Two openwrt routers - ipv6 configuration

Hello I have two routers (AX3200 same model):

  • Main: 192.168.1.1 PPPOE + ipv6 (nat6 enabled) [OpenWrt 23.05]
  • Second: 192.168.2.1 DCHPv4/6 [OpenWrt 22.03.2]
    Ipv6 is working fine on the main router but secondary router has no ipv6 connection
    how do i configure the second router to get ipv6 working from main router ?

why the double NAT, in the 1st place ?

2 Likes

I was using stock firmware on second router and had this setup and didn't adapt accordingly + i want to seperate wifi clients from wired ones so i can SQM limit them.

do you have a IPv6 DHCP running on the 1st device ?

Yes, IPv6 DHCP is enabled and , just tested ULA-prefix removed on both routers and ipv6 still doesn't work

Main router /etc/config/dhcp:

config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option cachesize '1000'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option localservice '1'
	option ednspacket_max '1232'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

Some firmwares, including OpenWrt, will not recognize that their IPv6 uplink is in fact an Internet connection if it only has ULA. So, an OpenWrt router behind an IPv6 NAT will not announce the default route through itself until you set the default route announcement in the LAN settings to forced in /etc/config/dhcp:

config dhcp 'lan'
        option interface 'lan'
        ...
        option ra_default '2'

The equivalent GUI setting is:

1 Like

Do i configure this on main or second router ?

On the second one.

Sadly didn't work

Please run the following commands (copy-paste the whole block) and paste the output here, using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have

ubus call system board; \
uci export network; \
uci export dhcp; uci export firewall; \
ip -6 addr ; ip -6 ro li tab all ; ip -6 ru

Run this on both routers. Also please verify the connection between routers. Is there a cable from R1 lan port to R2 wan port? Is there any switch between them?

I see that you do have at least a /64 routable prefix from the ISP (ends in fbe0::), which means you don't need NAT6 and you really should not use NAT6. Check ifstatus pppoe-wan and ifstatus wan_6 (if it exists) to see if the prefix is larger.

I'm basing that on seeing a /64 assigned to the first router's lan. Since a /64 can't be further delegated by a second router, conventional IPv6 access from the second router's lan fails. However if you were to set the first router's lan ip6assign to /60 that may work, if the prefix from the ISP is large enough-- which I can't tell from here.

If you really only can get a /64 from the ISP, then it would be best to use relay mode in the second router, so that clients of the second router are taking their IP6 from the same /64 that exists in the first router. This gives all the endpoint clients in your network their own unique, public GUA, non-NAT IPv6 address.

4 Likes

The correct one would be ifstatus wan6, since OP is using the option ipv6 1 under wan interface and there is wan6 defined.
However from the routing table output we can see that the prefix is just the /64, which is pretty lame for an ISP.
Thankfully there is the solution of NDP-Proxy, to share the /64 of the R1 to the downstream router, if the ISP doesn't delegate a larger prefix.

1 Like

indeed my ISP only gives me /64 prefix and using a relay config as @mk24 suggested works

2 Likes

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.