Hello, is there a way to have a static (private) IPv6 address (works) and also use SLAAC for a (public, dynamic) address on my LAN interface?
Thanks in advance!
I am not sure if this is possible/allowed, but did you try to create a second interface bound to the first with dhcpv6 client protocol?
Right, almost the first thing I read went like "Let's define the term interface...." but I'm still not used to it 
Anyway, 2nd interface seems to work nicely, thanks!
Hm, that's strange. Works fine with the default settings for the new DHCPv6 interface. But since the router also has a public IPv6 address (/128 from a provider CPE) I would want to use that way for the router itself. But as soon as I deactivate the advanced setting "Use default gateway" on the new interface, IPv6 to the internet stops working completely: ping6: sendto: Permission denied. If I delete the new interface, it works again via the CPE. If I use the "default gateway" setting on the new interface, it works via my LAN router.
Any idea what's happening there? Not really a problem, just curious to learn more about IPv6...
It is not so different from the IPv4. You have 2 default gateways, so you'll have to regulate what goes where. First thing is to assign different metrics to the interfaces and second to use mwan3 or some other solution.
No, just the other way round: If I have 4 IPv6 gateways (other router advertises 2 private addresses) everything is fine, packets go to the other router (new interface WITH default gateway active). If I only have one default gateway to my provider CPE, it does not work (new interface WITHOUT default gateway active). Also it's not a "timeout" or "destination unreachable" but a "permission denied" error, which I usually only see when iptables blocks packets... weird...
Share the routing table because this is too theoretical.
ip -6 ro li tab all
Provider CPE is on interface Client-2GHz:
Works via LAN:
default from 2a00:20:2030:e2fb::/64 via fe80::7aa3:51ff:fe69:20f6 dev br-lan metric 512
default from 2a01:598:9914:b584::/64 via fe80::6c4b:e567:e353:8c32 dev Client-2GHz metric 512
default from fd13:4630:2901:10:bbd0:2c03:b731:7a8e via fe80::7aa3:51ff:fe69:20f6 dev br-lan metric 512
default from fd13:4630:2901:10::/64 via fe80::7aa3:51ff:fe69:20f6 dev br-lan metric 512
2a00:20:2030:e2fb::/64 dev br-lan metric 256
2a01:598:9914:b584::/64 dev Client-2GHz metric 256
fd13:4630:2901:10::/64 dev br-lan metric 256
fd13:4630:2901:10::/64 dev br-lan metric 1024
fd13:4630:2901:11::/64 dev eth0.11 metric 1024
unreachable fd13:4630:2901::/48 dev lo metric 2147483647 error -148
fe80::/64 dev eth0 metric 256
fe80::/64 dev eth0.2 metric 256
fe80::/64 dev eth0.11 metric 256
fe80::/64 dev br-lan metric 256
fe80::/64 dev Client-2GHz metric 256
fe80::/64 dev wlan0 metric 256
fe80::/64 dev wlan0.sta1 metric 256
local ::1 dev lo table local metric 0
anycast 2a00:20:2030:e2fb:: dev br-lan table local metric 0
local 2a00:20:2030:e2fb:b2be:76ff:fe23:85bc dev br-lan table local metric 0
anycast 2a01:598:9914:b584:: dev Client-2GHz table local metric 0
local 2a01:598:9914:b584:b2be:76ff:fe23:85bc dev Client-2GHz table local metric 0
anycast fd13:4630:2901:10:: dev br-lan table local metric 0
local fd13:4630:2901:10::226 dev br-lan table local metric 0
local fd13:4630:2901:10:b2be:76ff:fe23:85bc dev br-lan table local metric 0
local fd13:4630:2901:10:bbd0:2c03:b731:7a8e dev br-lan table local metric 0
anycast fd13:4630:2901:11:: dev eth0.11 table local metric 0
local fd13:4630:2901:11::253 dev eth0.11 table local metric 0
anycast fe80:: dev eth0 table local metric 0
anycast fe80:: dev br-lan table local metric 0
anycast fe80:: dev eth0.11 table local metric 0
anycast fe80:: dev eth0.2 table local metric 0
anycast fe80:: dev Client-2GHz table local metric 0
anycast fe80:: dev wlan0 table local metric 0
anycast fe80:: dev wlan0.sta1 table local metric 0
local fe80::b2be:76ff:fe23:85bb dev wlan0 table local metric 0
