx/config-5.4
index b442f73fbc..717799ad45 100644
--- a/target/linux/ipq40xx/config-5.4
+++ b/target/linux/ipq40xx/config-5.4
@@ -276,6 +276,10 @@ CONFIG_INITRAMFS_SOURCE=""
# CONFIG_IOMMU_IO_PGTABLE_LPAE is not set
CONFIG_IOMMU_SUPPORT=y
CONFIG_IO_URING=y
+CONFIG_IPV6=y
+CONFIG_IPV6_SEG6_LWTUNNEL=y
+CONFIG_IP6_NF_MATCH_SRH=y
+CONFIG_IPV6_SEG6_HMAC=y
CONFIG_IPQ_GCC_4019=y
# CONFIG_IPQ_GCC_806X is not set
# CONFIG_IPQ_GCC_8074 is not set
I can insert a default route with
ip -6 route add 2001:db9::1/64 dev eth0.12 encap seg6 mode encap segs 2001:db8::2
with the result:
2001:db9::/64 encap seg6 mode encap segs 1 [ 2001:db8::2 ] dev eth0.15 metric 1024 pref medium
Now I want to do the same on the x86 and I get an error
ip: either "to" is duplicate, or "encap" is garbage
Encapsulation does not work?
If I just do a ping to 2001:db9::1/64 I thought I could see that it is encapsulated by looking at the interface. But it does not seem to be encapsulated?
Looks like it receives encapsulated packages, but the route back seems not to work since the packages don't show up on the interface to the x86 router.
The IPQ40xx soc is not giving the packets to the other interface. Any idea?
Firewall (Middle Router):
config zone 'zone_testing'
option input 'ACCEPT'
option forward 'ACCEPT'
option name 'testing'
option output 'ACCEPT'
option network 'mesh_test_node_1 mesh_test_node_2'
Test-Node 1 is the left and Test-Node-2 is the right router.
Route (Test-Node-1):
2001:db8::/64 dev eth0.15 proto kernel metric 256 pref medium
2001:db9::/64 encap seg6 mode encap segs 1 [ 2001:db8::2 ] dev eth0.15 metric 1024 pref medium
Test-Node-2
2001:db8::/64 encap seg6 mode encap segs 1 [ 2001:db9::2 ] dev eth0.16 metric 1024 pref medium
2001:db9::/64 dev eth0.16 proto kernel metric 256 pref medium
It's working!!! Here is the solution. You have to enable seg6 on the middle router on each interface.
Per-interface configuration
Several per-interface sysctls are available to control SRv6 behavior.
net.ipv6.conf.*.seg6_enabled (integer)
Matching packets for this sysctl are those whose active segment (i.e., IPv6 DA) is local to the Linux node.
0: Drop ingress SR-enabled packets from this interface.
1: Accept ingress SR-enabled packets and apply basic SRH processing.
net.ipv6.conf.*.se