From main router:
root@bthh:~# ip -6 addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fe80::6889:96ff:fe7a:2514/64 scope link
valid_lft forever preferred_lft forever
10: dsl0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fe80::ca91:f9ff:fe16:97b7/64 scope link
valid_lft forever preferred_lft forever
20: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fdb7:8066:5525:1000::1/52 scope global
valid_lft forever preferred_lft forever
inet6 fe80::ca91:f9ff:fe16:97b6/64 scope link
valid_lft forever preferred_lft forever
22: eth0.10@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fdb7:8066:5525::1/52 scope global
valid_lft forever preferred_lft forever
inet6 fe80::6889:96ff:fe7a:2514/64 scope link
valid_lft forever preferred_lft forever
23: dsl0.101@dsl0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fe80::ca91:f9ff:fe16:97b7/64 scope link
valid_lft forever preferred_lft forever
25: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fe80::ca91:f9ff:fe16:97b8/64 scope link
valid_lft forever preferred_lft forever
26: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fe80::ca91:f9ff:fe16:97b9/64 scope link
valid_lft forever preferred_lft forever
root@bthh:~# ip -6 ro
fdb7:8066:5525::/64 dev eth0.10 metric 1024
fdb7:8066:5525:1000::/64 dev br-lan metric 1024
fdb7:8066:5525:1004::/62 via fe80::ce32:e5ff:fe40:efd3 dev br-lan metric 1024
unreachable fdb7:8066:5525::/48 dev lo metric 2147483647 error -148
fe80::/64 dev dsl0 metric 256
fe80::/64 dev dsl0.101 metric 256
fe80::/64 dev eth0 metric 256
fe80::/64 dev eth0.10 metric 256
fe80::/64 dev br-lan metric 256
fe80::/64 dev wlan0 metric 256
fe80::/64 dev wlan1 metric 256
anycast fdb7:8066:5525:: dev eth0.10 metric 0
anycast fdb7:8066:5525:1000:: dev br-lan metric 0
anycast fe80:: dev dsl0 metric 0
anycast fe80:: dev dsl0.101 metric 0
anycast fe80:: dev br-lan metric 0
anycast fe80:: dev eth0.10 metric 0
anycast fe80:: dev eth0 metric 0
anycast fe80:: dev wlan0 metric 0
anycast fe80:: dev wlan1 metric 0
ff00::/8 dev br-lan metric 256
ff00::/8 dev eth0.10 metric 256
ff00::/8 dev dsl0 metric 256
ff00::/8 dev dsl0.101 metric 256
ff00::/8 dev eth0 metric 256
ff00::/8 dev wlan0 metric 256
ff00::/8 dev wlan1 metric 256
root@bthh:~# ip -6 ru
0: from all lookup local
32766: from all lookup main
4200000001: from all iif lo lookup unspec 12
4200000020: from all iif br-lan lookup unspec 12
4200000022: from all iif eth0.10 lookup unspec 12
4200000024: from all iif pppoe-wan lookup unspec 12
root@bthh:~# ifstatus lan
{
"up": true,
"pending": false,
"available": true,
"autostart": true,
"dynamic": false,
"uptime": 20481,
"l3_device": "br-lan",
"proto": "static",
"device": "br-lan",
"updated": [
"addresses",
"routes"
],
"metric": 0,
"dns_metric": 0,
"delegation": true,
"ipv4-address": [
{
"address": "192.168.1.1",
"mask": 24
}
],
"ipv6-address": [
],
"ipv6-prefix": [
],
"ipv6-prefix-assignment": [
{
"address": "fdb7:8066:5525:1000::",
"mask": 52,
"local-address": {
"address": "fdb7:8066:5525:1000::1",
"mask": 52
}
}
],
"route": [
{
"target": "192.168.2.0",
"mask": 24,
"nexthop": "192.168.1.2",
"source": "0.0.0.0/0"
}
],
"dns-server": [
"8.8.8.8",
"8.8.4.4"
],
"dns-search": [
],
"neighbors": [
],
"inactive": {
"ipv4-address": [
],
"ipv6-address": [
],
"route": [
],
"dns-server": [
],
"dns-search": [
],
"neighbors": [
]
},
"data": {
}
}
From secondary:
root@tplink:~# ip -6 addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UNKNOWN qlen 1000
inet6 fe80::ce32:e5ff:fe40:efd2/64 scope link
valid_lft forever preferred_lft forever
5: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fdb7:8066:5525:1004::1/62 scope global
valid_lft forever preferred_lft forever
inet6 fe80::ce32:e5ff:fe40:efd2/64 scope link
valid_lft forever preferred_lft forever
7: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fdb7:8066:5525:1000:ce32:e5ff:fe40:efd3/64 scope global
valid_lft forever preferred_lft forever
inet6 fdb7:8066:5525:1000::2/128 scope global
valid_lft forever preferred_lft forever
inet6 fe80::ce32:e5ff:fe40:efd3/64 scope link
valid_lft forever preferred_lft forever
8: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fe80::ce32:e5ff:fe40:efd1/64 scope link
valid_lft forever preferred_lft forever
9: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fe80::ce32:e5ff:fe40:efd2/64 scope link