local fe80::b2be:76ff:fe23:85bb dev wlan0.sta1 table local metric 0
local fe80::b2be:76ff:fe23:85bc dev eth0 table local metric 0
local fe80::b2be:76ff:fe23:85bc dev br-lan table local metric 0
local fe80::b2be:76ff:fe23:85bc dev eth0.11 table local metric 0
local fe80::b2be:76ff:fe23:85bc dev Client-2GHz table local metric 0
local fe80::b2be:76ff:fe23:85bd dev eth0.2 table local metric 0
ff00::/8 dev br-lan table local metric 256
ff00::/8 dev eth0.11 table local metric 256
ff00::/8 dev eth0 table local metric 256
ff00::/8 dev eth0.2 table local metric 256
ff00::/8 dev Client-2GHz table local metric 256
ff00::/8 dev wlan0 table local metric 256
ff00::/8 dev wlan0.sta1 table local metric 256
Works via CPE
default from 2a01:598:9914:b584::/64 via fe80::6c4b:e567:e353:8c32 dev Client-2GHz metric 512
2a01:598:9914:b584::/64 dev Client-2GHz metric 256
fd13:4630:2901:10::/64 dev br-lan metric 1024
fd13:4630:2901:11::/64 dev eth0.11 metric 1024
unreachable fd13:4630:2901::/48 dev lo metric 2147483647 error -148
fe80::/64 dev eth0 metric 256
fe80::/64 dev eth0.2 metric 256
fe80::/64 dev eth0.11 metric 256
fe80::/64 dev br-lan metric 256
fe80::/64 dev Client-2GHz metric 256
fe80::/64 dev wlan0 metric 256
fe80::/64 dev wlan0.sta1 metric 256
local ::1 dev lo table local metric 0
anycast 2a01:598:9914:b584:: dev Client-2GHz table local metric 0
local 2a01:598:9914:b584:b2be:76ff:fe23:85bc dev Client-2GHz table local metric 0
anycast fd13:4630:2901:10:: dev br-lan table local metric 0
local fd13:4630:2901:10::226 dev br-lan table local metric 0
anycast fd13:4630:2901:11:: dev eth0.11 table local metric 0
local fd13:4630:2901:11::253 dev eth0.11 table local metric 0
anycast fe80:: dev eth0 table local metric 0
anycast fe80:: dev br-lan table local metric 0
anycast fe80:: dev eth0.11 table local metric 0
anycast fe80:: dev eth0.2 table local metric 0
anycast fe80:: dev Client-2GHz table local metric 0
anycast fe80:: dev wlan0 table local metric 0
anycast fe80:: dev wlan0.sta1 table local metric 0
local fe80::b2be:76ff:fe23:85bb dev wlan0 table local metric 0
local fe80::b2be:76ff:fe23:85bb dev wlan0.sta1 table local metric 0
local fe80::b2be:76ff:fe23:85bc dev eth0 table local metric 0
local fe80::b2be:76ff:fe23:85bc dev br-lan table local metric 0
local fe80::b2be:76ff:fe23:85bc dev eth0.11 table local metric 0
local fe80::b2be:76ff:fe23:85bc dev Client-2GHz table local metric 0
local fe80::b2be:76ff:fe23:85bd dev eth0.2 table local metric 0
ff00::/8 dev br-lan table local metric 256
ff00::/8 dev eth0.11 table local metric 256
ff00::/8 dev eth0 table local metric 256
ff00::/8 dev eth0.2 table local metric 256
ff00::/8 dev Client-2GHz table local metric 256
ff00::/8 dev wlan0 table local metric 256
ff00::/8 dev wlan0.sta1 table local metric 256
Does not work:
default from 2a01:598:9914:b584::/64 via fe80::6c4b:e567:e353:8c32 dev Client-2GHz metric 512
2a00:20:2030:e2fb::/64 dev br-lan metric 256
2a01:598:9914:b584::/64 dev Client-2GHz metric 256
fd13:4630:2901:10::/64 dev br-lan metric 256
fd13:4630:2901:10::/64 dev br-lan metric 1024
fd13:4630:2901:11::/64 dev eth0.11 metric 1024
unreachable fd13:4630:2901::/48 dev lo metric 2147483647 error -148
fe80::/64 dev eth0 metric 256
fe80::/64 dev eth0.2 metric 256
fe80::/64 dev eth0.11 metric 256
fe80::/64 dev br-lan metric 256
fe80::/64 dev Client-2GHz metric 256
fe80::/64 dev wlan0 metric 256
fe80::/64 dev wlan0.sta1 metric 256
local ::1 dev lo table local metric 0
anycast 2a00:20:2030:e2fb:: dev br-lan table local metric 0
local 2a00:20:2030:e2fb:b2be:76ff:fe23:85bc dev br-lan table local metric 0
anycast 2a01:598:9914:b584:: dev Client-2GHz table local metric 0
local 2a01:598:9914:b584:b2be:76ff:fe23:85bc dev Client-2GHz table local metric 0
anycast fd13:4630:2901:10:: dev br-lan table local metric 0
local fd13:4630:2901:10::226 dev br-lan table local metric 0
local fd13:4630:2901:10:b2be:76ff:fe23:85bc dev br-lan table local metric 0
