True dual stack configuration of LAN interface

I've been at this for a few hours and I'm having trouble wrapping my head around the possibility this might not be possible, since I can configure it in under half an hour on a debian system:

I'm on a VDSL line with an existing VDSL router that is going to stay (FritzBox 7390). I have a true dual stack ISP and I get a public IPv4, IPv6 and /56 prefix.

The LEDE unit's job should be to act as DHCPv* server so I can have full control of DNS (which the FritzBox won't give me).

I need my LEDE router to:

  • Have a static IPv4 on the LAN interface - check
  • Act as DHCPv4 on the LAN interface - check
  • Auto-configure an IPv6 on the LAN interface - apparently not possible
  • Obtain an IPv6 prefix from the FritzBox on the LAN interface - apparently not possible
  • Act as DHCPv6 on the LAN interface - apparently not possible

Is this at all possible? It seems like such a common case.

I've tried to configure a LAN6 interface in an attempt to mimic the WAN/WAN6 thing, but it never obtains an IPv6 (it gets called br-lan6, obviously).

If I dissolve the LAN bridge my device becomes unreachable, even if I edit /etc/config/network to have correct configurations for non-bridge lan/lan6. So apparently it's br-lan or brick.

I'm tempted to use the WAN interface because, apparently, I can have separate v4/v6 configurations there. I'd have to re-write all the default firewall rules but this appears to be the only workable solutions.

I'm this close to simply throwing the whole thing out and getting a Pi3 because that seems like the fastest solutions. It's seriously astonishing to me that these everyday requirements should be so complicated to set up, so I'm probably simply overlooking something obvious.

Any help would be greatly appreciated at this point. Thanks a lot!

Have you enabled prefix delegation on the fritzbox as mentioned in another topic? Need a 101: IPv4 and IPv6 provided on the CPE -- would I connect using DHCP or DHCPv6 (or can I do both) on WAN?

Thank you for your answer!

Yes, PD is enabled. I can successfully get a prefix assigned to another server of mine running on the same network.

The trouble is that the lan interface (or, more specifically, the br-lan bridge interface) is not even enabling IPv6. I can select either "static" (IPv4) configuration or DHCPv6 client.

Leaving PD out for a moment, I can't even get the br-lan interface to perform SLAAC. Other devices on the network can successfully perform SLAAC and get an address from the ISP-delegated prefix. The LEDE device obviously cannot, in any way, perform any IPv6 stuff on a "static"-configured interface, as far as I can see. Is this correct?

I don't think LEDE will enable IPv6 on br-lan unless it's able to provide the clients with globally routable IPv6 addresses, for which it needs a delegated prefix (or NDP+RA relay?).

There is an IPv6 setting "Announce as default router even if no public prefix is available." you may try enabling it if you want to use IPv6 internally in your lan.

That's not why, though. This is why there's an issue:

You have your LAN set to static addressing, but want a dynamically-assigned IPv6 address...you may be able to create a second interface on the same PHY (e.g. WAN6) though.

Thanks again for the answers. Unfortunately, even though it was possible to create a second interface, I couldn't get it to obtain the prefix, get an address for itself, and start acting as DHCP. I ended up throwing everything out and setting up a basic dnsmasq on an existing server.

Now I finally understand why IPv6 isn't being adopted.

Anyway, thanks a lot!

I think you completely misunderstood me, and the problem you were having...it seems as if you totally missed the issue...if your want you LAN to hand out IPv6 addresses, it has to have a static IP.

Your WAN should have already had this WAN6 interface by default. All you need to do is assign a static IPv6 address to the LAN from the PD and then tell LAN to assign IPs from this PD as well.

IPv6 doesn't 'magically' configure downstream networks, just like your ISP cannot 'magically' configure your LAN.

Hope this helps for your next attempt.

I understand that it has to have a static IP - that's how IPv4 works. But the way you put it, that completely precludes any possibility of a device with a single interface both having an IPv6 from a prefix dynamically assigned by the ISP and acting as a DHCPv6.

I'm sorry I failed to mention the prefix is dynamic - otherwise, yes, I could just configure the prefix on the interface statically. True. But as far as I know, LEDE/OpenWRT, in its default conguration, can obtain a v6 prefix and address on an upstream interface and hand out smaller prefixes and addresses on its downstream interface. I was simply wondering if anything similar possible with just one interface.

Anyway, thanks!

What you want to achieve should work out of the box without any additional configuration of the lan interface. Please check the output of ifstatus wan6 to see of the DHCPv6 client acquired a prefix. Also make sure that the lan interface has "option ip6assign 64" set.

You mentioned IPv4 again, I'm talking about IPv6...

And yes, that's exactly what I'm saying...if you want IPv6 from you ISP, you set that up on your WAN...then, to get IPV6 on LAN, you proceed to configure your LAN.

WAN - RA or DHCPv6 assigned IP from the ISP
LAN - Static IP, add the PD issued from you ISP into this Interface (you must have a PD from the ISP, therefore, you must have something bigger than a /64)...then enable RA/DHCPv6 on LAN to hand out IPs

That simple.

I overlooked the single interface aspect; did you try switching the existing wan6 to use option ifname @lan (sic!) ?

Your final configuration should look similar to this:

config interface wan6
    option ifname @lan 
    option proto dhcpv6

config interface lan
    option ifname "whatever was the default"
    option proto static
    option ipaddr 192.168.1.23
    option netmask 255.255.255.0
    option ip6assign 52

Afterwards check the ipv6-prefix-assignment values in both ifstatus wan6 and ifstatus lan