valid_lft forever preferred_lft forever
root@tplink:~# ip -6 ro
fdb7:8066:5525::/48 from fdb7:8066:5525:1000::2 via fe80::ca91:f9ff:fe16:97b6 dev eth0.2 metric 512
fdb7:8066:5525::/48 from fdb7:8066:5525:1000::/64 via fe80::ca91:f9ff:fe16:97b6 dev eth0.2 metric 512
fdb7:8066:5525::/48 from fdb7:8066:5525:1004::/62 via fe80::ca91:f9ff:fe16:97b6 dev eth0.2 metric 512
fdb7:8066:5525:1000::/64 dev eth0.2 metric 256
fdb7:8066:5525:1004::b96 dev br-lan metric 1024
fdb7:8066:5525:1004:b0c4:c0f1:37c7:5dc dev br-lan metric 1024
fdb7:8066:5525:1004::/64 dev br-lan metric 1024
fdb7:8066:5525:1006::/63 via fe80::10c0:2cff:fe08:b5ac dev br-lan metric 1024
unreachable fdb7:8066:5525:1004::/62 dev lo metric 2147483647 error -148
fe80::/64 dev eth0 metric 256
fe80::/64 dev eth0.2 metric 256
fe80::/64 dev br-lan metric 256
fe80::/64 dev wlan0 metric 256
fe80::/64 dev wlan1 metric 256
anycast fdb7:8066:5525:1000:: dev eth0.2 metric 0
anycast fdb7:8066:5525:1004:: dev br-lan metric 0
anycast fe80:: dev eth0.2 metric 0
anycast fe80:: dev eth0 metric 0
anycast fe80:: dev br-lan metric 0
anycast fe80:: dev wlan0 metric 0
anycast fe80:: dev wlan1 metric 0
ff00::/8 dev eth0 metric 256
ff00::/8 dev eth0.2 metric 256
ff00::/8 dev br-lan metric 256
ff00::/8 dev wlan0 metric 256
ff00::/8 dev wlan1 metric 256
root@tplink:~# ip -6 ru
0: from all lookup local
32766: from all lookup main
4200000000: from fdb7:8066:5525:1004::1/62 iif br-lan lookup unspec unreachable
4200000001: from all iif lo lookup unspec 12
4200000005: from all iif br-lan lookup unspec 12
4200000007: from all iif eth0.2 lookup unspec 12
4200000007: from all iif eth0.2 lookup unspec 12
root@tplink:~# ifstatus lan
{
"up": true,
"pending": false,
"available": true,
"autostart": true,
"dynamic": false,
"uptime": 17057,
"l3_device": "br-lan",
"proto": "static",
"device": "br-lan",
"updated": [
"addresses",
"routes"
],
"metric": 0,
"dns_metric": 0,
"delegation": true,
"ipv4-address": [
{
"address": "192.168.2.1",
"mask": 24
}
],
"ipv6-address": [
],
"ipv6-prefix": [
],
"ipv6-prefix-assignment": [
{
"address": "fdb7:8066:5525:1004::",
"mask": 62,
"local-address": {
"address": "fdb7:8066:5525:1004::1",
"mask": 62
}
}
],
"route": [
{
"target": "192.168.1.0",
"mask": 24,
"nexthop": "192.168.1.1",
"source": "0.0.0.0/0"
}
],
"dns-server": [
],
"dns-search": [
],
"neighbors": [
],
"inactive": {
"ipv4-address": [
],
"ipv6-address": [
],
"route": [
],
"dns-server": [
],
"dns-search": [
],
"neighbors": [
]
},
"data": {
}
}
root@tplink:~# ifstatus wan6
{
"up": true,
"pending": false,
"available": true,
"autostart": true,
"dynamic": false,
"uptime": 17048,
"l3_device": "eth0.2",
"proto": "dhcpv6",
"device": "eth0.2",
"metric": 0,
"dns_metric": 0,
"delegation": true,
"ipv4-address": [
],
"ipv6-address": [
{
"address": "fdb7:8066:5525:1000:ce32:e5ff:fe40:efd3",
"mask": 64
},
{
"address": "fdb7:8066:5525:1000::2",
"mask": 128
}
],
"ipv6-prefix": [
{
"address": "fdb7:8066:5525:1004::",
"mask": 62,
"class": "wan6",
"assigned": {
"lan": {
"address": "fdb7:8066:5525:1004::",
"mask": 62
}
}
}
],
"ipv6-prefix-assignment": [
],
"route": [
{
"target": "fdb7:8066:5525:1000::",
"mask": 64,
"nexthop": "::",
"metric": 256,
"source": "::/0"
},
{
"target": "fdb7:8066:5525::",
"mask": 48,
"nexthop": "fe80::ca91:f9ff:fe16:97b6",
"metric": 512,
"valid": 1567,
"source": "fdb7:8066:5525:1004::/62"
},
{
"target": "fdb7:8066:5525::",
"mask": 48,
"nexthop": "fe80::ca91:f9ff:fe16:97b6",
"metric": 512,
"valid": 1567,
"source": "fdb7:8066:5525:1000:ce32:e5ff:fe40:efd3/64"
},
{
"target": "fdb7:8066:5525::",
"mask": 48,
"nexthop": "fe80::ca91:f9ff:fe16:97b6",
"metric": 512,
"valid": 1567,
"source": "fdb7:8066:5525:1000::2/128"
}
],
"dns-server": [
"fdb7:8066:5525:1000::1"
],
"dns-search": [
],
"neighbors": [
],
"inactive": {
"ipv4-address": [
],
"ipv6-address": [
],
"route": [
],
"dns-server": [
],
"dns-search": [
],
"neighbors": [
]
},
"data": {
"passthru": "00170010fdb78066552510000000000000000001"
}
}
The firewall is configured to accept everything on the secondary router (I believe!):
root@tplink:~# uci export firewall
package firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option output 'ACCEPT'
option mtu_fix '1'
option input 'ACCEPT'
option forward 'ACCEPT'
option masq '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'