local fd13:4630:2901:10:bbd0:2c03:b731:7a8e dev br-lan table local metric 0
anycast fd13:4630:2901:11:: dev eth0.11 table local metric 0
local fd13:4630:2901:11::253 dev eth0.11 table local metric 0
anycast fe80:: dev eth0 table local metric 0
anycast fe80:: dev br-lan table local metric 0
anycast fe80:: dev eth0.11 table local metric 0
anycast fe80:: dev eth0.2 table local metric 0
anycast fe80:: dev Client-2GHz table local metric 0
anycast fe80:: dev wlan0 table local metric 0
anycast fe80:: dev wlan0.sta1 table local metric 0
local fe80::b2be:76ff:fe23:85bb dev wlan0 table local metric 0
local fe80::b2be:76ff:fe23:85bb dev wlan0.sta1 table local metric 0
local fe80::b2be:76ff:fe23:85bc dev eth0 table local metric 0
local fe80::b2be:76ff:fe23:85bc dev br-lan table local metric 0
local fe80::b2be:76ff:fe23:85bc dev eth0.11 table local metric 0
local fe80::b2be:76ff:fe23:85bc dev Client-2GHz table local metric 0
local fe80::b2be:76ff:fe23:85bd dev eth0.2 table local metric 0
ff00::/8 dev br-lan table local metric 256
ff00::/8 dev eth0.11 table local metric 256
ff00::/8 dev eth0 table local metric 256
ff00::/8 dev eth0.2 table local metric 256
ff00::/8 dev Client-2GHz table local metric 256
ff00::/8 dev wlan0 table local metric 256
ff00::/8 dev wlan0.sta1 table local metric 256
The third case, which doesn't work, has the same single default gateway as the second one, which works.
The first one, which also works, has both gateways.
Is that correct or there was some error in copy-paste?
That's correct... and weird Third case is with DHCPv6 LAN interface active, but "Default gateway" disabled. 2nd is with DHCPv6 LAN interface removed (the "before") and 1st is with "default gateway" on LAN active.
In the first case there should be different metrics assigned for each link to avoid any random selections.
For the third case I suspect that the wrong source is used, hence the error. Can you try to ping with specific source interface? (I presume you have checked the firewall already and it's not blocking anything).
In the first case OpenWrt consistently routes via LAN, despite equal metrics. In the same way as it always prefers public IPv6 addresses when presented with multiple AAAA DNS records. That's the reason for the original post: my Windows systems see an additional prefix and happily SLAAC that, even with a static IPv6 configured. Then they dynamically register in DNS and are unreachable for the router 
And statically configured Debian hosts seem to be smarter: they seem to notice that they are directly connected to the private prefix and use that...
But back to the topic at hand Using the source address works, but using the interface does not seem to. I tried the "Interface" 2GHz-Client as well as the physical interface wlan0.sta1. An ip addr shows the IPv6 on Client-2GHz, though.
Also, the internal, DHCPv6 interface is in the LAN firewall-zone, so I think it should work even with the "wrong" IPv6? Also: when i deactivate the "default route" option on the new interface, LuCI doesn't show any changes in the firewall configuration. And my firewall is pretty standard: "outgoing" is allowed everywhere. As is "forwarding" from LAN to External (simply renamed from WAN). As I said: weird
Another thought: the internal public prefix is 2a00:* which is the lowest IPv6 address in the mix, maybe that's why it's used??
Equal metrics doesn't mean that it will load balance, if that is what you expect. My feeling is that the last acquired default gateway is used, if metrics and preferences are the same.
Hosts will use the GUA to reach some public IP, if both ULA and GUA are available, and usually IPv6 takes precedence over IPv4.
This changes the source IP only, not the egress interface though. My feeling was that wrong source IP was used and that was why the ping was not permitted.
Maybe I was right in the beggining:
No idea, but sounds plausible.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.